Merge branch 'main' into patch-2

2025-05-12 21:37:22 +00:00 · 2024-01-24 15:24:43 -05:00 · 2024-01-24 15:24:43 -05:00 · b32b69a1bb
commit b32b69a1bb
parent e8f9eaac08 c39aaf7c36
1352 changed files with 7935 additions and 11208 deletions
--- a/.openpublishing.redirection.education.json
+++ b/.openpublishing.redirection.education.json
@ -194,6 +194,41 @@
      "source_path": "education/windows/chromebook-migration-guide.md",
      "redirect_url": "/education/windows",
      "redirect_document_id": false
    },
    {
      "source_path": "education/windows/autopilot-reset.md",
      "redirect_url": "/autopilot/windows-autopilot-reset",
      "redirect_document_id": false
    },
    {
      "source_path": "education/windows/set-up-students-pcs-with-apps.md",
      "redirect_url": "/education/windows",
      "redirect_document_id": false
    },
    {
      "source_path": "education/windows/set-up-windows-10.md",
      "redirect_url": "/education/windows",
      "redirect_document_id": false
    },
    {
      "source_path": "education/windows/edu-deployment-recommendations.md",
      "redirect_url": "/education/windows",
      "redirect_document_id": false
    },
    {
      "source_path": "education/windows/set-up-school-pcs-azure-ad-join.md",
      "redirect_url": "/education/windows",
      "redirect_document_id": false
    },
    {
      "source_path": "education/windows/set-up-students-pcs-to-join-domain.md",
      "redirect_url": "/education/windows",
      "redirect_document_id": false
    },
    {
      "source_path": "education/windows/windows-editions-for-education-customers.md",
      "redirect_url": "/education/windows",
      "redirect_document_id": false
    }
  ]
-}
+}
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -2052,7 +2052,7 @@
    },
    {
      "source_path": "windows/deploy/sideload-apps-in-windows-10.md",
-      "redirect_url": "/windows/application-management/sideload-apps-in-windows-10",
+      "redirect_url": "/windows/application-management/sideload-apps-in-windows",
      "redirect_document_id": false
    },
    {
@ -12734,6 +12734,11 @@
      "source_path": "windows/deployment/windows-10-media.md",
      "redirect_url": "/licensing/",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md",
      "redirect_url": "/windows/deployment/upgrade/resolve-windows-upgrade-errors",
      "redirect_document_id": false
    }
  ]
-}
+}
--- a/.openpublishing.redirection.windows-application-management.json
+++ b/.openpublishing.redirection.windows-application-management.json
@ -24,6 +24,11 @@
      "source_path": "windows/application-management/apps-in-windows-10.md",
      "redirect_url": "/windows/application-management/overview-windows-apps",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/application-management/sideload-apps-in-windows-10.md",
      "redirect_url": "/windows/application-management/sideload-apps-in-windows",
      "redirect_document_id": false
    }
  ]
 }
--- a/.openpublishing.redirection.windows-security.json
+++ b/.openpublishing.redirection.windows-security.json
@ -15,6 +15,21 @@
      "redirect_url": "/windows/security/application-security/application-control/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md",
      "redirect_url": "/windows/security/operating-system-security/device-management/override-mitigation-options-for-app-related-security-policies",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md",
      "redirect_url": "/windows/security/operating-system-security/device-management/block-untrusted-fonts-in-enterprise",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md",
      "redirect_url": "/windows/security/operating-system-security/device-management/use-windows-event-forwarding-to-assist-in-intrusion-detection",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security//threat-protection/mbsa-removal-and-guidance.md",
      "redirect_url": "/windows/security/operating-system-security/device-management/windows-security-configuration-framework/mbsa-removal-and-guidance",
@ -4560,6 +4575,11 @@
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-settings.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-overview",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/applocker-technical-reference.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/applocker-technical-reference",
@ -4660,6 +4680,11 @@
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/determine-your-application-control-objectives.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac-and-applocker-overview",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/display-a-custom-url-message-when-users-try-to-run-a-blocked-application",
@ -4830,6 +4855,11 @@
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-enforcement-settings.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/working-with-applocker-rules#enforcement-modes",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/understand-applocker-policy-design-decisions",
@ -4900,6 +4930,11 @@
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/use-the-applocker-windows-powershell-cmdlets",
@ -4915,6 +4950,11 @@
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/application-security/application-control/windows-defender-application-control/applocker/using-software-restriction-policies-and-applocker-policies.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/wdac",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/threat-protection/windows-defender-application-control/applocker/what-is-applocker.md",
      "redirect_url": "/windows/security/application-security/application-control/windows-defender-application-control/applocker/what-is-applocker",
@ -8064,6 +8104,126 @@
      "source_path": "windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md",
      "redirect_url": "/windows-server/administration/performance-tuning/role/active-directory-server/capacity-planning-for-active-directory-domain-services",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-validate-pki.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-mfa",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-pki",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/cloud",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust-provision.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust-enroll",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-provision.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-enroll",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-validate-pki.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust-pki",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/hybrid-key-trust",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-deployment-guide.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-adfs",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-mfa",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-pki",
      "redirect_document_id": false
    },
    {
      "source_path": "windows/security/identity-protection/hello-for-business/hello-identity-verification.md",
      "redirect_url": "/windows/security/identity-protection/hello-for-business/deploy/requirements",
      "redirect_document_id": false
    }
  ]
 }
--- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
+++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
@ -6,7 +6,7 @@ metadata:
  author: ramakoni1
  ms.author: ramakoni
  ms.reviewer: ramakoni, DEV_Triage
-  ms.prod: internet-explorer
+  ms.service: internet-explorer
  ms.technology:
  ms.topic: faq
  ms.localizationpriority: medium
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@ -0,0 +1,20 @@
 <!-- This file is generated automatically each week. Changes made to this file will be overwritten.-->
 ## Week of January 15, 2024
 | Published On |Topic title | Change |
 |------|------------|--------|
 | 1/16/2024 | Deployment recommendations for school IT administrators | removed |
 | 1/16/2024 | Microsoft Entra join with Set up School PCs app | removed |
 | 1/16/2024 | [Set up School PCs app technical reference overview](/education/windows/set-up-school-pcs-technical) | modified |
 | 1/16/2024 | Set up student PCs to join domain | removed |
 | 1/16/2024 | Provision student PCs with apps | removed |
 | 1/16/2024 | Set up Windows devices for education | removed |
 | 1/16/2024 | [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps) | modified |
 | 1/16/2024 | [Configure and secure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-settings) | modified |
 | 1/16/2024 | [Configure devices with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-devices-overview) | modified |
 | 1/16/2024 | [Set up Microsoft Entra ID](/education/windows/tutorial-school-deployment/set-up-microsoft-entra-id) | modified |
 | 1/16/2024 | Windows 10 editions for education customers | removed |
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@ -1,101 +0,0 @@
 ---
 title: Reset devices with Autopilot Reset
 description: Learn about Autopilot Reset and how to enable and use it.
 ms.date: 08/10/2022
 ms.topic: how-to
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Reset devices with Autopilot Reset
 IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Microsoft Entra ID and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
 To enable Autopilot Reset, you must:
 1. [Enable the policy for the feature](#enable-autopilot-reset)
 2. [Trigger a reset for each device](#trigger-autopilot-reset)
 ## Enable Autopilot Reset
 To use Autopilot Reset, Windows Recovery Environment (WinRE) must be enabled on the device.
 **DisableAutomaticReDeploymentCredentials** is a policy that enables or disables the visibility of the credentials for Autopilot Reset. It's a policy node in the [Policy CSP](/windows/client-management/mdm/policy-csp-credentialproviders), **CredentialProviders/DisableAutomaticReDeploymentCredentials**. By default, this policy is set to 1 (Disable). This setting ensures that Autopilot Reset isn't triggered by accident.
 You can set the policy using one of these methods:
 - MDM provider
  Check your MDM provider documentation on how to set this policy. If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
  For example, in Intune, create a new configuration policy and add an OMA-URI.
  - OMA-URI:  ./Vendor/MSFT/Policy/Config/CredentialProviders/DisableAutomaticReDeploymentCredentials
  - Data type:  Integer
  - Value:  0
 - Windows Configuration Designer
  You can [use Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) to set the **Runtime settings > Policies > CredentialProviders > DisableAutomaticReDeploymentCredentials** setting and create a provisioning package.
 - Set up School PCs app
  Autopilot Reset in the Set up School PCs app is available in the latest release of the app. Make sure you're running Windows 10, version 1709 on the student PCs if you want to use Autopilot Reset through the Set up School PCs app. You can check the version several ways:
  - Reach out to your device manufacturer.
  - If you manage your PCs using Intune or Intune for Education, you can check the OS version by checking the **OS version** info for the device. If  you're using another MDM provider, check the documentation for the MDM provider to confirm the OS version.
  - Log into the PCs, go to the **Settings > System > About** page, look in the **Windows specifications** section and confirm **Version** is set to 1709.
  To use the Autopilot Reset setting in the Set up School PCs app:
  - When using [Set up School PCs](use-set-up-school-pcs-app.md), in the **Configure student PC settings** screen, select **Enable Windows 10 Autopilot Reset** among the list of settings for the student PC as shown in the following example:
    ![Configure student PC settings in Set up School PCs.](images/suspcs/suspc_configure_pc2.jpg)
 ## Trigger Autopilot Reset
 Autopilot Reset is a two-step process: trigger it and then authenticate. Once you've done these two steps, you can let the process execute and once it's done, the device is again ready for use.
 To trigger Autopilot Reset:
 1. From the Windows device lock screen, enter the keystroke: <kbd>CTRL</kbd> + <kbd>WIN</kbd> + <kbd>R</kbd>.
   ![Enter CTRL+Windows key+R on the Windows lockscreen.](images/autopilot-reset-lockscreen.png)
   This keystroke opens up a custom sign-in screen for Autopilot Reset. The screen serves two purposes:
   1. Confirm/verify that the end user has the right to trigger Autopilot Reset
   1. Notify the user in case a provisioning package, created using Windows Configuration Designer or Set up School PCs, will be used as part of the process.
      ![Custom login screen for Autopilot Reset.](images/autopilot-reset-customlogin.png)
 1. Sign in with the admin account credentials. If you created a provisioning package, plug in the USB drive and trigger Autopilot Reset.
   > [!IMPORTANT]
   > To reestablish Wi-Fi connectivity after reset, make sure the **Connect automatically** box is checked for the device's wireless network connection. 
   Once Autopilot Reset is triggered, the reset process starts.
   After reset, the device:
   - Sets the region, language, and keyboard
   - Connects to Wi-Fi
   - If you provided a provisioning package when Autopilot Reset is triggered, the system applies this new provisioning package. Otherwise, the system reapplies the original provisioning package on the device
   - Is returned to a known good managed state, connected to Microsoft Entra ID and MDM.
     ![Notification that provisioning is complete.](images/autopilot-reset-provisioningcomplete.png)
     Once provisioning is complete, the device is again ready for use.
 ## Troubleshoot Autopilot Reset
 Autopilot Reset fails when the [Windows Recovery Environment (WinRE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference) isn't enabled on the device. The error code is: `ERROR_NOT_SUPPORTED (0x80070032)`.
 To make sure WinRE is enabled, use the [REAgentC.exe tool](/windows-hardware/manufacture/desktop/reagentc-command-line-options) to run the following command:
 ```cmd
 reagentc.exe /enable
 ```
 If Autopilot Reset fails after enabling WinRE, or if you're unable to enable WinRE, kindly contact [Microsoft Support](https://support.microsoft.com) for assistance.
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@ -1,129 +0,0 @@
 ---
 title: Deployment recommendations for school IT administrators
 description: Provides guidance on ways to customize the OS privacy settings, and some of the apps, for Windows-based devices used in schools so that you can choose what information is shared with Microsoft.
 ms.topic: best-practice
 ms.date: 08/10/2022
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Deployment recommendations for school IT administrators
 Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, and some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft's commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305). The following sections provide some best practices and specific privacy settings we'd like you to be aware of. For more information about ways to customize the OS diagnostic data, consumer experiences, Cortana, and search, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
 We want all students to have the chance to use the apps they need for success in the classroom and all school personnel to have apps they need for their job. Students and school personnel who use assistive technology apps not available in the Microsoft Store, and use devices running Windows 10 S, will be able to configure the device at no extra charge to Windows 10 Pro Education. To learn more about the steps to configure this device, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md).
 ## Deployment best practices
 Keep these best practices in mind when deploying any edition of Windows 10 in schools or districts:
 * A Microsoft account is only intended for consumer services. Enterprises and educational institutions should use enterprise versions where possible, such as Skype for Business, OneDrive for Business, and so on. For schools, consider using mobile device management (MDM) or Group Policy to block students from adding a Microsoft account as a secondary account
 * If schools allow the use of personal accounts by their students to access personal services, schools should be aware that these accounts belong to individuals, not the school
 * IT administrators, school officials, and teachers should also consider ratings when picking apps from the Microsoft Store
 * If you've students or school personnel who rely on assistive technology apps that aren't available in the Microsoft Store, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info
 ## Windows 10 Contacts privacy settings
 If you're an IT administrator who deploys Windows 10 in a school or district, we recommend that you review these deployment resources to make informed decisions about how you can configure telemetry for your school or district:
 * [Configure Windows telemetry in your organization](/windows/privacy/configure-windows-diagnostic-data-in-your-organization) - Describes the types of telemetry we gather and the ways you can manage this data
 * [Manage connections from Windows operating system components to Microsoft services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services) - Learn about network connections that Windows components make to Microsoft and also the privacy settings (such as location, camera, messaging, and more) that affect data that is shared with either Microsoft or apps and how you can manage this data
 In particular, the **Contacts** area in the **Settings** > **Privacy** section lets you choose which apps can access a student's contacts list. By default, this setting is turned on.
 To change the setting, you can:
 * [Turn off access to contacts for all apps](#turn-off-access-to-contacts-for-all-apps)
 * [Choose the apps that you want to allow access to contacts](#choose-the-apps-that-you-want-to-allow-access-to-contacts)
 ### Turn off access to contacts for all apps
 To turn off access to contacts for all apps on individual Windows devices:
 1. On the computer, go to **Settings** and select **Privacy**.
 1. Under the list of **Privacy** areas, select **Contacts**.
 1. Turn off **Let apps access my contacts**.
 For IT-managed Windows devices, you can use a Group Policy to turn off the setting. To turn off the setting:
 1. Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts**.
 1. Set the **Select a setting** box to **Force Deny**.
 ### Choose the apps that you want to allow access to contacts
 If you want to allow only certain apps to have access to contacts, you can use the switch for each app to specify which ones you want on or off.
 The list of apps on the Windows-based device may vary from the above example. The list depends on what apps you've installed and which of these apps access contacts.
 To allow only certain apps to have access to contacts, you can:
 - Configure each app individually using the **Settings** > **Contacts** option in the Windows UI
 - Apply the Group Policy: **Computer Configuration** > **Administrative Templates** > **Windows Components** > **App Privacy** > **Let Windows apps access contacts** and then specify the default for each app by adding the app's Package Family Name under the default behavior you want to enforce
 ## Skype and Xbox settings
 Skype (a Universal Windows Platform [UWP]) and Xbox are preinstalled as part of Windows 10.
 The Skype app replaces the integration of Skype features into Skype video and Messaging apps on Windows PCs and large tablets. The Skype app provides all these features in one place and lets users have a single place to manage both their chat and voice conversations so they can take better advantage of their screen. For information about the new Skype UWP app preview, see [Skype for Windows 10 Insiders – your most asked questions](https://go.microsoft.com/fwlink/?LinkId=821441).
 With the Xbox app, students can use their Xbox profiles to play and make progress on their games using their Windows-based device. They can also unlock achievements and show off to their friends with game clips and screenshots. The Xbox app requires a Microsoft account, which is a personal account.
 Both Skype and Xbox include searchable directories that let students find other people to connect to. The online privacy and security settings for Skype and Xbox aren't manageable through Group Policy so we recommend that school IT administrators and school officials let parents and students know about these searchable directories.
 If the school allows the use of personal or Microsoft account in addition to organization accounts, we also recommend that IT administrators inform parents and students that they can optionally remove any identifying information from the directories by:
 * [Managing the user profile](#managing-the-user-profile)
 * [Deleting the account if the user name is part of the identifying information](#delete-an-account-if-username-is-identifying)
 ### Managing the user profile
 #### Skype
 Skype uses the user's contact details to deliver important information about the account and it also lets friends find each other on Skype.
 To manage and edit your profile in the Skype UWP app, follow these steps:
 1. In the Skype UWP app, select the user profile icon to go to the user's profile page.
 2. In the account page, select **Manage account** for the Skype account that you want to change. This will take you to the online Skype portal.
 3. In the online Skype portal, scroll down to the **Account details** section. In **Settings and preferences**, click **Edit profile**.
   The profile page includes these sections:
   * Personal information
   * Contact details
   * Profile settings
 4. Review the information in each section and click **Edit profile** in either or both the **Personal information** and **Contact details** sections to change the information being shared. You can also remove the checks in the **Profile settings** section to change settings on discoverability, notifications, and staying in touch.
 5. If you don't wish the name to be included, edit the fields and replace the fields with **XXX**.
 6. To change the profile picture, go to the Skype app and click on the current profile picture or avatar. The **Manage Profile Picture** window pops up.
   * To take a new picture, click the camera icon in the pop-up window. To upload a new picture, click the three dots (**...**)
   * You can also change the visibility of the profile picture between public (everyone) or for contacts only. To change the profile picture visibility, select the dropdown under **Profile picture** and choose between **Show to everyone** or **Show to contacts only**
 #### Xbox
 A user's Xbox friends and their friends' friends can see their real name and profile. By default, the Xbox privacy settings enforce that no personal identifying information of a minor is shared on the Xbox Live network, although adults in the child's family can change these default settings to allow it to be more permissive.
 To learn more about how families can manage security and privacy settings on Xbox, see this [Xbox article on security](https://go.microsoft.com/fwlink/?LinkId=821445).
 ### Delete an account if username is identifying
 If you want to delete either (or both) the Skype and the Xbox accounts, here's how to do it.
