From 500119aca17a98d6d8789904d9b864a1798477de Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Mon, 1 Apr 2024 14:22:25 -0700
Subject: [PATCH 01/12] dep-diracc-8713507

---
 windows/whats-new/deprecated-features.md | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/windows/whats-new/deprecated-features.md b/windows/whats-new/deprecated-features.md
index 662ade9a57..f71e20f198 100644
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
-ms.date: 03/25/2024
+ms.date: 04/02/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@@ -47,6 +47,7 @@ The features in this article are no longer being actively developed, and might b
 
 | Feature | Details and mitigation  | Deprecation announced |
 |---|---|---|
+| DirectAccess <!--8713507-->| DirectAccess is deprecated and will be removed in a future release of Windows. We recommend [migrating from DirectAccess to Always On VPN](/windows-server/remote/remote-access/da-always-on-vpn-migration/da-always-on-migration-overview). | April 2024 | 
 | NPLogonNotify and NPPasswordChangeNotify APIs <!--8787264--> | Starting in Windows 11, version 24H2, the inclusion of password payload in MPR notifications is set to disabled by default through group policy in [NPLogonNotify](/windows/win32/api/npapi/nf-npapi-nplogonnotify) and [NPPasswordChangeNotify](/windows/win32/api/npapi/nf-npapi-nppasswordchangenotify) APIs. The APIs may be removed in a future release. The primary reason for disabling this feature is to enhance security. When enabled, these APIs allow the caller to retrieve a users password, presenting potential risks for password exposure and harvesting by malicious users. To include password payload in MPR notifications, set the [EnableMPRNotifications](/windows/client-management/mdm/policy-csp-windowslogon#enablemprnotifications) policy to `enabled`.| March 2024 |
 | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024|
 | Test Base <!--8790681--> | [Test Base for Microsoft 365](/microsoft-365/test-base/overview), an Azure cloud service for application testing, is deprecated. The service will be retired in the future and will be no longer available for use after retirement. | March 2024 |

From 0f0b2ef62bff29884f583bbbb0b3ab91580e2053 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Tue, 11 Jun 2024 14:04:45 -0400
Subject: [PATCH 02/12] WHfB updates

---
 .../identity-protection/hello-for-business/how-it-works.md  | 5 +++++
 .../identity-protection/hello-for-business/rdp-sign-in.md   | 6 +++++-
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index f08348d61a..95bc613cdc 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -227,6 +227,11 @@ For more information, see [What is a Primary Refresh Token][ENTRA-2].
 
 Changing a user account password doesn't affect sign-in or unlock, since Windows Hello for Business uses a key or certificate.
 
+> [!NOTE]
+> If you change the user's password from a Microsoft Entra hybrid joined device, the Windows Hello for Business cache is invalidated. To update the cache, the user must log off and then log back on.
+>
+> To change a user's password, the device must be able to communicate with a domain controller.
+
 ## Next steps
 
 > [!div class="nextstepaction"]
diff --git a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
index 72c3fffd3f..c8a7d312ad 100644
--- a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
+++ b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
@@ -1,7 +1,7 @@
 ---
 title: Remote Desktop sign-in with Windows Hello for Business
 description: Learn how to configure Remote Desktop (RDP) sign-in with Windows Hello for Business.
-ms.date: 04/23/2024
+ms.date: 06/11/2024
 ms.topic: how-to
 ---
 
@@ -273,6 +273,10 @@ While users appreciate the convenience of biometrics, and administrators value t
 
 For more information, see [Use Windows Hello for Business certificates as smart card certificate](policy-settings.md#use-windows-hello-for-business-certificates-as-smart-card-certificates)
 
+## Known issues
+
+There's a known issue when attempting to perform TLS 1.3 client authentication with a Hello certificate via RDP. The authentication fails with the error: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. Microsoft is aware of this issue and investigating possible solutions.
+
 <!-- links -->
 
 [MEM-1]: /mem/intune/protect/certificates-scep-configure

From 67e65b672c8bad54b1d9eb821a5d99630300cacf Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 12 Jun 2024 08:02:07 -0400
Subject: [PATCH 03/12] password expiration issue

---
 .../hello-for-business/how-it-works.md               | 12 +++++++++---
 .../hello-for-business/rdp-sign-in.md                |  2 +-
 2 files changed, 10 insertions(+), 4 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index 95bc613cdc..fc2d4b3ddf 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -227,9 +227,15 @@ For more information, see [What is a Primary Refresh Token][ENTRA-2].
 
 Changing a user account password doesn't affect sign-in or unlock, since Windows Hello for Business uses a key or certificate.
 
