Merge pull request #7221 from paolomatarazzo/pm-6737992-shared-pc

[Shared PC] different doc updates
2025-05-12 21:37:22 +00:00 · 2022-10-12 14:08:18 -07:00 · 2022-10-12 14:08:18 -07:00 · b6afffa176
commit b6afffa176
parent c98dca6651 b1e87a07d6
32 changed files with 461 additions and 448 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -19674,6 +19674,11 @@
       "source_path": "education/windows/change-history-edu.md",
       "redirect_url": "/education/windows",
       "redirect_document_id": false
     },
     {
       "source_path": "education/windows/set-up-school-pcs-shared-pc-mode.md",
       "redirect_url": "/windows/configuration/set-up-shared-or-guest-pc",
       "redirect_document_id": false
     }
  ]
 }
--- a/education/breadcrumb/toc.yml
+++ b/education/breadcrumb/toc.yml
@ -14,6 +14,6 @@ items:
        tocHref: /education/windows
        topicHref: /education/windows/index
      - name: Windows
-        tocHref: /windows/security/
+        tocHref: /windows/configuration/
        topicHref: /education/windows/index
--- a/education/context/context.yml
+++ b/education/context/context.yml
@ -0,0 +1,4 @@
 ### YamlMime: ContextObject
 brand: windows
 breadcrumb_path: ../breadcrumb/toc.yml
 toc_rel: ../windows/toc.yml
--- a/education/docfx.json
+++ b/education/docfx.json
@ -32,6 +32,7 @@
      "ms.technology": "windows",
      "manager": "aaroncz",
      "breadcrumb_path": "/education/breadcrumb/toc.json",
      "uhfHeaderId": "MSDocsHeader-M365-IT",
      "feedback_system": "GitHub",
      "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
      "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
--- a/education/windows/TOC.yml
+++ b/education/windows/TOC.yml
@ -24,8 +24,8 @@ items:
        href: enable-s-mode-on-surface-go-devices.md
    - name: Windows 10 editions for education customers
      href: windows-editions-for-education-customers.md
-    - name: Shared PC mode for school devices
+    - name: Considerations for shared and guest devices
-      href: set-up-school-pcs-shared-pc-mode.md
+      href: /windows/configuration/shared-devices-concepts?context=/education/context/context
    - name: Windows 10 configuration recommendations for education customers
      href: configure-windows-for-education.md
    - name: Take tests and assessments in Windows
@ -38,6 +38,8 @@ items:
      href: edu-stickers.md
    - name: Configure Take a Test in kiosk mode
      href: edu-take-a-test-kiosk-mode.md
    - name: Configure Shared PC
      href: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context
    - name: Use the Set up School PCs app
      href: use-set-up-school-pcs-app.md
    - name: Change Windows edition
@ -96,4 +98,7 @@ items:
        href: set-up-school-pcs-whats-new.md
    - name: Take a Test technical reference
      href: take-a-test-app-technical.md
    - name: Shared PC technical reference
      href: /windows/configuration/shared-pc-technical?context=/education/context/context
--- a/education/windows/images/takeatest/flow-chart.png
+++ b/education/windows/images/takeatest/flow-chart.png
--- a/education/windows/index.yml
+++ b/education/windows/index.yml
@ -85,11 +85,15 @@ landingContent:
        links:
        - text: Take tests and assessments in Windows
          url: take-tests-in-windows.md
        - text: Considerations for shared and guest devices
          url: /windows/configuration/shared-devices-concepts?context=/education/context/context
        - text: Change Windows editions
          url: change-home-to-edu.md
        - text: "Deploy Minecraft: Education Edition"
          url: get-minecraft-for-education.md
      - linkListType: how-to-guide
        links:
        - text: Configure Take a Test in kiosk mode
          url: edu-take-a-test-kiosk-mode.md
        - text: Configure Shared PC
          url: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context
        - text: "Deploy Minecraft: Education Edition"
          url: get-minecraft-for-education.md
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@ -86,13 +86,7 @@ Automated Azure AD tokens expire after 180 days. The expiration date for each to
 ## Next steps    
 Learn more about setting up devices with the Set up School PCs app.  
 * [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
 * [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
 * [Set up School PCs technical reference](set-up-school-pcs-technical.md)
 * [Set up Windows 10 devices for education](set-up-windows-10.md) 
 When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@ -20,10 +20,10 @@ appliesto:
 # What's in my provisioning package?
 The Set up School PCs app builds a specialized provisioning package with school-optimized settings.
-A key feature of the provisioning package is Shared PC mode. To view the technical framework of Shared PC mode, including the description of each setting, see the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp) article. 
+A key feature of the provisioning package is Shared PC mode. To view the technical framework of Shared PC mode, including the description of each setting, see the [Manage multi-user and guest Windows devices with Shared PC](/windows/configuration/shared-pc-technical) article.
 ## Shared PC Mode policies
-This table outlines the policies applied to devices in shared PC mode. If you [selected to optimize a device for use by a single student](set-up-school-pcs-shared-pc-mode.md#optimize-device-for-use-by-a-single-student), the table notes the differences. Specifically, you'll see differences in the following policies:
+This table outlines the policies applied to devices in shared PC mode. If you select to optimize a device for use by a single student, you'll see differences in the following policies:
 * Disk level deletion
 * Inactive threshold
 * Restrict local storage
@ -128,7 +128,6 @@ Review the table below to estimate your expected provisioning time. A package th
 ## Next steps  
 Learn more about setting up devices with the Set up School PCs app.  
 * [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
 * [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
 * [Set up School PCs technical reference](set-up-school-pcs-technical.md)
 * [Set up Windows 10 devices for education](set-up-windows-10.md) 
--- a/education/windows/set-up-school-pcs-shared-pc-mode.md
+++ b/education/windows/set-up-school-pcs-shared-pc-mode.md
@ -1,79 +0,0 @@
 ---
 title: Shared PC mode for school devices
 description: Describes how shared PC mode is set for devices set up with the Set up School PCs app.
 keywords: shared PC, school, set up school pcs
 ms.prod: windows
 ms.mktglfcycl: plan
 ms.sitesec: library
 ms.pagetype: edu
 ms.localizationpriority: medium
 ms.collection: education
 author: paolomatarazzo
 ms.author: paoloma
 ms.date: 08/10/2022
 ms.reviewer: 
 manager: aaroncz
 appliesto:
 - ✅ <b>Windows 10</b>
 ---  
 # Shared PC mode for school devices
 Shared PC mode optimizes Windows 10 for shared use scenarios, such as classrooms and school libraries.  A Windows 10 PC in shared PC mode requires minimal to zero maintenance and management. Update settings are optimized for classroom settings, so that they automatically occur outside of school hours.
 Shared PC mode can be applied on devices running:
 * Windows 10 Pro
 * Windows 10 Pro Education
 * Windows 10 Education
 * Windows 10 Enterprise  
 To learn more about how to set up a device in shared PC mode, see [Set up a shared or guest PC with Windows 10](/windows/configuration/set-up-shared-or-guest-pc).  
 ## Windows Updates
 Shared PC mode configures power and Windows Update settings so that computers update regularly. Computers that are set up through the Set up School PCs app are configured to:  
 * Wake nightly.  
 * Check for and install updates.  
 * Forcibly reboot, when necessary, to complete updates.  
 These configurations reduce the need to update and reboot computers during daytime work hours. Notifications about needed updates are also blocked from disrupting students.
 ## Default admin accounts in Azure Active Directory  
 By default, the account that joins your computer to Azure AD will be given admin permissions on the computer. Global administrators in the joined Azure AD domain will also have admin permissions when signed in to the joined computer.  
 An Azure AD Premium subscription lets you specify the accounts that get admin accounts on a computer. These accounts are configured in Intune in the Azure portal.  
 ## Account deletion policies
 This section describes the deletion behavior for the accounts configured in shared PC mode. A delete policy makes sure that outdated or stale accounts are regularly removed to make room for new accounts. 
 ### Azure AD accounts
 The default deletion policy is set to automatically cache accounts. Cached accounts are automatically deleted when disk space gets too low, or when there's an extended period of inactivity. Accounts continue to delete until the computer reclaims sufficient disk space. Deletion policies behave the same for Azure AD and Active Directory domain accounts. 
 ### Guest and Kiosk accounts
 Guest accounts and accounts created through Kiosk are deleted after they sign out of their account.
 ### Local accounts
 Local accounts that you created before enabling shared PC mode aren't deleted. Local accounts that you create through the following path, after enabling PC mode, are not deleted: **Settings** app > **Accounts** > **Other people** > **Add someone**     
 ## Create custom Windows images
 Shared PC mode is compatible with custom Windows images.  
 To create a compatible image, first create your custom Windows image with all software, updates, and drivers. Then use the System Preparation (Sysprep) tool with the `/oobe` flag to create the SharedPC-compatible version. For example, `sysrep/oobe`.
 Teachers can then run the Set up School PCs package on the computer.  
 ## Optimize device for use by a single student
 Shared PC mode is enabled by default. This mode optimizes device settings for schools where PCs are shared by students. The  Set up School PCs app also offers the option to configure settings for devices that aren't shared.
 If you select this setting, the app modifies shared PC mode so that it's appropriate for a single device. To see how the settings differ, refer to the Shared PC mode policy table in the article [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)  
 1. In the app, go to the **Create package** > **Settings** step. 
 2. Select **Optimize device for a single student, instead of a shared cart or lab**.  
 ## Next steps  
 Learn more about setting up devices with the Set up School PCs app.  
 * [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
 * [Set up School PCs technical reference](set-up-school-pcs-technical.md)
 * [What's in my provisioning package](set-up-school-pcs-provisioning-package.md)
 * [Set up Windows 10 devices for education](set-up-windows-10.md) 
 When you're ready to create and apply your provisioning package, see [Use Set up School PCs app](use-set-up-school-pcs-app.md).
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@ -67,7 +67,6 @@ The following table describes the Set up School PCs app features and lists each
 ## Next steps  
 Learn more about setting up devices with the Set up School PCs app.  