 #### Skype
 To delete a Skype account, you can follow the instructions here: [How do I close my Skype account?](https://go.microsoft.com/fwlink/?LinkId=816515)
 If you need help with deleting the account, you can contact Skype customer service by going to the [Skype support request page](https://go.microsoft.com/fwlink/?LinkId=816519). You may need to sign in and specify a Skype account. Once you've signed in, you can:
 1. Select a help topic (**Account and Password**)
 1. Select a related problem (**Deleting an account**)
 1. Click **Next**.
 1. Select a contact method to get answers to your questions.
 #### Xbox
 To delete an Xbox account, you can follow the instructions here: [How to delete your Microsoft account and personal information associated with it](https://go.microsoft.com/fwlink/?LinkId=816521).
 ## Related topics
 [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)
--- a/education/windows/images/autopilot-reset-customlogin.png
+++ b/education/windows/images/autopilot-reset-customlogin.png
--- a/education/windows/images/autopilot-reset-lockscreen.png
+++ b/education/windows/images/autopilot-reset-lockscreen.png
--- a/education/windows/images/autopilot-reset-provisioningcomplete.png
+++ b/education/windows/images/autopilot-reset-provisioningcomplete.png
--- a/education/windows/images/suspcs/suspc_configure_pc2.jpg
+++ b/education/windows/images/suspcs/suspc_configure_pc2.jpg
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@ -1,86 +0,0 @@
 ---
 title: Microsoft Entra join with Set up School PCs app
 description: Learn how Microsoft Entra join is configured in the Set up School PCs app.
 ms.topic: reference
 ms.date: 08/10/2022
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---  
 # Microsoft Entra join for school PCs  
 > [!NOTE]
 >   Set up School PCs app uses Microsoft Entra join to configure PCs. The app is helpful if you use the cloud based directory, Microsoft Entra ID. If your organization uses Active Directory or requires no account to connect, install and use [Windows Configuration
 >   Designer](set-up-students-pcs-to-join-domain.md) to 
 >   join your PCs to your school's domain.
 Set up School PCs lets you create a provisioning package that automates Microsoft Entra ID
 Join on your devices. This feature eliminates the need to manually:
 -   Connect to your school's network.
 -   Join your organization's domain.
 ## Automated connection to school domain  
 During initial device setup, Microsoft Entra join automatically connects your PCs to your school's Microsoft Entra domain. You can skip all of the Windows setup experience that is typically a part of the out-of-the-box-experience (OOBE). Devices that are managed by a mobile device manager, such as Intune, are automatically enrolled with the provider upon initial device startup.
 Students who sign in to their PCs with their Microsoft Entra credentials get access to on-premises apps and the following cloud apps:
 * Office 365
 * OneDrive
 * OneNote
 <a name='enable-azure-ad-join'></a>
 ## Enable Microsoft Entra join  
 Learn how to enable Microsoft Entra join for your school. After you configure this setting, you'll be able to request an automated Microsoft Entra bulk token, which you need to create a provisioning package.   
 1. Sign in to the Azure portal with your organization's credentials. 
 2. Go to **Azure
 Active Directory** \> **Devices** \> **Device settings**.  
 3. Enable the setting
 for Microsoft Entra ID by selecting **All** or **Selected**. If you choose the latter
 option, select the teachers and IT staff to allow them to connect to Microsoft Entra ID.  
 ![Select the users you want to let join devices to Azure AD.](images/suspcs/suspc-enable-shared-pc-1807.png)  
 You can also create an account that holds the exclusive rights to join devices. When a student PC has to be set up, provide the account credentials to the appropriate teachers or staff.
 ## All Device Settings  
 The following table describes each setting within **Device Settings**.
 | Setting                                                    | Description                                                                                                                                                                                                                                                                                                            |
 |------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 | Users may join devices to Microsoft Entra ID                         | Choose the scope of people in your organization that are allowed to join devices to Microsoft Entra ID. **All** allows all users and groups within your tenant to join devices. **Selected** prompts you to choose specific users or groups to allow. **None** allows no one in your tenant to join devices to Microsoft Entra ID. |  
 | More local administrators on Microsoft Entra joined devices | Only applicable to Microsoft Entra ID P1 or P2 tenants. Grant extra local administrator rights on devices, to selected users. Global administrators and the device owner are granted local administrator rights by default.                                                                                                  |
 | Users may register their devices with Microsoft Entra ID             | Allow all or none of your users to register their devices with Microsoft Entra ID (Workplace Join). If you're enrolled in Microsoft Intune or Mobile Device Management for Office 365, your devices are required to be registered. In this case, **All** is automatically selected for you.                                     |
 | Require Multi-Factor Authentication to join devices                  | Recommended when adding devices to Microsoft Entra ID. When set to **Yes**, users that are setting up devices must enter a second method of authentication.                                                                                                             |
 | Maximum number of devices per user                         | Set the maximum number of devices a user is allowed to have in Microsoft Entra ID. If the maximum is exceeded, the user must remove one or more existing devices before more devices are added.                                                                                                                               |
 | Users may sync settings and enterprise app data            | Allow all or none of your users to sync settings and app data across multiple devices. Tenants with Microsoft Entra ID P1 or P2 are permitted to select specific users to allow.                                                                                                                                                  |
 <a name='clear-azure-ad-tokens'></a>
 ## Clear Microsoft Entra tokens  
 Your Intune tenant can only have 500 active Microsoft Entra tokens, or packages, at a time. You'll receive a notification in the Intune portal when you reach 500 active tokens.
 To reduce your inventory, clear out all unnecessary and inactive tokens.
 1. Go to **Microsoft Entra ID** > **Users** > **All users**  
 2. In the **User Name** column, select and delete all accounts with a **package\ _**
 prefix. These accounts are created at a 1:1 ratio for every token and are safe
 to delete.   
 3. Select and delete inactive and expired user accounts. 
 ### How do I know if my package expired?
 Automated Microsoft Entra tokens expire after 180 days. The expiration date for each token is appended to the end of the saved provisioning package, on the USB drive. After this date, you must create a new package. Be careful that you don't delete active accounts.  
 ![Screenshot of the Azure portal, Microsoft Entra ID, All Users page. Highlights all accounts that start with the prefix package_ and can be deleted.](images/suspcs/suspc-admin-token-delete-1807.png)  
 ## Next steps    
 Learn more about setting up devices with the Set up School PCs app.  
 * [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
 * [Set up School PCs technical reference](set-up-school-pcs-technical.md)
 * [Set up Windows 10 devices for education](set-up-windows-10.md) 
 When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@ -2,7 +2,7 @@
 title: Set up School PCs app technical reference overview
 description: Describes the purpose of the Set up School PCs app for Windows 10 devices.
 ms.topic: overview
-ms.date: 08/10/2022
+ms.date: 01/16/2024
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
@ -14,47 +14,36 @@ The **Set up School PCs** app helps you configure new Windows 10 PCs for school
 If your school uses Microsoft Entra ID or Office 365, the Set up
 School PCs app will create a setup file. This file joins the PC to your Microsoft Entra tenant. The app also helps set up PCs for use with or without Internet connectivity.  
-<a name='join-pc-to-azure-active-directory'></a>
+## Join devices to Microsoft Entra ID
-## Join PC to Microsoft Entra ID
+If your school uses Microsoft Entra ID or Office 365, the Set up School PCs app creates a setup file that joins your PC to your Microsoft Entra ID tenant.
 If your school uses Microsoft Entra ID or Office 365, the Set up
 School PCs app creates a setup file that joins your PC to your Azure Active
 Directory tenant. 
 The app also helps set up PCs for use with or without Internet connectivity.
 ## List of Set up School PCs features
 The following table describes the Set up School PCs app features and lists each type of Intune subscription. An X indicates that the feature is available with the specific subscription.
-| Feature                                                                                                | No Internet | Microsoft Entra ID | Office 365 | Microsoft Entra ID P1 or P2 |
+| Feature | No Internet | Microsoft Entra ID | Office 365 | Microsoft Entra ID P1 or P2 |
-|--------------------------------------------------------------------------------------------------------|-------------|----------|------------|------------------|
+|--|--|--|--|--|
-| **Fast sign-in**                                                                                       | X           | X        | X          | X                |
+| **Fast sign-in** | X | X | X | X |
-| Students sign in and start using the computer in under a minute, even on initial sign-in.              |             |          |            |                  |
+| Students sign in and start using the computer in under a minute, even on initial sign-in. |  |  |  |  |
-| **Custom Start experience**                                                                            | X           | X        | X          | X                |
+| **Custom Start experience** | X | X | X | X |
-| Necessary classroom apps are pinned to Start and unnecessary apps are removed.                         |             |          |            |                  |
+| Necessary classroom apps are pinned to Start and unnecessary apps are removed. |  |  |  |  |
-| **Guest account, no sign-in required**                                                                 | X           | X        | X          | X                |
+| **Guest account, no sign-in required** | X | X | X | X |
-| Set up computers for use by anyone with or without an account.                                         |             |          |            |                  |
+| Set up computers for use by anyone with or without an account. |  |  |  |  |
-| **School policies**                                                                                    | X           | X        | X          | X                |
+| **School policies** | X | X | X | X |
-| Settings create a relevant, useful learning environment and optimal computer performance.              |             |          |            |                  |
+| Settings create a relevant, useful learning environment and optimal computer performance. |  |  |  |  |
-| **Microsoft Entra join**                                                                                      |             | X        | X          | X                |
+| **Microsoft Entra join** |  | X | X | X |
-| Computers join with your existing Microsoft Entra ID or Office 365 subscription for centralized management.      |             |          |            |                  |
+| Computers join with your existing Microsoft Entra ID or Office 365 subscription for centralized management. |  |  |  |  |
-| **Single sign-on to Office 365**                                                                       |             |          | X          | X                |
+| **Single sign-on to Office 365** |  |  | X | X |
-| Students sign in with their IDs to access all Office 365 web apps or installed Office apps.            |             |          |            |                  |
+| Students sign in with their IDs to access all Office 365 web apps or installed Office apps. |  |  |  |  |
-| **Take a Test app**                                                                                    |             |          |            | X                |
+| **Take a Test app** |  |  |  | X |
-| Administer quizzes and assessments through test providers such as Smarter Balanced.                    |             |          |            |                  |
+| Administer quizzes and assessments through test providers such as Smarter Balanced. |  |  |  |  |
-| [Settings roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) **via Microsoft Entra ID** |             |          |            | X                |
+| [Settings roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) **via Microsoft Entra ID** |  |  |  | X |
-| Synchronize student and application data across devices for a personalized experience.                 |             |          |            |                  |
+| Synchronize student and application data across devices for a personalized experience. |  |  |  |  |
-> [!NOTE]
+>[!NOTE]
->   If your school uses Active Directory, use [Windows Configuration
+>You can only use the Set up School PCs app to set up PCs that are connected to Microsoft Entra ID.
 >   Designer](set-up-students-pcs-to-join-domain.md) 
 >   to configure your PCs to join the domain. You can only use the Set up School
 >   PCs app to set up PCs that are connected to Microsoft Entra ID.
 ## Next steps  
 Learn more about setting up devices with the Set up School PCs app.  
 * [Microsoft Entra join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
 * [What's in my provisioning package](set-up-school-pcs-provisioning-package.md)
 * [Set up Windows 10 devices for education](set-up-windows-10.md) 
 When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@ -1,59 +0,0 @@
 ---
 title: Set up student PCs to join domain
 description: Learn how to use Windows Configuration Designer to provision student devices to join Active Directory.
 ms.topic: how-to
 ms.date: 08/10/2022
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Set up student PCs to join domain
 If your school uses Active Directory, use the Windows Configuration Designer tool to create a provisioning package that will configure a PC for student use that is joined to the Active Directory domain. 
 ## Install Windows Configuration Designer
 Follow the instructions in [Install Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
 ## Create the provisioning package
 Follow the steps in [Provision PCs with common settings for initial deployment (desktop wizard)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment). However, make a note of these steps to further customize the provisioning package for use in a school that will join a student PC to a domain:
 1. In the **Account Management** step:
    > [!WARNING] 
    > If you don't create a local administrator account and the device fails to enroll in Active Directory for any reason, you'll have to reimage the device and start over. As a best practice, we recommend:
    >   - Use a least-privileged domain account to join the device to the domain.
    >   - Create a temporary administrator account to use for debugging or reprovisioning if the device fails to enroll successfully.
    >   - [Use Group Policy to delete the temporary administrator account](/archive/blogs/canitpro/group-policy-creating-a-standard-local-admin-account) after the device is enrolled in Active Directory.
 2. After you're done with the wizard, don't click **Create**. Instead, click the **Switch to advanced editor** to switch the project to the advanced editor to see all the available **Runtime settings**.
 3. Find the **SharedPC** settings group.
    - Set **EnableSharedPCMode** to **TRUE** to configure the PC for shared use.
 4. (Optional) To configure the PC for secure testing, follow these steps.
   1. Under **Runtime settings**, go to **AssignedAccess > AssignedAccessSettings**.
   2. Enter **{"Account":"*redmond\\kioskuser*","AUMID":” Microsoft.Windows.SecureAssessmentBrowser_cw5n1h2txyewy!App "}**, using the account that you want to set up.
      **Figure 7** - Add the account to use for test-taking
      ![Add the account to use for test-taking.](images/wcd/wcd_settings_assignedaccess.png)
      The account can be in one of the following formats:
      - username
      - domain\username
      - computer name\\username
      - username@tenant.com
   3. Under **Runtime settings**, go to **TakeATest** and configure the following settings:
      1. In **LaunchURI**, enter the assessment URL.
      2. In **TesterAccount**, enter the test account you entered in the previous step.
 5. To configure other settings to make Windows education ready, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md) and follow the guidance on what settings you can set using Windows Configuration Designer.
 6. Follow the steps to [build a package](/windows/configuration/provisioning-packages/provisioning-create-package#build-package). 
   - You'll see the file path for your provisioning package. By default, this path is set to %windir%\Users\*your_username<em>\Windows Imaging and Configuration Designer (WICD)\*Project name</em>). 
   - Copy the provisioning package to a USB drive.
     > [!IMPORTANT]
     > When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 ## Apply package
 Follow the steps in [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package) to apply the package that you created.
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@ -1,25 +0,0 @@
 ---
 title: Provision student PCs with apps
 description: Learn how to use Windows Configuration Designer to easily provision student devices to join Active Directory.
 ms.topic: how-to
 ms.date: 08/10/2022
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Provision student PCs with apps
 To create and apply a provisioning package that contains apps to a device running all desktop editions of Windows 10 except Windows 10 Home, follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps).
 Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
 You can apply a provisioning package on a USB drive to off-the-shelf devices during setup, making it fast and easy to configure new devices.
 - If you want to [provision a school PC to join a domain](set-up-students-pcs-to-join-domain.md) and add apps in the same provisioning package, follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps).
 - If you want to provision a school PC to join Microsoft Entra ID, set up the PC using the steps in [Use Set up School PCs App](use-set-up-school-pcs-app.md). Set up School PCs now lets you add recommended apps from the Store so you can add these apps while you're creating your package through Set up School PCs. You can also follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps) if you want to add apps to student PCs after initial setup with the Set up School PCs package.
 ## Learn more
 -[Develop Universal Windows Education apps](/windows/uwp/apps-for-education/)
 - [Build and apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package)
--- a/education/windows/set-up-windows-10.md
+++ b/education/windows/set-up-windows-10.md
@ -1,33 +0,0 @@
 ---
 title: Set up Windows devices for education
 description: Decide which option for setting up Windows 10 is right for you.
 ms.topic: overview
 ms.date: 08/10/2022
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Set up Windows devices for education
 You have two tools to choose from to set up PCs for your classroom:
 - Set up School PCs 
 - Windows Configuration Designer
 Choose the tool that is appropriate for how your students will sign in (Active Directory, Microsoft Entra ID, or no account).
 You can use the following diagram to compare the tools.
 ![Which tool to use to set up Windows 10.](images/suspcs/suspc_wcd_featureslist.png)
 ## In this section
 - [Use the Set up School PCs app](use-set-up-school-pcs-app.md)
 - [Technical reference for the Set up School PCs app](set-up-school-pcs-technical.md)
 - [Set up student PCs to join domain](set-up-students-pcs-to-join-domain.md)
 - [Provision student PCs with apps](set-up-students-pcs-with-apps.md)
 ## Related topics
 [Take tests in Windows](take-tests-in-windows.md)
 [Deploy Windows 10 in a school](deploy-windows-10-in-a-school.md)S
--- a/education/windows/toc.yml
+++ b/education/windows/toc.yml
@ -26,8 +26,6 @@ items:
        href: /windows/deployment/windows-10-pro-in-s-mode?context=/education/context/context
      - name: Deploy Win32 apps to S Mode devices
        href: /windows/security/threat-protection/windows-defender-application-control/lob-win32-apps-on-s?context=/education/context/context
    - name: Windows 10 editions for education customers
      href: windows-editions-for-education-customers.md
    - name: Considerations for shared and guest devices
      href: /windows/configuration/shared-devices-concepts?context=/education/context/context
    - name: Windows 10 configuration recommendations for education customers
@ -56,8 +54,6 @@ items:
      href: use-set-up-school-pcs-app.md
    - name: Upgrade Windows Home to Windows Education on student-owned devices
      href: change-home-to-edu.md
    - name: Reset devices with Autopilot Reset
      href: autopilot-reset.md
 - name: Reference
  items:
    - name: Set up School PCs
@ -66,8 +62,6 @@ items:
        href: set-up-school-pcs-technical.md
      - name: Provisioning package settings
        href: set-up-school-pcs-provisioning-package.md
      - name: What's new in Set up School PCs
        href: set-up-school-pcs-whats-new.md
    - name: Take a Test technical reference
      href: take-a-test-app-technical.md
    - name: Shared PC technical reference
--- a/education/windows/tutorial-school-deployment/configure-device-apps.md
+++ b/education/windows/tutorial-school-deployment/configure-device-apps.md
@ -1,7 +1,7 @@
 ---
 title: Configure applications with Microsoft Intune
 description: Learn how to configure applications with Microsoft Intune in preparation for device deployment.