-> [!NOTE]
-> If you change the user's password from a Microsoft Entra hybrid joined device, the Windows Hello for Business cache is invalidated. To update the cache, the user must log off and then log back on.
->
+However, when users are required to change their password (for example, due to password expiration policies), then they won't be notified of the password change requirement when signing in with Windows Hello. This might cause failures to authenticate to Active Directory-protected resources. To mitigate the issue consider one of the following options:
+
+- Disable password expiration for the user accounts
+- As an alternative to password expiration policies, consider adopting [PIN expiration policies](policy-settings?tabs=pin#expiration)
+- If password expiration is an organization's requirement, instruct the users to change their passwords regularly or when they receive authentication failure messages. Users can reset their password by:
+  - Using the <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>Del</kbd> > **Change a password** option
+  - Sign in with their password. If the password must be changed, Windows prompts the user to update it
+
+> [!IMPORTANT]
 > To change a user's password, the device must be able to communicate with a domain controller.
 
 ## Next steps
diff --git a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
index c8a7d312ad..97e372d620 100644
--- a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
+++ b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
@@ -275,7 +275,7 @@ For more information, see [Use Windows Hello for Business certificates as smart
 
 ## Known issues
 
-There's a known issue when attempting to perform TLS 1.3 client authentication with a Hello certificate via RDP. The authentication fails with the error: ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED. Microsoft is aware of this issue and investigating possible solutions.
+There's a known issue when attempting to perform TLS 1.3 client authentication with a Hello certificate via RDP. The authentication fails with the error: `ERR_SSL_CLIENT_AUTH_SIGNATURE_FAILED`. Microsoft is investigating possible solutions.
 
 <!-- links -->
 

From 55e9a1d73b8641c3324464093facab67215aa001 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 12 Jun 2024 08:29:34 -0400
Subject: [PATCH 04/12] removed insider note for disablepostlogonprovisioning

---
 .../includes/use-windows-hello-for-business.md         | 10 ----------
 1 file changed, 10 deletions(-)

diff --git a/windows/security/identity-protection/hello-for-business/includes/use-windows-hello-for-business.md b/windows/security/identity-protection/hello-for-business/includes/use-windows-hello-for-business.md
index d850382fae..34185c8503 100644
--- a/windows/security/identity-protection/hello-for-business/includes/use-windows-hello-for-business.md
+++ b/windows/security/identity-protection/hello-for-business/includes/use-windows-hello-for-business.md
@@ -16,16 +16,6 @@ Select the option *Don't start Windows Hello provisioning after sign-in* when yo
 - If you select *Don't start Windows Hello provisioning after sign-in*, Windows Hello for Business doesn't automatically start provisioning after the user has signed in
 - If you don't select *Don't start Windows Hello provisioning after sign-in*, Windows Hello for Business automatically starts provisioning after the user has signed in
 
-:::row:::
-:::column span="1":::
-:::image type="content" source="../../../images/insider.png" alt-text="Logo of Windows Insider." border="false":::
-:::column-end:::
-:::column span="3":::
-> [!IMPORTANT]
->This policy setting is available via CSP only for [Windows Insider Preview builds](/windows-insider/).
-:::column-end:::
-:::row-end:::
-
 |  | Path |
 |--|--|
 | **CSP** | `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/`[UsePassportForWork](/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciesusepassportforwork) <br><br> `./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/`[DisablePostLogonProvisioning](/windows/client-management/mdm/passportforwork-csp#devicetenantidpoliciesdisablepostlogonprovisioning)|

From 2a90f96c3588b750e94c8801dbf094627d2e7367 Mon Sep 17 00:00:00 2001
From: Paolo Matarazzo <74918781+paolomatarazzo@users.noreply.github.com>
Date: Wed, 12 Jun 2024 13:14:02 -0400
Subject: [PATCH 05/12] updates

---
 .../identity-protection/hello-for-business/how-it-works.md      | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/security/identity-protection/hello-for-business/how-it-works.md b/windows/security/identity-protection/hello-for-business/how-it-works.md
index fc2d4b3ddf..659f4a0e25 100644
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@@ -230,7 +230,7 @@ Changing a user account password doesn't affect sign-in or unlock, since Windows
 However, when users are required to change their password (for example, due to password expiration policies), then they won't be notified of the password change requirement when signing in with Windows Hello. This might cause failures to authenticate to Active Directory-protected resources. To mitigate the issue consider one of the following options:
 
 - Disable password expiration for the user accounts
-- As an alternative to password expiration policies, consider adopting [PIN expiration policies](policy-settings?tabs=pin#expiration)
+- As an alternative to password expiration policies, consider adopting [PIN expiration policies](policy-settings.md?tabs=pin#expiration)
 - If password expiration is an organization's requirement, instruct the users to change their passwords regularly or when they receive authentication failure messages. Users can reset their password by:
   - Using the <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>Del</kbd> > **Change a password** option
   - Sign in with their password. If the password must be changed, Windows prompts the user to update it