 * [Azure AD Join with Set up School PCs](set-up-school-pcs-azure-ad-join.md)
 * [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
 * [What's in my provisioning package](set-up-school-pcs-provisioning-package.md)
 * [Set up Windows 10 devices for education](set-up-windows-10.md) 
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ b/education/windows/set-up-school-pcs-whats-new.md
@ -104,7 +104,6 @@ The Skype and Messaging apps are part of a selection of apps that are, by defaul
 ## Next steps    
 Learn how to create provisioning packages and set up devices in the app.
 * [What's in my provisioning package?](set-up-school-pcs-provisioning-package.md)
 * [Shared PC mode for schools](set-up-school-pcs-shared-pc-mode.md)
 * [Set up School PCs technical reference](set-up-school-pcs-technical.md)
 * [Set up Windows 10 devices for education](set-up-windows-10.md)
--- a/education/windows/take-tests-in-windows.md
+++ b/education/windows/take-tests-in-windows.md
@ -34,7 +34,7 @@ There are different ways to use Take a Test, depending on the use case:
 - For lower stakes assessments, such a quick quiz in a class, a teacher can generate a *secure assessment URL* and share it with the students. Students can then open the URL to access the assessment through Take a Test. To learn more, see the next section: [Create a secure assessment link](#create-a-secure-assessment-link)
 - For higher stakes assessments, you can configure Windows devices to use a dedicated account for testing and execute Take a Test in a locked-down mode, called **kiosk mode**. Once signed in with the dedicated account, Windows will execute Take a Test in a lock-down mode, preventing the execution of any applications other than Take a Test. For more information, see [Configure Take a Test in kiosk mode](edu-take-a-test-kiosk-mode.md)
-![Set up and user flow for the Take a Test app.](images/takeatest/flow-chart.png)
+:::image type="content" source="./images/takeatest/flow-chart.png" alt-text="Set up and user flow for the Take a Test app." border="false":::
 ## Create a secure assessment link
@ -95,6 +95,6 @@ To take the test, have the students open the link.
 ## Additional information
-Teachers can use **Microsoft Forms** to create tests. For more information, see [Create tests using Microsoft Forms](https://support.microsoft.com/office/).
+Teachers can use **Microsoft Forms** to create tests. For more information, see [Create tests using Microsoft Forms](https://support.microsoft.com/en-us/office/create-a-quiz-with-microsoft-forms-a082a018-24a1-48c1-b176-4b3616cdc83d).
 To learn more about the policies and settings set by the Take a Test app, see [Take a Test app technical reference](take-a-test-app-technical.md).
--- a/education/windows/windows-11-se-faq.yml
+++ b/education/windows/windows-11-se-faq.yml
@ -54,7 +54,7 @@ sections:
      - question: Why there's no application store on Windows 11 SE?
        answer: |
          IT Admins can manage system settings (including application installation and the application store) to ensure all students have a safe, distraction-free experience. On Windows SE devices, you have pre-installed apps from Microsoft, from your IT admin, and from your device manufacturer. You can continue to use web apps on the Microsoft Edge browser, as web apps do not require installation.
-          For more information, see [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-app).
+          For more information, see [Configure applications with Microsoft Intune](/education/windows/tutorial-school-deployment/configure-device-apps).
      - question: What does the error 0x87D300D9 mean in the Intune for Education portal?
        answer: |
          This error means that the app you are trying to install is not supported on Windows 11 SE. If you have an app that fails with this error, then:
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@ -74,37 +74,35 @@ A boolean value that specifies whether the policies for education environment ar
 The supported operations are Add, Get, Replace, and Delete.
-The default value changed to false in Windows 10, version 1703. The default value is Not Configured and this node needs to be configured independent of EnableSharedPCMode.
+The default value is Not Configured.
 In Windows 10, version 1607, the value is set to True and the education environment is automatically configured when SharedPC mode is configured.
 <a href="" id="setpowerpolicies"></a>**SetPowerPolicies**
-Optional. A boolean value that specifies that the power policies should be set when configuring SharedPC mode.
+A boolean value that specifies that the power policies should be set when configuring SharedPC mode.
 The supported operations are Add, Get, Replace, and Delete.
 The default value is Not Configured and the effective power settings are determined by the OS's default power settings. Its value in the SharedPC provisioning package is True.
 <a href="" id="maintenancestarttime"></a>**MaintenanceStartTime**
-Optional. An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440.
+An integer value that specifies the daily start time of maintenance hour. Given in minutes from midnight. The range is 0-1440.
 The supported operations are Add, Get, Replace, and Delete.
 The default value is Not Configured and its value in the SharedPC provisioning package is 0 (12 AM).
 <a href="" id="signinonresume"></a>**SignInOnResume**
-Optional. A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode.
+A boolean value that, when set to True, requires sign in whenever the device wakes up from sleep mode.
 The supported operations are Add, Get, Replace, and Delete.
 The default value is Not Configured and its value in the SharedPC provisioning package is True.
 <a href="" id="sleeptimeout"></a>**SleepTimeout**
-The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes. This node is optional.
+The amount of time in seconds before the PC sleeps. 0 means the PC never sleeps. Default is 5 minutes.
 The supported operations are Add, Get, Replace, and Delete.
-The default value is Not Configured, and effective behavior is determined by the OS's default settings. Its value in the SharedPC provisioning package for Windows 10, version 1703 is 300, and in Windows 10, version 1607 is 3600.
+The default value is Not Configured, and effective behavior is determined by the OS's default settings. Its value in SharedPC provisioning package is 300.
 <a href="" id="enableaccountmanager"></a>**EnableAccountManager**
 A boolean that enables the account manager for shared PC mode.
@ -131,12 +129,7 @@ Configures when accounts are deleted.
 The supported operations are Add, Get, Replace, and Delete.
-For Windows 10, version 1607, here's the list shows the supported values:
+This is the list of supported values:
 -   0 - Delete immediately.
 -   1 (default) - Delete at disk space threshold.
 For Windows 10, version 1703, here's the list of supported values:
 - 0 - Delete immediately.
 - 1 - Delete at disk space threshold.
@ -163,23 +156,23 @@ For example, if the **DiskLevelCaching** number is set to 50 and the **DiskLevel
 The supported operations are Add, Get, Replace, and Delete.
 <a href="" id="restrictlocalstorage"></a>**RestrictLocalStorage**
-Added in Windows 10, version 1703. Restricts the user from using local storage. This node is optional.
+Restricts the user from using local storage.
-The default value is Not Configured and behavior is no such restriction applied. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False.
+The default value is Not Configured. Value type is bool. Supported operations are Add, Get, Replace, and Delete. Default in SharedPC provisioning package is False.
 <a href="" id="kioskmodeaumid"></a>**KioskModeAUMID**
-Added in Windows 10, version 1703. Specifies the AUMID of the app to use with assigned access. This node is optional.
+Specifies the AUMID of the app to use with assigned access.
 - Value type is string.
 - Supported operations are Add, Get, Replace, and Delete.
 <a href="" id="kioskmodeusertiledisplaytext"></a>**KioskModeUserTileDisplayText**
-Added in Windows 10, version 1703. Specifies the display text for the account shown on the sign-in screen that launches the app specified by KioskModeAUMID. This node is optional.
+Specifies the display text for the account shown on the sign-in screen that launches the app specified by KioskModeAUMID.
 Value type is string. Supported operations are Add, Get, Replace, and Delete.
 <a href="" id="inactivethreshold"></a>**InactiveThreshold**
-Added in Windows 10, version 1703. Accounts will start being deleted when they haven't been logged on during the specified period, given as number of days.
+Accounts will start being deleted when they haven't been logged on during the specified period, given as number of days.
 - The default value is Not Configured.
 - Value type is integer.
@ -188,7 +181,7 @@ Added in Windows 10, version 1703. Accounts will start being deleted when they h
 The default in the SharedPC provisioning package is 30.
 <a href="" id="maxpagefilesizemb"></a>**MaxPageFileSizeMB**
-Added in Windows 10, version 1703. Maximum size of the paging file in MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM. This node is optional.
+Maximum size of the paging file in MB. Applies only to systems with less than 32-GB storage and at least 3 GB of RAM.
 - Default value is Not Configured.
 - Value type is integer.
