resolve merge conflict

.openpublishing.redirection.json

@@ -20809,6 +20809,11 @@
       "source_path": "store-for-business/sign-up-microsoft-store-for-business.md",
       "redirect_url": "/microsoft-store",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/security/information-protection/index.md",
+      "redirect_url": "/windows/security/encryption-data-protection",
+      "redirect_document_id": false
     }
   ]
 }

education/windows/federated-sign-in.md

@@ -53,7 +53,7 @@ To use federated sign-in, the devices must have Internet access. This feature do
 > - Provisioning packages (PPKG)
 > - Windows Autopilot self-deploying mode
 
-### System requirements
+[!INCLUDE [federated-sign-in](../../includes/licensing/federated-sign-in.md)]
 
 Federated sign-in for student assigned (1:1) devices is supported on the following Windows editions and versions:
 

includes/intune/intune-custom-settings-1.md

@@ -0,0 +1,13 @@
+---
+ms.date: 02/22/2022
+ms.topic: include
+---
+
+To configure devices with Microsoft Intune, use a custom policy:
+
+1. Go to the <a href="https://intune.microsoft.com" target="_blank"><b>Microsoft Intune admin center</b></a>
+2. Select **Devices > Configuration profiles > Create profile**
+3. Select **Platform > Windows 10 and later** and **Profile type > Templates > Custom**
+4. Select **Create**
+5. Specify a **Name** and, optionally, a **Description > Next**
+6. Add the following settings:

includes/intune/intune-custom-settings-2.md

@@ -0,0 +1,9 @@
+---
+ms.date: 11/08/2022
+ms.topic: include
+---
+
+7. Select **Next**
+8. Assign the policy to a security group that contains as members the devices or users that you want to configure > **Next**
+9. Under **Applicability Rules**, select **Next**
+10. Review the policy configuration and select **Create**

includes/intune/intune-custom-settings-info.md

@@ -0,0 +1,6 @@
+---
+ms.date: 11/08/2022
+ms.topic: include
+---
+
+For more information about how to create custom settings using Intune, see [Use custom settings for Windows devices in Intune](/mem/intune/configuration/custom-settings-windows-10).

includes/licensing/_edition-requirements.md

@@ -0,0 +1,80 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+| Feature name | Windows Pro | Windows Enterprise | Windows Pro Education/SE | Windows Education |
+|:---|:---:|:---:|:---:|:---:|
+|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|
+|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|❌|Yes|
+|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|
+|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|
+|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|
+|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|Yes|Yes|Yes|Yes|
+|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|
+|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|
+|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|❌|Yes|
+|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|
+|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|
+|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|
+|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|
+|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|Yes|Yes|
+|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|
+|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|
+|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
+|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|❌|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|❌|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|Yes|❌|Yes|
+|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|❌|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|
+|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|❌|Yes|
+|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|
+|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|
+|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|
+|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|
+|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|
+|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|
+|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|
+|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|
+|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|
+|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
+|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|
+|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|
+|**[Universal Print](/universal-print/)**|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|
+|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|
+|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|❌|Yes|
+|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|
+|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|❌|Yes|
+|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|
+|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|
+|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|
+|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|

includes/licensing/_licensing-requirements.md

@@ -0,0 +1,80 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+|Feature name|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---|:---:|:---:|:---:|:---:|:---:|
+|**[Access Control (ACLs/SCALS)](/windows/security/identity-protection/access-control/access-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Account Lockout Policy](/windows/security/threat-protection/security-policy-settings/account-lockout-policy)**|Yes|Yes|Yes|Yes|Yes|
+|**[Always On VPN (device tunnel)](/windows-server/remote/remote-access/vpn/always-on-vpn/)**|❌|Yes|Yes|Yes|Yes|
+|**[Assigned Access (kiosk mode)](/windows/configuration/kiosk-methods)**|Yes|Yes|Yes|Yes|Yes|
+|**[Attack surface reduction (ASR)](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction)**|Yes|Yes|Yes|Yes|Yes|
+|**[Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO)](/azure/active-directory/devices/concept-azure-ad-join)**|Yes|Yes|Yes|Yes|Yes|
+|**[BitLocker enablement](/windows/security/information-protection/bitlocker/bitlocker-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[BitLocker management](/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises)**|❌|Yes|Yes|Yes|Yes|
+|**Bluetooth pairing and connection protection**|Yes|Yes|Yes|Yes|Yes|
+|**[Common Criteria certifications](/windows/security/threat-protection/windows-platform-common-criteria)**|Yes|Yes|Yes|Yes|Yes|
+|**[Controlled folder access](/microsoft-365/security/defender-endpoint/controlled-folders)**|Yes|Yes|Yes|Yes|Yes|
+|**[Device health attestation service](/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices)**|Yes|Yes|Yes|Yes|Yes|
+|**[Direct Access](/windows-server/remote/remote-access/directaccess/directaccess)**|❌|Yes|Yes|Yes|Yes|
+|**[Email Encryption (S/MIME)](/windows/security/identity-protection/configure-s-mime)**|Yes|Yes|Yes|Yes|Yes|
+|**[Encrypted hard drive](/windows/security/information-protection/encrypted-hard-drive)**|Yes|Yes|Yes|Yes|Yes|
+|**[Enhanced phishing protection with SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/phishing-protection-microsoft-defender-smartscreen)**|Yes|Yes|Yes|Yes|Yes|
+|**[Exploit protection](/microsoft-365/security/defender-endpoint/exploit-protection)**|Yes|Yes|Yes|Yes|Yes|
+|**[Fast Identity Online (FIDO2) security key](/azure/active-directory/authentication/howto-authentication-passwordless-security-key)**|Yes|Yes|Yes|Yes|Yes|
+|**[Federal Information Processing Standard (FIPS) 140 validation](/windows/security/threat-protection/fips-140-validation)**|Yes|Yes|Yes|Yes|Yes|
+|**[Federated sign-in](/education/windows/federated-sign-in)**|❌|❌|❌|Yes|Yes|
+|**[Hardware-enforced stack protection](https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815)**|Yes|Yes|Yes|Yes|Yes|
+|**[Hypervisor-protected Code Integrity (HVCI)](/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity)**|Yes|Yes|Yes|Yes|Yes|
+|**[Kernel Direct Memory Access (DMA) protection](/windows/security/information-protection/kernel-dma-protection-for-thunderbolt)**|Yes|Yes|Yes|Yes|Yes|
+|**Local Security Authority (LSA) Protection**|Yes|Yes|Yes|Yes|Yes|
+|**[Manage by Mobile Device Management (MDM) and group policy](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
+|**[Measured boot](/windows/compatibility/measured-boot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Antivirus](/microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) configure via MDM](/windows/client-management/mdm/windowsdefenderapplicationguard-csp)**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management](/deployedge/microsoft-edge-security-windows-defender-application-guard)**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Edge standalone mode](/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender Application Guard (MDAG) for Microsoft Office](https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46)**|❌|❌|❌|❌|❌|
+|**Microsoft Defender Application Guard (MDAG) public APIs**|❌|Yes|Yes|Yes|Yes|
+|**[Microsoft Defender for Endpoint](/microsoft-365/security/defender-endpoint)**|❌|❌|Yes|❌|Yes|
+|**[Microsoft Defender SmartScreen](/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Pluton security processor](/windows/security/information-protection/pluton/microsoft-pluton-security-processor)**|Yes|Yes|Yes|Yes|Yes|
+|**[Microsoft Vulnerable Driver Blocklist](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules)**|Yes|Yes|Yes|Yes|Yes|
+|**Opportunistic Wireless Encryption (OWE)**|Yes|Yes|Yes|Yes|Yes|
+|**[Personal data encryption (PDE)](/windows/security/information-protection/personal-data-encryption/overview-pde)**|❌|Yes|Yes|Yes|Yes|
+|**Privacy Resource Usage**|Yes|Yes|Yes|Yes|Yes|
+|**Privacy Transparency and Controls**|Yes|Yes|Yes|Yes|Yes|
+|**[Remote wipe](/windows/client-management/mdm/remotewipe-csp)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secure Boot and Trusted Boot](/windows/security/trusted-boot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core configuration lock](/windows/client-management/config-lock)**|Yes|Yes|Yes|Yes|Yes|
+|**[Secured-core PC](/windows-hardware/design/device-experiences/oem-highly-secure-11)**|Yes|Yes|Yes|Yes|Yes|
+|**[Security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines)**|Yes|Yes|Yes|Yes|Yes|
+|**[Server Message Block (SMB) file service](/windows-server/storage/file-server/file-server-smb-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Server Message Block Direct (SMB Direct)](/windows-server/storage/file-server/smb-direct)**|Yes|Yes|Yes|Yes|Yes|
+|**[Smart App Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Smart Cards for Windows Service](/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service)**|Yes|Yes|Yes|Yes|Yes|
+|**[Tamper protection settings for MDE](/microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection)**|Yes|Yes|Yes|Yes|Yes|
+|**[Transport layer security (TLS)](/windows-server/security/tls/tls-ssl-schannel-ssp-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Trusted Platform Module (TPM) 2.0](/windows/security/information-protection/tpm/trusted-platform-module-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Universal Print](/universal-print/)**|❌|Yes|Yes|Yes|Yes|
+|**[User Account Control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtual Private Network (VPN)](/windows/security/identity-protection/vpn/vpn-guide)**|Yes|Yes|Yes|Yes|Yes|
+|**[Virtualization-based security (VBS)](/windows-hardware/design/device-experiences/oem-vbs)**|Yes|Yes|Yes|Yes|Yes|
+|**[WiFi Security](https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Autopatch](/windows/deployment/windows-autopatch/)**|❌|Yes|Yes|❌|❌|
+|**[Windows Autopilot](/windows/deployment/windows-autopilot)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows containers](/virtualization/windowscontainers/about/)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Application Control (WDAC)](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard)**|❌|Yes|Yes|Yes|Yes|
+|**[Windows Defender Remote Credential Guard](/windows/security/identity-protection/remote-credential-guard)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Defender System Guard](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Firewall](/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business](/windows/security/identity-protection/hello-for-business)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Hello for Business Enhanced Security Sign-in (ESS)](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows LAPS](/windows-server/identity/laps/laps-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows presence sensing](https://support.microsoft.com/windows/wake-your-windows-11-pc-when-you-approach-82285c93-440c-4e15-9081-c9e38c1290bb)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Sandbox](/windows/security/threat-protection/windows-sandbox/windows-sandbox-overview)**|Yes|Yes|Yes|Yes|Yes|
+|**[Windows Security policy settings and auditing](/windows/security/threat-protection/security-policy-settings/security-policy-settings)**|Yes|Yes|Yes|Yes|Yes|