-ms.date: 03/08/2023
+ms.date: 01/16/2024
 ms.topic: tutorial
 ---
@ -14,11 +14,12 @@ Applications can be assigned to groups:
 - If you target apps to a **group of users**, the apps will be installed on any managed devices that the users sign into
 - If you target apps to a **group of devices**, the apps will be installed on those devices and available to any user who signs in
 In this section you will:
 > [!div class="checklist"]
-> * Add apps to Intune for Education
+>In this section you will:
-> * Assign apps to groups
+>
-> * Review some considerations for Windows 11 SE devices
+> - Add apps to Intune for Education
 > - Assign apps to groups
 > - Review some considerations for Windows 11 SE devices
 ## Add apps to Intune for Education
--- a/education/windows/tutorial-school-deployment/configure-device-settings.md
+++ b/education/windows/tutorial-school-deployment/configure-device-settings.md
@ -1,7 +1,7 @@
 ---
 title: Configure and secure devices with Microsoft Intune
 description: Learn how to configure policies with Microsoft Intune in preparation for device deployment.
-ms.date: 11/09/2023
+ms.date: 01/16/2024
 ms.topic: tutorial
 ---
@ -23,12 +23,14 @@ There are two ways to manage settings in Intune for Education:
 > [!NOTE]
 > Express Configuration is ideal when you are getting started. Settings are pre-configured to Microsoft-recommended values, but can be changed to fit your school's needs. It is recommended to use Express Configuration to initially set up your Windows devices.
-In this section you will:
+
 > [!div class="checklist"]
-> * Configure settings with Express Configuration
+>In this section you will:
-> * Configure group settings
+>
-> * Create Windows Update policies
+> - Configure settings with Express Configuration
-> * Configure security policies
+> - Configure group settings
 > - Create Windows Update policies
 > - Configure security policies
 ## Configure settings with Express Configuration
--- a/education/windows/tutorial-school-deployment/configure-devices-overview.md
+++ b/education/windows/tutorial-school-deployment/configure-devices-overview.md
@ -11,11 +11,13 @@ Before distributing devices to your users, you must ensure that the devices will
 Microsoft Intune uses Microsoft Entra groups to assign policies and applications to devices.
 With Microsoft Intune for Education, you can conveniently create groups and assign policies and applications to them.
-In this section you will:
+
 > [!div class="checklist"]
-> * Create groups
+>In this section you will:
-> * Create and assign policies to groups
+>
-> * Create and assign applications to groups
+> - Create groups
 > - Create and assign policies to groups
 > - Create and assign applications to groups
 ## Create groups
--- a/education/windows/tutorial-school-deployment/enroll-autopilot.md
+++ b/education/windows/tutorial-school-deployment/enroll-autopilot.md
@ -1,7 +1,7 @@
 ---
 title: Enrollment in Intune with Windows Autopilot
 description: Learn how to join Microsoft Entra ID and enroll in Intune using Windows Autopilot.
-ms.date: 03/08/2023
+ms.date: 01/16/2024
 ms.topic: tutorial
 ---
@ -61,8 +61,9 @@ More advanced dynamic membership rules can be created from Microsoft Intune admi
 For Autopilot devices to offer a customized OOBE experience, you must create **Windows Autopilot deployment profiles** and assign them to a group containing the devices.
 A deployment profile is a collection of settings that determine the behavior of the device during OOBE. Among other settings, a deployment profile specifies a **deployment mode**, which can either be:
 1. **User-driven:** devices with this profile are associated with the user enrolling the device. User credentials are required to complete the Microsoft Entra join process during OOBE
-1. **Self-deploying:** devices with this profile aren't associated with the user enrolling the device. User credentials aren't required to complete the Microsoft Entra join process. Rather, the device is joined automatically and, for this reason, specific hardware requirements must be met to use this mode.
+1. **Self-deploying:** devices with this profile aren't associated with the user enrolling the device. User credentials aren't required to complete the Microsoft Entra join process. Rather, the device is joined automatically and, for this reason, specific hardware requirements must be met to use this mode
 To create an Autopilot deployment profile:
@ -142,8 +143,6 @@ With the devices joined to Microsoft Entra tenant and managed by Intune, you can
 [M365-1]: https://support.office.com/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-abb1-355ea5aa88a2
 [EDU-1]: /education/windows/windows-11-se-overview
 [EDU-2]: /intune-education/windows-11-se-overview#windows-autopilot
 [EDU-3]: ../tutorial-deploy-apps-winse/considerations.md#enrollment-status-page
 [SURF-1]: /surface/surface-autopilot-registration-support
--- a/education/windows/tutorial-school-deployment/set-up-microsoft-entra-id.md
+++ b/education/windows/tutorial-school-deployment/set-up-microsoft-entra-id.md
@ -1,7 +1,7 @@
 ---
 title: Set up Microsoft Entra ID
 description: Learn how to create and prepare your Microsoft Entra tenant for an education environment.
-ms.date: 11/09/2023
+ms.date: 01/16/2024
 ms.topic: tutorial
 appliesto:
 ---
@ -12,12 +12,13 @@ The Microsoft platform for education simplifies the management of Windows device
 Microsoft Entra ID, which is included with the Microsoft 365 Education subscription, provides authentication and authorization to any Microsoft cloud services. Identity objects are defined in Microsoft Entra ID for human identities, like students and teachers, as well as non-human identities, like devices, services, and applications. Once users get Microsoft 365 licenses assigned, they'll be able to consume services and access resources within the tenant. With Microsoft 365 Education, you can manage identities for your teachers and students, assign licenses to devices and users, and create groups for the classrooms.
 In this section you will:
 > [!div class="checklist"]
-> * Set up a Microsoft 365 Education tenant
+>In this section you will:
-> * Add users, create groups, and assign licenses
+>
-> * Configure school branding
+> - Set up a Microsoft 365 Education tenant
-> * Enable bulk enrollment
+> - Add users, create groups, and assign licenses
 > - Configure school branding
 > - Enable bulk enrollment
 ## Create a Microsoft 365 tenant
@ -45,7 +46,7 @@ For more information, see [Overview of the Microsoft 365 admin center][M365-2].
 With the Microsoft 365 tenant in place, it's time to add users, create groups, and assign licenses. All students and teachers need a user account before they can sign in and access the different Microsoft 365 services. There are multiple ways to do this, including using School Data Sync (SDS), synchronizing an on-premises Active Directory, manually, or a combination of the above.
 > [!NOTE]
-> Synchronizing your Student Information System (SIS) with School Data Sync is the preferred way to create students and teachers as users in a Microsoft 365 Education tenant. However, if you want to integrate an on-premises directory and synchronize accounts to the cloud, skip to [<u>Azure Active Directory Sync</u>](#azure-active-directory-sync) below.
+> Synchronizing your Student Information System (SIS) with School Data Sync is the preferred way to create students and teachers as users in a Microsoft 365 Education tenant. However, if you want to integrate an on-premises directory and synchronize accounts to the cloud, skip to [Microsoft Entra Connect Sync](#microsoft-entra-connect-sync) below.
 ### School Data Sync
@ -61,7 +62,7 @@ For more information, see [Overview of School Data Sync][SDS-1].
 >
 > Remember that you should typically deploy test SDS data (users, groups, and so on) in a separate test tenant, not your school production environment.
-### Azure Active Directory Sync
+### Microsoft Entra Connect Sync
 To integrate an on-premises directory with Microsoft Entra ID, you can use **Microsoft Entra Connect** to synchronize users, groups, and other objects. Microsoft Entra Connect lets you configure the authentication method appropriate for your school, including:
--- a/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
+++ b/education/windows/tutorial-school-deployment/set-up-microsoft-intune.md
@ -1,7 +1,7 @@
 ---
 title: Set up device management
 description: Learn how to configure the Intune service and set up the environment for education.
-ms.date: 11/09/2023
+ms.date: 01/16/2024
 ms.topic: tutorial
 appliesto:
 ---
@ -18,10 +18,11 @@ The Microsoft Intune service can be managed in different ways, and one of them i
 For more information, see [Intune for Education documentation][INT-1].
 In this section you will:
 > [!div class="checklist"]
-> * Review Intune's licensing prerequisites
+>In this section you will:
-> * Configure the Intune service for education devices
+>
 > - Review Intune's licensing prerequisites
 > - Configure the Intune service for education devices
 ## Prerequisites
--- a/education/windows/windows-11-se-faq.yml
+++ b/education/windows/windows-11-se-faq.yml
@ -3,7 +3,7 @@ metadata:
  title: Windows 11 SE Frequently Asked Questions (FAQ)
  description: Use these frequently asked questions (FAQ) to learn important details about Windows 11 SE.   
  ms.topic: faq
-  ms.date: 03/09/2023
+  ms.date: 01/16/2024
  appliesto:
    - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@ -2,7 +2,7 @@
 title: Windows 11 SE Overview
 description: Learn about Windows 11 SE, and the apps that are included with the operating system.
 ms.topic: overview
-ms.date: 11/02/2023
+ms.date: 01/09/2024
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
 ms.collection:
@ -88,6 +88,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `AristotleK12 Borderless Classroom `      | 3.0.11.           | `Win32`    | `Sergeant Laboratories`                   |
 | `AristotleK12 Analytics `                 | 10.0.6            | `Win32`    | `Sergeant Laboratories`                   |
 | `AristotleK12 Network filter`             | 3.1.10            | `Win32`    | `Sergeant Laboratories`                   |
 | `Bluebook`                                | 0.9.203            | `Win32`    | `Collegeboard`                           |
 | `Brave Browser`                           | 106.0.5249.119    | `Win32`    | `Brave`                                   |
 | `Bulb Digital Portfolio`                  | 0.0.7.0           | `Store`  | `Bulb`                                    |
 | `CA Secure Browser`                       | 15.0.0            | `Win32`    | `Cambium Development`                     |
@ -101,8 +102,9 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `ContentKeeper Cloud`                     | 9.01.45           | `Win32`    | `ContentKeeper Technologies`              |
 | `DigiExam`                                | 14.1.0            | `Win32`    | `Digiexam`                                |
 | `Digital Secure testing browser`          | 15.0.0            | `Win32`    | `Digiexam`                                |
 | `Dolphin Guide Connect`                   | 1.25              | `Win32`    | `Dolphin Guide Connect`                   |
 | `Dragon Professional Individual`          | 15.00.100         | `Win32`    | `Nuance Communications`                   |
-| `DRC INSIGHT Online Assessments`          | 13.0.0.0          | `Store`  | `Data recognition Corporation`            |
+| `DRC INSIGHT Online Assessments`          | 14.0.0.0          | `Store`  | `Data recognition Corporation`              |
 | `Duo from Cisco`                          | 3.0.0             | `Win32`    | `Cisco`                                   |
 | `Dyknow`                                  | 7.9.13.7          | `Win32`    | `Dyknow`                                  |
 | `e-Speaking Voice and Speech recognition` | 4.4.0.11          | `Win32`    | `e-speaking`                              |
@ -125,9 +127,9 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Impero Backdrop Client`                  | 5.0.151           | `Win32`    | `Impero Software`                         |
 | `IMT Lazarus`                             | 2.86.0            | `Win32`    | `IMTLazarus`                              |
 | `Inspiration 10`                          | 10.11             | `Win32`    | `TechEdology Ltd`                         |
-| `JAWS for Windows`                        | 2022.2112.24      | `Win32`    | `Freedom Scientific`                      |
+| `JAWS for Windows`                        | 2023.2307.37      | `Win32`    | `Freedom Scientific`                      |
 | `Kite Student Portal`                     | 9.0.0.0           | `Win32`    | `Dynamic Learning Maps`                   |
-| `Keyman`                                  | 16.0.141          | `Win32`    | `SIL International`                       |
+| `Keyman`                                  | 16.0.142          | `Win32`    | `SIL International`                       |
 | `Kortext`                                 | 2.3.433.0         | `Store`  | `Kortext`                                 |
 | `Kurzweil 3000 Assistive Learning`        | 20.13.0000        | `Win32`    | `Kurzweil Educational Systems`            |
 | `LanSchool Classic`                       | 9.1.0.46          | `Win32`    | `Stoneware, Inc.`                         |
@ -135,10 +137,13 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Lexibar`                                 | 3.07.02           | `Win32`    | `Lexibar`                                 |
 | `LGfL HomeProtect`                        | 8.3.44.11         | `Win32`    | `LGFL`                                    |
 | `Lightspeed Smart Agent`                  | 1.9.1             | `Win32`    | `Lightspeed Systems`                      |
-| `Lightspeed Filter Agent`                 | 2.3.4             | `Win32`    | `Lightspeed Systems`                      |
+| `Lightspeed Classroom`                    | 3.4.5.0           | `Win32`    | `Lightspeed Systems`                      |
 | `Lightspeed Filter Agent`                 | 2.5.2             | `Win32`    | `Lightspeed Systems`                      |
 | `Lightspeed Digital`                      | 3.12.3.11         | `Win32`    | `Lightspeed Systems`                      |
 | `Linewize Authentication agent `          |1.4.1              | `Win32`    | `Linewize`                                |
 | `MetaMoJi ClassRoom`                      | 3.12.4.0          | `Store`    | `MetaMoJi Corporation`                    |
 | `Microsoft Connect`                       | 10.0.22000.1      | `Store`    | `Microsoft`                               |
 | `Mind+ Desktop`                           | 1.8.0             | `Win32`    | `Mind+Desktop`                            |
 | `Mozilla Firefox`                         | 116.0.2           | `Win32`    | `Mozilla`                                 |
 | `Mobile Plans`                            | 5.1911.3171.0     | `Store`    | `Microsoft Corporation`                   |
 | `Musescore`                               | 4.1.1.232071203   | `Win32`    | `Musescore`                               |
@ -157,19 +162,20 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `PaperCut`                                | 22.0.6            | `Win32`    | `PaperCut Software International Pty Ltd` |
 | `Pearson TestNav`                         | 1.11.3            | `Store`    | `Pearson`                                 |
 | `Project Monarch Outlook`                 | 1.2023.831.400    | `Store`    | `Microsoft`                               |
-| `Questar Secure Browser`                  | 5.0.1.456         | `Win32`    | `Questar, Inc`                            |
+| `Questar Secure Browser`                  | 5.0.5.536         | `Win32`    | `Questar, Inc`                            |
 | `ReadAndWriteForWindows`                  | 12.0.78           | `Win32`    | `Texthelp Ltd.`                           |
 | `Remote Desktop client (MSRDC)`           | 1.2.4487.0        | `Win32`    | `Microsoft`                               |
-| `Remote Help`                             | 4.0.1.13          | `Win32`    | `Microsoft`                               |
+| `Remote Help`                             | 5.0.1311.0        | `Win32`    | `Microsoft`                               |
 | `Respondus Lockdown Browser`              | 2.0.9.03          | `Win32`    | `Respondus`                               |
 | `Safe Exam Browser`                       | 3.5.0.544         | `Win32`    | `Safe Exam Browser`                       |
-|`SchoolYear`                               | 3.5.4             | `Win32`    |`SchoolYear`                              |
+|`SchoolYear`                               | 3.5.4             | `Win32`    |`SchoolYear`                               |
-|`School Manager`                           | 3.6.8.1109        | `Win32`    |`School Manager`                           |
+|`School Manager`                           | 3.6.10-1149       | `Win32`    |`Linewize`                                 |
 |`Schoolnet Secure Tester`                  |  2.1.0            | `Win32`    |`School Net`                               |
 |`Scratch`                                  | 3.0               | `Win32`    |`MIT`                                      |
-| `Senso.Cloud`                             | 2021.11.15.0      | `Win32`    | `Senso.Cloud`                             |
+| `Senso.Cloud`                             |2021.11.15.0       | `Win32`    | `Senso.Cloud`                             |
 | `Skoolnext`                               | 2.19              | `Win32`    | `Skool.net`                               |
 | `Smoothwall Monitor`                      | 2.9.2             | `Win32`    | `Smoothwall Ltd`                          |
-| `SuperNova Magnifier & Screen Reader`     | 22.02             | `Win32`    | `Dolphin Computer Access`                 |
+| `SuperNova Magnifier & Screen Reader`     | 22.03             | `Win32`    | `Dolphin Computer Access`                 |
 | `SuperNova Magnifier & Speech`            | 21.03             | `Win32`    | `Dolphin Computer Access`                 |
 |`TX Secure Browser`                        | 15.0.0            | `Win32`    | `Cambium Development`                     |
 | `VitalSourceBookShelf`                    | 10.2.26.0         | `Win32`    | `VitalSource Technologies Inc`            |
@ -218,4 +224,4 @@ For more information on Intune requirements for adding education apps, see [Conf
 [EDUWIN-1]: /education/windows/tutorial-school-deployment/configure-device-apps
 [EDUWIN-2]: /education/windows/tutorial-school-deployment/
-[WIN-1]: /windows/whats-new/windows-11-requirements
+[WIN-1]: /windows/whats-new/windows-11-requirements
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@ -1,46 +0,0 @@
 ---
 title: Windows 10 editions for education customers
 description: Learn about the two Windows 10 editions that are designed for the needs of education institutions.
 ms.topic: overview
 ms.date: 07/25/2023
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Windows 10 editions for education customers
 Windows 10 offers various new features and functionalities, such as simplified provisioning with the [Set up School PCs app](./use-set-up-school-pcs-app.md) or [Windows Configuration Designer](./set-up-students-pcs-to-join-domain.md), easier delivery of digital assessments with [Take a Test](./take-tests-in-windows.md), and faster sign-in performance for shared devices than ever before. These features work with all Windows for desktop editions, excluding Windows 10 Home. You can find more information on [windows.com](https://www.windows.com/).
 Windows 10 introduces two editions designed for the unique needs of K-12 institutions: [Windows 10 Pro Education](#windows-10-pro-education) and [Windows 10 Education](#windows-10-education). These editions provide education-specific default settings for the evolving landscape in K-12 education IT environments.
 ## Windows 10 Pro Education
 Windows 10 Pro Education builds on the commercial version of Windows 10 Pro and provides important management controls needed in schools. Windows 10 Pro Education is a variant of Windows 10 Pro that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions).
 Windows 10 Pro Education is available on new devices pre-installed with Windows 10, version 1607 or newer versions that are purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future).
 Existing devices running Windows 10 Pro, currently activated with the original OEM digital product key and purchased with discounted K-12 academic licenses through OEM partners (these discounted licenses are sometimes referred to as National Academic or Shape the Future), will upgrade automatically to Windows 10 Pro Education as part of the Windows 10, version 1607 installation.
 Customers with Academic Volume Licensing agreements with rights for Windows can get Windows 10 Pro Education through the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx).