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@ -68,8 +68,6 @@
      href: kiosk-single-app.md
    - name: Set up a multi-app kiosk
      href: lock-down-windows-10-to-specific-apps.md
    - name: Set up a shared or guest PC
      href: set-up-shared-or-guest-pc.md
    - name: Kiosk reference information
      items:
        - name: More kiosk methods and reference information
@ -93,6 +91,14 @@
        - name: Troubleshoot kiosk mode issues
          href: kiosk-troubleshoot.md
 - name: Configure multi-user and guest devices 
  items:
    - name: Shared devices concepts
      href: shared-devices-concepts.md
    - name: Configure shared devices with Shared PC
      href: set-up-shared-or-guest-pc.md
    - name: Shared PC technical reference
      href: shared-pc-technical.md
 - name: Use provisioning packages
  items:
--- a/windows/configuration/images/icons/accessibility.svg
+++ b/windows/configuration/images/icons/accessibility.svg
@ -0,0 +1,3 @@
 <svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
  <path d="M6.75001 3.25C6.75001 2.55964 7.30966 2 8.00001 2C8.69037 2 9.25001 2.55964 9.25001 3.25C9.25001 3.94036 8.69037 4.5 8.00001 4.5C7.30966 4.5 6.75001 3.94036 6.75001 3.25ZM8.00001 1C6.75737 1 5.75001 2.00736 5.75001 3.25C5.75001 3.42769 5.77061 3.60057 5.80955 3.76638L4.1981 3.11531C3.38523 2.78689 2.45661 3.17707 2.12226 3.98751C1.78682 4.8006 2.17658 5.72824 2.9921 6.05773L5 6.86897L5 9.25304L3.18661 12.6635C2.77397 13.4396 3.06858 14.4032 3.84463 14.8158C4.62069 15.2285 5.58431 14.9339 5.99695 14.1578L8.00028 10.3901L10.0037 14.158C10.4163 14.934 11.3799 15.2286 12.156 14.816C12.9321 14.4034 13.2267 13.4397 12.814 12.6637L11 9.252V6.86897L13.0079 6.05773C13.8234 5.72824 14.2132 4.80059 13.8777 3.98751C13.5434 3.17707 12.6148 2.78689 11.8019 3.11531L10.1905 3.76636C10.2294 3.60055 10.25 3.42768 10.25 3.25C10.25 2.00736 9.24265 1 8.00001 1ZM3.04668 4.36889C3.17149 4.06635 3.52005 3.91989 3.82349 4.04249L7.25078 5.42721C7.73138 5.62138 8.2686 5.62138 8.74921 5.42721L12.1765 4.04249C12.4799 3.91989 12.8285 4.06635 12.9533 4.36889C13.077 4.66879 12.9341 5.00902 12.6333 5.13055L10.6254 5.94179C10.2474 6.09449 10 6.46133 10 6.86897V9.252C10 9.41571 10.0402 9.57692 10.1171 9.72147L11.9311 13.1332C12.0844 13.4216 11.9749 13.7797 11.6865 13.9331C11.3981 14.0864 11.04 13.9769 10.8866 13.6885L8.88322 9.92064C8.50711 9.21327 7.49344 9.21326 7.11733 9.92064L5.114 13.6883C4.96065 13.9768 4.60252 14.0863 4.31411 13.9329C4.02569 13.7795 3.9162 13.4214 4.06955 13.133L5.88295 9.72251C5.9598 9.57796 6 9.41675 6 9.25304V6.86897C6 6.46133 5.75256 6.09449 5.3746 5.94179L3.3667 5.13055C3.06591 5.00902 2.92295 4.66879 3.04668 4.36889Z" fill="#0078D4" />
 </svg>
--- a/windows/configuration/images/icons/group-policy.svg
+++ b/windows/configuration/images/icons/group-policy.svg
@ -0,0 +1,3 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 2048 2048">
  <path d="M1792 0q53 0 99 20t82 55 55 81 20 100q0 53-20 99t-55 82-81 55-100 20h-128v1280q0 53-20 99t-55 82-81 55-100 20H256q-53 0-99-20t-82-55-55-81-20-100q0-53 20-99t55-82 81-55 100-20V256q0-53 20-99t55-82 81-55T512 0h1280zM128 1792q0 27 10 50t27 40 41 28 50 10h930q-34-60-34-128t34-128H256q-27 0-50 10t-40 27-28 41-10 50zm1280 128q27 0 50-10t40-27 28-41 10-50V256q0-68 34-128H512q-27 0-50 10t-40 27-28 41-10 50v1280h1024q26 0 45 19t19 45q0 26-19 45t-45 19q-25 0-49 9t-42 28q-18 18-27 42t-10 49q0 27 10 50t27 40 41 28 50 10zm384-1536q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10q-27 0-50 10t-40 27-28 41-10 50v128h128zm-1280 0h896v128H512V384zm0 256h256v128H512V640zm0 256h256v128H512V896zm0 256h256v128H512v-128zm640-512q53 0 99 20t82 55 55 81 20 100q0 17-4 33t-4 31v539l-248-124-248 124V960q0-14-4-30t-4-34q0-53 20-99t55-82 81-55 100-20zm0 128q-27 0-50 10t-40 27-28 41-10 50q0 27 10 50t27 40 41 28 50 10q27 0 50-10t40-27 28-41 10-50q0-27-10-50t-27-40-41-28-50-10zm136 549v-204q-30 20-65 29t-71 10q-36 0-71-9t-65-30v204l136-68 136 68z" fill="#0078D4" />
 </svg>
--- a/windows/configuration/images/icons/intune.svg
+++ b/windows/configuration/images/icons/intune.svg
@ -0,0 +1,24 @@
 <svg id="a9ed4d43-c916-4b9a-b9ca-be76fbdc694c" xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
  <defs>
    <linearGradient id="aaede26b-698f-4a65-b6db-859d207e2da6" x1="8.05" y1="11.32" x2="8.05" y2="1.26" gradientUnits="userSpaceOnUse">
      <stop offset="0" stop-color="#0078d4" />
      <stop offset="0.82" stop-color="#5ea0ef" />
    </linearGradient>
    <linearGradient id="bc54987f-34ba-4701-8ce4-6eca10aff9e9" x1="8.05" y1="15.21" x2="8.05" y2="11.32" gradientUnits="userSpaceOnUse">
      <stop offset="0" stop-color="#1490df" />
      <stop offset="0.98" stop-color="#1f56a3" />
    </linearGradient>
    <linearGradient id="a5434fd8-c18c-472c-be91-f2aa070858b7" x1="8.05" y1="7.87" x2="8.05" y2="4.94" gradientUnits="userSpaceOnUse">
      <stop offset="0" stop-color="#d2ebff" />
      <stop offset="1" stop-color="#f0fffd" />
    </linearGradient>
  </defs>
  <title>Icon-intune-329</title>
  <rect x="0.5" y="1.26" width="15.1" height="10.06" rx="0.5" fill="url(#aaede26b-698f-4a65-b6db-859d207e2da6)" />
  <rect x="1.34" y="2.1" width="13.42" height="8.39" rx="0.28" fill="#fff" />
  <path d="M11.08,14.37c-1.5-.23-1.56-1.31-1.55-3h-3c0,1.74-.06,2.82-1.55,3a.87.87,0,0,0-.74.84h7.54A.88.88,0,0,0,11.08,14.37Z" fill="url(#bc54987f-34ba-4701-8ce4-6eca10aff9e9)" />
  <path d="M17.17,5.91H10.29a2.31,2.31,0,1,0,0,.92H11v9.58a.33.33,0,0,0,.33.33h5.83a.33.33,0,0,0,.33-.33V6.24A.33.33,0,0,0,17.17,5.91Z" fill="#32bedd" />
  <rect x="11.62" y="6.82" width="5.27" height="8.7" rx="0.12" fill="#fff" />
  <circle cx="8.05" cy="6.41" r="1.46" opacity="0.9" fill="url(#a5434fd8-c18c-472c-be91-f2aa070858b7)" />
  <path d="M14.88,10.82,13.76,9.7a.06.06,0,0,0-.1.05v.68a.06.06,0,0,1-.06.06H11v.83H13.6a.06.06,0,0,1,.06.06v.69a.06.06,0,0,0,.1,0L14.88,11A.12.12,0,0,0,14.88,10.82Z" fill="#0078d4" />
 </svg>
--- a/windows/configuration/images/icons/powershell.svg
+++ b/windows/configuration/images/icons/powershell.svg
@ -0,0 +1,20 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 18 18">
  <defs>
    <linearGradient id="a24f9983-911f-4df7-920f-f964c8c10f82" x1="9" y1="15.834" x2="9" y2="5.788" gradientUnits="userSpaceOnUse">
      <stop offset="0" stop-color="#32bedd" />
      <stop offset="0.175" stop-color="#32caea" />
      <stop offset="0.41" stop-color="#32d2f2" />
      <stop offset="0.775" stop-color="#32d4f5" />
    </linearGradient>
  </defs>
  <title>MsPortalFx.base.images-10</title>
  <g id="a7ef0482-71f2-4b7e-b916-b1c754245bf1">
    <g>
      <path d="M.5,5.788h17a0,0,0,0,1,0,0v9.478a.568.568,0,0,1-.568.568H1.068A.568.568,0,0,1,.5,15.266V5.788A0,0,0,0,1,.5,5.788Z" fill="url(#a24f9983-911f-4df7-920f-f964c8c10f82)" />
      <path d="M1.071,2.166H16.929a.568.568,0,0,1,.568.568V5.788a0,0,0,0,1,0,0H.5a0,0,0,0,1,0,0V2.734A.568.568,0,0,1,1.071,2.166Z" fill="#0078d4" />
      <path d="M4.292,7.153h.523a.167.167,0,0,1,.167.167v3.858a.335.335,0,0,1-.335.335H4.125a0,0,0,0,1,0,0V7.321a.167.167,0,0,1,.167-.167Z" transform="translate(-5.271 5.967) rotate(-45.081)" fill="#f2f2f2" />
      <path d="M4.32,9.647h.523a.167.167,0,0,1,.167.167v4.131a0,0,0,0,1,0,0H4.488a.335.335,0,0,1-.335-.335v-3.8a.167.167,0,0,1,.167-.167Z" transform="translate(-0.504 23.385) rotate(-135.081)" fill="#e6e6e6" />
      <rect x="7.221" y="12.64" width="4.771" height="1.011" rx="0.291" fill="#f2f2f2" />
    </g>
  </g>
 </svg>
--- a/windows/configuration/images/icons/provisioning-package.svg
+++ b/windows/configuration/images/icons/provisioning-package.svg
@ -0,0 +1,3 @@
 <svg xmlns="http://www.w3.org/2000/svg" width="18" height="18" viewBox="0 0 2048 2048">