includes/licensing/access-control-aclsscals.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Access Control (ACLs/SCALS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Access Control (ACLs/SCALS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/account-lockout-policy.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Account Lockout Policy:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Account Lockout Policy license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/always-on-vpn-device-tunnel.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Always On VPN (device tunnel):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Always On VPN (device tunnel) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/assigned-access-kiosk-mode.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Assigned Access (kiosk mode):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Assigned Access (kiosk mode) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/attack-surface-reduction-asr.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Attack surface reduction (ASR):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Attack surface reduction (ASR) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/azure-ad-join-active-directory-domain-join-and-hybrid-azure-ad-join-with-single-sign-on-sso.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Azure AD join, Active Directory domain join, and Hybrid Azure AD join with single sign-on (SSO) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/bitlocker-enablement.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support BitLocker enablement:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+BitLocker enablement license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/bitlocker-management.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support BitLocker management:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+BitLocker management license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/bluetooth-pairing-and-connection-protection.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Bluetooth pairing and connection protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Bluetooth pairing and connection protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/common-criteria-certifications.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Common Criteria certifications:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Common Criteria certifications license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/controlled-folder-access.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Controlled folder access:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Controlled folder access license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/device-health-attestation-service.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Device health attestation service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Device health attestation service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/direct-access.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Direct Access:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Direct Access license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/email-encryption-smime.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Email Encryption (S/MIME):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Email Encryption (S/MIME) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/encrypted-hard-drive.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Encrypted hard drive:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Encrypted hard drive license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/enhanced-phishing-protection-with-smartscreen.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Enhanced phishing protection with SmartScreen:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Enhanced phishing protection with SmartScreen license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/exploit-protection.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Exploit protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Exploit protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/fast-identity-online-fido2-security-key.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Fast Identity Online (FIDO2) security key:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Fast Identity Online (FIDO2) security key license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/federal-information-processing-standard-fips-140-validation.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Federal Information Processing Standard (FIPS) 140 validation:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Federal Information Processing Standard (FIPS) 140 validation license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/federated-sign-in.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Federated sign-in:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|No|Yes|Yes|
+
+Federated sign-in license entitlements are granted by the following licenses:
+
+|Windows Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|No|No|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/hardware-enforced-stack-protection.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Hardware-enforced stack protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Hardware-enforced stack protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/hypervisor-protected-code-integrity-hvci.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Hypervisor-protected Code Integrity (HVCI):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Hypervisor-protected Code Integrity (HVCI) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/kernel-direct-memory-access-dma-protection.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Kernel Direct Memory Access (DMA) protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Kernel Direct Memory Access (DMA) protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/local-security-authority-lsa-protection.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Local Security Authority (LSA) Protection:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Local Security Authority (LSA) Protection license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Manage by Mobile Device Management (MDM) and group policy:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Manage by Mobile Device Management (MDM) and group policy license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/measured-boot.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Measured boot:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Measured boot license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-defender-antivirus.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Antivirus:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender Antivirus license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) configure via MDM:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) configure via MDM license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-defender-application-guard-mdag-for-edge-enterprise-mode-and-enterprise-management.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) for Edge enterprise mode and enterprise management license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-defender-application-guard-mdag-for-edge-standalone-mode.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Edge standalone mode:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender Application Guard (MDAG) for Edge standalone mode license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-defender-application-guard-mdag-for-microsoft-office.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) for Microsoft Office:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) for Microsoft Office license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|No|No|No|No|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-defender-application-guard-mdag-public-apis.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender Application Guard (MDAG) public APIs:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Microsoft Defender Application Guard (MDAG) public APIs license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-defender-for-endpoint.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender for Endpoint:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender for Endpoint license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|No|Yes|No|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-defender-smartscreen.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Defender SmartScreen:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Defender SmartScreen license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-pluton-security-processor.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Pluton security processor:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Pluton security processor license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/microsoft-vulnerable-driver-blocklist.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Microsoft Vulnerable Driver Blocklist:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Microsoft Vulnerable Driver Blocklist license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/opportunistic-wireless-encryption-owe.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Opportunistic Wireless Encryption (OWE):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Opportunistic Wireless Encryption (OWE) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/personal-data-encryption-pde.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Personal data encryption (PDE):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Personal data encryption (PDE) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/privacy-resource-usage.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Privacy Resource Usage:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Privacy Resource Usage license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/privacy-transparency-and-controls.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Privacy Transparency and Controls:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Privacy Transparency and Controls license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/remote-wipe.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Remote wipe:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Remote wipe license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/secure-boot-and-trusted-boot.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Secure Boot and Trusted Boot:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Secure Boot and Trusted Boot license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/secured-core-configuration-lock.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Secured-core configuration lock:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Secured-core configuration lock license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/secured-core-pc.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Secured-core PC:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Secured-core PC license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/security-baselines.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Security baselines:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Security baselines license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/server-message-block-direct-smb-direct.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Server Message Block Direct (SMB Direct):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Server Message Block Direct (SMB Direct) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/server-message-block-smb-file-service.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Server Message Block (SMB) file service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Server Message Block (SMB) file service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/smart-app-control.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Smart App Control:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Smart App Control license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/smart-cards-for-windows-service.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Smart Cards for Windows Service:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Smart Cards for Windows Service license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/tamper-protection-settings-for-mde.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Tamper protection settings for MDE:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Tamper protection settings for MDE license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/transport-layer-security-tls.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Transport layer security (TLS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Transport layer security (TLS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/trusted-platform-module-tpm-20.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Trusted Platform Module (TPM) 2.0:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Trusted Platform Module (TPM) 2.0 license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/universal-print.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Universal Print:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Universal Print license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/user-account-control-uac.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support User Account Control (UAC):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+User Account Control (UAC) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/virtual-private-network-vpn.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Virtual Private Network (VPN):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Virtual Private Network (VPN) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/virtualization-based-security-vbs.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Virtualization-based security (VBS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Virtualization-based security (VBS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/wifi-security.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support WiFi Security:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+WiFi Security license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-autopatch.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Autopatch:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Windows Autopatch license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|No|No|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-autopilot.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Autopilot:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Autopilot license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-containers.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows containers:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows containers license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-defender-application-control-wdac.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender Application Control (WDAC):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender Application Control (WDAC) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-defender-credential-guard.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender Credential Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|No|Yes|No|Yes|
+
+Windows Defender Credential Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|No|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-defender-remote-credential-guard.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender Remote Credential Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender Remote Credential Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-defender-system-guard.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Defender System Guard:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Defender System Guard license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-firewall.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Firewall:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Firewall license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-hello-for-business-enhanced-security-sign-in-ess.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Hello for Business Enhanced Security Sign-in (ESS):
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Hello for Business Enhanced Security Sign-in (ESS) license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-hello-for-business.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Hello for Business:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Hello for Business license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-laps.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows LAPS:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows LAPS license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-presence-sensing.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows presence sensing:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows presence sensing license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-sandbox.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Sandbox:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Sandbox license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

includes/licensing/windows-security-policy-settings-and-auditing.md

@@ -0,0 +1,22 @@
+---
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 05/04/2023
+ms.topic: include
+---
+
+## Windows edition and licensing requirements
+
+The following table lists the Windows editions that support Windows Security policy settings and auditing:
+
+|Windows Pro|Windows Enterprise|Windows Pro Education/SE|Windows Education|
+|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|
+
+Windows Security policy settings and auditing license entitlements are granted by the following licenses:
+
+|Windows Pro/Pro Education/SE|Windows Enterprise E3|Windows Enterprise E5|Windows Education A3|Windows Education A5|
+|:---:|:---:|:---:|:---:|:---:|
+|Yes|Yes|Yes|Yes|Yes|
+
+For more information about Windows licensing, see [Windows licensing overview](/windows/whats-new/windows-licensing).