 Customers who deploy Windows 10 Pro are able to configure the product to have similar feature settings to Windows 10 Pro Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions). We recommend that K-12 customers using commercial Windows 10 Pro read the [document](/windows/configuration/manage-tips-and-suggestions) and apply desired settings for your environment.
 ## Windows 10 Education
 Windows 10 Education builds on Windows 10 Enterprise and provides the enterprise-grade manageability and security desired by many schools. Windows 10 Education is effectively a variant of Windows 10 Enterprise that provides education-specific default settings. These default settings disable tips, tricks and suggestions & Microsoft Store suggestions. More detailed information on these default settings is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions).
 Windows 10 Education is available through Microsoft Volume Licensing. Customers who are already running Windows 10 Education can upgrade to Windows 10, version 1607 or newer versions through Windows Update or from the [Volume Licensing Service Center](https://www.microsoft.com/Licensing/servicecenter/default.aspx). We recommend Windows 10 Education to all K-12 customers as it provides the most complete and secure edition for education environments. If you don't have access to Windows 10 Education, contact your Microsoft representative or see more information [here](https://go.microsoft.com/fwlink/?LinkId=822628).
 Customers who deploy Windows 10 Enterprise are able to configure the product to have similar feature settings to Windows 10 Education using policies. More detailed information on these policies and the configuration steps required is available in [Manage Windows 10 and Microsoft Store tips, tricks, and suggestions](/windows/configuration/manage-tips-and-suggestions). We recommend that K-12 customers using commercial Windows 10 Enterprise read the [document](/windows/configuration/manage-tips-and-suggestions) and apply desired settings for your environment.
 For any other questions, contact [Microsoft Customer Service and Support](https://support.microsoft.com/en-us).
 ## Related topics
 - [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md)
 - [Windows deployment for education](./index.yml)
 - [Windows 10 upgrade paths](/windows/deployment/upgrade/windows-10-upgrade-paths)
 - [Volume Activation for Windows 10](/windows/deployment/volume-activation/volume-activation-windows-10)
 - [Plan for volume activation](/windows/deployment/volume-activation/plan-for-volume-activation-client)
 - [Windows 10 subscription activation](/windows/deployment/windows-10-subscription-activation)
 - 
--- a/includes/licensing/windows-defender-system-guard.md
+++ b/includes/licensing/windows-defender-system-guard.md
@ -7,13 +7,13 @@ ms.topic: include
 ## Windows edition and licensing requirements
-The following table lists the Windows editions that support Windows Defender System Guard:
+The following table lists the Windows editions that support System Guard:
 |Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
 |:---:|:---:|:---:|:---:|
 |Yes|Yes|Yes|Yes|
-Windows Defender System Guard license entitlements are granted by the following licenses:
+System Guard license entitlements are granted by the following licenses:
 |Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
 |:---:|:---:|:---:|:---:|:---:|
--- a/store-for-business/release-history-microsoft-store-business-education.md
+++ b/store-for-business/release-history-microsoft-store-business-education.md
@ -8,7 +8,7 @@ ms.author: cmcatee
 author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
-ms.date: 06/29/2023
+ms.date: 01/11/2024
 ms.reviewer: 
 ---
@ -22,9 +22,17 @@ Because Microsoft Store for Business and Education will be retired, we no longer
 Looking for info on the latest release? Check out [What's new in Microsoft Store for Business and Education](whats-new-microsoft-store-business-education.md)
 ## January 2024
 **Removal of private store capability from Microsoft Store for Business and Education**
 The private store tab and associated functionality was removed from the Microsoft Store for Business and Education portal. This includes the ability to add apps to private groups and to download and install apps from the private store.  
 We recommend customers use the [Private app repository, Windows Package Manager, and Company Portal app](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) to provide a private app repository within their organization.
 ## May 2023
-### Removal of Microsoft Store for Business tab from Microsoft Store app on Windows 10 PCs
+**Removal of Microsoft Store for Business tab from Microsoft Store app on Windows 10 PCs**
 The Microsoft Store for Business tab was removed from the Microsoft Store app on Windows 10. The Microsoft Store for Business tab is still available on HoloLens devices.
@ -45,33 +53,41 @@ We recommend that you add your apps through the new Microsoft Store app experien
 Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess) where we will publish more information about this change.
 ## April 2023
 - **Tab removed from Microsoft Store apps on Windows 11 PCs** – The Microsoft Store for Business tab was removed from Microsoft Store apps on Windows 11 PCs. An interaction with existing MDM and GPO policies may lead to customers seeing errors when accessing the Microsoft Store app. [Get more info](manage-access-to-private-store.md#microsoft-store-for-business-tab-removed)
 ## October 2018
 - **Use security groups with Private store apps** - On the details page for apps in your private store, you can set Private store availability. This allows you to choose which security groups can see an app in the private store. [Get more info](app-inventory-management-microsoft-store-for-business.md)
 ## September 2018
 - **Performance improvements** - With updates and improvements in the private store, most changes, like adding an app, will take fifteen minutes or less. [Get more info](/microsoft-store/manage-private-store-settings#private-store-performance)
 ## August 2018
 - **App requests** - People in your organization can make requests for apps that they need. hey can also request them on behalf of other people. Admins review requests and can decide on purchases. [Get more info](./acquire-apps-microsoft-store-for-business.md#allow-app-requests)
 ## July 2018
 - Bug fixes and performance improvements.
 ## June 2018
- **Change order within private store collection** - Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection. 
+
 - **Change order within private store collection** - Continuing our focus on improvements for private store, now you can customize the order of products in each private store collection.
 - **Performance improvements in private store** - We continue to work on performance improvements in the private store. Now, most products new to your inventory are available in your private store within 15 minutes of adding them. [Get more info](./manage-private-store-settings.md#private-store-performance)
 ## May 2018
 - **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it.  
 ## April 2018
 - **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We'll figure out who's in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we'll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
 - **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections. 
 - **Office 365 subscription management** -  We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.
 ## March 2018
 - **Performance improvements in private store** - We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. [Get more info](./manage-private-store-settings.md#private-store-performance)
 - **Private store collection updates** - We've made it easier to find apps when creating private store collections – now you can search and filter results. 
 [Get more info](./manage-private-store-settings.md#private-store-collections) 
@ -79,19 +95,23 @@ Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess)
 - **Upgrade Microsoft 365 trial subscription** - Customers with Office 365 can upgrade their subscription and automatically re-assign their user licenses over to a new target subscription. For example, you could upgrade your Office 365 for business subscription to a Microsoft 365 for business subscription.
 ## January and February 2018
 - **One place for apps, software, and subscriptions** - The new **Products &amp; services** page in Microsoft Store for Business and Education gives customers a single place to manage all products and services.
 - **Create collections of apps in your private store** - Use **collections** to customize your private store. Collections allow you to create groups of apps that are commonly used in your organization or school -- you might create a collection for a Finance department, or a 6th-grade class. [Get more info](./manage-private-store-settings.md#private-store-collections)
 - **Upgrade Office 365 trial subscription** - Customers with Office 365 trials can now transition their trial to a paid subscription in Microsoft Store for Business. This works for trials you acquired from Microsoft Store for Business, or Office Admin Portal.
 - **Supporting Microsoft Product and Services Agreement customers** - If you are purchasing under the Microsoft Products and Services Agreement (MPSA), you can use Microsoft Store for Business. Here you will find access to Products & Services purchased, Downloads & Keys, Software Assurance benefits, Order history, and Agreement details.
- **Microsoft Product and Services Agreement customers can invite people to take roles** - MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role. 
+- **Microsoft Product and Services Agreement customers can invite people to take roles** - MPSA admins can invite people to take Microsoft Store for Business roles even if the person is not in their tenant. You provide an email address when you assign the role, and we'll add the account to your tenant and assign the role.
 ## December 2017
 - Bug fixes and performance improvements.
 ## November 2017
 - **Export list of Minecraft: Education Edition users** - Admins and teachers can now export a list of users who have Minecraft: Education Edition licenses assigned to them. Click **Export users**, and Store for Education creates an Excel spreadsheet for you, and saves it as a .csv file.
 ## October 2017
 - Bug fixes and performance improvements.
 ## September 2017
@ -102,4 +122,4 @@ Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess)
 - **Manage prepaid Office 365 subscriptions** - Office 365 prepaid subscriptions can be redeemed using a prepaid token. Tokens are available through 3rd-party businesses, outside of Microsoft Store for Business or the Office 365 Admin portal. After redeeming prepaid subscriptions, Admins can add more licenses or extend the subscription's expiration date.
 - **Manage Office 365 subscriptions acquired by partners** - Office 365 subscriptions purchased for your organization by a partner or reseller can be managed in Microsoft Store for Business. Admins can assign and manage licenses for these subscriptions.
 - **Edge extensions in Microsoft Store** - Edge Extensions are now available from Microsoft Store! You can acquire and distribute them from Microsoft Store for Business just like any other app.
- **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results.
+- **Search results in Microsoft Store for Business** - Search results now have sub categories to help you refine search results.
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@ -8,7 +8,7 @@ ms.author: cmcatee
 author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
-ms.date: 06/29/2023
+ms.date: 01/11/2024
 ms.reviewer: 
 ---
@ -20,40 +20,19 @@ ms.reviewer:
 ## Latest updates for Store for Business and Education
-**May 2023**
+**January 2024**
-**Removal of Microsoft Store for Business tab from Microsoft Store app on Windows 10 PCs**
+**Removal of private store capability from Microsoft Store for Business and Education**
-The Microsoft Store for Business tab was removed from the Microsoft Store app on Windows 10. The Microsoft Store for Business tab is still available on HoloLens devices.
+The private store tab and associated functionality was removed from the Microsoft Store for Business and Education portal. This includes the ability to add apps to private groups and to download and install apps from the private store.  
-Users on Windows 10 PCs can no longer do the following tasks:
+We recommend customers use the [Private app repository, Windows Package Manager, and Company Portal app](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) to provide a private app repository within their organization.
 - see Line of Business (LOB) products listed in the Microsoft Store for Business tab
 - acquire or install [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps)
 - assign licenses for existing [online apps](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) using the Store for Business portal or Store for Business app
 [Offline app](/mem/configmgr/apps/deploy-use/manage-apps-from-the-windows-store-for-business#online-and-offline-apps) distribution and licensing scenarios aren't impacted by this change.
 We recommend that you add your apps through the new Microsoft Store app experience in Intune. If an app isn’t available in the Microsoft Store, you must retrieve an app package from the vendor and install it as an LOB app or Win32 app. For instructions, read the following articles:
 - [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft)
 - [Add a Windows line-of-business app to Microsoft Intune](/mem/intune/apps/lob-apps-windows)
 - [Add, assign, and monitor a Win32 app in Microsoft Intune](/mem/intune/apps/apps-win32-add)
 Follow the [Intune Customer Success blog](https://aka.ms/IntuneCustomerSuccess) where we will publish more information about this change.
 <!---
 We've been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
 |  |  |
 |-----------------------|---------------------------------|
 | ![Private store performance icon.](images/perf-improvement-icon.png) |**Performance improvements in private store**<br /><br /> We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. <br /><br />[Get more info](./manage-private-store-settings.md#private-store-performance)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 | <iframe width="288" height="232" src="https://www.youtube-nocookie.com/embed/IpLIZU_j7Z0" frameborder="0" allowfullscreen></iframe>| **Manage Windows device deployment with Windows Autopilot Deployment** <br /><br /> In Microsoft Store for Business, you can manage devices for your organization and apply an Autopilot deployment profile to your devices. When people in your organization run the out-of-box experience on the device, the profile configures Windows, based on the Autopilot deployment profile you applied to the device.<br /><br />[Get more info](add-profile-to-devices.md)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education  |
 | ![Microsoft Store for Business Settings page, Distribute tab showing app requests setting.](images/msfb-wn-1709-app-request.png) |**Request an app**<br /><br />People in your organization can request additional licenses for apps in your private store, and then Admins or Purchasers can make the purchases. <br /><br />[Get more info](./acquire-apps-microsoft-store-for-business.md#request-apps)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 ||  ![Image showing Add a Collection.](images/msfb-add-collection.png) |**Private store collections**<br /><br> You can groups of apps in your private store with **Collections**. This can help you organize apps and help people find apps for their job or classroom. <br /><br />[Get more info](https://review.learn.microsoft.com/microsoft-store/manage-private-store-settings?branch=msfb-14856406#add-a-collection)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |
 -->
 ## Previous releases and updates
 [May 2023](release-history-microsoft-store-business-education.md#may-2023)
 - Tab removed from Microsoft Store apps on Windows 10 PCs.
 [April 2023](release-history-microsoft-store-business-education.md#april-2023)
 - Tab removed from Microsoft Store apps on Windows 11 PCs.
--- a/windows/application-management/images/insider.png
+++ b/windows/application-management/images/insider.png
--- a/windows/application-management/includes/insider-note.md
+++ b/windows/application-management/includes/insider-note.md
@ -0,0 +1,16 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
 ms.topic: include
 ms.date: 01/11/2024
 ---
 :::row:::
 :::column span="1":::
 :::image type="content" source="../images/insider.png" alt-text="Logo of Windows Insider." border="false":::
 :::column-end:::
 :::column span="3":::
 > [!IMPORTANT]
 >This article describes features or settings that are under development and only applicable to [Windows Insider Preview builds](/windows-insider/). The content is subject to change and may have dependencies on other features or services in preview.
 :::column-end:::
 :::row-end:::
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@ -1,81 +1,152 @@
 ---
 title: Per-user services
-description: Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates.
+description: Learn about per-user services, how to change the template service startup type, and manage per-user services through group policy and security templates.
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
-ms.date: 09/14/2017
+ms.date: 12/22/2023
 ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server</a>
 ---
 # Per-user services in Windows
-Per-user services are services that are created when a user signs into Windows or Windows Server and are stopped and deleted when that user signs out. These services run in the security context of the user account - this provides better resource management than the previous approach of running these kinds of services in Explorer, associated with a preconfigured account, or as tasks. 
+When a user signs in to Windows, the OS creates *per-user services*. When the user signs out, these services are stopped and deleted. They run in the security context of the user account instead of a built-in security principal. This behavior provides better resource management than the previous approach of running these services associated with a preconfigured account or as tasks.
 > [!NOTE]
-> Per-user services are only in available in Windows Server if you have installed the Desktop Experience. If you are running a Server Core or Nano Server installation, you won't see these services.
+> Per-user services are only available in Windows Server if you install the Desktop Experience. For more information, see [Server Core vs Server with Desktop Experience install options](/windows-server/get-started/install-options-server-core-desktop-experience).
-You can set the template service's **Startup Type** to **Disabled** to create per-user services in a stopped and disabled state.
+Windows creates these per-user services based on templates defined in the registry. If you need to manage or control behaviors of these services, you can adjust the template. For example, you can set a template service's startup type to **Disabled**. In this example, Windows creates the per-user service in a stopped and disabled state.
 > [!IMPORTANT]
-> Carefully test any changes to the template service's Startup Type before deploying to a production environment. 
+> Carefully test any changes to the template service's configuration before you broadly deploy them to a production environment.
-Use the following information to understand per-user services, change the template service Startup Type, and manage per-user services through Group Policy and security templates. 
+Use the information in this article to understand per-user services, configure user service templates, and manage per-user services through group policy and security templates.
 For more information about disabling system services for Windows Server, see [Guidance on disabling system services on Windows Server with Desktop Experience](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server).
-## Per-user services
+## List of per-user services
-The following table lists per-user services and when they were added to Windows 10 and Windows Server with the Desktop Experience. The template services are located in the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services.
+The following table lists per-user services in the current version of Windows. Other versions of Windows 10/11 might not have the same services available.
-Before you disable any of these services, review the **Description** column in this table to understand the implications, including dependent apps that will no longer work correctly.
+Before you reconfigure any of these services, review this information to understand the implications. For example, if you disable the per-user service, there might be dependent apps that don't work correctly.
