Merge branch 'main' of github.com:MicrosoftDocs/windows-docs-pr into pm-20240423-spotlight

2025-06-18 03:43:39 +00:00 · 2024-04-24 11:56:42 -04:00
parent e8f60455c8 2daca79b8b
commit bd779d2bf1
37 changed files with 685 additions and 860 deletions
--- a/.openpublishing.redirection.education.json
+++ b/.openpublishing.redirection.education.json
@ -229,6 +229,11 @@
      "source_path": "education/windows/windows-editions-for-education-customers.md",
      "redirect_url": "/education/windows",
      "redirect_document_id": false
    },
    {
      "source_path": "education/windows/configure-windows-for-education.md",
      "redirect_url": "/education/windows",
      "redirect_document_id": false
    }
  ]
 }
--- a/education/windows/configure-windows-for-education.md
+++ b/education/windows/configure-windows-for-education.md
@ -1,159 +0,0 @@
 ---
 title: Windows 10 configuration recommendations for education customers
 description: Learn how to configure the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, so that Windows is ready for your school.
 ms.topic: how-to
 ms.date: 08/10/2022
 appliesto:
  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10</a>
 ---
 # Windows 10 configuration recommendations for education customers
 Privacy is important to us, we want to provide you with ways to customize the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, for usage with [education editions of Windows 10](windows-editions-for-education-customers.md) in education environments. These features work on all Windows 10 editions, but education editions of Windows 10 have the settings preconfigured. We recommend that all Windows 10 devices in an education setting be configured with **[SetEduPolicies](#setedupolicies)** enabled. For more information, see the following table. To learn more about Microsoft's commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305).
 We want all students to have the chance to use the apps they need for success in the classroom and all school personnel to have apps they need for their job. Students and school personnel who use assistive technology apps not available in the Microsoft Store, and use devices running Windows 10 S, will be able to configure the device at no extra charge to Windows 10 Pro Education. To learn more about the steps to configure this device, see [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md).
 In Windows 10, version 1703 (Creators Update), it's straightforward to configure Windows to be education ready.
 | Area | How to configure | What this area does | Windows 10 Education | Windows 10 Pro Education | Windows 10 S | 
 | --- | --- | --- | --- | --- | --- |
 | **Diagnostic Data** | **AllowTelemetry** | Sets Diagnostic Data to [Basic](/windows/configuration/configure-windows-telemetry-in-your-organization) | This feature is already set | This feature is already set | The policy must be set |
 | **Microsoft consumer experiences** | **SetEduPolicies** | Disables suggested content from Windows such as app recommendations | This feature is already set | This feature is already set | The policy must be set |
 | **Cortana** | **AllowCortana** | Disables Cortana </br></br> * Cortana is enabled by default on all editions in Windows 10, version 1703 | If using Windows 10 Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. </br></br> See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | If using Windows 10 Pro Education, upgrading from Windows 10, version 1607 to Windows 10, version 1703 will enable Cortana. </br></br> See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. | See the [Recommended configuration](#recommended-configuration) section below for recommended Cortana settings. |
 | **Safe search** | **SetEduPolicies** | Locks Bing safe search to Strict in Microsoft Edge | This feature is already set | This feature is already set | The policy must be set |
 | **Bing search advertising** | Ad free search with Bing | Disables ads when searching the internet with Bing in Microsoft Edge. See [Ad-free search with Bing](#ad-free-search-with-bing | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) | View configuration instructions as detailed in [Ad-free search with Bing](#ad-free-search-with-bing) |
 | **Apps** | **SetEduPolicies** | Preinstalled apps like Microsoft Edge, Movies & TV, Groove, and Skype become education ready </br></br> * Any app can detect Windows is running in an education ready configuration through [IsEducationEnvironment](/uwp/api/windows.system.profile.educationsettings) | This feature is already set | This feature is already set | The policy must be set |
 ## Recommended configuration
 It's easy to be education ready when using Microsoft products. We recommend the following configuration:
 1. Use an Office 365 Education tenant. 
    With Office 365, you also have Microsoft Entra ID. To learn more about Office 365 Education features and pricing, see [Office 365 Education plans and pricing](https://products.office.com/en-us/academic/compare-office-365-education-plans).
 2. Activate Intune for Education in your tenant.
    You can [sign up to learn more about Intune for Education](https://info.microsoft.com/US-WNDWS-CNTNT-FY17-01Jan-17-IntuneforEducationlandingpageandnurture292531_01Registration-ForminBody.html).
 3. On PCs running Windows 10, version 1703:
   1. Provision the PC using one of these methods:
      * [Provision PCs with the Set up School PCs app](use-set-up-school-pcs-app.md) - The usage of this method will automatically set both **SetEduPolicies** to True and **AllowCortana** to False.
      * [Provision PCs with a custom package created with Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) - Make sure to set both **SetEduPolicies** to True and **AllowCortana** to False.
   2. Join the PC to Microsoft Entra ID.
      * Use Set up School PCs or Windows Configuration Designer to bulk enroll to Microsoft Entra ID.
      * Manually Microsoft Entra join the PC during the Windows device setup experience.
   3. Enroll the PCs in MDM.
      * If you've activated Intune for Education in your Microsoft Entra tenant, enrollment will happen automatically when the PC is joined to Microsoft Entra ID. Intune for Education will automatically set **SetEduPolicies** to True and **AllowCortana** to False.
   4. Ensure that needed assistive technology apps can be used.
      * If you've students or school personnel who rely on assistive technology apps that aren't available in the Microsoft Store, and who are using a Windows 10 S device, configure their device to Windows 10 Pro Education to allow the download and use of non-Microsoft Store assistive technology apps. See [Switch to Windows 10 Pro Education from Windows 10 Pro or Windows 10 S](change-to-pro-education.md) for more info.
 4. Distribute the PCs to students.
    Students sign in with their Azure AD/Office 365 identity, which enables single sign-on to Bing in Microsoft Edge, enabling an ad-free search experience with Bing in Microsoft Edge.
 5. Ongoing management through Intune for Education.
    You can set many policies through Intune for Education, including **SetEduPolicies** and **AllowCortana**, for ongoing management of the PCs.
 ## Configuring Windows
 You can configure Windows through provisioning or management tools including industry standard MDM.
 - Provisioning - A one-time setup process.
 - Management - A one-time and/or ongoing management of a PC by setting policies.
 You can set all the education compliance areas through both provisioning and management tools. Additionally, these Microsoft education tools will ensure PCs that you set up are education ready:
 - [Set up School PCs](use-set-up-school-pcs-app.md)
 - [Intune for Education](/intune-education/available-settings)
 ## AllowCortana
 **AllowCortana** is a policy that enables or disables Cortana. It's a policy node in the Policy configuration service provider, [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana). 
 > [!NOTE]
 > See the [Recommended configuration](#recommended-configuration) section for recommended Cortana settings.
 Use one of these methods to set this policy.
 ### MDM
 - Intune for Education automatically sets this policy in the **All devices** group policy configuration.
 - If you're using an MDM provider other than Intune for Education, check your MDM provider documentation on how to set this policy.
  - If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
      For example, in Intune, create a new configuration policy and add an OMA-URI. 
    - OMA-URI:  ./Vendor/MSFT/Policy/Config/Experience/AllowCortana
    - Data type:  Integer
    - Value:  0
 ### Group Policy
 Set **Computer Configuration > Administrative Templates > Windows Components > Search > AllowCortana** to **Disabled**.
 ### Provisioning tools
 - [Set up School PCs](use-set-up-school-pcs-app.md) always sets this policy in provisioning packages it creates.