  <path d="M1544 128q75 0 143 30t120 82 82 120 31 144v328q0 26-19 45t-45 19q-26 0-45-19t-19-45V507q0-50-20-95t-55-80-80-55-96-21H346q16 15 27 28t11 36q0 26-19 45t-45 19q-26 0-45-19L147 237q-19-19-19-45t19-45L275 19q19-19 45-19t45 19 19 45q0 23-11 36t-27 28h1198zm-57 896q0 24 22 43t50 39 50 46 23 63q0 21-12 51t-30 61-37 59-33 44q-31 37-79 37-20 0-42-8t-44-17-41-17-35-8q-15 0-24 6t-14 15-8 20-5 24l-17 91q-6 34-25 52t-45 27-55 10-57 2h-5q-27 0-58-1t-58-11-47-28-26-53l-20-116q-2-14-14-26t-28-12q-20 0-40 7t-42 17-43 17-43 8q-50 0-80-37-14-16-32-43t-35-59-29-61-12-52q0-39 22-64t50-45 49-38 23-43q0-25-22-43t-50-39-50-45-23-64q0-22 12-52t30-60 37-58 33-45q31-37 79-37 20 0 42 7t43 17 40 17 36 8q21 0 32-11t16-30 8-41 7-46 11-45 24-38q12-12 29-19t37-10 40-5 39-1h15q27 0 57 1t58 11 46 28 26 53l20 116q3 18 16 27t31 10q17 0 37-7t41-17 42-17 42-8q23 0 44 10t36 28q14 17 32 44t36 58 29 61 12 52q0 39-22 64t-50 45-49 38-23 43zm-128 0q0-37 12-64t31-50 45-42 52-42q-13-30-29-58t-36-54q-36 13-76 29t-80 16q-24 0-44-6t-42-18q-33-19-51-42t-27-51-13-59-11-67q-16-2-32-3t-33-1q-17 0-33 1t-32 3q-7 35-11 66t-14 58-28 52-51 43q-21 13-41 18t-45 6q-40 0-79-16t-76-30q-38 51-66 112 26 22 51 42t45 42 32 50 12 65q0 37-12 64t-31 50-45 42-52 42q13 30 29 58t36 54q35-13 74-29t79-16q32 0 61 10t52 30 39 46 22 58l17 99q17 2 32 3t33 1q17 0 33-1t33-3q5-30 9-59t13-57 24-52 43-43q23-15 48-23t53-9q18 0 38 5t40 12 39 15 37 14q38-51 66-112-26-22-51-42t-45-42-32-50-12-65zm-207 0q0 27-10 50t-27 40-41 28-50 10q-27 0-50-10t-41-27-27-40-10-51q0-27 10-50t27-40 41-28 50-10q26 0 49 10t41 27 28 41 10 50zm768 832q0 26-19 45l-128 128q-19 19-45 19t-45-19-19-45q0-23 11-36t27-28H504q-75 0-143-30t-120-82-82-120-31-144v-328q0-26 19-45t45-19q26 0 45 19t19 45v325q0 50 20 95t55 80 80 55 96 21h1195q-14-14-26-28t-12-36q0-26 19-45t45-19q26 0 45 19l128 128q19 19 19 45z" fill="#0078D4" />
 </svg>
--- a/windows/configuration/images/icons/registry.svg
+++ b/windows/configuration/images/icons/registry.svg
@ -0,0 +1,22 @@
 <svg id="b9b1f1bd-1131-4ac5-b607-ad500ee51398" data-name="fluent_icons" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" width="18" height="18" viewBox="0 0 18 18">
  <defs>
    <linearGradient id="b0b22e7a-bfc7-4dec-91e9-5f981ed97407" x1="8.55" y1="0.41" x2="8.48" y2="18.62" gradientUnits="userSpaceOnUse">
      <stop offset="0" stop-color="#76bc2d" />
      <stop offset="0.32" stop-color="#73b82c" />
      <stop offset="0.65" stop-color="#6cab29" />
      <stop offset="0.99" stop-color="#5e9724" />
      <stop offset="1" stop-color="#5e9624" />
    </linearGradient>
    <linearGradient id="e827adc5-7c19-488a-9b2c-abb70d46ae5e" x1="14.75" y1="5.9" x2="14.75" y2="1.1" gradientTransform="translate(18.1 -11.21) rotate(90)" gradientUnits="userSpaceOnUse">
      <stop offset="0" stop-color="#0078d4" />
      <stop offset="0.17" stop-color="#1c84dc" />
      <stop offset="0.38" stop-color="#3990e4" />
      <stop offset="0.59" stop-color="#4d99ea" />
      <stop offset="0.8" stop-color="#5a9eee" />
      <stop offset="1" stop-color="#5ea0ef" />
    </linearGradient>
  </defs>
  <title>Icon-general-18</title>
  <path d="M6.27,13.29h4.49v4.49H6.27ZM1,3.43V7.3h4.5V2.81H1.65A.63.63,0,0,0,1,3.43ZM1,17.16a.63.63,0,0,0,.63.62H5.52V13.29H1Zm0-4.62h4.5V8.05H1Zm10.49,5.24h3.87a.62.62,0,0,0,.62-.62V13.29H11.51ZM6.27,12.54h4.49V8.05H6.27Zm5.24-4.49v4.49H16V8.05ZM6.27,7.3h4.49V2.81H6.27Z" fill="url(#b0b22e7a-bfc7-4dec-91e9-5f981ed97407)" />
  <rect x="12.2" y="1.14" width="4.8" height="4.8" rx="0.25" transform="translate(5.14 15.21) rotate(-64.59)" fill="url(#e827adc5-7c19-488a-9b2c-abb70d46ae5e)" />
 </svg>
--- a/windows/configuration/images/icons/windows-os.svg
+++ b/windows/configuration/images/icons/windows-os.svg
@ -0,0 +1,3 @@
 <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2048 2048" width="18" height="18" >
  <path d="M0 0h961v961H0V0zm1087 0h961v961h-961V0zM0 1087h961v961H0v-961zm1087 0h961v961h-961v-961z" fill="#0078D4" />
 </svg>
--- a/windows/configuration/images/shared-pc-intune.png
+++ b/windows/configuration/images/shared-pc-intune.png
--- a/windows/configuration/images/shared-pc-wcd.png
+++ b/windows/configuration/images/shared-pc-wcd.png
--- a/windows/configuration/images/sharedpc-guest-win11.png
+++ b/windows/configuration/images/sharedpc-guest-win11.png
--- a/windows/configuration/images/sharedpc-kiosk-win11se.png
+++ b/windows/configuration/images/sharedpc-kiosk-win11se.png
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@ -1,353 +1,153 @@
 ---
-title: Set up a shared or guest PC with Windows 10/11
+title: Set up a shared or guest Windows device
-description: Windows 10 and Windows has shared PC mode, which optimizes Windows client for shared use scenarios.
+description: Description of how to configured Shared PC mode, which is a Windows feature that optimizes devices for shared use scenarios.
-ms.prod: w10
+ms.date: 10/15/2022
-author: lizgt2000
+ms.prod: windows
-ms.author: lizlong
+ms.technology: windows
-ms.topic: article
+ms.topic: reference
 ms.localizationpriority: medium
-ms.reviewer: sybruckm
+author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer:
 manager: aaroncz
-ms.collection: highpri
+ms.collection: 
 appliesto:
 - ✅ <b>Windows 10</b>
 - ✅ <b>Windows 11</b>
 - ✅ <b>Windows 11 SE</b>
 ---
-# Set up a shared or guest PC with Windows 10/11
+# Set up a shared or guest Windows device
 **Shared PC** offers options to facilitate the management and optimization of shared devices. The customizations offered by Shared PC are listed in the following table.
-**Applies to**
+| Area Name | Setting name and description|
 |---|---|
 |Shared PC mode | **EnableSharedPCMode** or **EnableSharedPCModeWithOneDriveSync**: when enabled, **Shared PC mode** is turned on and different settings are configured in the local group policy object (LGPO). For a detailed list of settings enabled by Shared PC Mode in the LGPO, see the [Shared PC technical reference](shared-pc-technical.md#enablesharedpcmode-and-enablesharedpcmodewithonedrivesync).<ul><li>This setting controls the API: [IsEnabled][UWP-1]</li></ul>|
 | Account management | **EnableAccountManager**: when enabled, automatic account management is turned on. The following settings define the behavior of *account manager*: <ul><li> **DeletionPolicy**</li><li>**DiskLevelDeletion** </li><li>**DiskLevelCaching**</li><li>**InactiveThreshold**</li></ul>For more information, see the [Shared PC CSP documentation][WIN-3].<br><br>**AccountModel**: this option controls which types of users can sign-in to the device, and can be used to enable the Guest and Kiosk accounts. For more information, see the [Shared PC CSP documentation][WIN-3].<br><br>**KioskModeAUMID**: configures an application (referred as Application User Model ID - AUMID) to automatically execute when the kiosk account is used to sign in. A new account will be created and will use assigned access to only run the app specified by the AUMID. [Find the Application User Model ID of an installed app][WIN-7].<br><br>**KioskModeUserTileDisplayText**: sets the display text on the kiosk account if **KioskModeAUMID** has been set.|
 | Advanced customizations | **SetEduPolicies**: when enabled, specific settings designed for education devices are configured in the LGPO. For a detailed list of settings enabled by SetEduPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setedupolicy).<ul><li>This setting controls the API: [IsEducationEnvironment][UWP-2]</li></ul><br>**SetPowerPolicies**: when enabled, different power settings optimized for shared devices are configured in the LGPO. For a detailed list of settings enabled by SetPowerPolicies in the LGPO, see [Shared PC technical reference](shared-pc-technical.md#setpowerpolicies).<br><br>**SleepTimeout**: specifies all timeouts for when the PC should sleep.<br><br>**SignInOnResume**: if enabled, specifies if the user is required to sign in with a password when the PC wakes from sleep.<br><br>**MaintenanceStartTime**: by default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update or Search indexing) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For a detailed list of settings enabled by MaintenanceStartTime, see [Shared PC technical reference](shared-pc-technical.md#maintenancestarttime).<br><br>**MaxPageFileSizeMB**: adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs.<br><br> **RestrictLocalStorage**: when enabled, users are prevented from saving or viewing local storage while using File Explorer.<ul><li>This setting controls the API: [ShouldAvoidLocalStorage][UWP-3]</li></ul>|
- Windows 10
+## Configure Shared PC
 - Windows 11
-Windows client has a *shared PC mode*, which optimizes Windows client for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. You can apply shared PC mode to Windows client Pro, Pro Education, Education, and Enterprise.
+Shared PC can be configured using the following methods:
-> [!NOTE]
+- Microsoft Intune/MDM
-> If you're interested in using Windows client for shared PCs in a school, see [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) which provides a simple way to configure PCs with shared PC mode plus additional settings specific for education.
+- Provisioning package (PPKG)
 - PowerShell script
-## Shared PC mode concepts
+Follow the instructions below to configure your devices, selecting the option that best suits your needs.