-| Windows version | Key name               | Display name                            | Default start type | Dependencies | Description                                                                                                                                                                           |
+| Display name | Service name | Default start type | Dependencies | Description |
-|-----------------|------------------------|-----------------------------------------|--------------------|--------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|--|--|--|--|--|
-| 1803            | BcastDVRUserService    | GameDVR and Broadcast User Service      | Manual             |              | Used for Game Recordings and Live Broadcasts                                                                                                                                          |
+| **Agent Activation Runtime** | AarSvc | Manual |  | Runtime for activating conversational agent applications. |
-| 1803            | BluetoothUserService   | Bluetooth User Support Service          | Manual             |              | Supports proper functionality of Bluetooth features relevant to each user session                                                                                                     |
+| **Bluetooth User Support Service** | BluetoothUserService | Manual |  | Supports proper functionality of Bluetooth features relevant to each user session. |
-| 1803            | CaptureService         | CaptureService                          | Manual             |              | OneCore Capture Service                                                                                                                                                               |
+| **OneCore Capture Service** | CaptureService | Manual |  | Enables optional screen capture functionality for applications that call [screen capture](/windows/uwp/audio-video-camera/screen-capture) APIs of the [Windows.Graphics.Capture](/uwp/api/windows.graphics.capture) namespace. |
-| 1607            | CDPUserSvc             | CDPUserSvc                              | Auto               | - Network Connection Broker</br>- Remote Procedure Call (RPC)</br>- TCP/IP Protocol Driver | Used for Connected Devices Platform scenarios                                                                 |
+| **Clipboard User Service** | cbdhsvc | Automated (Delayed Start) |  | Windows uses this user service for clipboard scenarios. For example, clipboard history or sync across devices. For more information, see [Clipboard in Windows](https://support.microsoft.com/windows/clipboard-in-windows-c436501e-985d-1c8d-97ea-fe46ddf338c6). |
-| 1803            | DevicePickerUserSvc    | DevicePicker                            | Manual             |              | Device Picker                                                                                                                                                                         |
+| **Cloud Backup and Restore Service** | CloudBackupRestoreSvc | Manual |  | Monitors the system for changes in application and setting states. When required, this service does cloud backup and restore operations. |
-| 1703            | DevicesFlowUserSvc     | DevicesFlow                             | Manual             |              | Device Discovery and Connecting                                                                                                                                                       |
+| **Connected Devices Platform User Service** | CDPUserSvc | Automatic | - Network Connection Broker </br> - Remote Procedure Call (RPC) </br> - TCP/IP Protocol Driver | This service allows the user to connect, manage, and control connected devices. These connected devices include mobile, Xbox, HoloLens, or smart/IoT devices. For one specific example, see [Share things with nearby devices in Windows](https://support.microsoft.com/windows/share-things-with-nearby-devices-in-windows-0efbfe40-e3e2-581b-13f4-1a0e9936c2d9). |
-| 1703            | MessagingService       | MessagingService                        | Manual             |              | Service supporting text messaging and related functionality                                                                                                                           |
+| **Consent UX User Service** | ConsentUxUserSvc | Manual |  | Allows the system to request user consent to allow apps to access sensitive resources and information such as the device's location. |
-| 1607            | OneSyncSvc             | Sync Host                               | Auto (delayed)     |              | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service isn't running.              |
+| **Contact Data** | PimIndexMaintenanceSvc | Manual | UnistoreSvc | Indexes contact data for fast contact searching. If you stop or disable this service, contacts might be missing from your search results. |
-| 1607            | PimIndexMaintenanceSvc | Contact Data                            | Manual             | UnistoreSvc  | Indexes contact data for fast contact searching. If you stop or disable this service, search results might not display all contacts.                                                  |
+| **Credential Enrollment Manager** | CredentialEnrollmentManagerUserSvc | Manual |  | This service supports the secure storage and retrieval of user credentials. For example, tokens for web sites, remote desktop connections, or other apps. |
-| 1709            | PrintWorkflowUserSvc   | PrintWorkflow                           | Manual             |              | Print Workflow                                                                                                                                                                        |
+| **Device Association Broker** | DeviceAssociationBrokerSvc | Manual | - DevicePicker </br> - Shell Pairing UX | Supports in-app pairing and access checks for new device scenarios. |
-| 1607            | UnistoreSvc            | User Data Storage                       | Manual             |              | Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly.      |
+| **Device Picker** | DevicePickerUserSvc | Manual |  | Windows uses this user service to manage Miracast, Digital Living Network Alliance (DLNA), and Discovery and Launch (DIAL) experiences. |
-| 1607            | UserDataSvc            | User Data Access                        | Manual             | UnistoreSvc  | Provides apps access to structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. |
+| **Devices Flow** | DevicesFlowUserSvc | Manual |  | Allows the Connect user interface and Settings app to connect and pair with WiFi displays and Bluetooth devices. |
-| 1607            | WpnUserService         | Windows Push Notifications User Service | Manual             |              | Hosts Windows notification platform, which provides support for local and push notifications. Supported notifications are tile, toast, and raw.                                       |
+| **Game DVR and Broadcast User Service** | BcastDVRUserService | Manual |  | Windows uses this user service for game recordings and live broadcasts. |
 | **Messaging Service** | MessagingService | Manual |  | This service supports text messaging and related functionality. |
 | **Now Playing Session Manager** | NPSMSvc | Manual |  | The *now playing session manager* (NPSM) service manages media sessions running on the device. |
 | **Plan 9 Redirector Service** | P9RdrService | Manual |  | Enables trigger-starting plan9 file servers, which are supported by [Windows Subsystem for Linux](/windows/wsl/). For more information, see [Plan 9 from Bell Labs](https://wikipedia.org/wiki/Plan_9_from_Bell_Labs). |
 | **Pen Service** | PenService | Manual |  | When you press the tail button on a pen input device, this service responds to those actions. It can launch applications or take another action that you customize in Settings. For more information, see user documentation on [How to use your Surface Pen](https://support.microsoft.com/surface/how-to-use-your-surface-pen-8a403519-cd1f-15b2-c9df-faa5aa924e98) or hardware developer documentation on [Pen devices](/windows-hardware/design/component-guidelines/pen-devices). |
 | **Print Workflow** | PrintWorkflowUserSvc | Manual |  | Provides support for [Print Workflow](/windows/uwp/devices-sensors/print-workflow-customize) applications. If you turn off this service, some printing functions might not work successfully. |
 | **Sync Host** | OneSyncSvc | Automated (Delayed Start) |  | This service synchronizes mail, contacts, calendar, and other user data. When this service is stopped, mail and other applications dependent on this functionality don't work properly. |
 | **UDK User Service** | UdkUserSvc | Manual |  | Windows uses this service to coordinate between shell experiences. |
 | **User Data Access** | UserDataSvc | Manual | UnistoreSvc | Provides apps access to structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. |
 | **User Data Storage** | UnistoreSvc | Manual |  | Handles storage of structured user data, including contact info, calendars, messages, and other content. If you stop or disable this service, apps that use this data might not work correctly. |
 | **Web Threat Defense User Service** | webthreatdefusersvc | Automatic |  | This service helps protect your computer by warning the user when unauthorized entities attempt to gain access to their credentials. |
 | **Windows Push Notifications User Service** | WpnUserService | Automatic |  | This service hosts the [Windows push notification services](/windows/apps/design/shell/tiles-and-notifications/windows-push-notification-services--wns--overview) (WNS) platform, which provides support for local and push notifications. Supported notifications are tile, toast, and raw. |
-## Disable per-user services
+## View per-user services
-The template service isn't displayed in the Services console (services.msc) so you need to edit the registry directly, either with Group Policy or a scripted solution, to disable a per-user service.
+You can't view the user service templates outside of the Windows Registry, but you can see the user-specific per-user services. Windows displays these services with the following format: `<service name>_LUID` where `<service name>` is the display name of the user service and `LUID` is a locally unique identifier for the user context.
 For example, you might see the following per-user service names:
 - `Contact Data_443f50`
 - `Sync Host_443f50`
 - `User Data Access_443f50`
 - `User Data Storage_443f50`
 > [!NOTE]
-> Disabling a per-user service simply means that it is created in a stopped and disabled state. When the user signs out, the per-user service is removed.
+> The display name and the service name for all per-user services include the same LUID suffix.
-You can't manage all of the per-user service templates services using normal Group Policy management methods. Because the per-user services aren't displayed in the Services management console, they're also not displayed in the Group Policy Services policy editor UI. 
+### View per-user services in the Windows Services console
 When you sign in to Windows, run `services.msc` to open the Services console. When you view the local machine, you can see these services for your user account.
 ### View per-user services using Windows PowerShell
 The following PowerShell script is an example of how to query for per-user services. It queries for service type values that include the `64` bit value.
 ```powershell
 # Define the bit value for per-user services in the ServiceType property of a service object
 $flag = 64
 # Define an empty array to store the resulting services that match the criteria
 $serviceList = @()
 # Get all services on the computer and store them in the variable
 $services = Get-Service
 # Loop through each service in the array of services.
 foreach ( $service in $services ) {
  # For each specific service, check if the service type property includes the 64 bit using the bitwise AND operator (-band).
  # If the result equals the flag value, then the service is a per-user service.
  if ( ( $service.ServiceType -band $flag ) -eq $flag ) { 
    # When a per-user service is found, then add that service object to the results array.
    $serviceList += $service
  }
 }
 # Display the results array, sorted by display name, in a table format with the specified properties.
 $serviceList | Sort-Object DisplayName | Format-Table DisplayName, Name, StartType, ServiceType
 ```
 ### View per-user services from the command line
 Run `cmd.exe` to open a Windows command prompt. Use the `sc qc` command to query these services. The **Type** value indicates whether the service is a user-service template or user-service instance.
 The following example queries for the template and user-specific instance of the **Game DVR and Broadcast User Service** (`BcastDVRUserService`) service:
 ```cmd
 sc qc BcastDVRUserService
 sc qc BcastDVRUserService_18f113
 ```
 :::image type="content" source="media/cmd-type.png" alt-text="Screenshot of a Windows command line session running sc.exe qc on two services and highlighting the type values in the output.":::
 ## How to disable per-user services
 The templates for user services aren't displayed in the **Services** console (services.msc). To disable a per-user service, you need to directly edit the registry, either with group policy or a scripted solution. The templates are located in the registry at `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services`.
 > [!NOTE]
 > When you disable a per-user service, Windows still creates it when the user signs in, but in a stopped and disabled state. When the user signs out, Windows removes the per-user service.
 You can't manage all of the per-user service templates using normal group policy management methods. Because the per-user services aren't displayed in the **Services** management console, they're also not displayed in the group policy services policy editor.
 Additionally, there are four user services that you can't manage with a security template:
 Additionally, there are four template services that can't be managed with a security template:
 - PimIndexMaintenanceSvc
 - UnistoreSvc
 - UserDataSvc
 - WpnUserService
-In light of these restrictions, you can use the following methods to manage per-user services template services:
+With these restrictions, you can use the following methods to manage per-user service templates:
- A combination of a security template and a script or Group Policy preferences registry policy
+- A combination of a security template and a script, or group policy preferences registry policy.
- Group Policy preferences for all of the services
+- Group policy preferences for all of the services.
- A script for all of the services
+- A script for all of the services.
 ### Manage template services using a security template
-You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). For more information, visit [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings).
+You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/security/threat-protection/security-policy-settings/administer-security-policy-settings#security-templates).
 For example:
@ -89,41 +160,74 @@ Revision=1
 "CDPUserSVC".4,""
 ```
-### Manage template services using Group Policy preferences
+### Use a script to manage per-user services
-If a per-user service can't be disabled using the security template, you can disable it by using Group Policy preferences.
+You can create a script to change the startup type for the per-user services. Then use group policy or another management solution such as Microsoft Configuration Manager to deploy the script to targeted devices.
-1. On a Windows Server domain controller or Windows 10 PC that has the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/download/details.aspx?id=45520) installed, select **Start**, type GPMC.MSC, and then press **Enter** to open the **Group Policy Management Console**.
+#### Example 1: Use the `Set-Service` PowerShell cmdlet
-2. Create a new Group Policy Object (GPO) or use an existing GPO.  
+The following sample script uses the [Set-Service](/powershell/module/microsoft.powershell.management/set-service) PowerShell cmdlet to configure the PimIndexMaintenanceSvc service start type to disabled:
-3. Right-click the GPO and select **Edit** to launch the Group Policy Object Editor.
+```powershell
 Set-Service -Name PimIndexMaintenanceSvc -StartupType Disabled
 ```
-4. Depending on how you want to target the Group Policy, under **Computer configuration** or **User configuration** browse to Preferences\Windows Settings\Registry.
+#### Example 2: Use the `sc.exe config` command line
-5. Right-click **Registry** > **New** > **Registry Item**.
+The following sample script uses [`sc.exe config`](/windows-server/administration/windows-commands/sc-config) to configure the PimIndexMaintenanceSvc service start type to disabled:
-   ![Group Policy preferences disabling per-user services.](media/gpp-per-user-services.png) 
+```cmd
-   
+sc.exe configure PimIndexMaintenanceSvc start= disabled
-6. Make sure that  HKEY_Local_Machine is selected for Hive and then select ... (the ellipses) next to Key Path.
+```
-   ![Choose HKLM.](media/gpp-hklm.png)  
+> [!NOTE]
-    
+> The space after `=` is intentional.
 7. Browse to **System\CurrentControlSet\Services\PimIndexMaintenanceSvc**. In the list of values, highlight **Start** and select **Select**.
-   ![Select Start.](media/gpp-svc-start.png)   
+### Manage template services using group policy preferences
 8. Change **Value data** from **00000003** to **00000004** and select **OK**. Note setting the Value data to **4** = **Disabled**. 
-   ![Startup Type is Disabled.](media/gpp-svc-disabled.png)   
+If you can't disable a per-user service with the security template, use group policy preferences.
 9. To add the other services that can't be managed with Group Policy templates, edit the policy and repeat steps 5-8.  
-### Managing Template Services with reg.exe
+1. Open the **Group Policy Management Console** (gpmc.msc).
-If you can't use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe. 
+1. Create a new group policy object (GPO) or use an existing GPO.
-To disable the Template Services, change the Startup Type for each service to 4 (disabled). 
+
-For example:
+1. **Edit** the GPO to launch the group policy object editor.
 1. Depending on how you want to target the group policy, under **Computer configuration** or **User configuration** browse to **Preferences**, **Windows Settings**, and select **Registry**.
 1. Go to the **Action** menu, select **New**, and select **Registry Item**.
    :::image type="content" source="media/gpp-per-user-services.png" alt-text="Screenshot of the Group Policy Management Editor highlighting the contextual menu on registry preferences to create a new registry item.":::
 1. For the **Hive** select `HKEY_LOCAL_MACHINE`.
    :::image type="content" source="media/gpp-hklm.png" alt-text="Screenshot of the New Registry Properties window highlighting the Hive value set to HKEY_LOCAL_MACHINE.":::
 1. Select the ellipses (`...`) next to **Key Path**. Browse to `System\CurrentControlSet\Services` and then select the user service template. For example, `PimIndexMaintenanceSvc`. In the list of values, highlight **Start** and select **Select**.
    :::image type="content" source="media/gpp-svc-start.png" alt-text="Screenshot of the Registry Item Browser window with the PimIndexMaintenanceSvc registry item selected, and the Start value selected.":::
 1. In the **Start Properties** window, Change **Value data** from `00000003` to `00000004` and select **OK**. Note setting the Value data to **4** = **Disabled**.
    :::image type="content" source="media/gpp-svc-disabled.png" alt-text="Screenshot of the Start Properties window highlighting the Value data field with the value 00000004.":::
    > [!NOTE]
    > The service start value `4` is **Disabled**.
 1. To add the other services that can't be managed with group policy templates, edit the policy and repeat the previous steps.
 ### Managing user service templates with the Windows Registry
 If you can't use group policy preferences to manage the per-user services, you can edit the Windows Registry. To disable a user service template, change the startup type for each service to `4`, which is **Disabled**.
 > [!CAUTION]
 > Don't directly edit the registry unless there's no other alternative. The Registry Editor or Windows don't validate these manual modifications to the registry. Incorrect values can be stored, which can result in unrecoverable errors in the system. When possible, instead of editing the registry directly, use group policy or other supported Windows tools to accomplish these tasks. If you must edit the registry, use extreme caution.
 #### Example 1: Use the `reg.exe` command line command to edit the registry
 1. As an administrator, run `cmd.exe` to open a Windows command prompt.
 1. The following example includes multiple commands that disable the specified Windows services by changing their **Start** value in the Windows Registry to `4`:
 ```cmd
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\CDPUserSvc /v Start /t REG_DWORD /d 4 /f
@ -132,60 +236,26 @@ REG.EXE ADD HKLM\System\CurrentControlSet\Services\PimIndexMaintenanceSvc /v Sta
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\UnistoreSvc /v Start /t REG_DWORD /d 4 /f
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\UserDataSvc /v Start /t REG_DWORD /d 4 /f
 REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t REG_DWORD /d 4 /f
 ``` 
 > [!CAUTION]
 > We recommend that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the Registry Editor or by the Windows operating system before they are applied. As a result, incorrect values can be stored, and this can result in unrecoverable errors in the system. When possible, instead of editing the registry directly, use Group Policy or other Windows tools such as the Microsoft Management Console (MMC) to accomplish tasks. If you must edit the registry, use extreme caution. 
 ### Managing Template Services with regedit.exe 
 If you can't use Group Policy preferences to manage the per-user services, you can edit the registry with regedit.exe. To disable the template services, change the Startup Type for each service to 4 (disabled):
 ![Using Regedit to change servive Starup Type.](media/regedit-change-service-startup-type.png) 
 > [!CAUTION]
 > We recommend that you do not directly edit the registry unless there is no other alternative. Modifications to the registry are not validated by the Registry Editor or by the Windows operating system before they are applied. As a result, incorrect values can be stored, and this can result in unrecoverable errors in the system. When possible, instead of editing the registry directly, use Group Policy or other Windows tools such as the Microsoft Management Console (MMC) to accomplish tasks. If you must edit the registry, use extreme caution. 
 Beginning with Windows 10, version 1709 and Windows Server, version 1709, you can prevent the per-user service from being created by setting **UserServiceFlags** to 0 under the same service configuration in the registry:
 ![Create per-user services in disabled state.](media/user-service-flag.png)
 ### Manage template services by modifying the Windows image
 If you're using custom images to deploy Windows, you can modify the Startup Type for the template services as part of the normal imaging process.
 ### Use a script to manage per-user services
 You can create a script to change the Startup Type for the per-user services. Then use Group Policy or another management solution to deploy the script in your environment.
 Sample script using [sc.exe](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/cc990290(v=ws.11)?f=255&MSPPError=-2147217396):
 ```cmd
 sc.exe configure <service name> start= disabled
 ```
-The space after "=" is intentional.
+#### Example 2: Use the Registry Editor user interface to edit the registry
-Sample script using the [Set-Service PowerShell cmdlet](/previous-versions/windows/it-pro/windows-powershell-1.0/ee176963(v=technet.10)):
+1. As an administrator, run `regedit.exe` to open the Registry Editor.
-```powershell
+1. Browse to `HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services` and then select the user service template. For example, `CDPSvc`.
 Set-Service <service name> -StartupType Disabled
 ```
-## View per-user services in the Services console (services.msc)
+1. In the list of values, open the **Start** value.
-As mentioned you can't view the template services in the Services console, but you can see the user-specific per-user services - they're displayed using the \<service name>_LUID format (where LUID is the locally unique identifier).
+1. Change the **Value data** to `4`.
-For example, you might see the following per-user services listed in the Services console:
+:::image type="content" source="media/regedit-change-service-startup-type.png" alt-text="Screenshot of the Registry Editor open to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\CDPSvc and highlighting the Start value set to 4.":::
- CPDUserSVC_443f50
+#### Example 3: Prevent the creation of per-user services
 - ContactData_443f50
 - Sync Host_443f50
 - User Data Access_443f50
 - User Data Storage_443f50
-## View per-user services from the command line
+You can prevent Windows from creating a per-user service when a user signs on. In the same service template node of the registry, set `UserServiceFlags` to `0`.
-You can query the service configuration from the command line. The **Type** value indicates whether the service is a user-service template or user-service instance.
+:::image type="content" source="media/user-service-flag.png" alt-text="Screenshot of the Registry Editor open to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\PimIndexMaintenanceSvc highlighting the UserServiceFlag set to 0.":::
-![Use sc.exe to view service type.](media/cmd-type.png)
+## Next steps
 For more information about disabling system services for Windows Server, see [Guidance on disabling system services on Windows Server with Desktop Experience](/windows-server/security/windows-services/security-guidelines-for-disabling-system-services-in-windows-server).
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@ -1,104 +0,0 @@
 ---
 title: Sideload line of business apps
 description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems. When you sideload an app, you deploy a signed app package to a device.
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 12/07/2017
 ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Sideload line of business (LOB) apps
 > [!NOTE]
 > Starting with Windows 10 2004, sideloading is enabled by default. You can deploy a signed package onto a device without a special configuration.
 Sideloading apps is when you install apps that aren't from an official source, such as the Microsoft store. Your organization may create its own apps, including line-of-business (LOB) apps. Many organizations create their own apps to solve problems unique to their business.
 When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps. Sideloading was also available with Windows 8 and Windows 8.1
 Starting with Windows 10, sideloading is different than earlier versions of Windows:
 - You can unlock a device for sideloading using an enterprise policy, or through the **Settings** app.
 - License keys aren't required.
 - Devices don't have to be joined to a domain.
 To allow these apps to run on your Windows devices, you might have to enable sideloading on your devices.
 This article shows you how to:
 - **Turn on sideloading**: You can deploy using Group Policy or a mobile device management (MDM) provider. Or, you can use the **Settings** app to turn on sideloading.
 - **Install the app certificate**: Import the security certificate to the local device. This certificate tells the local device to trust the app.
 - **Install the app**: Use Windows PowerShell to install the app package.
 ## Prerequisites
 - Windows devices that are unlocked for sideloading (unlock policy enabled). Meaning, sideloading isn't blocked by a policy.
 - A trusted certificate that's assigned to your app.
 - An app package that's signed with your certificate.
 ## Step 1: Turn on sideloading
 You can sideload apps on managed or unmanaged devices.
 Managed devices are typically owned by your organization. They're managed by Group Policy (on-premises), or a Mobile Device Management (MDM) provider, such as Microsoft Intune (cloud). Bring your own devices (BYOD) and personal devices can also be managed by your organization. On managed devices, you can create a policy that turns on sideloading, and then deploy this policy to your Windows devices.
 Unmanaged devices are devices that aren't managed by your organization. These devices are typically personal devices owned by users. Users can turn on sideloading using the Settings app.
 > [!IMPORTANT]
 > To install an app on Windows client, you can:
 >
 > - [Install Windows apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).
 > - Users can double-click any `.msix` or `.appx` package.
 ### User interface
 If you're working on your own device, or if devices are unmanaged, use the Settings app:
 1. Open the **Settings** app > **Update & Security** > **For developers**.
 2. Select **Sideload apps**.
 For more information, see [Enable your device for development](/windows/apps/get-started/enable-your-device-for-development) and [Developer Mode features and debugging](/windows/apps/get-started/developer-mode-features-and-debugging).
 ### Group Policy
 If you use Group Policy, use the `Computer Configuration\Administrative Templates\Windows Components\App Package Deployment` policies to enable or prevent sideloading apps:
 - `Allows development of Windows Store apps and installing them from an integrated development environment (IDE)`
 - `Allow all trusted apps to install`
 By default, the OS might set these policies to **Not configured**, which means app sideloading is turned off. If you set these policies to **Enabled**, then users can sideload apps.
 ### MDM
 Using Microsoft Intune, you can also enable sideloading apps on managed devices. For more information, see:
 - [Sign line-of-business apps so they can be deployed to Windows devices with Intune](/mem/intune/apps/app-sideload-windows)
 - [App Store device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#app-store)
 ## Step 2: Import the security certificate
 This step installs the app certificate to the local device. Installing the certificate creates the trust between the app and the device.
 1. Open the security certificate for the `.msix` package, and select **Install Certificate**.
 2. On the **Certificate Import Wizard**, select **Local Machine**.
 3. Import the certificate to the **Trusted Root Certification Authorities** folder.
    -OR-
    You can use a runtime provisioning package to import a security certificate. For information about applying a provisioning package, see runtime instructions on [Create a provisioning package](/windows/configuration/provisioning-packages/provisioning-create-package).
 ## Step 3: Install the app
 From the folder with the `.msix` package, run the Windows PowerShell `Add-AppxPackage` command to install the `.msix` package.
 For more information on this command, see [Add-AppxPackage](/powershell/module/appx/add-appxpackage).
--- a/windows/application-management/sideload-apps-in-windows.md
+++ b/windows/application-management/sideload-apps-in-windows.md
@ -0,0 +1,137 @@
 ---
 title: Sideload line of business apps
 description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems. When you sideload an app, you deploy a signed app package to a device.
 author: aczechowski
 ms.author: aaroncz
 manager: aaroncz
 ms.date: 12/22/2023
 ms.topic: how-to
 ms.prod: windows-client
 ms.technology: itpro-apps
 ms.localizationpriority: medium
 ms.collection: tier2
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Sideload line of business (LOB) apps
 Sideloading apps is when you install apps that aren't from an official source, such as the Microsoft Store. Your organization can create its own apps, including line-of-business (LOB) apps. When you sideload an app, you deploy a signed app package to a device. You maintain the signing, hosting, and deployment of these apps.
 To allow these apps to run on your Windows devices, you might have to enable sideloading.
 > [!IMPORTANT]
 > When you enable sideloading, you allow installing and running apps from outside the Microsoft Store. This action might increase security risks to the device and your data. Sideloaded apps need to be signed with a certificate that the device trusts.
 ## Prerequisites
 - Windows devices with sideloading enabled. You can enable it with a group policy or a mobile device management (MDM) provider like Microsoft Intune. You can also use the **Settings** app to manually turn on sideloading.
 - A trusted certificate that you assign to your app. Import the security certificate to the local device. This certificate allows the device to trust the app.
 - An app package that you sign with the same certificate.
 > [!TIP]
 > Unlike in earlier versions, with Windows 10/11:
 >
 > - License keys aren't required.
 > - Devices don't have to be joined to a domain.
 ## Step 1: Turn on sideloading
 You can sideload apps on managed or unmanaged devices.
 A *managed device* typically means your organization owns it and applies policies based on business requirements. You manage it with on-premises group policy or a mobile device management (MDM) provider like Microsoft Intune. On managed devices, you can create a policy that turns on sideloading, and then assign this policy to targeted devices.
 An *unmanaged device* means your organization doesn't manage it. These devices are typically personal devices that users own. Users can manually turn on sideloading with the **Settings** app.
 ### User interface
 If you're working on your own device, or if devices are unmanaged, use the Settings app. The experience differs between Windows 11 and Windows 10.
 > [!NOTE]
 > If sideloading is blocked by an organizational policy, then users can't even manually enable sideloading.
 #### Windows 11 setting
 1. Open the **Settings** app.
 1. Go to **System** and select **For developers**.
 1. Turn on the **Developer mode** setting.
 1. Review the notice, and select **Yes** to continue.
 > [!TIP]
 > If you don't see the setting in this location on your version of Windows, use the *Find a setting* option. Search for *developer mode* to quickly jump to its location.
 #### Windows 10 setting
 1. Open the **Settings** app.
 1. Go to **Update & Security** and select **For developers**.
 1. Turn on the option to **Sideload apps**.
 1. Review the notice, and select **Yes** to continue.
 ### Group policy
 If you use group policy, use the following policies to enable or prevent sideloading apps:
 Path: **Computer Configuration\Administrative Templates\Windows Components\App Package Deployment**
 - **Allows development of Windows Store apps and installing them from an integrated development environment (IDE)**
 - **Allow all trusted apps to install**
 By default, the OS might set these policies to **Not configured**, which means app sideloading is turned off. If you set these policies to **Enabled**, then users can sideload apps.
 ### MDM
 When you use Microsoft Intune, you can enable sideloading apps on managed devices. For more information, see the following articles:
 - [Sign line-of-business apps so they can be deployed to Windows devices with Intune](/mem/intune/apps/app-sideload-windows)
 - [App Store device settings to allow or restrict features using Intune](/mem/intune/configuration/device-restrictions-windows-10#app-store)
 Other MDM servers can implement similar behaviors using the [ApplicationManagement](/windows/client-management/mdm/policy-csp-applicationmanagement) policy CSP.
 ## Step 2: Import the security certificate
 This step installs the app certificate to the local device. Installing the certificate creates the trust between the app and the device.
 1. Open the **Properties** for the app package.
    1. Go to the **Digital Signatures** tab.
    1. Select the certificate, and select **Details** to open the digital signature details window.
    1. Select **View Certificate** to open the certificate window.
    1. Select **Install Certificate** to launch the certificate import wizard.
 1. On the **Certificate Import Wizard**, select **Local Machine**. This action might require an administrator to elevate.
 1. Continue the process to import the certificate into the **Trusted Root Certification Authorities** store.
 > [!NOTE]
 > There are other methods to install and manage certificates on devices. For example, with group policy or a provisioning package.
 ## Step 3: Install the app
 After you enable sideloading and import the certificate, there are multiple methods you can use to install the app on devices.
 - Manually open the `.msix` or `.appx` package in Windows Explorer.
 - Distribute an [MSIX app](/windows/msix/overview) over the network with a web-based app installer. For more information, see [Install Windows apps from a web page](/windows/msix/app-installer/installing-windows10-apps-web).
 - Use the Windows PowerShell `Add-AppxPackage` cmdlet. For more information, see [Add-AppxPackage](/powershell/module/appx/add-appxpackage).
 ## Next steps
 Learn about the [private app repository in Windows 11](private-app-repository-mdm-company-portal-windows-11.md) with the Company Portal and Microsoft Intune.
 For more information on sideloading, see the following articles on Windows app development:
 - [Enable your device for development](/windows/apps/get-started/enable-your-device-for-development)
 - [Developer Mode features and debugging](/windows/apps/get-started/developer-mode-features-and-debugging)
--- a/windows/application-management/toc.yml
+++ b/windows/application-management/toc.yml
@ -8,7 +8,7 @@ items:
    - name: Add or hide Windows features
      href: add-apps-and-features.md
    - name: Sideload line of business (LOB) apps
-      href: sideload-apps-in-windows-10.md
+      href: sideload-apps-in-windows.md
    - name: Private app repo on Windows 11
      href: private-app-repository-mdm-company-portal-windows-11.md
    - name: Remove background task resource restrictions
--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@ -1,7 +1,7 @@
 ---
 title: Microsoft Entra integration with MDM
 description: Microsoft Entra ID is the world's largest enterprise cloud identity management service.
-ms.topic: article
+ms.topic: conceptual
 ms.collection:
 - highpri
 - tier2
--- a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@ -1,7 +1,7 @@
 ---
 title: Automatic MDM enrollment in the Intune admin center
 description: Automatic MDM enrollment in the Intune admin center
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
@ -1,7 +1,7 @@
 ---
 title: Bulk enrollment
 description: Bulk enrollment is an efficient way to set up a large number of devices to be managed by an MDM server without the need to reimage the devices.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/certificate-authentication-device-enrollment.md
@ -1,7 +1,7 @@
 ---
 title: Certificate authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/certificate-renewal-windows-mdm.md
@ -1,7 +1,7 @@
 ---
 title: Certificate Renewal
 description: Learn how to find all the resources that you need to provide continuous access to client certificates.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/client-tools/administrative-tools-in-windows.md
+++ b/windows/client-management/client-tools/administrative-tools-in-windows.md
@ -3,7 +3,7 @@ title: Windows Tools/Administrative Tools
 description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
 ms.localizationpriority: medium
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ms.collection:
 - highpri
 - tier2
--- a/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/client-tools/change-default-removal-policy-external-storage-media.md
@ -2,7 +2,7 @@
 title: Windows default media removal policy
 description: In Windows 10 and later, the default removal policy for external storage media changed from Better performance to Quick removal.
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ---
--- a/windows/client-management/client-tools/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/client-tools/connect-to-remote-aadj-pc.md
@ -3,7 +3,7 @@ title: Connect to remote Microsoft Entra joined device
 description: Learn how to use Remote Desktop Connection to connect to a Microsoft Entra joined device.
 ms.localizationpriority: medium
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ms.collection:
 - highpri
 - tier2
--- a/windows/client-management/client-tools/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/client-tools/manage-device-installation-with-group-policy.md
@ -2,7 +2,7 @@
 title: Manage Device Installation with Group Policy
 description: Find out how to manage Device Installation Restrictions with Group Policy.
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 # Manage Device Installation with Group Policy
--- a/windows/client-management/client-tools/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/client-tools/manage-settings-app-with-group-policy.md
@ -2,7 +2,7 @@
 title: Manage the Settings app with Group Policy
 description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 # Manage the Settings app with Group Policy
--- a/windows/client-management/client-tools/mandatory-user-profile.md
+++ b/windows/client-management/client-tools/mandatory-user-profile.md
@ -2,7 +2,7 @@
 title: Create mandatory user profiles
 description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ms.collection:
 - highpri
 - tier2
--- a/windows/client-management/client-tools/quick-assist.md
+++ b/windows/client-management/client-tools/quick-assist.md
@ -2,7 +2,7 @@
 title: Use Quick Assist to help users
 description: Learn how IT Pros can use Quick Assist to help users.
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ms.collection:
 - highpri
--- a/windows/client-management/client-tools/windows-libraries.md
+++ b/windows/client-management/client-tools/windows-libraries.md
@ -1,7 +1,7 @@
 ---
 title: Windows Libraries
 description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/client-tools/windows-version-search.md
+++ b/windows/client-management/client-tools/windows-version-search.md
@ -2,7 +2,7 @@
 title: What version of Windows am I running?
 description: Discover which version of Windows you're running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel.
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 # What version of Windows am I running?
--- a/windows/client-management/config-lock.md
+++ b/windows/client-management/config-lock.md
@ -1,7 +1,7 @@
 ---
 title: Secured-core configuration lock
 description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
--- a/windows/client-management/device-update-management.md
+++ b/windows/client-management/device-update-management.md
@ -1,7 +1,7 @@
 ---
 title: Mobile device management MDM for device updates
 description: Windows provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ms.collection:
 - highpri
--- a/windows/client-management/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/disconnecting-from-mdm-unenrollment.md
@ -1,7 +1,7 @@
 ---
 title: Disconnecting from the management infrastructure (unenrollment)
 description: Disconnecting is initiated either locally by the user using a phone or remotely by the IT admin using management server.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@ -41,10 +41,10 @@
      "zone_pivot_group_filename": "resources/zone-pivot-groups.json",
      "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
      "uhfHeaderId": "MSDocsHeader-Windows",
      "ms.technology": "itpro-manage",
      "audience": "ITPro",
-      "ms.prod": "windows-client",
+      "ms.service": "windows-client",
-      "ms.topic": "article",
+      "ms.subservice": "itpro-manage",
      "ms.topic": "conceptual",
      "ms.author": "vinpa",
      "author": "vinaypamnani-msft",
      "manager": "aaroncz",
@ -85,6 +85,9 @@
          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
        ]
      },
      "ms.topic": {
        "mdm/*.md": "reference"
      }
    },
    "template": [],
--- a/windows/client-management/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/enable-admx-backed-policies-in-mdm.md
@ -1,7 +1,7 @@
 ---
 title: Enable ADMX policies in MDM
 description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md
@ -1,7 +1,7 @@
 ---
 title: Enroll a Windows device automatically using Group Policy
 description: Learn how to use a Group Policy to trigger autoenrollment to MDM for Active Directory (AD) domain-joined devices.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ms.collection:
 - highpri
--- a/windows/client-management/enterprise-app-management.md
+++ b/windows/client-management/enterprise-app-management.md
@ -1,7 +1,7 @@
 ---
 title: Enterprise app management
 description: This article covers one of the key mobile device management (MDM) features for managing the lifecycle of apps across Windows devices.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/federated-authentication-device-enrollment.md
+++ b/windows/client-management/federated-authentication-device-enrollment.md
@ -1,7 +1,7 @@
 ---
 title: Federated authentication device enrollment
 description: This section provides an example of the mobile device enrollment protocol using federated authentication policy.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/images/insider.png
+++ b/windows/client-management/images/insider.png
--- a/windows/client-management/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/implement-server-side-mobile-application-management.md
@ -1,7 +1,7 @@
 ---
 title: Support for Windows Information Protection (WIP) on Windows
 description: Learn about implementing the Windows version of Windows Information Protection (WIP), which is a lightweight solution for managing company data access and security on personal devices.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/includes/insider-note.md
+++ b/windows/client-management/includes/insider-note.md
@ -0,0 +1,16 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
 ms.topic: include
 ms.date: 01/11/2024
 ---
 :::row:::
 :::column span="1":::
 :::image type="content" source="../images/insider.png" alt-text="Logo of Windows Insider." border="false":::
 :::column-end:::
 :::column span="3":::
 > [!IMPORTANT]
 >This article describes features or settings that are under development and only applicable to [Windows Insider Preview builds](/windows-insider/). The content is subject to change and may have dependencies on other features or services in preview.
 :::column-end:::
 :::row-end:::
--- a/windows/client-management/index.yml
+++ b/windows/client-management/index.yml
@ -7,15 +7,13 @@ metadata:
  title: Manage Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
  description: Learn about the administrative tools, tasks, and best practices for managing Windows clients across your enterprise. # Required; article description that is displayed in search results. < 160 chars.
  ms.topic: landing-page
  ms.prod: windows-client
  ms.technology: itpro-manage
  ms.collection:
    - highpri
    - tier1
  author: vinaypamnani-msft
  ms.author: vinpa
  manager: aaroncz
-  ms.date: 09/26/2023
+  ms.date: 01/18/2024
  localization_priority: medium
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@ -3,7 +3,7 @@ title: Manage Windows devices in your organization - transitioning to modern man
 description: This article offers strategies for deploying and managing Windows devices, including deploying Windows in a mixed environment.
 ms.localizationpriority: medium
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ---
 # Manage Windows devices in your organization - transitioning to modern management
--- a/windows/client-management/manage-windows-copilot.md
+++ b/windows/client-management/manage-windows-copilot.md
@ -2,19 +2,20 @@
 title: Manage Copilot in Windows
 description: Learn how to manage Copilot in Windows for commercial environments using MDM and group policy. Learn about the chat providers available to Copilot in Windows.
 ms.topic: conceptual
-ms.technology: itpro-windows-copilot
+ms.subservice: windows-copilot
-ms.date: 11/06/2023
+ms.date: 01/22/2024
 ms.author: mstewart
-author: mestew 
+author: mestew
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 22H2 or later</a>
 ---
 # Manage Copilot in Windows
 <!--8445848-->
 >**Looking for consumer information?** See [Welcome to Copilot in Windows](https://support.microsoft.com/windows/welcome-to-copilot-in-windows-675708af-8c16-4675-afeb-85a5a476ccb0).
-Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop. It's designed to help your users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/bing-chat-enterprise/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it is possible for users to copy and paste sensitive information into the chat provider.
+Copilot in Windows provides centralized generative AI assistance to your users right from the Windows desktop. Copilot in Windows appears as a side bar docked on the Windows desktop and is designed to help users get things done in Windows. Copilot in Windows can perform common tasks in Windows like changing Windows settings, which makes it different from the browser-based [Copilot in Edge](/copilot/edge). However, both user experiences, Copilot in Windows and Copilot in Edge, can share the same underlying chat provider platform. It's important for organizations to properly configure the chat provider platform that Copilot in Windows uses, since it's possible for users to copy and paste sensitive information into the chat.
 > [!Note]
 > - Copilot in Windows is currently available as a preview. We will continue to experiment with new ideas and methods using your feedback.
@ -39,62 +40,63 @@ Organizations that aren't ready to use Copilot in Windows can disable it until t
 ## Chat provider platforms for Copilot in Windows
-Copilot in Windows can use either Bing Chat or Bing Chat Enterprise as its chat provider platform. The chat provider platform is the underlying service that Copilot in Windows uses to communicate with the user. The chat provider platform that Copilot in Windows uses is important because it is possible for users to copy and paste sensitive information into the chat provider. Each chat provider platform has different privacy and security protections.
+Copilot in Windows can use either Microsoft Copilot or Copilot with commercial data protection as its chat provider platform. The chat provider platform is the underlying service that Copilot in Windows uses to communicate with the user. The chat provider platform is important because it's possible for users to copy and paste sensitive information into the chat. Each chat provider platform has different privacy and security protections.
-**Bing Chat**: 
+### Copilot
-[Bing Chat](https://www.microsoft.com/bing/do-more-with-ai/what-is-bing-chat-and-how-can-you-use-it) is a consumer experience and if a user isn't signed in with their Microsoft account, the number of chat queries per user has a daily limit. Bing Chat doesn't offer the same commercial data protection as Bing Chat Enterprise does. The following privacy and security protections apply for Bing Chat:
+Copilot is a consumer experience and has a daily limit on the number of chat queries per user when not signed in with a Microsoft account. It doesn't offer the same data protection as Copilot with commercial data protection.
-   - [Copilot in Windows: Your data and privacy](https://support.microsoft.com/windows/3e265e82-fc76-4d0a-afc0-4a0de528b73a)
+
-   - The privacy statement for using Bing Chat follows the [Microsoft privacy statement](https://privacy.microsoft.com/privacystatement) including the product specific guidance in the Microsoft privacy statement for **Bing** under the **Search, Microsoft Edge, and artificial intelligence** section.
+- [Copilot in Windows: Your data and privacy](https://support.microsoft.com/windows/3e265e82-fc76-4d0a-afc0-4a0de528b73a)
 - The privacy statement for using Copilot follows the [Microsoft privacy statement](https://privacy.microsoft.com/privacystatement) including the product specific guidance in the Microsoft privacy statement for **Bing** under the **Search, Microsoft Edge, and artificial intelligence** section.
-**Bing Chat Enterprise**:
+### Copilot with commercial data protection
-[Bing Chat Enterprise](/bing-chat-enterprise/overview) is intended for commercial use scenarios and offers commercial data protection. The following privacy and security protections apply for Bing Chat Enterprise:
+[Copilot with commercial data protection](/copilot/overview) is intended for commercial use scenarios and offers commercial data protection. The following privacy and security protections apply for Copilot with commercial data protection:
- With [Bing Chat Enterprise](/bing-chat-enterprise/overview), user and organizational data is protected, chat data isn't saved, and your data isn't used to train the underlying large language models. Because of this protection, chat history, 3rd-party plugins, and the Bing mobile app for iOS or Android aren't currently supported. Bing Chat Enterprise is accessible from mobile browsers, including Edge mobile on iOS and Android. Review the Bing Chat Enterprise [privacy statement](/bing-chat-enterprise/privacy-and-protections).
+- User and organizational data is protected, chat data isn't saved, and your data isn't used to train the underlying large language models. Because of this protection, chat history, 3rd-party plugins, and the Bing app for iOS or Android aren't currently supported. Copilot with commercial data protection is accessible from mobile browsers, including Edge mobile on iOS and Android. Review the Copilot with commercial data protection [privacy statement](/copilot/privacy-and-protections).
- Bing Chat Enterprise is available, at no additional cost, for the following licenses:
+- Copilot with commercial data protection is available, at no additional cost, for the following licenses:
   - Microsoft 365 E3 or E5
   - Microsoft 365 A3 or A5 for faculty
   - Microsoft 365 Business Standard
   - Microsoft 365 Business Premium
  > [!Note]
-  > Bing Chat Enterprise and Bing Chat don't have access to Microsoft Graph, unlike [Microsoft 365 Copilot](/microsoft-365-copilot/microsoft-365-copilot-overview) which can be used in the Microsoft 365 apps. This means that Bing Chat Enterprise and Bing Chat can't access Microsoft 365 Apps data, such as email, calendar, or files.
+  > Copilot doesn't have access to Microsoft 365 Apps data, such as email, calendar, or files using Microsoft Graph, unlike [Copilot for Microsoft 365](/microsoft-365-copilot/microsoft-365-copilot-overview) which can be used in the Microsoft 365 apps.
 ## Configure the chat provider platform that Copilot in Windows uses
-Configuring the correct chat provider platform for Copilot in Windows is important because it is possible for users to copy and paste sensitive information into the chat provider. Each chat provider platform has different privacy and security protections. Once you have selected the chat provider platform that you want to use for Copilot in Windows, ensure it's configured for your organization's users. The following sections describe how to configure the chat provider platform that Copilot in Windows uses.
+Configuring the correct chat provider platform for Copilot in Windows is important because it's possible for users to copy and paste sensitive information into the chat. Each chat provider platform has different privacy and security protections. Once you select the chat provider platform that you want to use for Copilot in Windows, ensure it's configured for your organization's users. The following sections describe how to configure the chat provider platform that Copilot in Windows uses.
-### Bing Chat as the chat provider platform
+### Microsoft Copilot as the chat provider platform
-Bing Chat is used as the default chat provider platform for Copilot in Windows when any of the following conditions occur:
+Copilot is used as the default chat provider platform for Copilot in Windows when any of the following conditions occur:
- Bing Chat Enterprise isn't configured for the user
+- Commercial data protection isn't configured for the user.
- The user isn't assigned a license that includes Bing Chat Enterprise
+- Commercial data protection is [turned off](/copilot/manage).
- Bing Chat Enterprise is [turned off](/bing-chat-enterprise/manage)
+- The user isn't assigned a license that includes Copilot with commercial data protection.
- The user isn't signed in with a Microsoft Entra account that's licensed for Bing Chat Enterprise
+- The user isn't signed in with a Microsoft Entra account that's licensed for Copilot with commercial data protection.
-### Bing Chat Enterprise as the chat provider platform (recommended for commercial environments)
+### Copilot with commercial data protection as the chat provider platform (recommended for commercial environments)
-To verify that Bing Chat Enterprise is enabled for the user as the chat provider platform for Copilot in Windows, use the following instructions:
+To verify that Copilot with commercial data protection is enabled for the user as the chat provider platform for Copilot in Windows, use the following instructions:
 1. Sign into the [Microsoft 365 admin center](https://admin.microsoft.com/).
-1. In the admin center, select  **Users** > **Active users** and verify that users are assigned a license that includes Bing Chat Enterprise. Bing Chat Enterprise is included and enabled by default for users that are assigned one of the following licenses:
+1. In the admin center, select  **Users** > **Active users** and verify that users are assigned a license that includes **Copilot**. Copilot with commercial data protection is included and enabled by default for users that are assigned one of the following licenses:
   - Microsoft 365 E3 or E5
   - Microsoft 365 A3 or A5 for faculty
-     - Currently, Microsoft 365 A3 and A5 for faculty requires additional configuration. For more information, see [Manage Bing Chat Enterprise](/bing-chat-enterprise/manage).
+     - Currently, Microsoft 365 A3 and A5 for faculty requires additional configuration. For more information, see [Manage Copilot](/copilot/manage).
   - Microsoft 365 Business Standard
   - Microsoft 365 Business Premium
-1. To verify that Bing Chat Enterprise is enabled for the user, select the user's **Display name** to open the flyout menu. 
+1. To verify that commercial data protection is enabled for the user, select the user's **Display name** to open the flyout menu.
 1. In the flyout, select the **Licenses & apps** tab, then expand the **Apps** list.
-1. Verify that **Bing Chat Enterprise** is enabled for the user.
+1. Verify that **Copilot** is enabled for the user.
-1. If you prefer to view a user's licenses from the [Azure portal](https://portal.azure.com), you will find it under **Microsoft Entra ID** > **Users**. Select the user's name, then **Licenses**. Select a  license that includes Bing Chat Enterprise, and verify that it's listed as **On**.
+1. If you prefer to view a user's licenses from the [Azure portal](https://portal.azure.com), you'll find it under **Microsoft Entra ID** > **Users**. Select the user's name, then **Licenses**. Select a  license that includes **Copilot**, and verify that it's listed as **On**.
   > [!Note]
-   > If you previously disabled Bing Chat Enterprise using the URL, `https://aka.ms/TurnOffBCE`, see [Manage Bing Chat Enterprise](/bing-chat-enterprise/manage) for verifying that Bing Chat Enterprise is enabled for your users.
+   > If you previously disabled Copilot with commercial data protection (formerly Bing Chat Enterprise) using the URL, `https://aka.ms/TurnOffBCE`, see [Manage Copilot](/copilot/manage) for verifying that commercial data protection is enabled for your users.
-The following sample PowerShell script connects to Microsoft Graph and lists which users that have Bing Chat Enterprise enabled and disabled:
+The following sample PowerShell script connects to Microsoft Graph and lists which users that have Copilot with commercial data protection enabled and disabled:
 ```powershell
 # Install Microsoft Graph module
@ -108,20 +110,20 @@ Connect-MgGraph -Scopes 'User.Read.All'
 # Get all users
 $users = Get-MgUser -All -ConsistencyLevel eventual -Property Id, DisplayName, Mail, UserPrincipalName, AssignedPlans
-# Users with Bing Chat Enterprise enabled
+# Users with Copilot with commercial data protection enabled
 $users | Where-Object { $_.AssignedPlans -and $_.AssignedPlans.Service -eq "Bing" -and $_.AssignedPlans.CapabilityStatus -eq "Enabled" } | Format-Table
-# Users without Bing Chat Enterprise enabled
+# Users without Copilot with commercial data protection enabled
 $users | Where-Object { -not $_.AssignedPlans -or ($_.AssignedPlans.Service -eq "Bing" -and $_.AssignedPlans.CapabilityStatus -ne "Enabled") } | Format-Table
 ```
-When Bing Chat Enterprise is the chat provider platform, the user experience clearly states that **Your personal and company data are protected in this chat**. There's also a shield symbol labeled **Protected** at the top of the Copilot in Windows sidebar and the provider is listed under the Copilot logo when the sidebar is first opened. The following image shows the message that's displayed when Bing Chat Enterprise is the chat provider platform for Copilot in Windows:
+When Copilot with commercial data protection is the chat provider platform, the user experience clearly states that **Your personal and company data are protected in this chat**. There's also a shield symbol labeled **Protected** at the top of the Copilot in Windows sidebar and the provider is listed under the Copilot logo when the sidebar is first opened. The following image shows the message that's displayed in this scenario:
-:::image type="content" source="images/bing-chat-enterprise-chat-provider.png" alt-text="Screenshot of the Copilot in Windows user experience when Bing Chat Enterprise is the chat provider." lightbox="images/bing-chat-enterprise-chat-provider.png":::
+:::image type="content" source="images/bing-chat-enterprise-chat-provider.png" alt-text="Screenshot of the Copilot in Windows user experience when Copilot with commercial data protection is the chat provider." lightbox="images/bing-chat-enterprise-chat-provider.png":::
 ## Ensure the Copilot in Windows user experience is enabled
-Once you've configured the chat provider platform that Copilot in Windows uses, you need to ensure that the Copilot in Windows user experience is enabled. Ensuring the Copilot in Windows user experience is enabled varies by the Windows version. 
+Once you've configured the chat provider platform that Copilot in Windows uses, you need to ensure that the Copilot in Windows user experience is enabled. Ensuring the Copilot in Windows user experience is enabled varies by the Windows version.
 ### Enable the Copilot in Windows user experience for Windows 11, version 22H2 clients
@ -130,7 +132,7 @@ Copilot in Windows isn't technically enabled by default for managed Windows 11,
 To enable Copilot in Windows for managed Windows 11, version 22H2 devices, you need to enable features under temporary enterprise control for these devices. Since enabling features behind [temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control) can be impactful, you should test this change before deploying it broadly. To enable Copilot in Windows for managed Windows 11, version 22H2 devices, use the following instructions:
 1. Verify that the user accounts have the correct chat provider platform configured for Copilot in Windows. For more information, see the [Configure the chat provider platform that Copilot in Windows uses](#configure-the-chat-provider-platform-that-copilot-in-windows-uses) section.
-1. Apply a policy to enable features under temporary enterprise control for managed clients. The following polices apply to Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/en-us/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later:
+1. Apply a policy to enable features under temporary enterprise control for managed clients. The following polices apply to Windows 11, version 22H2 with [KB5022845](https://support.microsoft.com/topic/february-14-2023-kb5022845-os-build-22621-1265-90a807f4-d2e8-486e-8a43-d09e66319f38) and later:
   - **Group Policy:** Computer Configuration\Administrative Templates\Windows Components\Windows Update\Manage end user experience\\**Enable features introduced via servicing that are off by default**
    - **CSP**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowTemporaryEnterpriseFeatureControl](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowtemporaryenterprisefeaturecontrol)
@ -142,7 +144,7 @@ To enable Copilot in Windows for managed Windows 11, version 22H2 devices, you n
   - **Group Policy:** Computer Configuration\Administrative Templates\Windows Components\Windows Update\Windows Update for Business\\**Allow updates to Windows optional features**
   - **CSP**: ./Device/Vendor/MSFT/Policy/Config/Update/[AllowOptionalUpdates](/windows/client-management/mdm/policy-csp-update?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#allowoptionalupdates)
      - In the Intune [settings catalog](/mem/intune/configuration/settings-catalog), this setting is named **Allow optional updates** under the **Windows Update for Business** category.
- 
+
   The optional updates policy applies to Windows 11, version 22H2 with [KB5029351](https://support.microsoft.com/help/5029351) and later. When setting policy for [optional updates](/windows/deployment/update/waas-configure-wufb#enable-optional-updates), ensure you select one of the following options that includes CFRs:
    - Automatically receive optional updates (including CFRs)
      - This selection places devices into an early CFR phase
@ -152,9 +154,9 @@ To enable Copilot in Windows for managed Windows 11, version 22H2 devices, you n
 ### Enable the Copilot in Windows user experience for Windows 11, version 23H2 clients
-Once a managed device installs the version 23H2 update, the [temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control) for Copilot in Windows will be removed. This means that Copilot in Windows will be enabled by default for these devices.
+Once a managed device installs the version 23H2 update, the [temporary enterprise control](/windows/whats-new/temporary-enterprise-feature-control) for Copilot in Windows is removed. This means that Copilot in Windows is enabled by default for these devices.
-While the user experience for Copilot in Windows is enabled by default, you still need to verify that the correct chat provider platform configured for Copilot in Windows. While every effort has been made to ensure that Bing Chat Enterprise is the default chat provider for commercial organizations, it's still possible that Bing Chat might still be used if the configuration is incorrect, or if other settings are affecting Copilot in Windows. For more information, see:
+While the user experience for Copilot in Windows is enabled by default, you still need to verify that the correct chat provider platform configured for Copilot in Windows. While every effort is made to ensure that Copilot with commercial data protection is the default chat provider for commercial organizations, it's still possible that Copilot might still be used if the configuration is incorrect, or if other settings are affecting Copilot in Windows. For more information, see:
 - [Configure the chat provider platform that Copilot in Windows uses](#configure-the-chat-provider-platform-that-copilot-in-windows-uses)
 - [Other settings that might affect Copilot in Windows and its underlying chat provider](#other-settings-that-might-affect-copilot-in-windows-and-its-underlying-chat-provider)
@ -165,25 +167,26 @@ Organizations that aren't ready to use Copilot in Windows can disable it until t
 ## Other settings that might affect Copilot in Windows and its underlying chat provider
-Copilot in Windows and [Copilot in Edge](/bing-chat-enterprise/edge), can share the same underlying chat provider platform. This also means that some settings that affect Bing Chat, Bing Chat Enterprise, and Copilot in Edge can also affect Copilot in Windows. The following common settings might affect Copilot in Windows and its underlying chat provider:
+Copilot in Windows and [Copilot in Edge](/copilot/edge), can share the same underlying chat provider platform. This also means that some settings that affect Copilot, Copilot with commercial data protection, and Copilot in Edge can also affect Copilot in Windows. The following common settings might affect Copilot in Windows and its underlying chat provider:
 ### Bing settings
- If [SafeSearch](https://support.microsoft.com/topic/946059ed-992b-46a0-944a-28e8fb8f1814) is enabled for Bing, it can block chat providers for Copilot in Windows. The following network changes block the chat providers for Copilot in Windows and Copilot in Edge:
+- If [SafeSearch](https://support.microsoft.com/topic/946059ed-992b-46a0-944a-28e8fb8f1814) is enabled for Bing, it can block chat providers for Copilot in Windows. The following network changes block the chat providers for Copilot in Windows and Edge:
   - mapping `www.bing.com` to `strict.bing.com`
   - mapping `edgeservices.bing.com` to `strict.bing.com`
   - blocking `bing.com`
- If Bing Chat Enterprise is turned on for your organization, users will be able to access it through Edge mobile when signed in with their work account. If you would like to remove the Bing Chat button from the Edge mobile interface, you can use an [Intune Mobile Application Management (MAM) policy for Microsoft Edge](/mem/intune/apps/manage-microsoft-edge) to remove it:
+   - Mapping `www.bing.com` to `strict.bing.com`
   - Mapping `edgeservices.bing.com` to `strict.bing.com`
   - Blocking `bing.com`
-    |Key |Value |
+- If Copilot with commercial data protection is turned on for your organization, users can access it through Edge mobile when signed in with their work account. If you would like to remove the Bing Chat button from the Edge mobile interface, you can use an [Intune Mobile Application Management (MAM) policy for Microsoft Edge](/mem/intune/apps/manage-microsoft-edge) to remove it:
-    |:---------|:------------|
+
-    |com.microsoft.intune.mam.managedbrowser.Chat| **true** (default) shows the interface </br> **false** hides the interface |
+    | Key                                          | Value                                                                      |
    |:---------------------------------------------|:---------------------------------------------------------------------------|
    | com.microsoft.intune.mam.managedbrowser.Chat | **true** (default) shows the interface </br> **false** hides the interface |
 ### Microsoft Edge policies
 - If [HubsSidebarEnabled](/deployedge/microsoft-edge-policies#hubssidebarenabled) is set to `disabled`, it blocks Copilot in Edge from being displayed.