From 40b25734a5c73ab32c81c1039121942be566ba89 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 12 Jun 2024 16:02:44 -0700
Subject: [PATCH 06/12] manage=cpw-note-pwa

---
 windows/client-management/manage-windows-copilot.md | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md
index 3faee22933..cdfa61e0a3 100644
--- a/windows/client-management/manage-windows-copilot.md
+++ b/windows/client-management/manage-windows-copilot.md
@@ -3,7 +3,7 @@ title: Manage Copilot in Windows
 description: Learn how to manage Copilot in Windows for commercial environments using MDM and group policy. Learn about the chat providers available to Copilot in Windows.
 ms.topic: how-to
 ms.subservice: windows-copilot
-ms.date: 03/21/2024
+ms.date: 06/12/2024
 ms.author: mstewart
 author: mestew
 ms.collection:
@@ -18,16 +18,20 @@ appliesto:
 
 >**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/windows/welcome-to-copilot-in-windows-675708af-8c16-4675-afeb-85a5a476ccb0).
 
+> [!Note]
+> - This article along with the [TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot) policy listed isn't for the [new Copilot experience](https://blogs.windows.com/windows-insider/2024/05/31/announcing-windows-11-insider-preview-build-26120-751-dev-channel/) that is currently in some Windows Insider builds such as [Windows 11, version 24H2 in the Release Preview channel](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/). 
+
 Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop and is designed to help users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/copilot/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it's possible for users to copy and paste sensitive information into the chat.
 
-> [!Note]
-> - Copilot in Windows is currently available as a preview. We will continue to experiment with new ideas and methods using your feedback.
-> - Copilot in Windows (in preview) is available in select global markets and will be rolled out to additional markets over time. [Learn more](https://www.microsoft.com/windows/copilot-ai-features#faq). <!--8737645-->
 
 ## Configure Copilot in Windows for commercial environments
 
 At a high level, managing and configuring Copilot in Windows for your organization involves the following steps:
 
+> [!Note]
+> - Copilot in Windows is currently available as a preview. We will continue to experiment with new ideas and methods using your feedback.
+> - Copilot in Windows (in preview) is available in select global markets and will be rolled out to additional markets over time. [Learn more](https://www.microsoft.com/windows/copilot-ai-features#faq). <!--8737645-->
+
 1. Understand the [available chat provider platforms for Copilot in Windows](#chat-provider-platforms-for-copilot-in-windows)
 1. [Configure the chat provider platform](#configure-the-chat-provider-platform-that-copilot-in-windows-uses) used by Copilot in Windows
 1. Ensure the [Copilot in Windows user experience](#ensure-the-copilot-in-windows-user-experience-is-enabled) is enabled

From f5c9e93e03c80445ce26e307b40404388c2c8382 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Wed, 12 Jun 2024 16:09:05 -0700
Subject: [PATCH 07/12] manage=cpw-note-pwa

---
 windows/client-management/manage-windows-copilot.md   | 2 +-
 windows/client-management/mdm/policy-csp-windowsai.md | 3 +++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md
index cdfa61e0a3..0dca7cc8aa 100644
--- a/windows/client-management/manage-windows-copilot.md
+++ b/windows/client-management/manage-windows-copilot.md
@@ -19,7 +19,7 @@ appliesto:
 >**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/windows/welcome-to-copilot-in-windows-675708af-8c16-4675-afeb-85a5a476ccb0).
 
 > [!Note]
-> - This article along with the [TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot) policy listed isn't for the [new Copilot experience](https://blogs.windows.com/windows-insider/2024/05/31/announcing-windows-11-insider-preview-build-26120-751-dev-channel/) that is currently in some Windows Insider builds such as [Windows 11, version 24H2 in the Release Preview channel](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/). 
+> - This article along with the [TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot) policy listed isn't for the [new Copilot experience](https://blogs.windows.com/windows-insider/2024/05/31/announcing-windows-11-insider-preview-build-26120-751-dev-channel/) that is currently in some Windows Insider builds such as [Windows 11, version 24H2 in the Release Preview channel](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/). <!--9048085-->
 
 Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop and is designed to help users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/copilot/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it's possible for users to copy and paste sensitive information into the chat.
 
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index cf79d817d1..38ad01c865 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -164,6 +164,9 @@ This policy setting allows you to turn off Windows Copilot.
 <!-- TurnOffWindowsCopilot-Description-End -->
 
 <!-- TurnOffWindowsCopilot-Editable-Begin -->
+
+> [!Note]
+> - The TurnOffWindowsCopilot policy listed isn't for the [new Copilot experience](https://blogs.windows.com/windows-insider/2024/05/31/announcing-windows-11-insider-preview-build-26120-751-dev-channel/) that is currently in some Windows Insider builds such as [Windows 11, version 24H2 in the Release Preview channel](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/). <!--9048085-->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- TurnOffWindowsCopilot-Editable-End -->
 

From 7df56d8c6f83dcda3e8c2277c8e44573b2b52ae8 Mon Sep 17 00:00:00 2001
From: Meghan Stewart <33289333+mestew@users.noreply.github.com>
Date: Thu, 13 Jun 2024 12:21:57 -0700
Subject: [PATCH 08/12] manage-CPW

---
 windows/client-management/manage-windows-copilot.md   | 4 ++--
 windows/client-management/mdm/policy-csp-windowsai.md | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/windows/client-management/manage-windows-copilot.md b/windows/client-management/manage-windows-copilot.md
index 0dca7cc8aa..46d7c8c8dc 100644
--- a/windows/client-management/manage-windows-copilot.md
+++ b/windows/client-management/manage-windows-copilot.md
@@ -3,7 +3,7 @@ title: Manage Copilot in Windows
 description: Learn how to manage Copilot in Windows for commercial environments using MDM and group policy. Learn about the chat providers available to Copilot in Windows.
 ms.topic: how-to
 ms.subservice: windows-copilot
-ms.date: 06/12/2024
+ms.date: 06/13/2024
 ms.author: mstewart
 author: mestew
 ms.collection:
@@ -19,7 +19,7 @@ appliesto:
 >**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/windows/welcome-to-copilot-in-windows-675708af-8c16-4675-afeb-85a5a476ccb0).
 
 > [!Note]
-> - This article along with the [TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot) policy listed isn't for the [new Copilot experience](https://blogs.windows.com/windows-insider/2024/05/31/announcing-windows-11-insider-preview-build-26120-751-dev-channel/) that is currently in some Windows Insider builds such as [Windows 11, version 24H2 in the Release Preview channel](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/). <!--9048085-->
+> - This article and the [TurnOffWindowsCopilot](mdm/policy-csp-windowsai.md#turnoffwindowscopilot) policy isn't for the [new Copilot experience](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-copilot-in-windows-for-your-workforce/ba-p/4141999) that's in some [Windows Insider builds](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/) and that will be gradually rolling out to Windows 11 and Windows 10 devices. <!--9048085-->
 
 Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop and is designed to help users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/copilot/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it's possible for users to copy and paste sensitive information into the chat.
 
diff --git a/windows/client-management/mdm/policy-csp-windowsai.md b/windows/client-management/mdm/policy-csp-windowsai.md
index 38ad01c865..85b838a4c2 100644
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@@ -1,7 +1,7 @@
 ---
 title: WindowsAI Policy CSP
 description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 05/20/2024
+ms.date: 06/13/2024
 ---
 
 <!-- Auto-Generated CSP Document -->
@@ -166,7 +166,7 @@ This policy setting allows you to turn off Windows Copilot.
 <!-- TurnOffWindowsCopilot-Editable-Begin -->
 
 > [!Note]
-> - The TurnOffWindowsCopilot policy listed isn't for the [new Copilot experience](https://blogs.windows.com/windows-insider/2024/05/31/announcing-windows-11-insider-preview-build-26120-751-dev-channel/) that is currently in some Windows Insider builds such as [Windows 11, version 24H2 in the Release Preview channel](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/). <!--9048085-->
+> - The TurnOffWindowsCopilot policy isn't for the [new Copilot experience](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-copilot-in-windows-for-your-workforce/ba-p/4141999) that's in some [Windows Insider builds](https://blogs.windows.com/windows-insider/2024/05/22/releasing-windows-11-version-24h2-to-the-release-preview-channel/) and that will be gradually rolling out to Windows 11 and Windows 10 devices. <!--9048085-->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- TurnOffWindowsCopilot-Editable-End -->
 

From b3be6aefb8eba5f30e1975f1e0e723200081275b Mon Sep 17 00:00:00 2001
From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com>
Date: Thu, 13 Jun 2024 12:45:22 -0700
Subject: [PATCH 09/12] Update punctuation in smartscreen endpoint references

Add "." after "*"  to make consistent with other articles
---
 windows/privacy/manage-windows-11-endpoints.md   | 2 +-
 windows/privacy/manage-windows-1903-endpoints.md | 2 +-
 windows/privacy/manage-windows-1909-endpoints.md | 2 +-
 windows/privacy/manage-windows-2004-endpoints.md | 4 ++--
 windows/privacy/manage-windows-20H2-endpoints.md | 2 +-
 windows/privacy/manage-windows-21H1-endpoints.md | 2 +-
 windows/privacy/manage-windows-21h2-endpoints.md | 2 +-
 7 files changed, 8 insertions(+), 8 deletions(-)

diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md
index 17c75eb970..bc67c5abe7 100644
--- a/windows/privacy/manage-windows-11-endpoints.md
+++ b/windows/privacy/manage-windows-11-endpoints.md
@@ -101,7 +101,7 @@ To view endpoints for non-Enterprise Windows 11 editions, see [Windows 11 connec
 ||The following endpoint is used for Microsoft accounts to sign in. If you turn off traffic for these endpoints, users can't sign in with Microsoft accounts. |TLSv1.2/HTTPS/HTTP|login.live.com|
 |Microsoft Defender Antivirus|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft Defender Antivirus.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
 ||The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.|TLSv1.2/HTTPS|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*smartscreen-prod.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
 |||HTTPS/HTTP|checkappexec.microsoft.com|
 |||TLSv1.2/HTTP|ping-edge.smartscreen.microsoft.com|
 |||HTTP|data-edge.smartscreen.microsoft.com|
diff --git a/windows/privacy/manage-windows-1903-endpoints.md b/windows/privacy/manage-windows-1903-endpoints.md
index f1f01ca287..4ac562a487 100644
--- a/windows/privacy/manage-windows-1903-endpoints.md
+++ b/windows/privacy/manage-windows-1903-endpoints.md
@@ -147,7 +147,7 @@ The following methodology was used to derive these network endpoints:
 |||HTTPS|wdcp.microsoft.com|
 |||HTTPS|definitionupdates.microsoft.com|
 |||HTTPS|go.microsoft.com|
-||The following endpoints are used for Windows Defender Smartscreen reporting and notifications. If you turn off traffic for these endpoints, Smartscreen notifications won't appear.|HTTPS|*smartscreen.microsoft.com|
+||The following endpoints are used for Windows Defender Smartscreen reporting and notifications. If you turn off traffic for these endpoints, Smartscreen notifications won't appear.|HTTPS|*.smartscreen.microsoft.com|
 |||HTTPS|smartscreen-sn3p.smartscreen.microsoft.com|
 |||HTTPS|unitedstates.smartscreen-prod.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md
index 3e1a8148e2..29a794c18b 100644
--- a/windows/privacy/manage-windows-1909-endpoints.md
+++ b/windows/privacy/manage-windows-1909-endpoints.md
@@ -100,7 +100,7 @@ The following methodology was used to derive these network endpoints:
 |||HTTPS|config.teams.microsoft.com|
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
 |||HTTPS/TLS v1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS/TLS v1.2|*smartscreen-prod.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS/TLS v1.2|*.smartscreen-prod.microsoft.com|
 |||HTTPS|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
 |||HTTPS/TLS v1.2|arc.msn.com|
diff --git a/windows/privacy/manage-windows-2004-endpoints.md b/windows/privacy/manage-windows-2004-endpoints.md
index 31541d49e0..f9101f343c 100644
--- a/windows/privacy/manage-windows-2004-endpoints.md
+++ b/windows/privacy/manage-windows-2004-endpoints.md
@@ -97,8 +97,8 @@ The following methodology was used to derive these network endpoints:
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
 |||TLSv1.2|wdcp.microsoft.com|
 |||HTTPS|go.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*smartscreen-prod.microsoft.com|
-|||HTTPS|*smartscreen.microsoft.com |
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
+|||HTTPS|*.smartscreen.microsoft.com |
 |||HTTPS|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
 |||TLSv1.2|arc.msn.com|
diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md
index 24cc4f16d4..2c635eb019 100644
--- a/windows/privacy/manage-windows-20H2-endpoints.md
+++ b/windows/privacy/manage-windows-20H2-endpoints.md
@@ -110,7 +110,7 @@ The following methodology was used to derive these network endpoints:
 |||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
 |||HTTPS/TLSv1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*smartscreen-prod.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
 |||HTTPS/HTTP|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
 |||TLSv1.2/HTTPS/HTTP|arc.msn.com|
diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md
index 3e0d4e7336..ad7ef8acb4 100644
--- a/windows/privacy/manage-windows-21H1-endpoints.md
+++ b/windows/privacy/manage-windows-21H1-endpoints.md
@@ -110,7 +110,7 @@ The following methodology was used to derive these network endpoints:
 |||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
 |||HTTPS/TLSv1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*smartscreen-prod.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
 |||HTTPS/HTTP|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
 |||TLSv1.2/HTTPS/HTTP|arc.msn.com|
diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md
index 458536998a..1ad4793f0a 100644
--- a/windows/privacy/manage-windows-21h2-endpoints.md
+++ b/windows/privacy/manage-windows-21h2-endpoints.md
@@ -108,7 +108,7 @@ The following methodology was used to derive these network endpoints:
 |||TLSv1.2/HTTPS/HTTP|config.teams.microsoft.com|
 |Windows Defender|The following endpoint is used for Windows Defender when Cloud-based Protection is enabled. If you turn off traffic for this endpoint, the device won't use Cloud-based Protection.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-defender)|
 |||HTTPS/TLSv1.2|wdcp.microsoft.com|
-||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*smartscreen-prod.microsoft.com|
+||The following endpoints are used for Windows Defender SmartScreen reporting and notifications. If you turn off traffic for these endpoints, SmartScreen notifications won't appear.|HTTPS|*.smartscreen-prod.microsoft.com|
 |||HTTPS/HTTP|checkappexec.microsoft.com|
 |Windows Spotlight|The following endpoints are used to retrieve Windows Spotlight metadata that describes content, such as references to image locations, as well as suggested apps, Microsoft account notifications, and Windows tips. If you turn off traffic for these endpoints, Windows Spotlight will still try to deliver new lock screen images and updated content but it will fail; suggested apps, Microsoft account notifications, and Windows tips won't be downloaded. For more information, see Windows Spotlight.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-spotlight)|
 |||TLSv1.2/HTTPS/HTTP|arc.msn.com|