 - [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) 
    - Under **Runtime settings**, click the **Policies** settings group, set **Experience > Cortana** to **No**.
 ## SetEduPolicies
 **SetEduPolicies** is a policy that applies a set of configuration behaviors to Windows. It's a policy node in the [SharedPC configuration service provider](/windows/client-management/mdm/sharedpc-csp).
 Use one of these methods to set this policy. 
 ### MDM
 - Intune for Education automatically sets this policy in the **All devices** group policy configuration.
 - If you're using an MDM provider other than Intune for Education, check your MDM provider documentation on how to set this policy.
  - If your MDM provider doesn't explicitly support this policy, you can manually set this policy if your MDM provider allows specific OMA-URIs to be manually set.
      For example, in Intune, create a new configuration policy and add an OMA-URI.
    - OMA-URI:  ./Vendor/MSFT/SharedPC/SetEduPolicies
    - Data type:  Boolean
    - Value:  true
      ![Create an OMA URI for SetEduPolices.](images/setedupolicies_omauri.png)
 ### Group Policy
 **SetEduPolicies** isn't natively supported in Group Policy. Instead, use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to set the policy in [MDM SharedPC](/windows/win32/dmwmibridgeprov/mdm-sharedpc). 
 For example:
 - Open PowerShell as an administrator and enter the following:
    ```
    $sharedPC = Get-CimInstance -Namespace "root\cimv2\mdm\dmmap" -ClassName "MDM_SharedPC"
    $sharedPC.SetEduPolicies = $True
    Set-CimInstance -CimInstance $sharedPC
    Get-CimInstance -Namespace $namespaceName -ClassName $MDM_SharedPCClass
    ```
 ### Provisioning tools
 - [Set up School PCs](use-set-up-school-pcs-app.md) always sets this policy in provisioning packages it creates.
 - [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-create-package) 
    - Under **Runtime settings**, click the **SharedPC** settings group, set **PolicyCustomization > SetEduPolicies** to **True**.
        ![Set SetEduPolicies to True in Windows Configuration Designer.](images/wcd/setedupolicies.png)
 ## Ad-free search with Bing
 Provide an ad-free experience that is a safer, more private search option for K–12 education institutions in the United States. 
 ### Configurations
 <a name='azure-ad-and-office-365-education-tenant'></a>
 #### Microsoft Entra ID and Office 365 Education tenant
 To suppress ads when searching with Bing on Microsoft Edge on any network, follow these steps:
 1. Ensure your Office 365 tenant is registered as an education tenant. For more information, see [Verify your Office 365 domain to prove education status](https://support.office.com/article/Verify-your-Office-365-domain-to-prove-ownership-nonprofit-or-education-status-or-to-activate-viva-engage-87d1844e-aa47-4dc0-a61b-1b773fd4e590).
 2. Domain join the Windows 10 PCs to your Microsoft Entra tenant (this tenant is the same as your Office 365 tenant).
 3. Configure **SetEduPolicies** according to one of the methods described in the previous sections in this topic.
 4. Have students sign in with their Microsoft Entra identity, which is the same as your Office 365 identity, to use the PC.
 > [!NOTE]
 > If you are verifying your Office 365 domain to prove education status (step 1 above), you may need to wait up to 7 days for the ad-free experience to take effect. Microsoft recommends not to roll out the browser to your students until that time.
 #### Office 365 sign-in to Bing
 To suppress ads only when the student signs into Bing with their Office 365 account in Microsoft Edge, follow these steps:
 1. Configure **SetEduPolicies** according to one of the methods described in the previous sections in this topic.
 2. Have students sign into Bing with their Office 365 account.
 ## Related topics
 [Deployment recommendations for school IT administrators](edu-deployment-recommendations.md)
--- a/education/windows/images/setedupolicies_omauri.png
+++ b/education/windows/images/setedupolicies_omauri.png
--- a/education/windows/images/wcd/setedupolicies.png
+++ b/education/windows/images/wcd/setedupolicies.png
--- a/education/windows/images/wcd/wcd_settings_assignedaccess.png
+++ b/education/windows/images/wcd/wcd_settings_assignedaccess.png
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@ -32,7 +32,7 @@ You can use Internet Information Services' (IIS) network load balancing (NLB) to
 Review the following articles to learn more about configuring IIS and NLB for computers running Windows Server operating systems:
-* [Achieving High Availability and Scalability - ARR and NLB](https://www.iis.net/learn/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb) describes how to configure IIS 7.0.
+* [Achieving High Availability and Scalability - ARR and NLB](/iis/extensions/configuring-application-request-routing-arr/achieving-high-availability-and-scalability-arr-and-nlb) describes how to configure IIS 7.0.
 * [Network load balancing overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831698(v=ws.11)) will tell you more about how to configure Microsoft Windows Server.
@ -88,13 +88,13 @@ Use the following steps to modify the connection string to include ```failover p
 3. Modify the **MANAGEMENT\_SQL\_CONNECTION\_STRING** value with the ```failover partner = <server2>``` value.
 4. Restart management service using the IIS console.
  > [!NOTE]
-   >Database Mirroring is on the list of [deprecated database engine features in SQL Server 2012](<https://msdn.microsoft.com/library/ms143729(v=sql.110).aspx>) due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012.
+   >Database Mirroring is on the list of [deprecated database engine features in SQL Server 2012](/previous-versions/sql/sql-server-2012/ms143729(v=sql.110)) due to the **AlwaysOn** feature available starting with Microsoft SQL Server 2012.
-Click any of the following links for more information:
+For more information, see the following articles:
 * [Prepare a mirror database for mirroring (SQL Server)](/sql/database-engine/database-mirroring/prepare-a-mirror-database-for-mirroring-sql-server).
 * [Establish a database mirroring session using Windows Authentication (SQL Server Management Studio)](/sql/database-engine/database-mirroring/establish-database-mirroring-session-windows-authentication).
-* [Deprecated database engine features in SQL Server 2012](<https://msdn.microsoft.com/library/ms143729(v=sql.110).aspx>).
+* [Deprecated database engine features in SQL Server 2012](/previous-versions/sql/sql-server-2012/ms143729(v=sql.110)).
 ## Support for Microsoft SQL Server Always On configuration
--- a/windows/client-management/manage-windows-copilot.md
+++ b/windows/client-management/manage-windows-copilot.md
@ -6,7 +6,9 @@ ms.subservice: windows-copilot
 ms.date: 03/21/2024
 ms.author: mstewart
 author: mestew
-ms.collection: windows-copilot
+ms.collection:
  - windows-copilot
  - magic-ai-copilot
 appliesto:
 - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11, version 22H2 or later</a>
 ---
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@ -1,7 +1,7 @@
 ---
 title: Policies in Policy CSP supported by Group Policy
 description: Learn about the policies in Policy CSP supported by Group Policy.
-ms.date: 04/10/2024
+ms.date: 04/23/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -871,7 +871,6 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 ## WindowsAI
 - [TurnOffWindowsCopilot](policy-csp-windowsai.md)
 - [DisableAIDataAnalysis](policy-csp-windowsai.md)
 ## WindowsDefenderSecurityCenter
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@ -1,7 +1,7 @@
 ---
 title: WindowsAI Policy CSP
 description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 01/31/2024
+ms.date: 04/23/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,74 +9,10 @@ ms.date: 01/31/2024
 <!-- WindowsAI-Begin -->
 # Policy CSP - WindowsAI
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- WindowsAI-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- WindowsAI-Editable-End -->
 <!-- DisableAIDataAnalysis-Begin -->
 ## DisableAIDataAnalysis
 <!-- DisableAIDataAnalysis-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [99.9.9999] |
 <!-- DisableAIDataAnalysis-Applicability-End -->
 <!-- DisableAIDataAnalysis-OmaUri-Begin -->
 ```User
 ./User/Vendor/MSFT/Policy/Config/WindowsAI/DisableAIDataAnalysis
 ```
 <!-- DisableAIDataAnalysis-OmaUri-End -->
 <!-- DisableAIDataAnalysis-Description-Begin -->
 <!-- Description-Source-DDF -->
 This policy setting allows you to prevent Windows AI from using and analyzing user patterns and data.