windows/client-management/config-lock.md

@@ -26,11 +26,9 @@ To summarize, config lock:
 
 ## Configuration Flow
 
-After a secured-core PC reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
+After a [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure) reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
 
-## System Requirements
-
-Config lock will be available for all Windows Professional and Enterprise Editions running on [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).
+[!INCLUDE [secured-core-configuration-lock](../../includes/licensing/secured-core-configuration-lock.md)]
 
 ## Enabling config lock using Microsoft Intune
 

windows/client-management/mdm-overview.md

@@ -56,6 +56,8 @@ For more information about the MDM policies defined in the MDM security baseline
 
 For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
 
+[!INCLUDE [manage-by-mobile-device-management-mdm-and-group-policy](../../includes/licensing/manage-by-mobile-device-management-mdm-and-group-policy.md)]
+
 ## Frequently Asked Questions
 
 ### Can there be more than one MDM server to enroll and manage devices in Windows?

windows/client-management/mdm/remotewipe-csp.md

@@ -19,6 +19,8 @@ ms.topic: reference
 <!-- RemoteWipe-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The RemoteWipe configuration service provider can be used by mobile operators DM server or enterprise management server to remotely reset a device. The RemoteWipe configuration service provider can make the data stored in memory and hard disks difficult to recover if the device is remotely reset after being lost or stolen. Enterprise IT Professionals can update these settings by using the Exchange Server.
+
+[!INCLUDE [remote-wipe](../../../includes/licensing/remote-wipe.md)]
 <!-- RemoteWipe-Editable-End -->
 
 <!-- RemoteWipe-Tree-Begin -->

windows/client-management/mdm/vpnv2-csp.md

@@ -2763,6 +2763,8 @@ Required for native profiles. Type of tunneling protocol used.
 
 <!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Using NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.
 <!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-Editable-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-NativeProtocolType-DFProperties-Begin -->
@@ -2892,6 +2894,8 @@ List of inbox VPN protocols in priority order.
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Up to 4 VPN protocols are supported. A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-DFProperties-Begin -->
@@ -2930,6 +2934,8 @@ List of inbox VPN protocols in priority order.
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Editable-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-DFProperties-Begin -->
@@ -2969,6 +2975,8 @@ Inbox VPN protocols type.
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Editable-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-DFProperties-Begin -->
@@ -3019,6 +3027,7 @@ Default 168, max 500000.
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+RetryTimeInHours specifies the length of time Windows tries to use the last succesful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-DFProperties-Begin -->
@@ -6988,6 +6997,8 @@ Required for native profiles. Type of tunneling protocol used.
 
 <!-- User-{ProfileName}-NativeProfile-NativeProtocolType-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Using NativeProtocolType requires additional configuration of the NativeProfile/ProtocolList parameter.
 <!-- User-{ProfileName}-NativeProfile-NativeProtocolType-Editable-End -->
 
 <!-- User-{ProfileName}-NativeProfile-NativeProtocolType-DFProperties-Begin -->
@@ -7117,6 +7128,8 @@ List of inbox VPN protocols in priority order.
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> Up to 4 VPN protocols are supported. A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-Editable-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-DFProperties-Begin -->
@@ -7155,6 +7168,8 @@ List of inbox VPN protocols in priority order.
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Editable-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-DFProperties-Begin -->
@@ -7194,6 +7209,8 @@ Inbox VPN protocols type.
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+> [!NOTE]
+> A separate entry is needed for every VPN protocol. For a sample format, see [Examples](#examples).
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-Editable-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-NativeProtocolList-{NativeProtocolRowId}-Type-DFProperties-Begin -->
@@ -7244,6 +7261,7 @@ Default 168, max 500000.
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+RetryTimeInHours specifies the length of time Windows tries to use the last succesful protocol when making a new connection. Setting this value to 0 disables remembering the last successful protocol.
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-Editable-End -->
 
 <!-- User-{ProfileName}-NativeProfile-ProtocolList-RetryTimeInHours-DFProperties-Begin -->
@@ -8994,7 +9012,16 @@ Profile example
   <ProfileName>VPN_Demo</ProfileName>
   <NativeProfile>
     <Servers>VPNServer.contoso.com</Servers>
-    <NativeProtocolType>Automatic</NativeProtocolType>
+    <NativeProtocolType>ProtocolList</NativeProtocolType>
+      <ProtocolList>
+        <NativeProtocol>
+          <Type>Ikev2</Type>
+        </NativeProtocol>
+        <NativeProtocol>
+          <Type>Sstp</Type>
+        </NativeProtocol>
+        <RetryTimeinHours>168</RetryTimeinHours>
+      </ProtocolList>
     <Authentication>
       <UserMethod>Eap</UserMethod>
       <Eap>

windows/client-management/mdm/windowsdefenderapplicationguard-csp.md

@@ -19,6 +19,8 @@ ms.topic: reference
 <!-- WindowsDefenderApplicationGuard-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The WindowsDefenderApplicationGuard configuration service provider (CSP) is used by the enterprise to configure the settings in Microsoft Defender Application Guard. This CSP was added in Windows 10, version 1709.
+
+[!INCLUDE [microsoft-defender-application-guard-mdag-configure-via-mdm](../../../includes/licensing/microsoft-defender-application-guard-mdag-configure-via-mdm.md)]
 <!-- WindowsDefenderApplicationGuard-Editable-End -->
 
 <!-- WindowsDefenderApplicationGuard-Tree-Begin -->

windows/configuration/kiosk-methods.md

@@ -71,6 +71,8 @@ There are several kiosk configuration methods that you can choose from, dependin
 >[!IMPORTANT]
 >Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
 
+[!INCLUDE [assigned-access-kiosk-mode](../../includes/licensing/assigned-access-kiosk-mode.md)]
+
 ## Methods for a single-app kiosk running a UWP app
 
 You can use this method | For this edition | For this kiosk account type 

windows/deployment/do/delivery-optimization-workflow.md

@@ -39,4 +39,4 @@ This workflow allows Delivery Optimization to securely and efficiently deliver r
 | cp\*.prod.do.dsp.mp.microsoft.com <br> | 443 | Content Policy | Provides content specific policies and as content metadata URLs. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentId**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **countryCode**: The country the client is connected from <br> **altCatalogID**: If ContentID isn't available, use the download URL instead <br> **eID**: Client grouping ID <br> **CacheHost**: Cache host ID |
 | disc\*.prod.do.dsp.mp.microsoft.com | 443 | Discovery | Directs clients to a particular instance of the peer matching service (Array), ensuing that clients are collocated by factors, such as content, groupID and external IP. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentID**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **partitionID**: Client partitioning hint <br> **altCatalogID**: If ContentID isn't available, use the download URL instead <br> **eID**: Client grouping ID |
 | array\*.prod.do.dsp.mp.microsoft.com | 443 | Arrays | Provides the client with list of peers that have the same content and belong to the same peer group. | **Profile**: The device type (for example, PC or Xbox) <br> **ContentID**: The content identifier <br> **doClientVersion**: The version of the DoSvc client <br> **altCatalogID**: If ContentID isn't available, use the download URL instead <br> **PeerID**:  Identity of the device running DO client <br> **ReportedIp**: The internal / private IP Address <br> **IsBackground**: Is the download interactive or background <br> **Uploaded**: Total bytes uploaded to peers <br> **Downloaded**: Total bytes downloaded from peers <br> **DownloadedCdn**: Total bytes downloaded from CDN <br> **Left**: Bytes left to download <br> **Peers Wanted**: Total number of peers wanted <br> **Group ID**: Group the device belongs to (set via DownloadMode 2 + Group ID GP / MDM policies) <br> **Scope**: The Download mode <br> **UploadedBPS**: The upload speed in bytes per second <br> **DownloadBPS**: The download speed in Bytes per second <br> **eID**: Client grouping ID |
-| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com | 80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. |  
+| dl.delivery.mp.microsoft.com <br> emdl.ws.microsoft.com <br> download.windowsupdate.com | 80 | Delivery Optimization metadata file hosting | CDN hostnames for Delivery Optimization content metadata files | Metadata download can come from different hostnames, but it's required for peer to peer. |  

windows/deployment/do/waas-delivery-optimization-faq.yml

@@ -81,6 +81,7 @@ sections:
           Delivery Optimization metadata:
           
           - `http://emdl.ws.microsoft.com`
+          - `http://download.windowsupdate.com`
           - `http://*.dl.delivery.mp.microsoft.com`
 
           Windows Update and Microsoft Store backend services and Windows Update and Microsoft Store payloads

windows/deployment/update/wufb-compliancedeadlines.md

@@ -8,13 +8,13 @@ ms.author: mstewart
 manager: aaroncz
 ms.topic: article
 ms.technology: itpro-updates
-ms.date: 12/31/2017
+ms.date: 05/12/2023
 ---
 # Enforcing compliance deadlines for updates
 
 **Applies to**
 
-- Windows 10
+- Windows 10
 - Windows 11
 
 Deploying feature or quality updates for many organizations is only part of the equation for managing their device ecosystem. The ability to enforce update compliance is the next important part. Windows Update for Business provides controls to manage deadlines for when devices should migrate to newer versions.
@@ -43,3 +43,6 @@ When **Specify deadlines for automatic updates and restarts** is set (Windows 10
 For feature updates, the deadline and grace period start their countdown from the time of a pending restart after the installation is complete. As soon as installation is complete and the device reaches pending restart, the device will try to update outside of active hours. Once the *effective deadline* is reached, the device will try to restart during active hours. (The effective deadline is whichever is the later of the restart pending date plus the specified deadline or the restart pending date plus the grace period.) 
 
 For quality updates, the deadline countdown starts from the time the update is *offered* (not downloaded or installed). The grace period countdown starts from the time of the pending restart. The device will try to download and install the update at a time based on your other download and installation policies (the default is to automatically download and install in in the background). When the pending restart time is reached, the device will notify the user and try to update outside of active hours. Once the effective deadline is reached, the device will try to restart during active hours.
+
+> [!NOTE]
+> When **Specify deadlines for automatic updates and restarts** is used, download, installation, and reboot settings stemming from the [Configure Automatic Updates](waas-restart.md#schedule-update-installation) are ignored.

windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md

@@ -1,7 +1,7 @@
 ---
 title: Maintain the Windows Autopatch environment
 description: This article details how to maintain the Windows Autopatch environment
-ms.date: 07/11/2022
+ms.date: 05/15/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: how-to
@@ -9,7 +9,10 @@ ms.localizationpriority: medium
 author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby
-ms.reviewer: hathind
+ms.reviewer: smithcharles
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # Maintain the Windows Autopatch environment
@@ -26,18 +29,20 @@ After you've completed enrollment in Windows Autopatch, some management settings
 
 | Setting | Description |
 | ----- | ----- |
-| Deployment rings for Windows 10 or later | For any deployment rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Azure AD group from each policy. For more information, see [Create and assign deployment rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).<p>Windows Autopatch will also have created some update ring policies. all of which The policies will have "**Modern Workplace**" in the name. For example:</p><ul><li>Modern Workplace Update Policy [Broad]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Fast]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [First]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Test]-[Windows Autopatch]</li></ul><p>When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Azure AD group from the policies that Windows Autopatch created.</p><p>**To resolve the Not ready result:**</p><p>After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p><p>**To resolve the Advisory result:**</p><ol><li>Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.</li> <li>If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).</li></ol><p>For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p> |
+| Deployment rings for Windows 10 or later | For any deployment rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Azure AD group from each policy. For more information, see [Create and assign deployment rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).<p>Windows Autopatch creates some update ring policies. These policies have "**Modern Workplace**" in the name. For example:</p><ul><li>Modern Workplace Update Policy [Broad]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Fast]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [First]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Test]-[Windows Autopatch]</li></ul><p>When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Azure AD group from the policies that Windows Autopatch created.</p><p>**To resolve the Not ready result:**</p><p>After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group. For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p><p>**To resolve the Advisory result:**</p><ol><li>Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.</li> <li>If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).</li></ol><p>For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p> |
 
 ## Windows Autopatch configurations
 
 Windows Autopatch deploys, manages and maintains all configurations related to the operation of the service, as described in [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). Don't make any changes to any of the Windows Autopatch configurations.
 
-## Windows Autopatch tenant actions
+## Windows Autopatch tenant management
 
-The **Tenant management** blade can be found by navigating to Tenant administration > Windows Autopatch > **Tenant management**.
+### Windows Autopatch tenant actions
+
+The Tenant management blade presents IT admins with any actions that are required to maintain Windows Autopatch service health. The **Tenant management** blade can be found by navigating to **Tenant administration** > **Windows Autopatch** > **Tenant management**.
 
 > [!IMPORTANT]
-> Starting October 12, 2022, Windows Autopatch will manage your tenant with our [enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). If your tenant is still using the [Windows Autopatch service accounts](../overview/windows-autopatch-privacy.md#service-accounts), your Global admin must go to the Tenant management blade to approve the configuration change.
+> If you have any critical actions in your tenant, you must take action as soon as possible as the Windows Autopatch service might not be able to manage your tenant. When a critical action is active on your tenant, Windows Autopatch will consider your tenant as **[inactive](#inactive-status)**.
 
 The type of banner that appears depends on the severity of the action. Currently, only critical actions are listed.
 
@@ -45,4 +50,30 @@ The type of banner that appears depends on the severity of the action. Currently
 
 | Severity | Description |
 | ----- | ----- |
-| Critical | You must take action as soon as possible. If no action is taken, the Windows Autopatch service may be affected. |
+| Critical | You must take action as soon as possible to avoid disruption to the Windows Autopatch service.<p>If no action is taken, Windows Autopatch might not be able to manage devices in your tenant, and the Windows Autopatch service may be marked as **inactive**.</p><p>To restore service health and return to an active status, all critical pending actions must be resolved.</p> |
+
+### Critical actions
+
+| Action type | Severity | Description |
+| ----- | ----- | ----- |
+| Maintain tenant access | Critical | Required licenses have expired. The licenses include:<ul><li>Microsoft Intune</li><li>Azure Active Directory Premium</li><li>Windows 10/11 Enterprise E3 or higher</li><ul><li>For more information about specific services plans, see [Windows Autopatch Prerequisites](../prepare/windows-autopatch-prerequisites.md)</li></ul><p>To take action on missing licenses, you can visit the Microsoft 365 admin center or contact your Microsoft account manager. Until you have renewed the required licenses to run the service, Windows Autopatch marks your tenant as **inactive**. For more information, see [Microsoft 365 - What happens after my subscription expires?](/microsoft-365/commerce/subscriptions/what-if-my-subscription-expires)</p> |
+| Maintain tenant access | Critical | Address tenant access issues. Windows Autopatch currently can’t manage your tenant. Until you take action, your tenant is marked as **inactive**, and you have only limited access to the Windows Autopatch portal.<p>Reasons for tenant access issues:<ul><li>You haven't yet migrated to the new [Windows Autopatch enterprise application](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications). Windows Autopatch uses this enterprise application to run the service.</li><li>You have blocked or removed the permissions required for the Windows Autopatch enterprise application.</li></ul><p>Take action by consenting to allow Windows Autopatch to make the appropriate changes on your behalf. You must be a Global Administrator to consent to this action. Once you provide consent, Windows Autopatch remediates this critical action for you.</p><p>For more information, see [Windows Autopatch enterprise applications](../overview/windows-autopatch-privacy.md#tenant-access).</p> |
+
+### Inactive status
+
+> [!NOTE]
+> Only the Windows Autopatch sections of your tenant will be marked as **inactive**.
+
+When Windows Autopatch is **inactive**, you're alerted with banners on all Windows Autopatch blades. You only have access to the Tenant management and Support requests blades. All other blades return an error message and redirect you to Tenant management blade.  
+
+To be taken out of the **inactive** status, you must [resolve any critical actions shown in the Tenant management blade](#critical-actions).
+
+> [!NOTE]
+> Once critical actions are resolved, it can take up to two hours for Windows Autopatch to return to an **active** state.
+
+#### Impact to your tenant
+
+| Impact area | Description |
+| ----- | ----- |
+| Management | Windows Autopatch isn’t able to manage your tenant and perform non-interactive actions we use to run the service. Non-interactive actions include:<ul><li>Managing the Windows Autopatch service</li><li>Publishing the baseline configuration updates to your tenant’s devices</li><li>Maintaining overall service health</li></ul><p>For more information, see [Windows Autopatch enterprise applications](../references/windows-autopatch-changes-to-tenant.md#windows-autopatch-enterprise-applications).</p>|
+| Device updates | Changes to Windows Autopatch policies aren't pushed to your devices. The existing configurations on these devices remain unchanged, and they continue receiving updates. |

windows/deployment/windows-autopatch/whats-new/windows-autopatch-whats-new-2023.md

@@ -1,7 +1,7 @@
 ---
 title: What's new 2023
 description: This article lists the 2023 feature releases and any corresponding Message center post numbers.
-ms.date: 05/01/2023
+ms.date: 05/15/2023
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: whats-new
@@ -10,6 +10,9 @@ author: tiaraquan
 ms.author: tiaraquan
 manager: dougeby 
 ms.reviewer: hathind
+ms.collection:
+  - highpri
+  - tier1
 ---
 
 # What's new 2023
@@ -24,6 +27,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 
 | Article | Description |
 | ----- | ----- |
+| [Maintain the Windows Autopatch environment](../operate/windows-autopatch-maintain-environment.md) | Updated the following sections:<ul><li>Tenant actions</li><li>Tenant action severity types</li><li>Critical actions</li></ul><p>Added the [Inactive status](../operate/windows-autopatch-maintain-environment.md#inactive-status) section</p><ul><li>[MC536881](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul> |
 | [Device registration overview](../deploy/windows-autopatch-device-registration-overview.md) | Updated article to include Windows Autopatch groups. The Windows Autopatch groups feature is in public preview |
 | [Register your devices](../deploy/windows-autopatch-register-devices.md) | Updated article to include Windows Autopatch groups. The Windows Autopatch groups feature is in public preview |
 | [Windows Autopatch groups overview](../deploy/windows-autopatch-groups-overview.md) | New article for the Windows Autopatch groups experience. Windows Autopatch groups is in public preview |
@@ -71,7 +75,7 @@ Minor corrections such as typos, style, or formatting issues aren't listed.
 | ----- | ----- |
 | [Windows quality update communications](../operate/windows-autopatch-windows-quality-update-communications.md#standard-communications) | Added guidance on how to [opt out of receiving emails for standard communications](../operate/windows-autopatch-windows-quality-update-communications.md#opt-out-of-receiving-emails-for-standard-communications) (public preview) |
 | [Microsoft 365 Apps for enterprise](../operate/windows-autopatch-microsoft-365-apps-enterprise.md) | <ul><li>Added support for subscription versions of Microsoft Project and Visio desktop apps</li><li>Updated device eligibility criteria</li><li>Clarified update controls</li></ul> |
-| [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) | New [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) feature. This feature is in public preview<li>[MC524715](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li> |
+| [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) | New [Customize Windows Update settings](../operate/windows-autopatch-windows-update.md) feature. This feature is in public preview<ul><li>[MC524715](https://admin.microsoft.com/adminportal/home#/MessageCenter)</li></ul>|
 
 ### March service release
 

windows/security/TOC.yml

@@ -1,450 +1,28 @@
 
 - name: Windows security
   href: index.yml
-- name: Zero Trust and Windows
-  href: zero-trust-windows-device-health.md
   expanded: true
+- name: Introduction
+  items:
+  - name: Windows security overview
+    href: introduction/index.md
+  - name: Zero Trust and Windows
+    href: zero-trust-windows-device-health.md
+  - name: Security features and edition requirements
+    href: introduction/security-features-edition-requirements.md
+  - name: Security features and licensing requirements
+    href: introduction/security-features-licensing-requirements.md
 - name: Hardware security
-  items:
-    - name: Overview
-      href: hardware.md
-    - name: Microsoft Pluton security processor
-      items:
-        - name: Microsoft Pluton overview
-          href: information-protection/pluton/microsoft-pluton-security-processor.md
-        - name: Microsoft Pluton as TPM
-          href: information-protection/pluton/pluton-as-tpm.md
-    - name: Trusted Platform Module
-      href: information-protection/tpm/trusted-platform-module-top-node.md
-      items:
-        - name: Trusted Platform Module overview
-          href: information-protection/tpm/trusted-platform-module-overview.md
-        - name: TPM fundamentals
-          href: information-protection/tpm/tpm-fundamentals.md
-        - name: How Windows uses the TPM
-          href: information-protection/tpm/how-windows-uses-the-tpm.md
-        - name: Manage TPM commands
-          href: information-protection/tpm/manage-tpm-commands.md
-        - name: Manager TPM Lockout
-          href: information-protection/tpm/manage-tpm-lockout.md
-        - name: Change the TPM password
-          href: information-protection/tpm/change-the-tpm-owner-password.md
-        - name: TPM Group Policy settings
-          href: information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
-        - name: Back up the TPM recovery information to AD DS
-          href: information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
-        - name: View status, clear, or troubleshoot the TPM
-          href: information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
-        - name: Understanding PCR banks on TPM 2.0 devices
-          href: information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
-        - name: TPM recommendations
-          href: information-protection/tpm/tpm-recommendations.md
-
-    - name: Hardware-based root of trust
-      href: threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
-    - name: System Guard Secure Launch and SMM protection
-      href: threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md
-    - name: Enable virtualization-based protection of code integrity
-      href: threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
-    - name: Kernel DMA Protection
-      href: information-protection/kernel-dma-protection-for-thunderbolt.md
-    - name: Windows secured-core devices
-      href: /windows-hardware/design/device-experiences/oem-highly-secure
+  href: hardware-security/toc.yml
 - name: Operating system security
-  items:
-    - name: Overview
-      href: operating-system.md
-    - name: System security
-      items:
-      - name: Secure the Windows boot process
-        href: information-protection/secure-the-windows-10-boot-process.md
-      - name: Trusted Boot
-        href: trusted-boot.md
-      - name: Cryptography and certificate management
-        href: cryptography-certificate-mgmt.md
-      - name: The Windows Security app
-        href: threat-protection/windows-defender-security-center/windows-defender-security-center.md
-        items:
-        - name: Virus & threat protection
-          href: threat-protection\windows-defender-security-center\wdsc-virus-threat-protection.md
-        - name: Account protection
-          href: threat-protection\windows-defender-security-center\wdsc-account-protection.md
-        - name: Firewall & network protection
-          href: threat-protection\windows-defender-security-center\wdsc-firewall-network-protection.md
-        - name: App & browser control
-          href: threat-protection\windows-defender-security-center\wdsc-app-browser-control.md
-        - name: Device security
-          href: threat-protection\windows-defender-security-center\wdsc-device-security.md
-        - name: Device performance & health
-          href: threat-protection\windows-defender-security-center\wdsc-device-performance-health.md
-        - name: Family options
-          href: threat-protection\windows-defender-security-center\wdsc-family-options.md
-      - name: Security policy settings
-        href: threat-protection/security-policy-settings/security-policy-settings.md
-      - name: Security auditing
-        href: threat-protection/auditing/security-auditing-overview.md
-    - name: Encryption and data protection
-      href: encryption-data-protection.md
-      items:
-      - name: Encrypted Hard Drive
-        href: information-protection/encrypted-hard-drive.md
-      - name: BitLocker
-        href: information-protection/bitlocker/bitlocker-overview.md
-        items:
-        - name: Overview of BitLocker Device Encryption in Windows
-          href: information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
-        - name: BitLocker frequently asked questions (FAQ)
-          href: information-protection/bitlocker/bitlocker-frequently-asked-questions.yml
-          items:
-            - name: Overview and requirements
-              href: information-protection/bitlocker/bitlocker-overview-and-requirements-faq.yml
-            - name: Upgrading
-              href: information-protection/bitlocker/bitlocker-upgrading-faq.yml
-            - name: Deployment and administration
-              href: information-protection/bitlocker/bitlocker-deployment-and-administration-faq.yml
-            - name: Key management
-              href: information-protection/bitlocker/bitlocker-key-management-faq.yml
-            - name: BitLocker To Go
-              href: information-protection/bitlocker/bitlocker-to-go-faq.yml
-            - name: Active Directory Domain Services
-              href: information-protection/bitlocker/bitlocker-and-adds-faq.yml
-            - name: Security
-              href: information-protection/bitlocker/bitlocker-security-faq.yml
-            - name: BitLocker Network Unlock
-              href: information-protection/bitlocker/bitlocker-network-unlock-faq.yml
-            - name: General
-              href: information-protection/bitlocker/bitlocker-using-with-other-programs-faq.yml
-        - name: "Prepare your organization for BitLocker: Planning and policies"
-          href: information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
-        - name: BitLocker deployment comparison
-          href: information-protection/bitlocker/bitlocker-deployment-comparison.md
-        - name: BitLocker basic deployment
-          href: information-protection/bitlocker/bitlocker-basic-deployment.md
-        - name: Deploy BitLocker on Windows Server 2012 and later
-          href: information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
-        - name: BitLocker management for enterprises
-          href: information-protection/bitlocker/bitlocker-management-for-enterprises.md
-        - name: Enable Network Unlock with BitLocker
-          href: information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
-        - name: Use BitLocker Drive Encryption Tools to manage BitLocker
-          href: information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
-        - name: Use BitLocker Recovery Password Viewer
-          href: information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
-        - name: BitLocker Group Policy settings
-          href: information-protection/bitlocker/bitlocker-group-policy-settings.md
-        - name: BCD settings and BitLocker
-          href: information-protection/bitlocker/bcd-settings-and-bitlocker.md
-        - name: BitLocker Recovery Guide
-          href: information-protection/bitlocker/bitlocker-recovery-guide-plan.md
-        - name: BitLocker Countermeasures
-          href: information-protection/bitlocker/bitlocker-countermeasures.md
-        - name: Protecting cluster shared volumes and storage area networks with BitLocker
-          href: information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
-        - name: Troubleshoot BitLocker
-          items:
-            - name: Troubleshoot BitLocker
-              href: /troubleshoot/windows-client/windows-security/bitlocker-issues-troubleshooting
-            - name: "BitLocker cannot encrypt a drive: known issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-issues
-            - name: "Enforcing BitLocker policies by using Intune: known issues"
-              href: /troubleshoot/windows-client/windows-security/enforcing-bitlocker-policies-by-using-intune-known-issues
-            - name: "BitLocker Network Unlock: known issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-network-unlock-known-issues
-            - name: "BitLocker recovery: known issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-recovery-known-issues
-            - name: "BitLocker configuration: known issues"
-              href: /troubleshoot/windows-client/windows-security/bitlocker-configuration-known-issues
-            - name: Troubleshoot BitLocker and TPM issues
-              items:
-                - name: "BitLocker cannot encrypt a drive: known TPM issues"
-                  href: /troubleshoot/windows-client/windows-security/bitlocker-cannot-encrypt-a-drive-known-tpm-issues
-                - name: "BitLocker and TPM: other known issues"
-                  href: /troubleshoot/windows-client/windows-security/bitlocker-and-tpm-other-known-issues
-                - name: Decode Measured Boot logs to track PCR changes
-                  href: /troubleshoot/windows-client/windows-security/decode-measured-boot-logs-to-track-pcr-changes
-    - name: Personal Data Encryption (PDE)
-      items:
-      - name: Personal Data Encryption (PDE) overview
-        href: information-protection/personal-data-encryption/overview-pde.md
-      - name: Personal Data Encryption (PDE) frequently asked questions (FAQ)
-        href: information-protection/personal-data-encryption/faq-pde.yml
-      - name: Configure Personal Data Encryption (PDE) in Intune
-        items:
-        - name: Configure Personal Data Encryption (PDE) in Intune
-          href: information-protection/personal-data-encryption/configure-pde-in-intune.md
-        - name: Enable Personal Data Encryption (PDE)
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-enable-pde.md
-        - name: Disable Winlogon automatic restart sign-on (ARSO) for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-arso.md
-        - name: Disable kernel-mode crash dumps and live dumps for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-memory-dumps.md
-        - name: Disable Windows Error Reporting (WER)/user-mode crash dumps for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-wer.md
-        - name: Disable hibernation for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-hibernation.md
-        - name: Disable allowing users to select when a password is required when resuming from connected standby for PDE
-          href: information-protection/personal-data-encryption/pde-in-intune/intune-disable-password-connected-standby.md
-    - name: Configure S/MIME for Windows
-      href: identity-protection/configure-s-mime.md
-    - name: Network security
-      items:
-      - name: VPN technical guide
-        href: identity-protection/vpn/vpn-guide.md
-        items:
-        - name: VPN connection types
-          href: identity-protection/vpn/vpn-connection-type.md
-        - name: VPN routing decisions
-          href: identity-protection/vpn/vpn-routing.md
-        - name: VPN authentication options
-          href: identity-protection/vpn/vpn-authentication.md
-        - name: VPN and conditional access
-          href: identity-protection/vpn/vpn-conditional-access.md
-        - name: VPN name resolution
-          href: identity-protection/vpn/vpn-name-resolution.md
-        - name: VPN auto-triggered profile options
-          href: identity-protection/vpn/vpn-auto-trigger-profile.md
-        - name: VPN security features
-          href: identity-protection/vpn/vpn-security-features.md
-        - name: VPN profile options
-          href: identity-protection/vpn/vpn-profile-options.md
-        - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
-          href: identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
-        - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
-          href: identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
-        - name: Optimizing Office 365 traffic with the Windows VPN client
-          href: identity-protection/vpn/vpn-office-365-optimization.md
-      - name: Windows Defender Firewall
-        href: threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-    - name: Windows security baselines
-      href: threat-protection/windows-security-configuration-framework/windows-security-baselines.md
-      items:
-      - name: Security Compliance Toolkit
-        href: threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
-      - name: Get support
-        href: threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
-      - name: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
-        href: threat-protection/mbsa-removal-and-guidance.md
-    - name: Virus & threat protection
-      items:
-      - name: Overview
-        href: threat-protection/index.md
-      - name: Microsoft Defender Antivirus
-        href: /microsoft-365/security/defender-endpoint/microsoft-defender-antivirus-windows
-      - name: Attack surface reduction rules
-        href: /microsoft-365/security/defender-endpoint/attack-surface-reduction
-      - name: Tamper protection
-        href: /microsoft-365/security/defender-endpoint/prevent-changes-to-security-settings-with-tamper-protection
-      - name: Network protection
-        href: /microsoft-365/security/defender-endpoint/network-protection
-      - name: Controlled folder access
-        href: /microsoft-365/security/defender-endpoint/controlled-folders
-      - name: Exploit protection
-        href: /microsoft-365/security/defender-endpoint/exploit-protection
-      - name: Microsoft Defender for Endpoint
-        href: /microsoft-365/security/defender-endpoint
-    - name: More Windows security
-      items:
-      - name: Override Process Mitigation Options to help enforce app-related security policies
-        href: threat-protection/override-mitigation-options-for-app-related-security-policies.md
-      - name: Use Windows Event Forwarding to help with intrusion detection
-        href: threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
-      - name: Block untrusted fonts in an enterprise
-        href: threat-protection/block-untrusted-fonts-in-enterprise.md
-      - name: Windows Information Protection (WIP)
-        href: information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
-        items:
-          - name: Create a WIP policy using Microsoft Intune
-            href: information-protection/windows-information-protection/overview-create-wip-policy.md
-            items:
-            - name: Create a WIP policy in Microsoft Intune
-              href: information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
-              items:
-                - name: Deploy your WIP policy in Microsoft Intune
-                  href: information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
-                - name: Associate and deploy a VPN policy for WIP in Microsoft Intune
-                  href: information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
-            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-            - name: Determine the enterprise context of an app running in WIP
-              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-          - name: Create a WIP policy using Microsoft Configuration Manager
-            href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
-            items:
-            - name: Create and deploy a WIP policy in Configuration Manager
-              href: information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
-            - name: Create and verify an EFS Data Recovery Agent (DRA) certificate
-              href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
-            - name: Determine the enterprise context of an app running in WIP
-              href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-          - name: Mandatory tasks and settings required to turn on WIP
-            href: information-protection/windows-information-protection/mandatory-settings-for-wip.md
-          - name: Testing scenarios for WIP
-            href: information-protection/windows-information-protection/testing-scenarios-for-wip.md
-          - name: Limitations while using WIP
-            href: information-protection/windows-information-protection/limitations-with-wip.md
-          - name: How to collect WIP audit event logs
-            href: information-protection/windows-information-protection/collect-wip-audit-event-logs.md
-          - name: General guidance and best practices for WIP
-            href: information-protection/windows-information-protection/guidance-and-best-practices-wip.md
-            items:
-            - name: Enlightened apps for use with WIP
-              href: information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
-            - name: Unenlightened and enlightened app behavior while using WIP
-              href: information-protection/windows-information-protection/app-behavior-with-wip.md
-            - name: Recommended Enterprise Cloud Resources and Neutral Resources network settings with WIP
-              href: information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
-            - name: Using Outlook Web Access with WIP
-              href: information-protection/windows-information-protection/using-owa-with-wip.md
-          - name: Fine-tune WIP Learning
-            href: information-protection/windows-information-protection/wip-learning.md
-          - name: Disable WIP
-            href: information-protection/windows-information-protection/how-to-disable-wip.md
+  href: operating-system-security/toc.yml
 - name: Application security
-  items:
-    - name: Overview
-      href: apps.md
-    - name: Windows Defender Application Control and virtualization-based protection of code integrity
-      href: threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
-    - name: Windows Defender Application Control
-      href: threat-protection\windows-defender-application-control\windows-defender-application-control.md
-    - name: Microsoft Defender Application Guard
-      href: threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
-    - name: Windows Sandbox
-      href: threat-protection/windows-sandbox/windows-sandbox-overview.md
-      items:
-        - name: Windows Sandbox architecture
-          href: threat-protection/windows-sandbox/windows-sandbox-architecture.md
-        - name: Windows Sandbox configuration
-          href: threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md
-    - name: Microsoft Defender SmartScreen overview
-      href: threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-overview.md
-      items:
-        - name: Enhanced Phishing Protection in Microsoft Defender SmartScreen
-          href: threat-protection\microsoft-defender-smartscreen\phishing-protection-microsoft-defender-smartscreen.md
-        - name: Microsoft Defender SmartScreen Group Policy and mobile device management (MDM) settings
-          href: threat-protection\microsoft-defender-smartscreen\microsoft-defender-smartscreen-available-settings.md
-    - name: Configure S/MIME for Windows
-      href: identity-protection\configure-s-mime.md
-    - name: Windows Credential Theft Mitigation Guide Abstract
-      href: identity-protection\windows-credential-theft-mitigation-guide-abstract.md
-- name: User security and secured identity
-  items:
-    - name: Overview
-      href: identity.md
-    - name: Windows credential theft mitigation guide
-      href: identity-protection/windows-credential-theft-mitigation-guide-abstract.md
-    - name: Passwordless
-      items:
-      - name: Windows Hello for Business ⇒
-        href: identity-protection/hello-for-business/index.yml
-      - name: FIDO 2 security keys
-        href: /azure/active-directory/authentication/howto-authentication-passwordless-security-key?context=/windows/security/context/context
-    - name: Local Administrator Password Solution (LAPS)
-      href: /windows-server/identity/laps/laps-overview?context=/windows/security/context/context
-    - name: Enterprise Certificate Pinning
-      href: identity-protection/enterprise-certificate-pinning.md
-    - name: Credential Guard
-      items:
-        - name: Protect derived domain credentials with Credential Guard
-          href: identity-protection/credential-guard/credential-guard.md
-        - name: How Credential Guard works
-          href: identity-protection/credential-guard/credential-guard-how-it-works.md
-        - name: Requirements
-          href: identity-protection/credential-guard/credential-guard-requirements.md
-        - name: Manage Credential Guard
-          href: identity-protection/credential-guard/credential-guard-manage.md
-        - name: Credential Guard protection limits
-          href: identity-protection/credential-guard/credential-guard-protection-limits.md
-        - name: Considerations when using Credential Guard
-          href: identity-protection/credential-guard/credential-guard-considerations.md
-        - name: Additional mitigations
-          href: identity-protection/credential-guard/additional-mitigations.md
-        - name: Known issues
-          href: identity-protection/credential-guard/credential-guard-known-issues.md
-    - name: Remote Credential Guard
-      href: identity-protection/remote-credential-guard.md
-    - name: Configuring LSA Protection
-      href: /windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection?toc=/windows/security/toc.json&bc=/windows/security/breadcrumb/toc.json
-    - name: Technical support policy for lost or forgotten passwords
-      href: identity-protection/password-support-policy.md
-    - name: Access Control
-      items:
-        - name: Overview
-          href: identity-protection/access-control/access-control.md
-        - name: Local Accounts
-          href: identity-protection/access-control/local-accounts.md
-    - name: User Account Control (UAC)
-      items:
-        - name: Overview
-          href: identity-protection/user-account-control/user-account-control-overview.md
-        - name: How User Account Control works
-          href: identity-protection/user-account-control/how-user-account-control-works.md
-        - name: User Account Control security policy settings
-          href: identity-protection/user-account-control/user-account-control-security-policy-settings.md
-        - name: User Account Control Group Policy and registry key settings
-          href: identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
-    - name: Smart Cards
-      href: identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
-      items:
-        - name: How Smart Card Sign-in Works in Windows
-          href: identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
-          items:
-            - name: Smart Card Architecture
-              href: identity-protection/smart-cards/smart-card-architecture.md
-            - name: Certificate Requirements and Enumeration
-              href: identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
-            - name: Smart Card and Remote Desktop Services
-              href: identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
-            - name: Smart Cards for Windows Service
-              href: identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
-            - name: Certificate Propagation Service
-              href: identity-protection/smart-cards/smart-card-certificate-propagation-service.md
-            - name: Smart Card Removal Policy Service
-              href: identity-protection/smart-cards/smart-card-removal-policy-service.md
-        - name: Smart Card Tools and Settings
-          href: identity-protection/smart-cards/smart-card-tools-and-settings.md
-          items:
-            - name: Smart Cards Debugging Information
-              href: identity-protection/smart-cards/smart-card-debugging-information.md
-            - name: Smart Card Group Policy and Registry Settings
-              href: identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
-            - name: Smart Card Events
-              href: identity-protection/smart-cards/smart-card-events.md
-        - name: Virtual smart cards
-          href: identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
-          items:
-            - name: Understand and evaluate virtual smart cards
-              href: identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
-              items:
-                - name: Get started with virtual smart cards
-                  href: identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
-                - name: Use virtual smart cards
-                  href: identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
-                - name: Deploy virtual smart cards
-                  href: identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
-                - name: Evaluate virtual smart card security
-                  href: identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
-            - name: Tpmvscmgr
-              href: identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
-- name: Cloud services
-  items:
-    - name: Overview
-      href: cloud.md
-    - name: Mobile device management
-      href: /windows/client-management/mdm/
-    - name: Windows 365 Cloud PCs
-      href: /windows-365/overview
-    - name: Azure Virtual Desktop
-      href: /azure/virtual-desktop/
+  href: application-security/toc.yml
+- name: Identity protection
+  href: identity-protection/toc.yml
+- name: Windows Privacy 🔗
+  href: /windows/privacy
 - name: Security foundations
-  items:
-    - name: Overview
-      href: security-foundations.md
-    - name: Microsoft Security Development Lifecycle
-      href: threat-protection/msft-security-dev-lifecycle.md
-    - name: FIPS 140-2 Validation
-      href: threat-protection/fips-140-validation.md
-    - name: Common Criteria Certifications
-      href: threat-protection/windows-platform-common-criteria.md
-- name: Windows Privacy
-  href: /windows/privacy/windows-10-and-privacy-compliance
+  href: security-foundations/toc.yml
+- name: Cloud security
+  href: cloud-security/toc.yml

windows/security/application-security/application-control/toc.yml

@@ -0,0 +1,17 @@
+items:
+- name: User Account Control (UAC)
+  items:
+  - name: Overview
+    href: ../../identity-protection/user-account-control/user-account-control-overview.md
+  - name: How User Account Control works
+    href: ../../identity-protection/user-account-control/how-user-account-control-works.md
+  - name: User Account Control security policy settings
+    href: ../../identity-protection/user-account-control/user-account-control-security-policy-settings.md
+  - name: User Account Control Group Policy and registry key settings
+    href: ../../identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+- name: Windows Defender Application Control and virtualization-based protection of code integrity
+  href: ../../threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control.md
+- name: Windows Defender Application Control
+  href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md
+- name: Smart App Control
+  href: ../../threat-protection/windows-defender-application-control/windows-defender-application-control.md

windows/security/application-security/application-isolation/toc.yml

@@ -0,0 +1,20 @@
+items:
+- name: Microsoft Defender Application Guard (MDAG)
+  href: ../../threat-protection\microsoft-defender-application-guard\md-app-guard-overview.md
+- name: MDAG for Edge standalone mode
+  href: ../../threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+- name: MDAG for Edge enterprise mode and enterprise management 🔗
+  href: /deployedge/microsoft-edge-security-windows-defender-application-guard
+- name: MDAG for Microsoft Office
+  href: https://support.microsoft.com/office/application-guard-for-office-9e0fb9c2-ffad-43bf-8ba3-78f785fdba46
+- name: MDAG configure via MDM 🔗
+  href: /windows/client-management/mdm/windowsdefenderapplicationguard-csp
+- name: Windows containers 🔗
+  href: /virtualization/windowscontainers/about
+- name: Windows Sandbox
+  href: ../../threat-protection/windows-sandbox/windows-sandbox-overview.md
+  items:
+  - name: Windows Sandbox architecture
+    href: ../../threat-protection/windows-sandbox/windows-sandbox-architecture.md
+  - name: Windows Sandbox configuration
+    href: ../../threat-protection/windows-sandbox/windows-sandbox-configure-using-wsb-file.md

windows/security/application-security/toc.yml

@@ -0,0 +1,8 @@
+items:
+- name: Overview
+  href: ../apps.md
+- name: Application Control
+  href: application-control/toc.yml
+- name: Application Isolation
+  href: application-isolation/toc.yml
+

windows/security/cloud-security/toc.yml

@@ -0,0 +1,18 @@
+items:
+- name: Overview
+  href: ../cloud.md
+- name: Join Active Directory and Azure AD with single sign-on (SSO) 🔗
+  href: /azure/active-directory/devices/concept-azure-ad-join
+- name: Security baselines with Intune 🔗
+  href: /mem/intune/protect/security-baselines
+- name: Remote wipe (Autopilot reset) 🔗
+  href: /windows/client-management/mdm/remotewipe-csp
+- name: Mobile Device Management (MDM) 🔗
+  href: /windows/client-management/mdm/
+- name: Universal Print 🔗
+  href: /universal-print
+- name: Windows Autopatch 🔗
+  href: /windows/deployment/windows-autopatch
+- name: Windows Autopilot 🔗
+  href: /windows/deployment/windows-autopilot
+

windows/security/hardware-security/toc.yml

@@ -0,0 +1,54 @@
+items:
+  - name: Overview
+    href: ../hardware.md
+  - name: Hardware root of trust
+    items:
+      - name: Windows Defender System Guard
+        href: ../threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+      - name: Trusted Platform Module
+        href: ../information-protection/tpm/trusted-platform-module-top-node.md
+        items:
+          - name: Trusted Platform Module overview
+            href: ../information-protection/tpm/trusted-platform-module-overview.md
+          - name: TPM fundamentals
+            href: ../information-protection/tpm/tpm-fundamentals.md
+          - name: How Windows uses the TPM
+            href: ../information-protection/tpm/how-windows-uses-the-tpm.md
+          - name: Manage TPM commands
+            href: ../information-protection/tpm/manage-tpm-commands.md
+          - name: Manager TPM Lockout
+            href: ../information-protection/tpm/manage-tpm-lockout.md
+          - name: Change the TPM password
+            href: ../information-protection/tpm/change-the-tpm-owner-password.md
+          - name: TPM Group Policy settings
+            href: ../information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+          - name: Back up the TPM recovery information to AD DS
+            href: ../information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+          - name: View status, clear, or troubleshoot the TPM
+            href: ../information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+          - name: Understanding PCR banks on TPM 2.0 devices
+            href: ../information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+          - name: TPM recommendations
+            href: ../information-protection/tpm/tpm-recommendations.md
+      - name: Microsoft Pluton security processor
+        items:
+          - name: Microsoft Pluton overview
+            href: ../information-protection/pluton/microsoft-pluton-security-processor.md
+          - name: Microsoft Pluton as TPM
+            href: ../information-protection/pluton/pluton-as-tpm.md
+  - name: Silicon assisted security
+    items:
+      - name: Virtualization-based security (VBS)
+        href: /windows-hardware/design/device-experiences/oem-vbs
+      - name: Memory integrity (HVCI)
+        href: ../threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+      - name: Memory integrity and VBS enablement 🔗
+        href: /windows-hardware/design/device-experiences/oem-hvci-enablement
+      - name: Hardware-enforced stack protection
+        href: https://techcommunity.microsoft.com/t5/windows-os-platform-blog/understanding-hardware-enforced-stack-protection/ba-p/1247815
+      - name: Secured-core PC 🔗
+        href: /windows-hardware/design/device-experiences/oem-highly-secure-11
+      - name: Kernel Direct Memory Access (DMA) protection
+        href: ../information-protection/kernel-dma-protection-for-thunderbolt.md
+      - name: System Guard Secure Launch
+        href: ../threat-protection/windows-defender-system-guard/system-guard-secure-launch-and-smm-protection.md

windows/security/identity-protection/access-control/access-control.md

@@ -39,6 +39,8 @@ This content set contains:
   - [Service Accounts](/windows-server/identity/ad-ds/manage/understand-service-accounts)
   - [Active Directory Security Groups](/windows-server/identity/ad-ds/manage/understand-security-groups)
 
+[!INCLUDE [access-control-aclsscals](../../../../includes/licensing/access-control-aclsscals.md)]
+
 ## Practical applications
 
 Administrators who use the supported version of Windows can refine the application and management of access control to objects and subjects to provide the following security:

windows/security/identity-protection/configure-s-mime.md

@@ -20,6 +20,8 @@ Encrypted messages can be read only by recipients who have a certificate. If you
 
 A digitally signed message reassures the recipient that the message hasn't been tampered with and verifies the identity of the sender. Recipients can only verify the digital signature if they're using an email client that supports S/MIME.
 
+[!INCLUDE [email-encryption-smime](../../../includes/licensing/email-encryption-smime.md)]
+
 ## Prerequisites
 
 -   [S/MIME is enabled for Exchange accounts](/microsoft-365/security/office-365-security/s-mime-for-message-signing-and-encryption) (on-premises and Office 365). Users can't use S/MIME signing and encryption with a personal account such as Outlook.com.

windows/security/identity-protection/credential-guard/additional-mitigations.md

@@ -18,7 +18,6 @@ Credential theft attacks allow the attacker to steal secrets from one device and
 Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring, its TGT is used to protect the user's proof of possession which can mitigate offline dictionary attacks. Kerberos armoring also provides the additional benefit of signed KDC errors this mitigates tampering which can result in things such as downgrade attacks. 
 
 **To enable Kerberos armoring for restricting domain users to specific domain-joined devices**
-
 - Users need to be in domains that are running Windows Server 2012 R2 or higher
 - All the domain controllers in these domains must be configured to support Kerberos armoring. Set the **KDC support for claims, compound authentication, and Kerberos armoring** Group Policy setting to either **Supported** or **Always provide claims**.
 - All the devices with Windows Defender Credential Guard that the users will be restricted to must be configured to support Kerberos armoring. Enable the **Kerberos client support for claims, compound authentication and Kerberos armoring** Group Policy settings under **Computer Configuration** -> **Administrative Templates** -> **System** -> **Kerberos**.

windows/security/identity-protection/credential-guard/credential-guard-requirements.md

@@ -66,6 +66,8 @@ Applications may cause performance issues when they attempt to hook the isolated
 
 Services or protocols that rely on Kerberos, such as file shares, remote desktop, or BranchCache, continue to work and are not affected by Windows Defender Credential Guard.
 
+[!INCLUDE [windows-defender-credential-guard](../../../../includes/licensing/windows-defender-credential-guard.md)]
+
 ## Security considerations
 
 All computers that meet baseline protections for hardware, firmware, and software can use Windows Defender Credential Guard.
@@ -96,7 +98,7 @@ The following tables describe baseline protections, plus protections for improve
 |Protections for Improved Security|Description|
 |---|---|
 |Hardware: **IOMMU** (input/output memory management unit)|**Requirement**: </br> - VT-D or AMD Vi IOMMU </br> </br> **Security benefits**: </br> - An IOMMU can enhance system resiliency against memory attacks. For more information, see [Advanced Configuration and Power Interface (ACPI) description tables](/windows-hardware/drivers/bringup/acpi-system-description-tables)|
-|Firmware: **Securing Boot Configuration and Management**|**Requirements**: </br> - BIOS password or stronger authentication must be supported. </br> - In the BIOS configuration, BIOS authentication must be set. </br> - There must be support for protected BIOS option to configure list of permitted boot devices (for example, “Boot only from internal hard drive”) and boot device order, overriding BOOTORDER modification made by operating system. </br> - In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.|
+|Firmware: **Securing Boot Configuration and Management**|**Requirements**: </br> - BIOS password or stronger authentication must be supported. </br> - In the BIOS configuration, BIOS authentication must be set. </br> - There must be support for protected BIOS option to configure list of permitted boot devices (for example, "Boot only from internal hard drive") and boot device order, overriding BOOTORDER modification made by operating system. </br> - In the BIOS configuration, BIOS options related to security and boot options (list of permitted boot devices, boot order) must be secured to prevent other operating systems from starting and to prevent changes to the BIOS settings.|
 |Firmware: **Secure MOR, revision 2 implementation**|**Requirement**: </br> - Secure MOR, revision 2 implementation|
 
 ### 2016 Additional security qualifications starting with Windows 10, version 1607, and Windows Server 2016

windows/security/identity-protection/credential-guard/toc.yml

@@ -0,0 +1,17 @@
+items:
+- name: Protect derived domain credentials with Credential Guard
+  href: credential-guard.md
+- name: How Credential Guard works
+  href: credential-guard-how-it-works.md
+- name: Requirements
+  href: credential-guard-requirements.md
+- name: Manage Credential Guard
+  href: credential-guard-manage.md
+- name: Credential Guard protection limits
+  href: credential-guard-protection-limits.md
+- name: Considerations when using Credential Guard
+  href: credential-guard-considerations.md
+- name: Additional mitigations
+  href: additional-mitigations.md
+- name: Known issues
+  href: credential-guard-known-issues.md