From ef06a8e095b34287b798aa9eefe1ba3736ab0be1 Mon Sep 17 00:00:00 2001
From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com>
Date: Thu, 13 Jun 2024 12:55:22 -0700
Subject: [PATCH 10/12] Update punctuation in displaycard endpoint references

Add "*" for consistency across articles
---
 windows/privacy/manage-windows-11-endpoints.md              | 2 +-
 windows/privacy/manage-windows-1909-endpoints.md            | 2 +-
 windows/privacy/manage-windows-20H2-endpoints.md            | 2 +-
 windows/privacy/manage-windows-21H1-endpoints.md            | 2 +-
 windows/privacy/manage-windows-21h2-endpoints.md            | 2 +-
 .../windows-endpoints-1909-non-enterprise-editions.md       | 6 +++---
 .../windows-endpoints-2004-non-enterprise-editions.md       | 4 ++--
 7 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/windows/privacy/manage-windows-11-endpoints.md b/windows/privacy/manage-windows-11-endpoints.md
index bc67c5abe7..7c41ff3d2a 100644
--- a/windows/privacy/manage-windows-11-endpoints.md
+++ b/windows/privacy/manage-windows-11-endpoints.md
@@ -119,7 +119,7 @@ To view endpoints for non-Enterprise Windows 11 editions, see [Windows 11 connec
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
 ||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
 |||HTTP|share.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 |Microsoft To Do|||[Learn how to turn off traffic to all of the following endpoint(s) for Microsoft To Do.](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md
index 29a794c18b..033748df75 100644
--- a/windows/privacy/manage-windows-1909-endpoints.md
+++ b/windows/privacy/manage-windows-1909-endpoints.md
@@ -78,7 +78,7 @@ The following methodology was used to derive these network endpoints:
 ||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLS v1.2|1storecatalogrevocation.storequality.microsoft.com|
 |||HTTPS|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|HTTPS|displaycatalog.mp.microsoft.com/*|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|HTTPS|*displaycatalog.mp.microsoft.com/*|
 |Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
 ||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
 |Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
diff --git a/windows/privacy/manage-windows-20H2-endpoints.md b/windows/privacy/manage-windows-20H2-endpoints.md
index 2c635eb019..8ae07104f4 100644
--- a/windows/privacy/manage-windows-20H2-endpoints.md
+++ b/windows/privacy/manage-windows-20H2-endpoints.md
@@ -85,7 +85,7 @@ The following methodology was used to derive these network endpoints:
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
 ||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
 |||HTTP|share.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 |Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
diff --git a/windows/privacy/manage-windows-21H1-endpoints.md b/windows/privacy/manage-windows-21H1-endpoints.md
index ad7ef8acb4..0d0e1bd833 100644
--- a/windows/privacy/manage-windows-21H1-endpoints.md
+++ b/windows/privacy/manage-windows-21H1-endpoints.md
@@ -85,7 +85,7 @@ The following methodology was used to derive these network endpoints:
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
 ||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
 |||HTTP|share.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 |Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
diff --git a/windows/privacy/manage-windows-21h2-endpoints.md b/windows/privacy/manage-windows-21h2-endpoints.md
index 1ad4793f0a..029867e536 100644
--- a/windows/privacy/manage-windows-21h2-endpoints.md
+++ b/windows/privacy/manage-windows-21h2-endpoints.md
@@ -83,7 +83,7 @@ The following methodology was used to derive these network endpoints:
 ||The following endpoint is used for the Windows Push Notification Services (WNS). WNS enables third-party developers to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to your users in a power-efficient and dependable way. If you turn off traffic for this endpoint, push notifications will no longer work, including MDM device management, mail synchronization, settings synchronization.|TLSv1.2/HTTPS|*.wns.windows.com|