- If [DiscoverPageContextEnabled](/deployedge/microsoft-edge-policies#discoverpagecontextenabled) is set to `disabled`, it blocks Bing Chat and Bing Chat Enterprise from reading the current webpage context. The chat providers need access to the current webpage context for providing page summarizations and sending user selected strings from the webpage into the chat provider.
+- If [DiscoverPageContextEnabled](/deployedge/microsoft-edge-policies#discoverpagecontextenabled) is set to `disabled`, it blocks Copilot from reading the current webpage context. The chat providers need access to the current webpage context for providing page summarizations and sending user selected strings from the webpage into the chat provider.
 ### Search settings
--- a/windows/client-management/mdm-collect-logs.md
+++ b/windows/client-management/mdm-collect-logs.md
@ -1,7 +1,7 @@
 ---
 title: Collect MDM logs
 description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows devices managed by an MDM server.
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ms.collection:
 - highpri
--- a/windows/client-management/mdm-diagnose-enrollment.md
+++ b/windows/client-management/mdm-diagnose-enrollment.md
@ -1,7 +1,7 @@
 ---
 title: Diagnose MDM enrollment failures
 description: Learn how to diagnose enrollment failures for Windows devices
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm-enrollment-of-windows-devices.md
@ -1,7 +1,7 @@
 ---
 title: MDM enrollment of Windows devices
 description: Learn about mobile device management (MDM) enrollment of Windows devices to simplify access to your organization's resources.
-ms.topic: article
+ms.topic: conceptual
 ms.collection:
 - highpri
 - tier2
--- a/windows/client-management/mdm-known-issues.md
+++ b/windows/client-management/mdm-known-issues.md
@ -1,7 +1,7 @@
 ---
 title: Known issues in MDM
 description: Learn about known issues for Windows devices in MDM
-ms.topic: article
+ms.topic: conceptual
 ms.date: 08/10/2023
 ---
--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@ -2,7 +2,7 @@
 title: Mobile Device Management overview
 description: Windows provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy.
 ms.date: 08/10/2023
-ms.topic: article
+ms.topic: conceptual
 ms.localizationpriority: medium
 ms.collection:
 - highpri
--- a/windows/client-management/mdm/Language-pack-management-csp.md
+++ b/windows/client-management/mdm/Language-pack-management-csp.md
@ -1,14 +1,7 @@
 ---
 title: LanguagePackManagement CSP
 description: Learn more about the LanguagePackManagement CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@ -1,14 +1,7 @@
 ---
 title: AccountManagement CSP
 description: Learn more about the AccountManagement CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/accountmanagement-ddf.md
+++ b/windows/client-management/mdm/accountmanagement-ddf.md
@ -1,14 +1,7 @@
 ---
 title: AccountManagement DDF file
 description: View the XML file containing the device description framework (DDF) for the AccountManagement configuration service provider.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 08/29/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@ -1,14 +1,7 @@
 ---
 title: Accounts CSP
 description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, and create local Windows accounts & join them to a group.
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 03/27/2020
 ms.reviewer:
 manager: aaroncz
 ---
 # Accounts CSP
--- a/windows/client-management/mdm/accounts-ddf-file.md
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@ -1,14 +1,7 @@
 ---
 title: Accounts DDF file
 description: View the XML file containing the device description framework (DDF) for the Accounts configuration service provider.
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 04/17/2018
 ms.reviewer:
 manager: aaroncz
 ---
 # Accounts DDF file
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@ -1,14 +1,7 @@
 ---
 title: ActiveSync CSP
 description: Learn more about the ActiveSync CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@ -1,14 +1,7 @@
 ---
 title: ActiveSync DDF file
 description: View the XML file containing the device description framework (DDF) for the ActiveSync configuration service provider.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 07/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/alljoynmanagement-csp.md
+++ b/windows/client-management/mdm/alljoynmanagement-csp.md
@ -1,13 +1,6 @@
 ---
 title: AllJoynManagement CSP
 description: The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus.
 ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
--- a/windows/client-management/mdm/alljoynmanagement-ddf.md
+++ b/windows/client-management/mdm/alljoynmanagement-ddf.md
@ -1,13 +1,6 @@
 ---
 title: AllJoynManagement DDF
 description: Learn the OMA DM device description framework (DDF) for the AllJoynManagement configuration service provider.
 ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
--- a/windows/client-management/mdm/application-csp.md
+++ b/windows/client-management/mdm/application-csp.md
@ -1,13 +1,6 @@
 ---
 title: APPLICATION CSP
 description: Learn how the APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning.
 ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@ -1,14 +1,7 @@
 ---
 title: ApplicationControl DDF file
 description: View the XML file containing the device description framework (DDF) for the ApplicationControl configuration service provider.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.18362</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@ -1,14 +1,7 @@
 ---
 title: ApplicationControl CSP
 description: Learn more about the ApplicationControl CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@ -1,14 +1,7 @@
 ---
 title: AppLocker CSP
 description: Learn more about the AppLocker CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@ -1,14 +1,7 @@
 ---
 title: AppLocker DDF file
 description: View the XML file containing the device description framework (DDF) for the AppLocker configuration service provider.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@ -1,14 +1,7 @@
 ---
 title: AssignedAccess CSP
 description: Learn more about the AssignedAccess CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@ -1,14 +1,7 @@
 ---
 title: AssignedAccess DDF file
 description: View the XML file containing the device description framework (DDF) for the AssignedAccess configuration service provider.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@ -1,14 +1,7 @@
 ---
 title: BitLocker CSP
 description: Learn more about the BitLocker CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@ -1,14 +1,7 @@
 ---
 title: BitLocker DDF file
 description: View the XML file containing the device description framework (DDF) for the BitLocker configuration service provider.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 11/06/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
@ -46,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the B
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@ -1,13 +1,6 @@
 ---
 title: CellularSettings CSP
 description: Learn how the CellularSettings configuration service provider is used to configure cellular settings on a mobile device.
 ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
@ -42,8 +35,8 @@ CellularSettings
 |Value|Setting|
 |--- |--- |
-|0|Don’t roam|
+|0|Don't roam|
-|1|Don’t roam (or Domestic roaming if applicable)|
+|1|Don't roam (or Domestic roaming if applicable)|
 |2|Roam|
 ## Related topics
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@ -1,14 +1,7 @@
 ---
 title: CertificateStore CSP
 description: Learn more about the CertificateStore CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 08/10/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@ -1,14 +1,7 @@
 ---
 title: CertificateStore DDF file
 description: View the XML file containing the device description framework (DDF) for the CertificateStore configuration service provider.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
@ -49,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the C
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/cleanpc-csp.md
+++ b/windows/client-management/mdm/cleanpc-csp.md
@ -1,14 +1,7 @@
 ---
 title: CleanPC CSP
 description: The CleanPC configuration service provider (CSP) allows you to remove user-installed and pre-installed applications, with the option to persist user data.
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ms.reviewer:
 manager: aaroncz
 ---
 # CleanPC CSP
--- a/windows/client-management/mdm/cleanpc-ddf.md
+++ b/windows/client-management/mdm/cleanpc-ddf.md
@ -1,13 +1,6 @@
 ---
 title: CleanPC DDF
 description: Learn about the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@ -1,14 +1,7 @@
 ---
 title: ClientCertificateInstall CSP
 description: Learn more about the ClientCertificateInstall CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 10/24/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@ -1,14 +1,7 @@
 ---
 title: ClientCertificateInstall DDF file
 description: View the XML file containing the device description framework (DDF) for the ClientCertificateInstall configuration service provider.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 06/02/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
@ -46,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the C
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -1129,7 +1122,7 @@ Valid values are:
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/clouddesktop-csp.md
+++ b/windows/client-management/mdm/clouddesktop-csp.md
@ -1,14 +1,7 @@
 ---
 title: CloudDesktop CSP
 description: Learn more about the CloudDesktop CSP.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 10/25/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
@ -47,7 +40,7 @@ The following list shows the CloudDesktop configuration service provider nodes:
 <!-- Device-BootToCloudPCEnhanced-Description-Begin -->
 <!-- Description-Source-DDF -->
-This node allows to configure different kinds of Boot to Cloud mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. For using this feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned. This node supports the below options: 0. Not Configured. 1. Enable Boot to Cloud Shared PC Mode: Boot to Cloud Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. 2. Enable Boot to Cloud Personal Mode (Cloud only): Personal mode allows user to sign-in on the device using various authentication mechanism configured by their organization (For ex. PIN, Biometrics etc). This mode preserves user personalization, including their profile picture and username in local machine, and facilitates fast account switching.
+This node allows to configure different kinds of Boot to Cloud mode. Boot to cloud mode enables users to seamlessly sign-in to a Cloud PC. For using this feature, Cloud Provider application must be installed on the PC and the user must have a Cloud PC provisioned. This node supports the below options: 0. Not Configured. 1. Enable Boot to Cloud Shared PC Mode: Boot to Cloud Shared PC mode allows multiple users to sign-in on the device and use for shared purpose. 2. Enable Boot to Cloud Dedicated Mode (Cloud only): Dedicated mode allows user to sign-in on the device using various authentication mechanism configured by their organization (For ex. PIN, Biometrics etc). This mode preserves user personalization, including their profile picture and username in local machine, and facilitates fast account switching.
 <!-- Device-BootToCloudPCEnhanced-Description-End -->
 <!-- Device-BootToCloudPCEnhanced-Editable-Begin -->
@ -73,7 +66,7 @@ This node allows to configure different kinds of Boot to Cloud mode. Boot to clo
 |:--|:--|
 | 0 (Default) | Not Configured. |
 | 1 | Enable Boot to Cloud Shared PC Mode. |
-| 2 | Enable Boot to Cloud Personal Mode (Cloud only). |
+| 2 | Enable Boot to Cloud Dedicated Mode (Cloud only). |
 <!-- Device-BootToCloudPCEnhanced-AllowedValues-End -->
 <!-- Device-BootToCloudPCEnhanced-Examples-Begin -->
@ -140,10 +133,10 @@ Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 ## BootToCloudPCEnhanced technical reference
-BootToCloudPCEnhanced is the setting used to configure **Boot to Cloud** feature either for shared mode or personal mode. When you enable this setting, multiple policies are applied to achieve the intended behavior. If you wish to customize the **Boot to Cloud** experience, you can utilize the [BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) policy, which provides the flexibility to tailor the experience according to your requirements.
+BootToCloudPCEnhanced is the setting used to configure **Boot to Cloud** feature either for shared mode or dedicated mode. When you enable this setting, multiple policies are applied to achieve the intended behavior. If you wish to customize the **Boot to Cloud** experience, you can utilize the [BootToCloudMode](policy-csp-clouddesktop.md#boottocloudmode) policy, which provides the flexibility to tailor the experience according to your requirements.
 > [!NOTE]
-> It is recommended not to set any of the policies enforced by this setting to different values, as these policies help provide a smooth UX experience for the **Boot to Cloud** feature for shared and personal mode.
+> It is recommended not to set any of the policies enforced by this setting to different values, as these policies help provide a smooth UX experience for the **Boot to Cloud** feature for shared and dedicated mode.
 ### Boot to Cloud Shared PC Mode
@ -189,6 +182,7 @@ When the Shared PC mode is enabled by setting BootToCloudPCEnhanced value to 1:
    | Start Menu and Taskbar/Notifications/Turn off toast notifications                                                      | Enabled                               |
    | Start Menu and Taskbar/Notifications/Remove Notifications and Action Center                                            | Enabled                               |
    | System/Logon/Do not process the legacy run list                                                                        | Enabled                               |
    | Windows Components/Windows Copilot/Turn off Windows Copilot                                                            | Enabled                               |
 - Following registry changes are performed:
@ -197,9 +191,9 @@ When the Shared PC mode is enabled by setting BootToCloudPCEnhanced value to 1:
    | Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0      |
    | Software\Policies\Microsoft\PassportForWork\Enabled (Use Microsoft Passport for Work)        | 0      |
-### Boot to Cloud Personal Mode
+### Boot to Cloud Dedicated Mode
-When the Personal mode is enabled by setting BootToCloudPCEnhanced value to 2:
+When the Dedicated mode is enabled by setting BootToCloudPCEnhanced value to 2:
 - Following MDM policies are applied for the Device scope (all users):
@ -218,6 +212,7 @@ When the Personal mode is enabled by setting BootToCloudPCEnhanced value to 2:
    | Start Menu and Taskbar/Notifications/Turn off toast notifications                                                      | Enabled                               |
    | Start Menu and Taskbar/Notifications/Remove Notifications and Action Center                                            | Enabled                               |
    | System/Logon/Do not process the legacy run list                                                                        | Enabled                               |
    | Windows Components/Windows Copilot/Turn off Windows Copilot                                                            | Enabled                               |
 <!-- CloudDesktop-CspMoreInfo-End -->
 <!-- CloudDesktop-End -->
--- a/windows/client-management/mdm/clouddesktop-ddf-file.md
+++ b/windows/client-management/mdm/clouddesktop-ddf-file.md
@ -1,14 +1,7 @@
 ---
 title: CloudDesktop DDF file
 description: View the XML file containing the device description framework (DDF) for the CloudDesktop configuration service provider.
-author: vinaypamnani-msft
+ms.date: 01/18/2024
 manager: aaroncz
 ms.author: vinpa
 ms.date: 10/25/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
 ms.topic: reference
 ---
 <!-- Auto-Generated CSP Document -->
@ -47,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the C
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
        <MSFT:CspVersion>9.9</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x88;0xA1;0xA2;0xA4;0xA5;0xBC;0xBF;0xCD;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@ -1,13 +1,6 @@
 ---
 title: CM\_CellularEntries CSP
 description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
 ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/02/2017
 ---
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@ -1,13 +1,6 @@
 ---
 title: CMPolicy CSP
 description: Learn how the CMPolicy configuration service provider (CSP) is used to define rules that the Connection Manager uses to identify correct connections.
 ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
@ -33,7 +26,7 @@ Each policy entry identifies one or more applications in combination with a host
 **Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence.
-**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
+**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone's default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
 The following shows the CMPolicy configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
@ -88,7 +81,7 @@ Enumerates the connections associated with the policy. Element names begin with
 <a href="" id="connectionid"></a>**ConnectionID**
 Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
-For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you have a connection configured by using the CM\_CellularEntries configuration service provider, the connection name could be the name of the connection. If you have a NAP configured with the NAPID set to “GPRS1”, the connection name could be “GPRS1@WAP”.
+For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you have a connection configured by using the CM\_CellularEntries configuration service provider, the connection name could be the name of the connection. If you have a NAP configured with the NAPID set to "GPRS1", the connection name could be "GPRS1@WAP".
 For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. The curly brackets {} around the GUID are required. The following connection types are available:
@ -142,7 +135,7 @@ Specifies the type of connection being referenced. The following list describes
 ## OMA client provisioning examples
-Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
+Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection ("GPRSConn1") that is configured with the CM\_CellularEntries configuration service provider.
 ```xml
 <wap-provisioningdoc>
@ -189,7 +182,7 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo
 Adding a host-based mapping policy:
-In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
+In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection ("GPRSConn1") that is configured with the CM\_CellularEntries configuration service provider.
 ```xml
 <wap-provisioningdoc>
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@ -1,13 +1,6 @@
 ---
 title: CMPolicyEnterprise CSP
 description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request.
 ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
@ -36,7 +29,7 @@ Each policy entry identifies one or more applications in combination with a host
 **Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence.
-**Default Policies**: Policies are applied in the order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
+**Default Policies**: Policies are applied in the order of their scope with the most specific policies considered before the more general policies. The phone's default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
 The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
@ -91,7 +84,7 @@ Enumerates the connections associated with the policy. Element names begin with
 <a href="" id="connectionid"></a>**ConnectionID**
 Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
-For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you have a connection configured by using the CM\_CellularEntries configuration service provider, the connection name could be the name of the connection. If you have a NAP configured with the NAPID set to “GPRS1”, the connection name could be “GPRS1@WAP”.
+For `CMST_CONNECTION_NAME`, specify the connection name. For example, if you have a connection configured by using the CM\_CellularEntries configuration service provider, the connection name could be the name of the connection. If you have a NAP configured with the NAPID set to "GPRS1", the connection name could be "GPRS1@WAP".
 For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. The curly brackets {} around the GUID are required. The following connection types are available:
@ -146,7 +139,7 @@ Specifies the type of connection being referenced. The following list describes
 ## OMA client provisioning examples
-Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
+Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection ("GPRSConn1") that is configured with the CM\_CellularEntries configuration service provider.
 ```xml
 <wap-provisioningdoc>
@ -191,7 +184,7 @@ Adding an application-based mapping policy. In this example, the ConnectionId fo
 </wap-provisioningdoc>
 ```
-Adding a host-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
+Adding a host-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection ("GPRSConn1") that is configured with the CM\_CellularEntries configuration service provider.
 ```xml
 <wap-provisioningdoc>
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@ -1,13 +1,6 @@
 ---
 title: CMPolicyEnterprise DDF file
 description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider.
 ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: reference
 ms.prod: windows-client
 ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
--- a/Show More
+++ b/Show More