 A Windows client PC in shared PC mode is designed to be management- and maintenance-free with high reliability. In shared PC mode, only one user can be signed in at a time. When the PC is locked, the currently signed in user can always be signed out at the lock screen. 
-### Account models
+#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
 It is intended that shared PCs are joined to an Active Directory or Azure Active Directory domain by a user with the necessary rights to perform a domain join as part of a setup process. This enables any user that is part of the directory to sign-in to the PC. If using Azure Active Directory Premium, any domain user can also be configured to sign in with administrative rights. Additionally, shared PC mode can be configured to enable a **Guest** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used. Windows client has a **kiosk mode** account. Shared PC mode can be configured to enable a **Kiosk** option on the sign-in screen, which doesn't require any user credentials or authentication, and creates a new local account each time it is used to run a specified app in assigned access (kiosk) mode.
-### Account management
+To configure devices using Microsoft Intune, [create a **Settings catalog** policy][MEM-2], and use the settings listed under the category **`Shared PC`**:
 When the account management service is turned on in shared PC mode, accounts are automatically deleted. Account deletion applies to Active Directory, Azure Active Directory, and local accounts that are created by the **Guest** and **Kiosk** options. Account management is performed both at sign-off time (to make sure there is enough disk space for the next user) as well as during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out or when disk space is low. In Windows client, an inactive option is added which deletes accounts if they haven't signed in after a specified number of days.
-### Maintenance and sleep
+:::image type="content" source="./images/shared-pc-intune.png" alt-text="Screenshot that shows the Shared PC policies in the Intune settings catalog." lightbox="./images/shared-pc-intune.png" border="True":::
 Shared PC mode is configured to take advantage of maintenance time periods which run while the PC is not in use. Therefore, sleep is strongly recommended so that the PC can wake up when it is not in use to perform maintenance, clean up accounts, and run Windows Update. The recommended settings can be set by choosing **SetPowerPolicies** in the list of shared PC options. Additionally, on devices without Advanced Configuration and Power Interface (ACPI) wake alarms, shared PC mode will always override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
-While shared PC mode does not configure Windows Update itself, it is strongly recommended to configure Windows Update to automatically install updates and reboot (if necessary) during maintenance hours. This will help ensure the PC is always up to date and not interrupting users with updates.  
+Assign the policy to a security group that contains as members the devices or users that you want to configure.
-Use one of the following methods to configure Windows Update:
+Alternatively, you can configure devices using a [custom policy][MEM-1] with the [SharedPC CSP][WIN-3].
- Group Policy: Set **Computer Configuration > Administrative Templates > Windows Components > Windows Update > Configure Automatic Updates** to `4` and check **Install during automatic maintenance**.
+#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
 - MDM: Set **Update/AllowAutoUpdate** to `4`. 
 - Provisioning: In Windows Imaging and Configuration Designer (ICD), set **Policies/Update/AllowAutoUpdate** to `4`. 
-[Learn more about the AllowAutoUpdate settings](/windows/client-management/mdm/policy-configuration-service-provider#Update_AllowAutoUpdate)
+To configure devices using a provisioning package, [create a provisioning package][WIN-1] using WCD, and use the settings listed under the category **`SharedPC`**:
-### App behavior
+:::image type="content" source="./images/shared-pc-wcd.png" alt-text="Screenshot that shows the Shared PC policies in WCD." lightbox="./images/shared-pc-wcd.png" border="False":::
-Apps can take advantage of shared PC mode with the following three APIs:  
+For a list and description of CSP settings exposed in Windows Configuration Designer, see the [SharedPC WCD reference][WIN-4].
- [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.   
+Follow the steps in [Apply a provisioning package][WIN-2] to apply the package that you created.
 - [ShouldAvoidLocalStorage](/uwp/api/windows.system.profile.sharedmodesettings) - This informs apps when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.  
 - [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) - This informs apps when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.  
 #### [:::image type="icon" source="images/icons/powershell.svg"::: **PowerShell**](#tab/powershell)
-### Customization
+To configure devices using a PowerShell script, you can use the [MDM Bridge WMI Provider][WIN-6].
 Shared PC mode exposes a set of customizations to tailor the behavior to your requirements. These customizations are the options that you'll set either using MDM or a provisioning package as explained in [Configuring Shared PC mode for Windows](#configuring-shared-pc-mode-for-windows). The options are listed in the following table.
 | Setting | Value |
 |:---|:---|
 | EnableSharedPCMode | Set as **True**. If this is not set to **True**, shared PC mode is not turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings) </br></br>Some of the remaining settings in **SharedPC** are optional, but we strongly recommend that you also set `EnableAccountManager` to **True**.  |
 | AccountManagement: AccountModel | This option controls how users can sign-in on the PC. Choosing domain-joined will enable any user in the domain to sign-in. <br/><br/>Specifying the guest option will add the **Guest** option to the sign-in screen and enable anonymous guest access to the PC. <br/><br/>  - **Only guest** allows anyone to use the PC as a local standard (non-admin) account.<br/>  - **Domain-joined only** allows users to sign in with an Active Directory or Azure AD account.<br/>-   **Domain-joined and guest** allows users to sign in with an Active Directory, Azure AD, or local standard account. |
 | AccountManagement: DeletionPolicy | - **Delete immediately** will delete the account on sign-out. <br/><br/>- **Delete at disk space threshold** will start deleting accounts when available disk space falls below the threshold you set for **DiskLevelDeletion**, and it will stop deleting accounts when the available disk space reaches the threshold you set for **DiskLevelCaching**. Accounts are deleted in order of oldest accessed to most recently accessed. <br/><br/>Example: The caching number is 50 and the deletion number is 25. Accounts will be cached while the free disk space is above 25%. When the free disk space is less than 25% (the deletion number) at a maintenance period, accounts will be deleted (oldest last used first) until the free disk space is above 50% (the caching number). Accounts will be deleted immediately at sign-off of an account if free space is under the deletion threshold and disk space is very low, regardless if the PC is actively in use or not. <br/>- **Delete at disk space threshold and inactive threshold** will apply the same disk space checks as noted above, but also delete accounts if they have not signed in within the number of days specified by **InactiveThreshold**  |
 | AccountManagement: DiskLevelCaching | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account caching.   |
 | AccountManagement: DiskLevelDeletion | If you set **DeletionPolicy** to **Delete at disk space threshold**, set the percent of total disk space to be used as the disk space threshold for account deletion.   |
 | AccountManagement: InactiveThreshold | If you set **DeletionPolicy** to **Delete at disk space threshold and inactive threshold**, set the number of days after which an account that has not signed in will be deleted.   | 
 | AccountManagement: EnableAccountManager | Set as **True** to enable automatic account management. If this is not set to true, no automatic account management will be done. |
 | AccountManagement: KioskModeAUMID | Set an Application User Model ID (AUMID) to enable the kiosk account on the sign-in screen. A new account will be created and will use assigned access to only run the app specified by the AUMID. Note that the app must be installed on the PC. Set the name of the account using **KioskModeUserTileDisplayText**, or a default name will be used. [Find the Application User Model ID of an installed app](/previous-versions/windows/embedded/dn449300(v=winembedded.82))   |  
 | AccountManagement: KioskModeUserTileDisplayText | Sets the display text on the kiosk account if **KioskModeAUMID** has been set. |  
 | Customization: MaintenanceStartTime | By default, the maintenance start time (which is when automatic maintenance tasks run, such as Windows Update) is midnight. You can adjust the start time in this setting by entering a new start time in minutes from midnight. For example, if you want maintenance to begin at 2 AM, enter `120` as the value.   |
 | Customization: MaxPageFileSizeMB | Adjusts the maximum page file size in MB. This can be used to fine-tune page file behavior, especially on low end PCs.  |  
 | Customization: RestrictLocalStorage | Set as **True** to restrict the user from saving or viewing local storage when using File Explorer. This setting controls this API: [ShouldAvoidLocalStorage](/uwp/api/windows.system.profile.sharedmodesettings)  | 
 | Customization: SetEduPolicies | Set to **True** for PCs that will be used in a school. For more information, see [Windows client configuration recommendations for education customers](/education/windows/configure-windows-for-education). This setting controls this API: [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) |
 | Customization: SetPowerPolicies |  When set as **True**:<br/>- Prevents users from changing power settings<br/>- Turns off hibernate<br/>- Overrides all power state transitions to sleep (e.g. lid close)  |
 | Customization: SignInOnResume | This setting specifies if the user is required to sign in with a password when the PC wakes from sleep.     |
 | Customization: SleepTimeout | Specifies all timeouts for when the PC should sleep. Enter the amount of idle time in seconds. If you don't set sleep timeout, the default of 1 hour applies.     |
 [Policies: Authentication](wcd/wcd-policies.md#authentication) (optional related setting) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts.
 ## Configuring Shared PC mode for Windows
 You can configure Windows to be in shared PC mode in a couple different ways:
 - Mobile device management (MDM): Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp). To set up a shared device policy for Windows client in Intune, complete the following steps:
  1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
  2. Select **Devices** > **Windows** > **Configuration profiles** > **Create profile**.
  3. Enter the following properties:
     - **Platform**: Select **Windows 10 and later**.
     - **Profile**: Select **Templates** > **Shared multi-user device**.
  4. Select **Create**.
  5. In **Basics**, enter the following properties:
     - **Name**: Enter a descriptive name for the new profile.
     - **Description**: Enter a description for the profile. This setting is optional, but recommended.
  6. Select **Next**.
  7. In **Configuration settings**, depending on the platform you chose, the settings you can configure are different. Choose your platform for detailed settings:
  8. On the **Configuration settings** page, set the ‘Shared PC Mode’ value to **Enabled**.
     > [!div class="mx-imgBorder"]
     > ![Shared PC mode in the Configuration settings page.](images/shared_pc_3.png) 
  11. From this point on, you can configure any additional settings you’d like to be part of this policy, and then follow the rest of the set-up flow to its completion by selecting **Create** after **Step 6**.