 ||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLSv1.2/HTTPS/HTTP|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|displaycatalog.mp.microsoft.com|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|TLSv1.2/HTTPS/HTTP|*displaycatalog.mp.microsoft.com|
 |||HTTP|share.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|TLSv1.2/HTTPS/HTTP|manage.devcenter.microsoft.com|
 |Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
index 25290f4d99..f62bc8e598 100644
--- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
@@ -48,7 +48,7 @@ The following methodology was used to derive the network endpoints:
 |config.teams.microsoft.com|HTTPS|Used for Microsoft Teams application
 |*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
 |*.tlu.dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
-|displaycatalog.mp.microsoft.com/*|HTTP/TLS v1.2|Used to communicate with Microsoft Store
+|\*displaycatalog.mp.microsoft.com/*|HTTP/TLS v1.2|Used to communicate with Microsoft Store
 |evoke-windowsservices-tas.msedge.net|HTTP/TLS v1.2|Used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser
 |fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Enables connections to Windows Update, Microsoft Update, and the online services of the Store
 |fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Used to download operating system patches, updates, and apps from Microsoft Store
@@ -115,7 +115,7 @@ The following methodology was used to derive the network endpoints:
 |config.edge.skype.com|HTTP/TLS v1.2|Used to retrieve Skype configuration values
 |config.teams.microsoft.com|HTTPS|Used for Microsoft Teams application
 |ctldl.windowsupdate.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|displaycatalog.mp.microsoft.com*|HTTP/TLS v1.2|Microsoft Store
+|\*displaycatalog.mp.microsoft.com*|HTTP/TLS v1.2|Microsoft Store
 |fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
 |fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Windows Update
 |slscr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
@@ -176,7 +176,7 @@ The following methodology was used to derive the network endpoints:
 |fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Windows Update
 |tsfe.trafficshaping.dsp.mp.microsoft.com|HTTP/TLS v1.2|Windows Update
 |officehomeblobs.blob.core.windows.net|HTTP|Windows Telemetry
-|displaycatalog.mp.microsoft.com/*|HTTP/TLS v1.2|Microsoft Store
+|\*displaycatalog.mp.microsoft.com/*|HTTP/TLS v1.2|Microsoft Store
 |img-prod-cms-rt-microsoft-com.akamaized.net|HTTP|Used to communicate with Microsoft Store
 |config.teams.microsoft.com|HTTPS|Teams
 |api.asm.skype.com|TLS v1.2|Used to retrieve Skype configuration values
diff --git a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
index 2f3dc02c9e..bfe4a21c48 100644
--- a/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-2004-non-enterprise-editions.md
@@ -54,7 +54,7 @@ The following methodology was used to derive the network endpoints:
 |crl.microsoft.com|HTTPS|Skype 
 |ctldl.windowsupdate.com|HTTP|Certificate Trust List 
 |da.xboxservices.com|HTTPS|Microsoft Edge  
-|displaycatalog.mp.microsoft.com|HTTPS|Microsoft Store 
+|*displaycatalog.mp.microsoft.com|HTTPS|Microsoft Store 
 |dmd.metaservices.microsoft.com|HTTP|Device Authentication 
 |evoke-windowsservices-tas.msedge.net|TLSv1.2|Photos app 
 |fs.microsoft.com|TLSv1.2|Maps application
@@ -109,7 +109,7 @@ The following methodology was used to derive the network endpoints:
 |ctldl.windowsupdate.com|HTTP|Certificate Trust List 
 |d2i2wahzwrm1n5.cloudfront.net|HTTPS|Microsoft Edge
 |da.xboxservices.com|HTTPS|Microsoft Edge  
-|displaycatalog.mp.microsoft.com|HTTPS|Microsoft Store 
+|*displaycatalog.mp.microsoft.com|HTTPS|Microsoft Store 
 |dlassets-ssl.xboxlive.com|HTTPS|Xbox Live 
 |dmd.metaservices.microsoft.com|HTTP|Device Authentication 
 |evoke-windowsservices-tas.msedge.net|TLSv1.2|Photos app 