 - If you enable this policy setting, Windows AI won't be able to take advantage of historical user patterns.
 - If you disable or don't configure this policy setting, Windows AI will be able to assist users by considering their historical behaviors and data.
 <!-- DisableAIDataAnalysis-Description-End -->
 <!-- DisableAIDataAnalysis-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- DisableAIDataAnalysis-Editable-End -->
 <!-- DisableAIDataAnalysis-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- DisableAIDataAnalysis-DFProperties-End -->
 <!-- DisableAIDataAnalysis-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Enable Data Analysis for Windows AI. |
 | 1 | Disable Data Analysis for Windows AI. |
 <!-- DisableAIDataAnalysis-AllowedValues-End -->
 <!-- DisableAIDataAnalysis-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | DisableAIDataAnalysis |
 | Path | WindowsAI > AT > WindowsComponents > WindowsAI |
 <!-- DisableAIDataAnalysis-GpMapping-End -->
 <!-- DisableAIDataAnalysis-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- DisableAIDataAnalysis-Examples-End -->
 <!-- DisableAIDataAnalysis-End -->
 <!-- TurnOffWindowsCopilot-Begin -->
 ## TurnOffWindowsCopilot
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@ -1,7 +1,7 @@
 ---
 title: SurfaceHub CSP
 description: Learn more about the SurfaceHub CSP.
-ms.date: 01/18/2024
+ms.date: 04/22/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -65,6 +65,10 @@ The following list shows the SurfaceHub configuration service provider nodes:
  - [MOMAgent](#momagent)
    - [WorkspaceID](#momagentworkspaceid)
    - [WorkspaceKey](#momagentworkspacekey)
  - [MOMAgentGovtCloud](#momagentgovtcloud)
    - [AzureCloudIndexGovtCloud](#momagentgovtcloudazurecloudindexgovtcloud)
    - [WorkspaceIDGovtCloud](#momagentgovtcloudworkspaceidgovtcloud)
    - [WorkspaceKeyGovtCloud](#momagentgovtcloudworkspacekeygovtcloud)
  - [Properties](#properties)
    - [AllowAutoProxyAuth](#propertiesallowautoproxyauth)
    - [AllowSessionResume](#propertiesallowsessionresume)
@ -2011,6 +2015,162 @@ Primary key for authenticating with workspace. Will always return an empty strin
 <!-- Device-MOMAgent-WorkspaceKey-End -->
 <!-- Device-MOMAgentGovtCloud-Begin -->
 ## MOMAgentGovtCloud
 <!-- Device-MOMAgentGovtCloud-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.4355] and later |
 <!-- Device-MOMAgentGovtCloud-Applicability-End -->
 <!-- Device-MOMAgentGovtCloud-OmaUri-Begin -->
 ```Device
 ./Vendor/MSFT/SurfaceHub/MOMAgentGovtCloud
 ```
 <!-- Device-MOMAgentGovtCloud-OmaUri-End -->
 <!-- Device-MOMAgentGovtCloud-Description-Begin -->
 <!-- Description-Source-Not-Found -->
 <!-- Device-MOMAgentGovtCloud-Description-End -->
 <!-- Device-MOMAgentGovtCloud-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Device-MOMAgentGovtCloud-Editable-End -->
 <!-- Device-MOMAgentGovtCloud-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `node` |
 | Access Type | Get |
 <!-- Device-MOMAgentGovtCloud-DFProperties-End -->
 <!-- Device-MOMAgentGovtCloud-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Device-MOMAgentGovtCloud-Examples-End -->
 <!-- Device-MOMAgentGovtCloud-End -->
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Begin -->
 ### MOMAgentGovtCloud/AzureCloudIndexGovtCloud
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.4355] and later |
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Applicability-End -->
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-OmaUri-Begin -->
 ```Device
 ./Vendor/MSFT/SurfaceHub/MOMAgentGovtCloud/AzureCloudIndexGovtCloud
 ```
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-OmaUri-End -->
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Description-Begin -->
 <!-- Description-Source-DDF -->
 Enum value for Azure Clouds supported for OMS tracking in SurfaceHub.
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Description-End -->
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Editable-End -->
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Get, Replace |
 | Default Value  | 0 |
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-DFProperties-End -->
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-Examples-End -->
 <!-- Device-MOMAgentGovtCloud-AzureCloudIndexGovtCloud-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Begin -->
 ### MOMAgentGovtCloud/WorkspaceIDGovtCloud
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.4355] and later |
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Applicability-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-OmaUri-Begin -->
 ```Device
 ./Vendor/MSFT/SurfaceHub/MOMAgentGovtCloud/WorkspaceIDGovtCloud
 ```
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-OmaUri-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Description-Begin -->
 <!-- Description-Source-DDF -->
 GUID identifying the Microsoft Operations Management Suite workspace ID to collect the data for Govt Clouds. Set this to an empty string to disable the MOM agent.
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Description-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Editable-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Get, Replace |
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-DFProperties-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-Examples-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceIDGovtCloud-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Begin -->
 ### MOMAgentGovtCloud/WorkspaceKeyGovtCloud
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 22H2 [10.0.19045.4355] and later |
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Applicability-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-OmaUri-Begin -->
 ```Device
 ./Vendor/MSFT/SurfaceHub/MOMAgentGovtCloud/WorkspaceKeyGovtCloud
 ```
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-OmaUri-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Description-Begin -->
 <!-- Description-Source-DDF -->
 Primary key for authenticating with workspace for Govt Clouds. Will always return an empty string.
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Description-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Editable-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Get, Replace |
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-DFProperties-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-Examples-End -->
 <!-- Device-MOMAgentGovtCloud-WorkspaceKeyGovtCloud-End -->
 <!-- Device-Properties-Begin -->
 ## Properties
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: SurfaceHub DDF file
 description: View the XML file containing the device description framework (DDF) for the SurfaceHub configuration service provider.