 - A provisioning package created with the Windows Configuration Designer: You can apply a provisioning package when you initially set up the PC (also known as the out-of-box-experience or OOBE), or you can apply the provisioning package to a Windows client that's already in use. The provisioning package is created in Windows Configuration Designer. Shared PC mode is enabled by the [SharedPC configuration service provider (CSP)](/windows/client-management/mdm/sharedpc-csp), exposed in Windows Configuration Designer as **SharedPC**.
     ![Shared PC settings in ICD.](images/icd-adv-shared-pc.png)
 - WMI bridge: Environments that use Group Policy can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the [MDM_SharedPC class](/windows/win32/dmwmibridgeprov/mdm-sharedpc). For all device settings, the WMI Bridge client must be executed under local system user; for more information, see [Using PowerShell scripting with the WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider). For example, open PowerShell as an administrator and enter the following:
  ```powershell
  $sharedPC = Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_SharedPC"
  $sharedPC.EnableSharedPCMode = $True
  $sharedPC.SetEduPolicies = $True
  $sharedPC.SetPowerPolicies = $True
  $sharedPC.MaintenanceStartTime = 0
  $sharedPC.SignInOnResume = $True
  $sharedPC.SleepTimeout = 0
  $sharedPC.EnableAccountManager = $True
  $sharedPC.AccountModel = 2
  $sharedPC.DeletionPolicy = 1
  $sharedPC.DiskLevelDeletion = 25
  $sharedPC.DiskLevelCaching = 50
  $sharedPC.RestrictLocalStorage = $False
  $sharedPC.KioskModeAUMID = ""
  $sharedPC.KioskModeUserTileDisplayText = ""
  $sharedPC.InactiveThreshold = 0
  Set-CimInstance -CimInstance $sharedPC
  Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName MDM_SharedPC
  ```
 ### Create a provisioning package for shared use
 1. [Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md)
 2. Open Windows Configuration Designer. 
 3. On the **Start page**, select **Advanced provisioning**.
 4. Enter a name and (optionally) a description for the project, and click **Next**.
 5. Select **All Windows desktop editions**, and click **Next**.
 6. Click **Finish**. Your project opens in Windows Configuration Designer.
 7. Go to **Runtime settings** > **SharedPC**. [Select the desired settings for shared PC mode.](#customization)
 8. On the **File** menu, select **Save.**
 9. On the **Export** menu, select **Provisioning package**.
 10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
 11. Set a value for **Package Version**.
 > [!TIP]
-    > You can make changes to existing packages and change the version number to update previously applied packages.
+> PowerShell scripts can be executed as scheduled tasks via Group Policy.
 12. (*Optional*) In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
    - **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
    - **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
 > [!IMPORTANT]
-      > We recommend that you include a trusted provisioning certificate in your provisioning package. When the package is applied to a device, the certificate is added to the system store and any package signed with that certificate thereafter can be applied silently.
+> For all device settings, the WMI Bridge client must be executed as SYSTEM (LocalSystem) account.
 >
 > To test a PowerShell script, you can:
 > 1. [Download the psexec tool](/sysinternals/downloads/psexec)
 > 1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe`
 > 1. Run the script in the PowerShell session
-13. Click **Next** to specify the output location where you want the provisioning package to go once it's built. By default, Windows Configuration Designer uses the project folder as the output location.
+Edit the following sample PowerShell script to customize the settings that you want to configure:
-    Optionally, you can click **Browse** to change the default output location.
+```powershell
-14. Click **Next**.
+$namespaceName = "root\cimv2\mdm\dmmap"
-15. Click **Build** to start building the package. The project information is displayed in the build page and the progress bar indicates the build status.
+$parentID="./Vendor/MSFT/Policy/Config"
-    If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
+$className = "MDM_SharedPC"
-16. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
+$cimObject = Get-CimInstance -Namespace $namespaceName -ClassName $className
-    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
+if (-not ($cimObject)) {
-    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
+   $cimObject = New-CimInstance -Namespace $namespaceName -ClassName $className -Property @{ParentID=$ParentID;InstanceID=$instance}
-    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
+}
-17. Select the **output location** link to go to the location of the package. You can provide that .ppkg to others through any of the following methods:
+$cimObject.EnableSharedPCMode = $True
 $cimObject.SetEduPolicies = $True
 $cimObject.SetPowerPolicies = $True
 $cimObject.MaintenanceStartTime = 0
 $cimObject.SignInOnResume = $True
 $cimObject.SleepTimeout = 0
 $cimObject.EnableAccountManager = $True
 $cimObject.AccountModel = 2
 $cimObject.DeletionPolicy = 1
 $cimObject.DiskLevelDeletion = 25
 $cimObject.DiskLevelCaching = 50
 $cimObject.RestrictLocalStorage = $False
 $cimObject.KioskModeAUMID = ""
 $cimObject.KioskModeUserTileDisplayText = ""
 $cimObject.InactiveThreshold = 0
 Set-CimInstance -CimInstance $cimObject
 ```
-    -   Shared network folder
+For more information, see [Using PowerShell scripting with the WMI Bridge Provider][WIN-5].
-    -   SharePoint site
+---
    -   Removable media (USB/SD) (select this option to apply to a PC during initial setup)
 ### Apply the provisioning package
 Provisioning packages can be applied to a device during initial setup (out-of-box experience or "OOBE") and after ("runtime"). For more information, see [Apply a provisioning package](./provisioning-packages/provisioning-apply-package.md).
 > [!NOTE]
 > If you apply the setup file to a computer that has already been set up, existing accounts and data might be lost.
 ## Guidance for accounts on shared PCs
-* We recommend no local admin accounts on the PC to improve the reliability and security of the PC.
+- When a device is configured in *shared PC mode* with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign out.
-* When a PC is set up in shared PC mode with the default deletion policy, accounts will be cached automatically until disk space is low. Then, accounts will be deleted to reclaim disk space. This account management happens automatically. Both Azure AD and Active Directory domain accounts are managed in this way. Any accounts created through **Guest** and **Kiosk** will be deleted automatically at sign-out.
+- Local accounts that already exist on a PC won't be deleted when turning on shared PC mode. New local accounts that are created using **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new guest accounts created by the **Guest** and **Kiosk** options on the sign-in screen (if enabled) will automatically be deleted at sign out. To set a general policy on all local accounts, you can configure the following local Group Policy setting: **Computer Configuration** > **Administrative Templates** > **System** > **User Profiles**: **Delete User Profiles Older Than A Specified Number Of Days On System Restart**.
 * On a Windows PC joined to Azure Active Directory:
    * By default, the account that joined the PC to Azure AD will have an admin account on that PC. Global administrators for the Azure AD domain will also have admin accounts on the PC.
    * With Azure AD Premium, you can specify which accounts have admin accounts on a PC using the **Additional administrators on Azure AD Joined devices** setting on the Azure portal.
-* Local accounts that already exist on a PC won’t be deleted when turning on shared PC mode. New local accounts that are created using **Settings > Accounts > Other people > Add someone else to this PC** after shared PC mode is turned on won't be deleted. However, any new guest accounts created by the **Guest** and **Kiosk** options on the sign-in screen (if enabled) will automatically be deleted at sign-out. To set a general policy on all local accounts, you can configure the following local Group Policy setting: **Computer Configuration** > **Administrative Templates** > **System** > **User Profiles**: **Delete User Profiles Older Than A Specified Number Of Days On System Restart**.
+- The account management service supports accounts that are exempt from deletion. An account can be marked exempt from deletion by adding the account SID to the registry key: `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\`. To add the account SID to the registry key using PowerShell, use the following example as a reference:
 * If admin accounts are necessary on the PC
    * Ensure the PC is joined to a domain that enables accounts to be signed on as admin, or
    * Create admin accounts before setting up shared PC mode, or 
    * Create exempt accounts before signing out when turning shared pc mode on.
 * The account management service supports accounts that are exempt from deletion.
    * An account can be marked exempt from deletion by adding the account SID to the registry key: `HKEY_LOCAL_MACHINE\SOFTARE\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\`.
    * To add the account SID to the registry key using PowerShell:
    ```powershell
    $adminName = "LocalAdmin"
    $adminPass = 'Pa$$word123'
-        iex "net user /add $adminName $adminPass"
+    invoke-expression "net user /add $adminName $adminPass"
    $user = New-Object System.Security.Principal.NTAccount($adminName) 
    $sid = $user.Translate([System.Security.Principal.SecurityIdentifier]) 
    $sid = $sid.Value;
    New-Item -Path "HKLM:\Software\Microsoft\Windows\CurrentVersion\SharedPC\Exemptions\$sid" -Force
    ```
-## Policies set by shared PC mode
+## Troubleshooting Shared PC
-Shared PC mode sets local group policies to configure the device. Some of these are configurable using the shared pc mode options.
+To troubleshoot Shared PC, you can use the following tools:
 - Check the log `C:\Windows\SharedPCSetup.log`
 - Check the registry keys under `HKLM\Software\Microsoft\Windows\CurrentVersion\SharedPC`
  - `AccountManagement` key contains settings on how profiles are managed
  - `NodeValues` contains what values are set for the features managed by Shared PC
-> [!IMPORTANT]
+## Technical reference
 > It is not recommended to set additional policies on PCs configured for **Shared PC Mode**. The shared PC mode has been optimized to be fast and reliable over time with minimal to no manual maintenance required.
-### Admin Templates > Control Panel > Personalization
+- For a list of settings configured by the different options offered by Shared PC mode, see the [Shared PC technical reference](shared-pc-technical.md).
 - For a list of settings exposed by the SharedPC configuration service provider, see [SharedPC CSP][WIN-3].
 - For a list of settings exposed by Windows Configuration Designer, see [SharedPC CSP][WIN-4].