From 20920f36e242c5a4fece4ab70ce1b9045ec0cdc3 Mon Sep 17 00:00:00 2001
From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com>
Date: Thu, 13 Jun 2024 13:02:52 -0700
Subject: [PATCH 11/12] Fix formatting

---
 windows/privacy/manage-windows-1909-endpoints.md              | 2 +-
 .../privacy/windows-endpoints-1909-non-enterprise-editions.md | 4 ++--
 2 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/windows/privacy/manage-windows-1909-endpoints.md b/windows/privacy/manage-windows-1909-endpoints.md
index 033748df75..7e47f156a7 100644
--- a/windows/privacy/manage-windows-1909-endpoints.md
+++ b/windows/privacy/manage-windows-1909-endpoints.md
@@ -78,7 +78,7 @@ The following methodology was used to derive these network endpoints:
 ||The following endpoints are used to revoke licenses for malicious apps in the Microsoft Store. To turn off traffic for this endpoint, either uninstall the app or disable the Microsoft Store. If you disable the Microsoft Store, other Microsoft Store apps can't be installed or updated. Additionally, the Microsoft Store won't be able to revoke malicious apps and users will still be able to open them|TLS v1.2|1storecatalogrevocation.storequality.microsoft.com|
 |||HTTPS|storecatalogrevocation.storequality.microsoft.com|
 ||The following endpoint is used to get Microsoft Store analytics.|HTTPS|manage.devcenter.microsoft.com|
-||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|HTTPS|*displaycatalog.mp.microsoft.com/*|
+||The following endpoints are used to communicate with Microsoft Store. If you turn off traffic for these endpoints, apps can't be installed or updated from the Microsoft Store.|HTTPS|*displaycatalog.mp.microsoft.com|
 |Network Connection Status Indicator (NCSI)|||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#bkmk-ncsi)|
 ||Network Connection Status Indicator (NCSI) detects Internet connectivity and corporate network connectivity status. NCSI sends a DNS request and HTTP query to this endpoint to determine if the device can communicate with the Internet. If you turn off traffic for this endpoint, NCSI won't be able to determine if the device is connected to the Internet and the network status tray icon will show a warning.|HTTP|www.msftconnecttest.com*|
 |Office|The following endpoints are used to connect to the Office 365 portal's shared infrastructure, including Office in a browser. For more info, see Office 365 URLs and IP address ranges. You can turn this off by removing all Microsoft Office apps and the Mail and Calendar apps. If you turn off traffic for these endpoints, users won't be able to save documents to the cloud or see their recently used documents.||[Learn how to turn off traffic to all of the following endpoint(s).](manage-connections-from-windows-operating-system-components-to-microsoft-services.md#26-microsoft-store)|
diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
index f62bc8e598..8b479a788b 100644
--- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
@@ -48,7 +48,7 @@ The following methodology was used to derive the network endpoints:
 |config.teams.microsoft.com|HTTPS|Used for Microsoft Teams application
 |*dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
 |*.tlu.dl.delivery.mp.microsoft.com|HTTP|Used to download operating system patches, updates, and apps from Microsoft Store
-|\*displaycatalog.mp.microsoft.com/*|HTTP/TLS v1.2|Used to communicate with Microsoft Store
+|\*displaycatalog.mp.microsoft.com|HTTP/TLS v1.2|Used to communicate with Microsoft Store
 |evoke-windowsservices-tas.msedge.net|HTTP/TLS v1.2|Used by the Photos app to download configuration files, and to connect to the Office 365 portal's shared infrastructure, including Office in a browser
 |fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Enables connections to Windows Update, Microsoft Update, and the online services of the Store
 |fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Used to download operating system patches, updates, and apps from Microsoft Store
@@ -176,7 +176,7 @@ The following methodology was used to derive the network endpoints:
 |fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Windows Update
 |tsfe.trafficshaping.dsp.mp.microsoft.com|HTTP/TLS v1.2|Windows Update
 |officehomeblobs.blob.core.windows.net|HTTP|Windows Telemetry
-|\*displaycatalog.mp.microsoft.com/*|HTTP/TLS v1.2|Microsoft Store
+|\*displaycatalog.mp.microsoft.com|HTTP/TLS v1.2|Microsoft Store
 |img-prod-cms-rt-microsoft-com.akamaized.net|HTTP|Used to communicate with Microsoft Store
 |config.teams.microsoft.com|HTTPS|Teams
 |api.asm.skype.com|TLS v1.2|Used to retrieve Skype configuration values

From fce9641e06130d4e467cc9f9d5cd33710beb1063 Mon Sep 17 00:00:00 2001
From: "Daniel H. Brown" <32883970+DHB-MSFT@users.noreply.github.com>
Date: Thu, 13 Jun 2024 13:08:39 -0700
Subject: [PATCH 12/12] Remove extra "*"

---
 .../privacy/windows-endpoints-1909-non-enterprise-editions.md   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
index 8b479a788b..90d651940c 100644
--- a/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
+++ b/windows/privacy/windows-endpoints-1909-non-enterprise-editions.md
@@ -115,7 +115,7 @@ The following methodology was used to derive the network endpoints:
 |config.edge.skype.com|HTTP/TLS v1.2|Used to retrieve Skype configuration values
 |config.teams.microsoft.com|HTTPS|Used for Microsoft Teams application
 |ctldl.windowsupdate.com|HTTP|Used by the Automatic Root Certificates Update component to automatically check the list of trusted authorities on Windows Update to see if an update is available
-|\*displaycatalog.mp.microsoft.com*|HTTP/TLS v1.2|Microsoft Store
+|*displaycatalog.mp.microsoft.com|HTTP/TLS v1.2|Microsoft Store
 |fe2cr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update
 |fe3cr.delivery.mp.microsoft.com|HTTPS/TLS v1.2|Windows Update
 |slscr.update.microsoft.com|HTTPS/TLS v1.2|Windows Update