-ms.date: 01/18/2024
+ms.date: 04/22/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -12,11 +12,10 @@ The following XML file contains the device description framework (DDF) for the S
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[<?oma-dm-ddf-ver supported-versions="1.2"?>]>
+<!DOCTYPE MgmtTree PUBLIC " -//OMA//DTD-DM-DDF 1.2//EN" "http://www.openmobilealliance.org/tech/DTD/DM_DDF-V1_2.dtd"[]>
 <MgmtTree xmlns:MSFT="http://schemas.microsoft.com/MobileDevice/DM">
  <VerDTD>1.2</VerDTD>
-  <MSFT:Diagnostics>
+  <MSFT:Diagnostics />
  </MSFT:Diagnostics>
  <Node>
    <NodeName>SurfaceHub</NodeName>
    <Path>./Vendor/MSFT</Path>
@ -86,8 +85,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -110,8 +108,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -134,8 +131,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -158,8 +154,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -203,8 +198,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -227,8 +221,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -251,8 +244,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -534,8 +526,7 @@ The following XML file contains the device description framework (DDF) for the S
              <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
              <MSFT:CspVersion>1.0</MSFT:CspVersion>
            </MSFT:Applicability>
-            <MSFT:AllowedValues ValueType="None">
+            <MSFT:AllowedValues ValueType="None" />
            </MSFT:AllowedValues>
          </DFProperties>
        </Node>
      </Node>
@ -611,8 +602,7 @@ The following XML file contains the device description framework (DDF) for the S
            <DFType>
              <MIME />
            </DFType>
-            <MSFT:AllowedValues ValueType="None">
+            <MSFT:AllowedValues ValueType="None" />
            </MSFT:AllowedValues>
          </DFProperties>
        </Node>
        <Node>
@ -753,8 +743,7 @@ The following XML file contains the device description framework (DDF) for the S
            <DFType>
              <MIME />
            </DFType>
-            <MSFT:AllowedValues ValueType="None">
+            <MSFT:AllowedValues ValueType="None" />
            </MSFT:AllowedValues>
          </DFProperties>
        </Node>
      </Node>
@ -982,8 +971,7 @@ The following XML file contains the device description framework (DDF) for the S
            <DFType>
              <MIME />
            </DFType>
-            <MSFT:AllowedValues ValueType="None">
+            <MSFT:AllowedValues ValueType="None" />
            </MSFT:AllowedValues>
          </DFProperties>
        </Node>
      </Node>
@ -1028,8 +1016,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -1522,8 +1509,7 @@ The following XML file contains the device description framework (DDF) for the S
            <MSFT:OsBuildVersion>10.0.15063, 10.0.14393.969</MSFT:OsBuildVersion>
            <MSFT:CspVersion>1.0</MSFT:CspVersion>
          </MSFT:Applicability>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -1584,8 +1570,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
    </Node>
@ -1633,8 +1618,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -1657,8 +1641,99 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
-          </MSFT:AllowedValues>
+        </DFProperties>
      </Node>
    </Node>
    <Node>
      <NodeName>MOMAgentGovtCloud</NodeName>
      <DFProperties>
        <AccessType>
          <Get />
        </AccessType>
        <DFFormat>
          <node />
        </DFFormat>
        <Occurrence>
          <One />
        </Occurrence>
        <Scope>
          <Permanent />
        </Scope>
        <DFType>
          <DDFName />
        </DFType>
        <MSFT:Applicability>
          <MSFT:OsBuildVersion>10.0.19045.4355</MSFT:OsBuildVersion>
          <MSFT:CspVersion>1.0</MSFT:CspVersion>
          <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBF;0xCA;0xCB;0xCD;</MSFT:EditionAllowList>
        </MSFT:Applicability>
      </DFProperties>
      <Node>
        <NodeName>WorkspaceIDGovtCloud</NodeName>
        <DFProperties>
          <AccessType>
            <Get />
            <Replace />
          </AccessType>
          <Description>GUID identifying the Microsoft Operations Management Suite workspace ID to collect the data for Govt Clouds. Set this to an empty string to disable the MOM agent.</Description>
          <DFFormat>
            <chr />
          </DFFormat>
          <Occurrence>
            <One />
          </Occurrence>
          <Scope>
            <Permanent />
          </Scope>
          <DFType>
            <MIME>text/plain</MIME>
          </DFType>
        </DFProperties>
      </Node>
      <Node>
        <NodeName>WorkspaceKeyGovtCloud</NodeName>
        <DFProperties>
          <AccessType>
            <Get />
            <Replace />
          </AccessType>
          <Description>Primary key for authenticating with workspace  for Govt Clouds.. Will always return an empty string.</Description>
          <DFFormat>
            <chr />
          </DFFormat>
          <Occurrence>
            <One />
          </Occurrence>
          <Scope>
            <Permanent />
          </Scope>
          <DFType>
            <MIME>text/plain</MIME>
          </DFType>
        </DFProperties>
      </Node>
      <Node>
        <NodeName>AzureCloudIndexGovtCloud</NodeName>
        <DFProperties>
          <AccessType>
            <Get />
            <Replace />
          </AccessType>
          <DefaultValue>0</DefaultValue>
          <Description>Enum value for Azure Clouds supported for OMS tracking in SurfaceHub.</Description>
          <DFFormat>
            <int />
          </DFFormat>
          <Occurrence>
            <One />
          </Occurrence>
          <Scope>
            <Permanent />
          </Scope>
          <DFType>
            <MIME>text/plain</MIME>
          </DFType>
        </DFProperties>
      </Node>
    </Node>
@ -1702,8 +1777,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -1726,8 +1800,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
    </Node>
@ -1754,8 +1827,7 @@ The following XML file contains the device description framework (DDF) for the S
          <MSFT:OsBuildVersion>10.0.17134, 10.0.16299.64</MSFT:OsBuildVersion>
          <MSFT:CspVersion>1.0</MSFT:CspVersion>
        </MSFT:Applicability>
-        <MSFT:AllowedValues ValueType="None">
+        <MSFT:AllowedValues ValueType="None" />
        </MSFT:AllowedValues>
      </DFProperties>
      <Node>
        <NodeName>LanProfile</NodeName>
@ -1777,8 +1849,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
      <Node>
@ -1801,8 +1872,7 @@ The following XML file contains the device description framework (DDF) for the S
          <DFType>
            <MIME />
          </DFType>
-          <MSFT:AllowedValues ValueType="None">
+          <MSFT:AllowedValues ValueType="None" />
          </MSFT:AllowedValues>
        </DFProperties>
      </Node>
    </Node>
--- a/windows/configuration/cellular/provisioning-apn.md
+++ b/windows/configuration/cellular/provisioning-apn.md
@ -1,47 +1,44 @@
 ---
-title: Configure cellular settings for tablets and PCs
+title: Configure cellular settings
-description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles.
+description: Learn how to provision cellular settings for devices with built-in modems or plug-in USB modem dongles.
 ms.topic: concept-article
-ms.date: 04/13/2018
+ms.date: 04/23/2024
 ---
-# Configure cellular settings for tablets and PCs
+# Configure cellular settings
->**Looking for consumer information?** See [Cellular settings in Windows 10](https://support.microsoft.com/help/10739/windows-10-cellular-settings)
+This article describes how to configure cellular settings for devices that have a cellular modem using a [provisioning package](../provisioning-packages/provisioning-packages.md). After the devices are configured, users are automatically connected using the access point name (APN) defined in the provisioning package, without needing to connect manually.
-Enterprises can configure cellular settings for tablets and PC that have built-in cellular modems or plug-in USB modem dongles and apply the settings in a [provisioning package](../provisioning-packages/provisioning-packages.md). After the devices are configured, users are automatically connected using the access point name (APN) defined by the enterprise without needing to manually connect.
+For users who work in different locations, you can configure one APN to connect when the users are at work, and a different APN when the users are traveling.
 For users who work in different locations, you can configure one APN to connect when the users are at work and a different APN when the users are traveling.
 ## Prerequisites
- Windows 10, version 1703, desktop editions (Home, Pro, Enterprise, Education)
+- Device with built-in cellular modem or plug-in USB modem dongle
 - Tablet or PC with built-in cellular modem or plug-in USB modem dongle
 - [Windows Configuration Designer](../provisioning-packages/provisioning-install-icd.md)
- APN (the address that your PC uses to connect to the Internet when using the cellular data connection)
+- APN (the address that the device uses to connect to the Internet when using the cellular data connection)
 ## How to configure cellular settings in a provisioning package
-1. In Windows Configuration Designer, [start a new project](../provisioning-packages/provisioning-create-package.md) using the **Advanced provisioning** option.
+1. In Windows Configuration Designer, [start a new project](../provisioning-packages/provisioning-create-package.md) using the **Advanced provisioning** option
-1. Enter a name for your project, and then click **Next**.
+1. Enter a name for your project, and then select **Next**
-1. Select **All Windows desktop editions**, click **Next**, and then click **Finish**.
+1. Select **All Windows desktop editions**, select **Next**, and then select **Finish**
-1. Go to **Runtime settings > Connections > EnterpriseAPN**.
+1. Go to **Runtime settings > Connections > EnterpriseAPN**
-1. Enter a name for the connection, and then click **Add**.
+1. Enter a name for the connection, and then select **Add**
 ![Example of APN connection name.](images/apn-add.png)
-1. The connection appears in the **Available customizations** pane. Select it to view the settings that you can configure for the connection.
+1. The connection appears in the **Available customizations** pane. Select it to view the settings that you can configure for the connection
 ![settings for new connection.](images/apn-add-details.png)
-1. The following table describes the settings available for the connection.
+1. The following table describes the settings available for the connection
    | Setting | Description |
    | --- | --- |
-    | AlwaysOn | By default, the Connection Manager will automatically attempt to connect to the APN when a connection is available. You can disable this setting. |
+    | AlwaysOn | By default, the Connection Manager automatically attempts to connect to the APN when a connection is available. You can disable the setting. |
    | APNName | Enter the name of the APN. |
    | AuthType | You can select **None** (the default), or specify **Auto**, **PAP**, **CHAP**, or **MSCHAPv2** authentication. If you select PAP, CHAP, or MSCHAPv2 authentication, you must also enter a user name and password.  |
-    | ClassId | This is a GUID that defines the APN class to the modem. This is only required when **IsAttachAPN** is **true** and the attach APN is not only used as the Internet APN. |
+    | ClassId | This is a GUID that defines the APN class to the modem. This is only required when **IsAttachAPN** is **true** and the attached APN isn't only used as the Internet APN. |
    | Enabled | By default, the connection is enabled. You can change this setting. |
    | IccId | This is the Integrated Circuit Card ID (ICCID) associated with the cellular connection profile.  |
    | IPType | By default, the connection can use IPv4 and IPv6 concurrently. You can change this setting to only IPv4, only IPv6, or IPv6 with IPv4 provided by 46xlat. |
@ -55,22 +52,22 @@ For users who work in different locations, you can configure one APN to connect
 ## Confirm the settings
-After you apply the provisioning package, you can confirm that the settings have been applied.
+After you apply the provisioning package, you can confirm that the settings are applied.
-1. On the configured device, open a command prompt as an administrator.
+1. On the configured device, open a command prompt as an administrator
 1. Run the following command:
    ```cmd
    netsh mbn show profiles
    ```
-1. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
+1. The command lists the mobile broadband profiles. Using the **Name** for the listed mobile broadband profile, run:
    ```cmd
    netsh mbn show profiles name="name"
    ```
-    This command will list details for that profile, including Access Point Name.
+    This command lists the details for that profile, including Access Point Name.
 Alternatively, you can also use the command:
@ -84,4 +81,4 @@ From the results of that command, get the name of the cellular/mobile broadband
 netsh mbn show connection interface="name"
 ```
-The result of that command will show details for the cellular interface, including Access Point Name.
+The result of that command shows the details for the cellular interface, including Access Point Name.
--- a/windows/configuration/taskbar/images/pin-add-11.png
+++ b/windows/configuration/taskbar/images/pin-add-11.png
--- a/windows/configuration/taskbar/images/pin-layout-11.png
+++ b/windows/configuration/taskbar/images/pin-layout-11.png
--- a/windows/configuration/taskbar/images/pin-remove-11.png
+++ b/windows/configuration/taskbar/images/pin-remove-11.png
--- a/windows/configuration/taskbar/images/pin-replace-11.png
+++ b/windows/configuration/taskbar/images/pin-replace-11.png
--- a/windows/configuration/taskbar/images/taskbar-11.png
+++ b/windows/configuration/taskbar/images/taskbar-11.png
--- a/windows/configuration/taskbar/images/taskbar-sections-11.png
+++ b/windows/configuration/taskbar/images/taskbar-sections-11.png
--- a/windows/configuration/taskbar/includes/turn-off-windows-copilot.md
+++ b/windows/configuration/taskbar/includes/turn-off-windows-copilot.md
@ -1,18 +0,0 @@
 ---
 author: paolomatarazzo
 ms.author: paoloma
 ms.date: 04/11/2024
 ms.topic: include
 ---
 ### Turn off Windows Copilot
 This policy setting allows you to turn off Windows Copilot.
 - If you enable this policy setting, users can't use Copilot. The Copilot icon doesn't appear on the taskbar either
 - If you disable or don't configure this policy setting, users can use Copilot, if available
 |  | Path |
 |--|--|
 | **CSP** | `./User/Vendor/MSFT/Policy/Config/WindowsAI/`[TurnOffWindowsCopilot](/windows/client-management/mdm/policy-csp-windowsai#turnoffwindowscopilot) |
 | **GPO** | **User Configuration** > **Administrative Templates** > **Windows Components** > **Windows Copilot** |
--- a/windows/configuration/taskbar/index.md
+++ b/windows/configuration/taskbar/index.md
@ -49,6 +49,7 @@ Let's review the components of the Windows taskbar by dividing it into three are
    1. The system tray, which displays icons like the pen menu, touch keyboard, virtual touchpad, and any application icons that are running in the background like OneDrive, Teams, or antivirus software
    1. Quick Actions
    1. Calendar
    1. Action Center
    1. Action center
    1. Copilot
@ -73,7 +74,6 @@ Let's review the components of the Windows taskbar by dividing it into two areas
    - The system tray, which displays icons like the pen menu, touch keyboard, virtual touchpad, power, network, volume, and any application icons that are running in the background like OneDrive, Teams, or antivirus software
    - Calendar
    - Action center
    - Copilot
 :::image type="content" source="images/taskbar-sections-10.png" alt-text="Screenshot of the Windows 11 taskbar with the two areas highlighted." border="false" lightbox="./images/taskbar-sections-10.png":::
--- a/windows/configuration/taskbar/policy-settings.md
+++ b/windows/configuration/taskbar/policy-settings.md
@ -37,7 +37,6 @@ Select one of the tabs to see the list of available settings:
 |[Show additional calendar](#show-additional-calendar)|❌|✅|
 |[Simplify Quick Settings Layout](#simplify-quick-settings-layout)|✅|✅|
 |[Turn off automatic promotion of notification icons to the taskbar](#turn-off-automatic-promotion-of-notification-icons-to-the-taskbar)|❌|✅|
 |[Turn off Windows Copilot](#turn-off-windows-copilot)|✅|✅|
 ::: zone-end
@ -62,7 +61,6 @@ Select one of the tabs to see the list of available settings:
 |[Show additional calendar](#show-additional-calendar)|❌|✅|
 |[Turn off automatic promotion of notification icons to the taskbar](#turn-off-automatic-promotion-of-notification-icons-to-the-taskbar)|❌|✅|
 |[Turn off notification area cleanup](#turn-off-notification-area-cleanup)|❌|✅|
 |[Turn off Windows Copilot](#turn-off-windows-copilot)|✅|✅|
 ::: zone-end
@ -109,8 +107,6 @@ Select one of the tabs to see the list of available settings:
 [!INCLUDE [turn-off-notification-area-cleanup](includes/turn-off-notification-area-cleanup.md)]
 ::: zone-end
 [!INCLUDE [turn-off-windows-copilot](includes/turn-off-windows-copilot.md)]
 #### [:::image type="icon" source="../images/icons/touch.svg"::: **Taskbar behaviors**](#tab/actions)
 ::: zone pivot="windows-11"
--- a/windows/security/cloud-security/index.md
+++ b/windows/security/cloud-security/index.md
@ -1,6 +1,6 @@
 ---
 title: Windows and cloud security
-description: Get an overview of cloud security features in Windows
+description: Get an overview of cloud security features in Windows.
 ms.date: 08/02/2023
 ms.topic: overview
 author: paolomatarazzo
@ -9,7 +9,7 @@ ms.author: paoloma
 # Windows and cloud security
-Today's workforce has more freedom and mobility than ever before, and the risk of data exposure is also at its highest. We are focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on zero-trust principles, Windows works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats.
+Today's workforce has more freedom and mobility than ever before, and the risk of data exposure is also at its highest. We're focused on getting customers to the cloud to benefit from modern hybrid workstyles while improving security management. Built on zero-trust principles, Windows works with Microsoft cloud services to safeguard sensitive information while controlling access and mitigating threats.
 From identity and device management to Office apps and data storage, Windows and integrated cloud services can help improve productivity, security, and resilience anywhere.
--- a/windows/security/identity-protection/hello-for-business/configure.md
+++ b/windows/security/identity-protection/hello-for-business/configure.md
@ -2,7 +2,7 @@
 title: Configure Windows Hello for Business
 description: Learn about the configuration options for Windows Hello for Business and how to implement them in your organization.
 ms.topic: how-to
-ms.date: 01/03/2024
+ms.date: 04/23/2024
 ---
 # Configure Windows Hello for Business
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
@ -1,7 +1,7 @@
 ---
 title: Dynamic lock
 description: Learn how to configure dynamic lock on Windows devices via group policies. This feature locks a device when a Bluetooth signal falls below a set value.
-ms.date: 02/29/2024
+ms.date: 04/23/2024
 ms.topic: how-to
 ---
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@ -1,7 +1,7 @@
 ---
 title: Configure single sign-on (SSO) for Microsoft Entra joined devices
 description: Learn how to configure single sign-on to on-premises resources for Microsoft Entra joined devices, using Windows Hello for Business.
-ms.date: 12/30/2022
+ms.date: 04/23/2024
 ms.topic: how-to
 ---
@ -9,7 +9,7 @@ ms.topic: how-to
 [!INCLUDE [apply-to-hybrid-key-and-cert-trust](deploy/includes/apply-to-hybrid-key-and-cert-trust.md)]
-Windows Hello for Business combined with Microsoft Entra joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential. Some resources may remain on-premises as enterprises transition resources to the cloud and Microsoft Entra joined devices may need to access these resources. With additional configurations to the hybrid deployment, you can provide single sign-on to on-premises resources for Microsoft Entra joined devices using Windows Hello for Business, using a key or a certificate.
+Windows Hello for Business combined with Microsoft Entra joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential. As organizations transition resources to the cloud, some resources might remain on-premises, and Microsoft Entra joined devices might need to access them. With additional configurations to the hybrid deployment, you can provide single sign-on to on-premises resources for Microsoft Entra joined devices using Windows Hello for Business, using a key or a certificate.
 > [!NOTE]
 > These steps are not needed when using the cloud Kerberos trust model.
@ -25,14 +25,14 @@ Unlike Microsoft Entra hybrid joined devices, Microsoft Entra joined devices don
 ### CRL Distribution Point (CDP)
-Certificates issued by a certificate authority can be revoked. When a certificate authority revokes as certificate, it writes information about the certificate into a *certificate revocation list* (CRL).\
+Certificates issued by a certificate authority can be revoked. When a certificate authority revokes a certificate, it writes information about the certificate into a *certificate revocation list* (CRL).\
 During certificate validation, Windows compares the current certificate with information in the CRL to determine if the certificate is valid.
-![Domain Controller Certificate with LDAP CDP.](images/aadj/Certificate-CDP.png)
+:::image type="content" source="images/aadj/Certificate-CDP.png" alt-text="Screenshot of a certificate's CDP property.":::
-The preceding domain controller certificate shows a *CRL distribution point* (CDP) in Active Directory. The value in the URL begins with *ldap*. Using Active Directory for domain joined devices provides a highly available CRL distribution point. However, Microsoft Entra joined devices can't read data from Active Directory, and certificate validation doesn't provide an opportunity to authenticate prior to reading the CRL. The authentication becomes a circular problem: the user is attempting to authenticate, but must read Active Directory to complete the authentication, but the user can't read Active Directory because they haven't authenticated.
+In the screenshot, the CDP property of the domain controller certificate shows an LDAP path. Using Active Directory for domain joined devices provides a highly available CRL distribution point. However, Microsoft Entra joined devices can't read data from Active Directory, and certificate validation doesn't provide an opportunity to authenticate prior to reading the CRL. The authentication becomes a circular problem: the user is attempting to authenticate, but must read Active Directory to complete the authentication, but the user can't read Active Directory because they haven't authenticated.
-To resolve this issue, the CRL distribution point must be a location accessible by Microsoft Entra joined devices that doesn't require authentication. The easiest solution is to publish the CRL distribution point on a web server that uses HTTP (not HTTPS).
+To resolve this issue, the CRL distribution point must be a location accessible by Microsoft Entra joined devices that don't require authentication. The easiest solution is to publish the CRL distribution point on a web server that uses HTTP (not HTTPS).
 If your CRL distribution point doesn't list an HTTP distribution point, then you need to reconfigure the issuing certificate authority to include an HTTP CRL distribution point, preferably first, in the list of distribution points.
@ -45,17 +45,18 @@ Certificate authorities write CDP information in certificates as they're issued.
 #### Why does Windows need to validate the domain controller certificate?
-Windows Hello for Business enforces the strict KDC validation security feature when authenticating from a Microsoft Entra joined device to a domain. This enforcement imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business on a Microsoft Entra joined device, the Windows client validates the reply from the domain controller by ensuring all of the following are met:
+Windows Hello for Business enforces the *strict KDC validation* security feature when authenticating from a Microsoft Entra joined device to a domain. This enforcement imposes more restrictive criteria that must be met by the Key Distribution Center (KDC). When authenticating using Windows Hello for Business on a Microsoft Entra joined device, the Windows client validates the reply from the domain controller by ensuring all of the following are met:
 - The domain controller has the private key for the certificate provided
 - The root CA that issued the domain controller's certificate is in the device's *Trusted Root Certificate Authorities*
 - Use the *Kerberos Authentication certificate template* instead of any other older template
 - The domain controller's certificate has the *KDC Authentication* extended key usage (EKU)
 - The domain controller's certificate's subject alternate name has a DNS Name that matches the name of the domain
- The domain controller's certificate's signature hash algorithm is **sha256**
+- The domain controller's certificate's signature hash algorithm is *sha256*
- The domain controller's certificate's public key is **RSA (2048 Bits)**
+- The domain controller's certificate's public key is *RSA (2048 Bits)*
-Authenticating from a Microsoft Entra hybrid joined device to a domain using Windows Hello for Business doesn't enforce that the domain controller certificate includes the *KDC Authentication* EKU. If you're adding Microsoft Entra joined devices to an existing domain environment, make sure to verify that your domain controller certificate has been updated to include the *KDC Authentication* EKU.
+> [!IMPORTANT]
 > Authenticating from a Microsoft Entra hybrid joined device to a domain using Windows Hello for Business doesn't enforce that the domain controller certificate includes the *KDC Authentication* EKU. If you're adding Microsoft Entra joined devices to an existing domain environment, make sure to verify that your domain controller certificate has been updated to include the *KDC Authentication* EKU.
 ## Configure a CRL distribution point for an issuing CA
@ -118,7 +119,7 @@ These procedures configure NTFS and share permissions on the web server to allow
 1. In the **Advanced Sharing** dialog box, select **OK**
 > [!Tip]
-> Make sure that users can access **\\\Server FQDN\sharename**.
+> Make sure that users can access `\\Server FQDN\sharename`.
 ### Disable Caching
 1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server)
@ -216,6 +217,7 @@ With the CA properly configured with a valid HTTP-based CRL distribution point,
 1. In the navigation pane, expand **Personal**. Select **Certificates**. In the details pane, double-click the existing domain controller certificate includes **KDC Authentication** in the list of **Intended Purposes**
 1. Select the **Details** tab. Scroll down the list until **CRL Distribution Points** is visible in the **Field** column of the list. Select **CRL Distribution Point**
 1. Review the information below the list of fields to confirm the new URL for the CRL distribution point is present in the certificate. Select **OK**
    ![New Certificate with updated CDP.](images/aadj/dc-cert-with-new-cdp.png)
 ## Deploy the root CA certificate to Microsoft Entra joined devices
--- a/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works-authentication.md
@ -1,7 +1,7 @@
 ---
 title: How Windows Hello for Business authentication works
 description: Learn about the Windows Hello for Business authentication flows.
-ms.date: 01/03/2024
+ms.date: 04/23/2024
 ms.topic: reference
 ---
 # Windows Hello for Business authentication
--- a/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works-provisioning.md
@ -1,7 +1,7 @@
 ---
 title: How Windows Hello for Business provisioning works
 description: Learn about the provisioning flows for Windows Hello for Business.
-ms.date: 01/03/2024
+ms.date: 04/23/2024
 ms.topic: reference
 appliesto:
 ---
--- a/windows/security/identity-protection/hello-for-business/how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/how-it-works.md
@ -1,7 +1,7 @@
 ---
 title: How Windows Hello for Business works
 description: Learn how Windows Hello for Business works, and how it can help you protect your organization.
-ms.date: 01/09/2024
+ms.date: 04/23/2024
 ms.topic: concept-article
 ---
@ -78,7 +78,7 @@ All devices included in the Windows Hello for Business deployment must go throug
 - For cloud and hybrid deployments, the identity provider is Microsoft Entra ID, and the device registers with the *Device Registration Service*
 - For on-premises deployments, the identity provider is Active Directory Federation Services (AD FS), and the device registers with the *Enterprise Device Registration Service* hosted on AD FS
-When a device is registered, the IdP provides the device with an identity that is used to authenticate the device when a user signs-in.
+When a device is registered, the IdP provides the device with an identity that is used to authenticate the device when a user signs in.
 There are different registration types, which are identified as *join type*. For more information, see [What is a device identity][ENTRA-1].
@ -156,8 +156,8 @@ Access to the key material stored in the container, is enabled only by the PIN o
 A container can contain several types of key material:
 - An *authentication key*, which is always an asymmetric public-private key pair. This key pair is generated during registration. It must be unlocked each time it's accessed, by using either the user's PIN or a biometric gesture. The authentication key exists until the user resets the PIN, at which time a new key is generated. When the new key is generated, all the key material that the old key previously protected must be decrypted and re-encrypted using the new key
- One or multiple *user ID keys*. These keys can be either symmetric or asymmetric, depending on which IdP you use. For certificate-based Windows Hello for Work, when the container is unlocked, applications that require access to the user ID key or key pair can request access. User ID keys are used to sign or encrypt authentication requests or tokens sent from this device to the IdP. User ID keys are typically long-lived but could have a shorter lifetime than the authentication key. Microsoft accounts, Active Directory accounts, and Microsoft Entra accounts all require the use of asymmetric key pairs. The device generates public and private keys, registers the public key with the IdP (which stores it for later verification), and securely stores the private key. For organizatrons, the user ID keys can be generated in two ways:
+- One or multiple *user ID keys*. These keys can be either symmetric or asymmetric, depending on which IdP you use. For certificate-based Windows Hello for Work, when the container is unlocked, applications that require access to the user ID key or key pair can request access. User ID keys are used to sign or encrypt authentication requests or tokens sent from this device to the IdP. User ID keys are typically long-lived but could have a shorter lifetime than the authentication key. Microsoft accounts, Active Directory accounts, and Microsoft Entra accounts all require the use of asymmetric key pairs. The device generates public and private keys, registers the public key with the IdP (which stores it for later verification), and securely stores the private key. For organizations, the user ID keys can be generated in two ways:
-  - The user ID key pair can be associated with an organization's Certificate Authority (CA). This option lets organizations that have an existing PKI continue to use it where appropriate. Given that many applications, such as VPN solutions, require the use of certificates, when you deploy Windows Hello in this mode, it allows a faster transition away from user passwords while still preserving certificate-based functionality. This option also allows the organization to store other certificates in the protected container. For example, certificates that allows the user to authenticate via RDP
+  - The user ID key pair can be associated with an organization's Certificate Authority (CA). This option lets organizations that have an existing PKI continue to use it where appropriate. Given that many applications, such as VPN solutions, require the use of certificates, when you deploy Windows Hello in this mode, it allows a faster transition away from user passwords while still preserving certificate-based functionality. This option also allows the organization to store other certificates in the protected container. For example, certificates that allow the user to authenticate via RDP
  - The IdP can generate the user ID key pair directly, which allows quick, lower-overhead deployment of Windows Hello in environments that don't have or need a PKI
 User ID keys are used to authenticate the user to a service. For example, by signing a nonce to prove possession of the private key, which corresponds to a registered public key. Users with an Active Directory, Microsoft Entra ID or Microsoft account have a key associated with their account. The key can be used to sign into their Windows device by authenticating to a domain controller (Active Directory scenario), or to the cloud (Microsoft Entra ID and MSA scenarios).
--- a/windows/security/identity-protection/hello-for-business/index.md
+++ b/windows/security/identity-protection/hello-for-business/index.md
@ -2,7 +2,7 @@
 title: Windows Hello for Business overview
 description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on Windows devices.
 ms.topic: overview
-ms.date: 01/03/2024
+ms.date: 04/23/2024
 ---
 # Windows Hello for Business
--- a/windows/security/identity-protection/hello-for-business/multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/multifactor-unlock.md
@ -1,7 +1,7 @@
 ---
 title: Multi-factor unlock
 description: Learn how to configure Windows Hello for Business multi-factor unlock by extending Windows Hello with trusted signals.
-ms.date: 01/03/2024
+ms.date: 04/23/2024
 ms.topic: how-to
 ---
--- a/windows/security/identity-protection/hello-for-business/pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/pin-reset.md
@ -1,7 +1,7 @@
 ---
 title: PIN reset
 description: Learn how Microsoft PIN reset service enables your users to recover a forgotten Windows Hello for Business PIN, and how to configure it.
-ms.date: 01/03/2024
+ms.date: 04/23/2024
 ms.topic: how-to
 ---
--- a/windows/security/identity-protection/hello-for-business/policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/policy-settings.md
@ -2,7 +2,7 @@
 title: Windows Hello for Business policy settings
 description: Learn about the policy settings to configure Configure Windows Hello for Business.
 ms.topic: reference
-ms.date: 01/03/2024
+ms.date: 04/23/2024
 ---
 # Windows Hello for Business policy settings
--- a/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
+++ b/windows/security/identity-protection/hello-for-business/rdp-sign-in.md
@ -1,7 +1,7 @@
 ---
 title: Remote Desktop sign-in with Windows Hello for Business
 description: Learn how to configure Remote Desktop (RDP) sign-in with Windows Hello for Business.
-ms.date: 12/11/2023
+ms.date: 04/23/2024
 ms.topic: how-to
 ---
--- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md
+++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
@ -1,7 +1,7 @@
 ---
 title: WebAuthn APIs
 description: Learn how to use WebAuthn APIs to enable passwordless authentication for your sites and apps.
-ms.date: 07/27/2023
+ms.date: 04/23/2024
 ms.topic: how-to
 ---
 # WebAuthn APIs for passwordless authentication on Windows
--- a/windows/security/includes/mdag-edge-deprecation-notice.md
+++ b/windows/security/includes/mdag-edge-deprecation-notice.md
@ -1,9 +1,10 @@
 ---
 author: vinaypamnani-msft
 ms.author: vinpa
-ms.date: 12/13/2023
+ms.date: 04/23/2024
 ms.topic: include
 ---
 > [!NOTE]
-> Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and [will no longer be updated](/windows/whats-new/feature-lifecycle). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities.
+> - Microsoft Defender Application Guard, including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), will be deprecated for Microsoft Edge for Business and [will no longer be updated](/windows/whats-new/feature-lifecycle). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities.
 > - Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding extensions and associated [Windows Store app](https://apps.microsoft.com/detail/9N8GNLC8Z9C8) will not be available after May 2024. This affects the following browsers: [*Application Guard Extension - Chrome*](https://chromewebstore.google.com/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj) and [*Application Guard Extension - Firefox*](https://addons.mozilla.org/firefox/addon/application-guard-extension/). If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard).<!--8932292--> 
--- a/windows/whats-new/deprecated-features.md
+++ b/windows/whats-new/deprecated-features.md
@ -1,7 +1,7 @@
 ---
 title: Deprecated features in the Windows client
 description: Review the list of features that Microsoft is no longer actively developing in Windows 10 and Windows 11.
-ms.date: 03/25/2024
+ms.date: 04/23/2024
 ms.service: windows-client
 ms.subservice: itpro-fundamentals
 ms.localizationpriority: medium
@ -51,7 +51,7 @@ The features in this article are no longer being actively developed, and might b
 | TLS server authentication certificates using RSA keys with key lengths shorter than 2048 bits <!--8644149-->| Support for certificates using RSA keys with key lengths shorter than 2048 bits will be deprecated. Internet standards and regulatory bodies disallowed the use of 1024-bit keys in 2013, recommending specifically that RSA keys should have a key length of 2048 bits or longer. For more information, see [Transitioning of Cryptographic Algorithms and Key Sizes - Discussion Paper (nist.gov)](https://csrc.nist.gov/CSRC/media/Projects/Key-Management/documents/transitions/Transitioning_CryptoAlgos_070209.pdf). This deprecation focuses on ensuring that all RSA certificates used for TLS server authentication must have key lengths greater than or equal to 2048 bits to be considered valid by Windows. </br></br> TLS certificates issued by enterprise or test certification authorities (CA) aren't impacted with this change. However, we recommend that they be updated to RSA keys greater than or equal to 2048 bits as a security best practice. This change is necessary to preserve security of Windows customers using certificates for authentication and cryptographic purposes.| March 2024|
 | Test Base <!--8790681--> | [Test Base for Microsoft 365](/microsoft-365/test-base/overview), an Azure cloud service for application testing, is deprecated. The service will be retired in the future and will be no longer available for use after retirement. | March 2024 |
 | Windows Mixed Reality <!--8412877--> | [Windows Mixed Reality](/windows/mixed-reality/enthusiast-guide/before-you-start) is deprecated and will be removed in Windows 11, version 24H2. This deprecation includes the [Mixed Reality Portal](/windows/mixed-reality/enthusiast-guide/install-windows-mixed-reality) app, [Windows Mixed Reality for SteamVR](/windows/mixed-reality/enthusiast-guide/using-steamvr-with-windows-mixed-reality), and Steam VR Beta. Existing Windows Mixed Reality devices will continue to work with Steam through November 2026, if users remain on their current released version of Windows 11, version 23H2. After November 2026, Windows Mixed Reality will no longer receive security updates, nonsecurity updates, bug fixes, technical support, or online technical content updates.</br> </br>This deprecation doesn't affect HoloLens. We remain committed to HoloLens and our enterprise customers. | December 2023 |
-| Microsoft Defender Application Guard for Edge <!--8591267-->| [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. | December 2023 |
+| Microsoft Defender Application Guard for Edge <!--8591267-->| [Microsoft Defender Application Guard](/windows/security/application-security/application-isolation/microsoft-defender-application-guard/md-app-guard-overview), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated for Microsoft Edge for Business and [will no longer be updated](feature-lifecycle.md). Please download the [Microsoft Edge For Business Security Whitepaper](https://edgestatic.azureedge.net/shared/cms/pdfs/Microsoft_Edge_Security_Whitepaper_v2.pdf) to learn more about Edge for Business security capabilities. </br></br> **[Update - April 2024]**: Because Application Guard is deprecated there will not be a migration to Edge Manifest V3. The corresponding extensions and associated [Windows Store app](https://apps.microsoft.com/detail/9N8GNLC8Z9C8) will not be available after May 2024. This affects the following browsers: [*Application Guard Extension - Chrome*](https://chromewebstore.google.com/detail/application-guard-extensi/mfjnknhkkiafjajicegabkbimfhplplj) and [*Application Guard Extension - Firefox*](https://addons.mozilla.org/firefox/addon/application-guard-extension/). If you want to block unprotected browsers until you are ready to retire MDAG usage in your enterprise, we recommend using AppLocker policies or [Microsoft Edge management service](/deployedge/microsoft-edge-management-service). For more information, see [Microsoft Edge and Microsoft Defender Application Guard](/deployedge/microsoft-edge-security-windows-defender-application-guard). <!--8932292-->| December 2023 |
 | Legacy console mode <!-- 8577271 -->| The [legacy console mode](/windows/console/legacymode) is deprecated and no longer being updated. In future Windows releases, it will be available as an optional [Feature on Demand](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). This feature won't be installed by default. | December 2023 |
 | Windows speech recognition <!--8396142-->| [Windows speech recognition](https://support.microsoft.com/windows/83ff75bd-63eb-0b6c-18d4-6fae94050571) is  deprecated and is no longer being developed. This feature is being replaced with [voice access](https://support.microsoft.com/topic/4dcd23ee-f1b9-4fd1-bacc-862ab611f55d). Voice access is available for Windows 11, version 22H2, or later devices. Currently, voice access supports five English locales: English - US, English - UK, English - India, English - New Zealand, English - Canada, and English - Australia. For more information, see [Setup voice access](https://support.microsoft.com/topic/set-up-voice-access-9fc44e29-12bf-4d86-bc4e-e9bb69df9a0e). | December 2023 |
 | Microsoft Defender Application Guard for Office <!--8396036-->| [Microsoft Defender Application Guard for Office](/microsoft-365/security/office-365-security/app-guard-for-office-install), including the [Windows Isolated App Launcher APIs](/windows/win32/api/isolatedapplauncher/), is being deprecated and will no longer be updated. We recommend transitioning to Microsoft Defender for Endpoint [attack surface reduction rules](/microsoft-365/security/defender-endpoint/overview-attack-surface-reduction) along with [Protected View](/microsoft-365/security/office-365-security/recommended-settings-for-eop-and-office365#global-settings-for-safe-attachments) and [Windows Defender Application Control](/windows/security/application-security/application-control/windows-defender-application-control/wdac).  | November 2023 |