-|Policy Name| Value|When set?|
+-----------
 |--- |--- |--- |
 |Prevent enabling lock screen slide show|Enabled|Always|
 |Prevent changing lock screen and logon image|Enabled|Always|
-### Admin Templates > System > Power Management > Button Settings
+[WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
 [WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
 [WIN-3]: /windows/client-management/mdm/sharedpc-csp
 [WIN-4]: /windows/configuration/wcd/wcd-sharedpc
 [WIN-5]: /windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider
 [WIN-6]: /windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal
 [WIN-7]: /previous-versions/windows/embedded/dn449300(v=winembedded.82)
-|Policy Name| Value|When set?|
+[MEM-1]: /mem/intune/configuration/custom-settings-windows-10
-|--- |--- |--- |
+[MEM-2]: /mem/intune/configuration/settings-catalog
 |Select the Power button action (plugged in)|Sleep|SetPowerPolicies=True|
 |Select the Power button action (on battery)|Sleep|SetPowerPolicies=True|
 |Select the Sleep button action (plugged in)|Sleep|SetPowerPolicies=True|
 |Select the lid switch action (plugged in)|Sleep|SetPowerPolicies=True|
 |Select the lid switch action (on battery)|Sleep|SetPowerPolicies=True|
-### Admin Templates > System > Power Management > Sleep Settings
+[UWP-1]: /uwp/api/windows.system.profile.sharedmodesettings
-
+[UWP-2]: /uwp/api/windows.system.profile.educationsettings
-|Policy Name| Value|When set?|
+[UWP-3]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage
 |--- |--- |--- |
 |Require a password when a computer wakes (plugged in)|Enabled|SignInOnResume=True|
 |Require a password when a computer wakes (on battery)|Enabled|SignInOnResume=True|
 |Specify the system sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True|
 |Specify the system sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True|
 |Turn off hybrid sleep (plugged in)|Enabled|SetPowerPolicies=True|
 |Turn off hybrid sleep (on battery)|Enabled|SetPowerPolicies=True|
 |Specify the unattended sleep timeout (plugged in)|*SleepTimeout*|SetPowerPolicies=True|
 |Specify the unattended sleep timeout (on battery)|*SleepTimeout*|SetPowerPolicies=True|
 |Allow standby states (S1-S3) when sleeping (plugged in)|Enabled|SetPowerPolicies=True|
 |Allow standby states (S1-S3) when sleeping (on battery)|Enabled |SetPowerPolicies=True|
 |Specify the system hibernate timeout (plugged in)|Enabled, 0|SetPowerPolicies=True|
 |Specify the system hibernate timeout (on battery)|Enabled, 0|SetPowerPolicies=True|
 ### Admin Templates>System>Power Management>Video and Display Settings
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Turn off the display (plugged in)|*SleepTimeout*|SetPowerPolicies=True|
 |Turn off the display (on battery|*SleepTimeout*|SetPowerPolicies=True|
 ### Admin Templates>System>Power Management>Energy Saver Settings
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Energy Saver Battery Threshold (on battery)|70|SetPowerPolicies=True|
 ### Admin Templates>System>Logon
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Show first sign-in animation|Disabled|Always|
 |Hide entry points for Fast User Switching|Enabled|Always|
 |Turn on convenience PIN sign-in|Disabled|Always|
 |Turn off picture password sign-in|Enabled|Always|
 |Turn off app notification on the lock screen|Enabled|Always|
 |Allow users to select when a password is required when resuming from connected standby|Disabled|SignInOnResume=True|
 |Block user from showing account details on sign-in|Enabled|Always|
 ### Admin Templates>System>User Profiles
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Turn off the advertising ID|Enabled|SetEduPolicies=True|
 ### Admin Templates>Windows Components
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Do not show Windows Tips |Enabled|SetEduPolicies=True|
 |Turn off Microsoft consumer experiences |Enabled|SetEduPolicies=True|
 |Microsoft Passport for Work|Disabled|Always|
 |Prevent the usage of OneDrive for file storage|Enabled|Always|
 ### Admin Templates>Windows Components>Biometrics
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Allow the use of biometrics|Disabled|Always|
 |Allow users to log on using biometrics|Disabled|Always|
 |Allow domain users to log on using biometrics|Disabled|Always|
 ### Admin Templates>Windows Components>Data Collection and Preview Builds
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Toggle user control over Insider builds|Disabled|Always| 
 |Disable pre-release features or settings|Disabled|Always|
 |Do not show feedback notifications|Enabled|Always|
 |Allow Telemetry|Basic, 0|SetEduPolicies=True|
 ### Admin Templates>Windows Components>File Explorer
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Show lock in the user tile menu|Disabled|Always|
 ### Admin Templates>Windows Components>Maintenance Scheduler
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Automatic Maintenance Activation Boundary|*MaintenanceStartTime*|Always|
 |Automatic Maintenance Random Delay|Enabled, 2 hours|Always|
 |Automatic Maintenance WakeUp Policy|Enabled|Always|
 ### Admin Templates>Windows Components>Windows Hello for Business
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Use phone sign-in|Disabled|Always|
 |Use Windows Hello for Business|Disabled|Always|
 |Use biometrics|Disabled|Always|
 ### Admin Templates>Windows Components>OneDrive
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Prevent the usage of OneDrive for file storage|Enabled|Always|
 ### Windows Settings>Security Settings>Local Policies>Security Options
 |Policy Name| Value|When set?|
 |--- |--- |--- |
 |Interactive logon: Do not display last user name|Enabled, Disabled when account model is only guest|Always|
 |Interactive logon: Sign-in last interactive user automatically after a system-initiated restart|Disabled |Always|
 |Shutdown: Allow system to be shut down without having to log on|Disabled|Always|
 |User Account Control: Behavior of the elevation prompt for standard users|Auto deny|Always|
--- a/windows/configuration/shared-devices-concepts.md
+++ b/windows/configuration/shared-devices-concepts.md
@ -0,0 +1,74 @@
 ---
 title: Manage multi-user and guest Windows devices
 description: options to optimize Windows devices used in shared scenarios, such touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school.
 ms.date: 10/15/2022
 ms.prod: windows
 ms.technology: windows
 ms.topic: conceptual
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer:
 manager: aaroncz
 ms.collection: 
 appliesto:
 - ✅ <b>Windows 10</b>
 - ✅ <b>Windows 11</b>
 - ✅ <b>Windows 11 SE</b>
 ---
 # Manage multi-user and guest Windows devices with Shared PC
 Windows allows multiple users to sign in and use the same device, which is useful in scenarios like touchdown spaces in an enterprise, temporary customer use in retail or shared devices in a school.
 As more users access the same device, more resources on the devices are used. This can lead to performance issues and a degraded user experience.
 To optimize multi-user and guest devices, Windows provides options through a feature called *Shared PC*. These settings are designed to improve the experience for all users on the device, and to reduce the administrative overhead caused by the maintenance of multiple user profiles.
 This article describes the different options available in Shared PC.
 ## Shared PC mode
 A Windows device enabled for *Shared PC mode* is designed to be maintenance-free with high reliability. Devices configured in Shared PC mode have different settings designed to improve the experience for all users accessing a shared device.
 ## Account management
 When *Account management* is configured, user profiles are automatically deleted to free up disk space and resources. Account management is performed both at sign-out time and during system maintenance time periods. Shared PC mode can be configured to delete accounts immediately at sign-out, based on disk space thresholds, or based on inactivity thresholds.
 > [!IMPORTANT]
 > Shared PC is designed to take advantage of maintenance time periods, which run while the device is not in use. Therefore, devices should be put to **sleep** instead of shut down, so that they can wake up to perform maintenance tasks.
 > [!TIP]
 > While Shared PC does not configure the Windows Update client, it is recommended to configure Windows Update to automatically install updates and reboot during maintenance hours. This will help ensure the device is always up to date without interrupting users when the device is in use.
 ### Account models
 Shared PC offers the possibility to enable a **Guest** option on the sign-in screen. The Guest option doesn't require any user credentials or authentication, and creates a new local account each time it's used with access to the desktop. A **Guest button** is shown on the sign-in screen that a user can select.
 :::image type="content" source="./images/sharedpc-guest-win11.png" alt-text="Windows 11 sign-in screen with Guest option enabled." border="True":::
 Shared PC also offers a **Kiosk** mode, which automatically executes a specific application when the kiosk account signs-in. This is useful in scenarios where the device is accessed for a specific purpose, such as test taking in a school.
 :::image type="content" source="./images/sharedpc-kiosk-win11se.png" alt-text="Windows 11 sign-in screen with Guest and Kiosk options enabled." border="True":::
 ## Advanced customizations
 Shared PC offers advanced customizations for shared devices, such as specific settings for education devices, low end devices, and more.
 Shared devices require special considerations regarding power settings. Shared PC makes it easy to configure power settings for shared devices. The power settings are configured in the local group policy object (LGPO).
 > [!NOTE]
 > For devices without Advanced Configuration and Power Interface (ACPI) wake alarms, Shared PC will override real-time clock (RTC) wake alarms to be allowed to wake the PC from sleep (by default, RTC wake alarms are off). This ensures that the widest variety of hardware will take advantage of maintenance periods.
 ## Additional information
 - To learn how to configure Shared PC, see [Set up a shared or guest Windows device](set-up-shared-or-guest-pc.md).
 - For a list of settings configured by the different options offered by Shared PC, see the [Shared PC technical reference](shared-pc-technical.md).
 - For a list of settings exposed by the SharedPC configuration service provider, see [SharedPC CSP][WIN-3].
 - For a list of settings exposed by Windows Configuration Designer, see [SharedPC CSP][WIN-4].
 -----------
 [WIN-1]: /windows/configuration/provisioning-packages/provisioning-create-package
 [WIN-2]: /windows/configuration/provisioning-packages/provisioning-apply-package
 [WIN-3]: /windows/client-management/mdm/sharedpc-csp
 [WIN-4]: /windows/configuration/wcd/wcd-sharedpc
--- a/windows/configuration/shared-pc-technical.md
+++ b/windows/configuration/shared-pc-technical.md
@ -0,0 +1,130 @@
 ---
 title: Shared PC technical reference
 description: List of policies and settings applied by the Shared PC options.
 ms.date: 10/15/2022
 ms.prod: windows
 ms.technology: windows
 ms.topic: reference
 ms.localizationpriority: medium
 author: paolomatarazzo
 ms.author: paoloma
 ms.reviewer:
 manager: aaroncz
 ms.collection: 
 appliesto:
 - ✅ <b>Windows 10</b>
 - ✅ <b>Windows 11</b>
 - ✅ <b>Windows 11 SE</b>
 ---
 # Shared PC technical reference
 This article details the settings configured by the different options of Shared PC.
 > [!IMPORTANT]
 > The behavior of some options have changed over time. This article describes the current settings applied by Shared PC.
 ## EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync
 EnableSharedPCMode and EnableSharedPCModeWithOneDriveSync are the two policies that enable **Shared PC mode**. The only difference between the two is that EnableSharedPCModeWithOneDriveSync enables OneDrive synchronization, while EnableSharedPCMode disables it.
 When enabling Shared PC mode, the following settings in the local GPO are configured:
 | Policy setting | Status |
 |--|--|
 | Security Settings/Local Policies/Security Options/User Account Control: Behavior of elevation prompt for standard user | Automatically deny elevation requests |
 | Security Settings/Local Policies/Security Options/Interactive logon: Don't display last signed-in | Enabled |
 | Control Panel/Personalization/Prevent enabling lock screen slide show | Enabled |
 | System/Logon/Block user from showing account details on sign-in | Enabled |
 | System/Logon/Enumerate local users on domain-joined computers | Disabled |
 | System/Logon/Hide entry points for Fast User Switching | Enabled |
 | System/Logon/Show first sign-in animation | Disabled |
 | System/Logon/Turn off app notifications on the lock screen | Enabled |
 | System/Logon/Turn off picture password sign-in | Enabled |
 | System/Logon/Turn on convenience PIN sign-in | Disabled |
 | Windows Components/App Package Deployment/Allow a Windows app to share application data between users | Enabled |
 | Windows Components/Biometrics/Allow the use of biometrics | Disabled |
 | Windows Components/Biometrics/Allow users to log on using biometrics | Disabled |
 | Windows Components/Biometrics/Allow domain users to log on using biometrics | Disabled |
 | Windows Components/Data Collection and Preview Builds/Disable pre-release features or settings | Disabled (all experimentations are turned off) |
 | Windows Components/Data Collection and Preview Builds/Do not show feedback notifications | Enabled |
 | Windows Components/Data Collection and Preview Builds/Toggle user control over Insider builds | Disabled |
 | Windows Components/File Explorer/Show lock in the user tile menu | Disabled |
 | Windows Components/File History/Turn off File History | Enabled |
 | Windows Components/OneDrive/Prevent the usage of OneDrive for file storage |**Enabled** if using EnableSharedPCMode<br><br>**Disabled** is using EnableSharedPCModeWithOneDriveSync |
 | Windows Components/Windows Hello for Business/Use biometrics | Disabled |
 | Windows Components/Windows Hello for Business/Use Windows Hello for Business | Disabled |
 | Windows Components/Windows Logon Options/Sign-in and lock last interactive user automatically after a restart | Disabled |
 | Extra registry setting  | Status |
 |-------------------------------------------------------------------------------------------------------------------|----------|
 | Software\Policies\Microsoft\PassportForWork\Remote\Enabled (Phone sign-in/Use phone sign-in) | 0 |
 | Software\Policies\Microsoft\Windows\PreviewBuilds\AllowBuildPreview () | 0 |
 ## SetEDUPolicy
 By enabling SetEDUPolicy, the following settings in the local GPO are configured:
 | Policy setting | Status |
 |--|--|
 | System/User Profiles/Turn off the advertising ID | Enabled |
 | Windows Components/Cloud Content/Do not show Windows tips | Enabled |
 | Windows Components/Cloud Content/Turn off Microsoft consumer experiences | Enabled |
 ## SetPowerPolicies
 By enabling SetPowerPolicies, the following settings in the local GPO are configured:
 | Policy setting | Status|
 |--|--|
 | System/Power Management/Button Settings/Select the lid switch action (on battery) | Enabled > Sleep |
 | System/Power Management/Button Settings/Select the lid switch action (plugged in) | Enabled > Sleep |
 | System/Power Management/Button Settings/Select the Power button action (on battery) | Enabled > Sleep |
 | System/Power Management/Button Settings/Select the Power button action (plugged in) | Enabled > Sleep |
 | System/Power Management/Button Settings/Select the Sleep button action (on battery) | Enabled > Sleep |
 | System/Power Management/Button Settings/Select the Sleep button action (plugged in) | Enabled > Sleep |
 | System/Power Management/Energy Saver Settings/Energy Saver Battery Threshold (on battery) | Enabled > 70% |
 | System/Power Management/Sleep Settings/Allow standby states (S1-S3) when sleeping (on battery) | Enabled |
 | System/Power Management/Sleep Settings/Allow standby states (S1-S3) when sleeping (plugged in) | Enabled |
 | System/Power Management/Sleep Settings/Specify the system hibernate timeout (on battery) | 0 (Hibernation disabled) |
 | System/Power Management/Sleep Settings/Specify the system hibernate timeout (plugged in) | 0 (Hibernation disabled) |
 | System/Power Management/Sleep Settings/Turn off hybrid sleep (on battery) | Enabled |
 | System/Power Management/Sleep Settings/Turn off hybrid sleep (plugged in) | Enabled |
 ## MaintenanceStartTime
 By enabling MaintenanceStartTime, the following settings in the local GPO are configured:
 | Policy setting | Status|
 |--------------------------------------------------------------------------------------|--------------------------------|
 | Windows Components/Maintenance Scheduler/Automatic Maintenance Activation Boundary | 2000-01-01T00:00:00 (midnight) |
 | Windows Components/Maintenance Scheduler/Automatic Maintenance Random Delay  | Enabled PT2H (2 hours) |
 | Windows Components/Maintenance Scheduler/Automatic Maintenance WakeUp Policy | Enabled  |
 ## SignInOnResume
 By enabling SignInOnResume, the following settings in the local GPO are configured:
 | Policy setting | Status|
 |--|--|
 | System/Logon/Allow users to select when a password is required when resuming from connected standby | Disabled |
 | System/Power Management/Sleep Settings/Require a password when a computer wakes (on battery) | Enabled |
 | System/Power Management/Sleep Settings/Require a password when a computer wakes (plugged in) | Enabled |
 ## EnableAccountManager
 By enabling Enableaccountmanager, the following schedule task is turned on: `\Microsoft\Windows\SharedPC\Account Cleanup`.
 ## Shared PC APIs and app behavior
 Applications can take advantage of Shared PC mode with the following three APIs:  
 - [**IsEnabled**][API-1] - This API informs applications when the device is configured for shared use scenarios. For example, an app might only download content on demand on a device in shared PC mode, or might skip first run experiences.
 - [**ShouldAvoidLocalStorage**][API-2] - This API informs applications when the PC has been configured to not allow the user to save to the local storage of the PC. Instead, only cloud save locations should be offered by the app or saved automatically by the app.  
 - [**IsEducationEnvironment**][API-3] - This API informs applications when the PC is used in an education environment. Apps may want to handle diagnostic data differently or hide advertising functionality.  
 -----------
 [API-1]: /uwp/api/windows.system.profile.sharedmodesettings.isenabled
 [API-2]: /uwp/api/windows.system.profile.sharedmodesettings.shouldavoidlocalstorage
 [API-3]: /uwp/api/windows.system.profile.educationsettings
--- a/windows/configuration/wcd/wcd-sharedpc.md
+++ b/windows/configuration/wcd/wcd-sharedpc.md
@ -1,6 +1,6 @@
 ---
-title: SharedPC (Windows 10)
+title: SharedPC
-description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows 10 using Windows Configuration Designer.
+description: This section describes the SharedPC settings that you can configure in provisioning packages for Windows using Windows Configuration Designer.
 ms.prod: w10
 author: aczechowski
 ms.localizationpriority: medium
@ -13,8 +13,7 @@ manager: dougeby
 # SharedPC (Windows Configuration Designer reference)
-Use SharedPC settings to optimize Windows 10 for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail. 
+Use SharedPC settings to optimize Windows devices for shared use scenarios, such as touchdown spaces in an enterprise and temporary customer use in retail.
 ## Applies to
@ -37,16 +36,18 @@ Use these settings to configure settings for accounts allowed on the shared PC.
 | KioskModeAUMID  | String  | Set an Application User Model ID (AUMID) to enable the kiosk account on the sign in screen. A new account will be created and will use assigned access to only run the app specified by the AUMID. The app must be installed on the PC. Set the name of the account using **KioskModeUserTileDisplayText**, or a default name will be used. [Find the Application User Model ID of an installed app](/previous-versions/windows/embedded/dn449300(v=winembedded.82))  |
 | KioskModeUserTileDisplayText  | String  | Sets the display text on the kiosk account if **KioskModeAUMID** has been set.  |
 ## EnableSharedPCMode
-Set as **True**. When set to **False**, shared PC mode isn't turned on and none of the other settings apply. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings).
+Set as **True** to enable **Shared PC Mode**. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings).
 ## EnableSharedPCModeWithOneDriveSync
 Set as **True** to enable **Shared PC Mode**. This setting controls this API: [IsEnabled](/uwp/api/windows.system.profile.sharedmodesettings).
 Some of the remaining settings in SharedPC are optional, but we strongly recommend that you also set **EnableAccountManager** to **True**.
 ## PolicyCustomization
-Use these settings to configure policies for shared PC mode.
+Use these settings to configure additional Shared PC policies.
 | Setting | Value | Description |
 | --- | --- | --- |
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
@ -16,7 +16,7 @@ appliesto:
 - ✅ <b>Hybrid deployment</b>
 - ✅ <b>Cloud Kerberos trust</b>
 ---
-# Hybrid Cloud Kerberos Trust Deployment (Preview)
+# Hybrid Cloud Kerberos Trust Deployment
 Windows Hello for Business replaces username and password Windows sign-in with strong authentication using an asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario.