Merge branch 'main' into millerevan-hololens-insider-policies

.openpublishing.redirection.json

@@ -1,5 +1,10 @@
 {
   "redirections": [
+    {
+      "source_path": "windows/application-management/manage-windows-mixed-reality.md",
+      "redirect_url": "/windows/mixed-reality/enthusiast-guide/manage-windows-mixed-reality",
+      "redirect_document_id": false  
+    },
     {
       "source_path": "windows/client-management/mdm/browserfavorite-csp.md",
       "redirect_url": "https://support.microsoft.com/windows/windows-phone-8-1-end-of-support-faq-7f1ef0aa-0aaf-0747-3724-5c44456778a3",

education/docfx.json

@@ -17,7 +17,8 @@
         "files": [
           "**/*.png",
           "**/*.jpg",
-          "**/*.svg"
+          "**/*.svg",
+          "**/*.gif"
         ],
         "exclude": [
           "**/obj/**",

education/includes/education-content-updates.md

@@ -2,6 +2,14 @@
 
 
 
+## Week of August 15, 2022
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 8/17/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
+
+
 ## Week of August 08, 2022
 
 

store-for-business/acquire-apps-microsoft-store-for-business.md

@@ -17,7 +17,7 @@ ms.date: 07/21/2021
 # Acquire apps in Microsoft Store for Business and Education
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
@@ -38,7 +38,7 @@ Some apps are free, and some have a price. Apps can be purchased in the Microsof
 - Japan Commercial Bureau (JCB)
 
 ## Organization info
-There are a couple of things we need to know when you pay for apps. You can add this info to the **Account information** or **Payments & billing** page before you buy apps. If you haven’t provided it, we’ll ask when you make a purchase. Either way works. Here’s the info you’ll need to provide:
+There are a couple of things we need to know when you pay for apps. You can add this info to the **Account information** or **Payments & billing** page before you buy apps. If you haven't provided it, we'll ask when you make a purchase. Either way works. Here's the info you'll need to provide:
 - Legal business address
 - Payment option (credit card)
 
@@ -73,10 +73,10 @@ People in your org can request license for apps that they need, or that others n
 3. Select the app you want to purchase. 
 4. On the product description page, choose your license type - either online or offline. 
 5.  Free apps will be added to **Products & services**. For apps with a price, you can set the quantity you want to buy. Type the quantity and select **Next**.
-6. If you don’t have a payment method saved in **Billing & payments**, we will prompt you for one.
+6. If you don't have a payment method saved in **Billing & payments**, we will prompt you for one.
 7. Add your credit card or debit card info, and select **Next**. Your card info is saved as a payment option on **Billing & payments - Payment methods**.
 
-You’ll also need to have your business address saved on **My organization - Profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](./update-microsoft-store-for-business-account-settings.md#organization-tax-information). 
+You'll also need to have your business address saved on **My organization - Profile**. The address is used to generate tax rates. For more information on taxes for apps, see [organization tax information](./update-microsoft-store-for-business-account-settings.md#organization-tax-information). 
 
 Microsoft Store adds the app to your inventory. From **Products & services**, you can:
 - Distribute the app: add to private store, or assign licenses

store-for-business/add-profile-to-devices.md

@@ -20,7 +20,7 @@ ms.localizationpriority: medium
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Windows Autopilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot).
 
@@ -136,11 +136,11 @@ Here's info on some of the errors you might see while working with Autopilot dep
 | ---------- | ------------------- |
 | wadp001    | Check your file, or ask your device partner for a complete .csv file. This file is missing Serial Number and Product Id info. |
 | wadp002    | Check your file, or ask your device partner for updated hardware hash info in the .csv file. Hardware hash info is invalid in the current .csv file. |
-| wadp003    | Looks like you need more than one .csv file for your devices. The maximum allowed is 1,000 items. You’re over the limit! Divide this device data into multiple .csv files. |
+| wadp003    | Looks like you need more than one .csv file for your devices. The maximum allowed is 1,000 items. You're over the limit! Divide this device data into multiple .csv files. |
 | wadp004    | Try that again. Something happened on our end. Waiting a bit might help. |
 | wadp005    | Check your .csv file with your device provider. One of the devices on your list has been claimed by another organization. |
 | wadp006    | Try that again. Something happened on our end. Waiting a bit might help. |
 | wadp007    | Check the info for this device in your .csv file. The device is already registered in your organization. |
 | wadp008    | The device does not meet Autopilot Deployment requirements. |
-| wadp009    | Check with your device provider for an update .csv file. The current file doesn’t work |
+| wadp009    | Check with your device provider for an update .csv file. The current file doesn't work |
 | wadp010    | Try that again. Something happened on our end. Waiting a bit might help. |

store-for-business/add-unsigned-app-to-code-integrity-policy.md

@@ -18,17 +18,19 @@ ms.date: 07/21/2021
 # Add unsigned app to code integrity policy
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
 >
 > Following are the major changes we are making to the service:
+>
 > - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download at [https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/).
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it).
-> -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
+> - DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
 >
 > The following functionality will be available via these PowerShell cmdlets:
+> 
 > - Get a CI policy
 > - Sign a CI policy
 > - Sign a catalog
@@ -37,53 +39,49 @@ ms.date: 07/21/2021
 >
 > For any questions, please contact us at DGSSMigration@microsoft.com.
 
-
 **Applies to**
 
--   Windows 10
+- Windows 10
 
 When you want to add an unsigned app to a code integrity policy, you need to start with a code integrity policy created from a reference device. Then, create the catalog files for your unsigned app, sign the catalog files, and then merge the default policy that includes your signing certificate with existing code integrity policies.
 
-## In this section
-- [Create a code integrity policy based on a reference device](#create-ci-policy)
-- [Create catalog files for your unsigned app](#create-catalog-files)
-- [Catalog signing with Device Guard signing portal](#catalog-signing-device-guard-portal)
+## Create a code integrity policy based on a reference device
 
-## <a href="" id="create-ci-policy"></a>Create a code integrity policy based on a reference device
 To add an unsigned app to a code integrity policy, your code integrity policy must be created from golden image machine. For more information, see [Create a Device Guard code integrity policy based on a reference device](/windows/device-security/device-guard/device-guard-deployment-guide).
 
-## <a href="" id="create-catalog-files"></a>Create catalog files for your unsigned app
+## Create catalog files for your unsigned app
+
 Creating catalog files starts the process for adding an unsigned app to a code integrity policy.
 
 Before you get started, be sure to review these best practices and requirements:
 
-**Requirements**
+### Requirements
 
 - You'll use Package Inspector during this process.
 - Only perform this process with a code integrity policy running in audit mode. You should not perform this process on a system running an enforced Device Guard policy.
 
-**Best practices**
+### Best practices
 
 - **Naming convention** -- Using a naming convention makes it easier to find deployed catalog files. We'll use \*-Contoso.cat as the naming convention in this topic. For more information, see the section Inventorying catalog files by using Microsoft Endpoint Manager in the [Device Guard deployment guide](/windows/device-security/device-guard/device-guard-deployment-guide).
-- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-ci-policy) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
+- **Where to deploy code integrity policy** -- The [code integrity policy that you created](#create-a-code-integrity-policy-based-on-a-reference-device) should be deployed to the system on which you are running Package Inspector. This will ensure that the code integrity policy binaries are trusted.
 
 Copy the commands for each step into an elevated Windows PowerShell session. You'll use Package Inspector to find and trust all binaries in the app.
 
-**To create catalog files for your unsigned app**
+### To create catalog files for your unsigned app
 
-1.  Start Package Inspector to scan the C drive.
+1. Start Package Inspector to scan the C drive.
 
     `PackageInspector.exe Start C:`
 
-2.  Copy the installation media to the C drive.
+2. Copy the installation media to the C drive.
 
     Copying the installation media to the C drive ensures that Package Inspector finds and catalogs the installer. If you skip this step, the code integrity policy may trust the application to run, but not trust it to be installed.
 
-3.  Install and start the app.
+3. Install and start the app.
 
     All binaries that are used while Package Inspector is running will be part of the catalog files. After the installation, start the app and make sure that any product updates are installed and any downloadable content was found during the scan. Then, close and restart the app to make sure that the scan found all binaries.
 
-4.  Stop the scan and create definition and catalog files.
+4. Stop the scan and create definition and catalog files.
 
     After app install is complete, stop the Package Inspector scan and create catalog and definition files on your desktop.
 
@@ -99,17 +97,17 @@ The Package Inspector scan catalogs the hash values for each binary file that is
 
 After you're done, the files are saved to your desktop. You still need to sign the catalog file so that it will be trusted within the code integrity policy.
 
-## <a href="" id="catalog-signing-device-guard-portal"></a>Catalog signing with Device Guard signing portal
+## Catalog signing with Device Guard signing portal
 
 To sign catalog files with the Device Guard signing portal, you need to be signed up with the Microsoft Store for Business.
 
 Catalog signing is a vital step to adding your unsigned apps to your code integrity policy.
 
-**To sign a catalog file with Device Guard signing portal**
+### To sign a catalog file with Device Guard signing portal
 
 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Store for Education](https://educationstore.microsoft.com).
 2. Click **Settings**, click **Store settings**, and then click **Device Guard**.
-3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files).
+3. Click **Upload** to upload your unsigned catalog files. These are the catalog files you created earlier in [Create catalog files for your unsigned app](#create-catalog-files-for-your-unsigned-app).
 4. After the files are uploaded, click **Sign** to sign the catalog files.
 5. Click Download to download each item:
    - signed catalog file

store-for-business/app-inventory-management-microsoft-store-for-business.md

@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role. 
 

store-for-business/apps-in-microsoft-store-for-business.md

@@ -23,7 +23,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education has thousands of apps from many different categories.
 
@@ -55,14 +55,14 @@ Line-of-business (LOB) apps are also supported using Microsoft Store. Admins can
 
 Some apps offer you the option to make in-app purchases. In-app purchases are not currently supported for apps that are acquired through Microsoft Store and distributed to employees.
 
-If an employee makes an in-app purchase, they'll make it with their personal Microsoft account and pay for it with a personal payment method. The employee will own the item purchased, and it cannot be transferred to your organization’s inventory.
+If an employee makes an in-app purchase, they'll make it with their personal Microsoft account and pay for it with a personal payment method. The employee will own the item purchased, and it cannot be transferred to your organization's inventory.
 
 ## <a href="" id="licensing-model"></a>Licensing model: online and offline licenses
 
 Microsoft Store supports two options to license apps: online and offline.
 
 ### Online licensing
-Online licensing is the default licensing model and is similar to the model used by Microsoft Store. Online licensed apps require customers and devices to connect to Microsoft Store service to acquire an app and its license. License management is enforced based on the user’s Azure AD identity and maintained by Microsoft Store as well as the management tool. By default app updates are handled by Windows Update.
+Online licensing is the default licensing model and is similar to the model used by Microsoft Store. Online licensed apps require customers and devices to connect to Microsoft Store service to acquire an app and its license. License management is enforced based on the user's Azure AD identity and maintained by Microsoft Store as well as the management tool. By default app updates are handled by Windows Update.
 
 Distribution options for online-licensed apps include the ability to:
 

store-for-business/assign-apps-to-employees.md

@@ -23,7 +23,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Admins, Purchasers, and Basic Purchasers can assign online-licensed apps to employees or students in their organization.
 

store-for-business/billing-payments-overview.md

@@ -18,7 +18,7 @@ manager: dansimp
 # Billing and payments
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Access invoices and managed your payment methods.
 

store-for-business/billing-profile.md

@@ -18,7 +18,7 @@ manager: dansimp
 # Understand billing profiles
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 For commercial customers purchasing software or hardware products from Microsoft using a Microsoft customer agreement, billing profiles let you customize what products are included on your invoice, and how you pay your invoices. 
 

store-for-business/billing-understand-your-invoice-msfb.md

@@ -17,15 +17,15 @@ manager: dansimp
 # Understand your Microsoft Customer Agreement invoice
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
-The invoice provides a summary of your charges and provides instructions for payment. It’s available for
+The invoice provides a summary of your charges and provides instructions for payment. It's available for
 download in the Portable Document Format (.pdf) for commercial customers from Microsoft Store for Business [Microsoft Store for Business - Invoice](https://businessstore.microsoft.com/manage/payments-billing/invoices) or can be sent via email. This article applies to invoices generated for a Microsoft Customer Agreement billing account. Check if you have a [Microsoft Customer Agreement](https://businessstore.microsoft.com/manage/organization/agreements).
 
 ## General invoice information
 Invoices are your bill from Microsoft. A few things to note:
 
-- **Invoice schedule** - You’re invoiced on a monthly basis. You can find out which day of the month you receive invoices by checking invoice date under billing profile overview in [Microsoft Store for Business](https://businessstore.microsoft.com/manage/payments-billing/billing-profiles). Charges that occur between the end of the billing period and the invoice date are included in the next month's invoice, since they are in the next billing period. The billing period start and end dates for each invoice are listed in the invoice PDF above **Billing Summary**.
+- **Invoice schedule** - You're invoiced on a monthly basis. You can find out which day of the month you receive invoices by checking invoice date under billing profile overview in [Microsoft Store for Business](https://businessstore.microsoft.com/manage/payments-billing/billing-profiles). Charges that occur between the end of the billing period and the invoice date are included in the next month's invoice, since they are in the next billing period. The billing period start and end dates for each invoice are listed in the invoice PDF above **Billing Summary**.
 - **Billing profile** - Billing profiles are created during your purchase. Invoices are created for each billing profile. Billing profiles let you customize what products are purchased, how you pay for them, and who can make purchases. For more information, see [Understand billing profiles](billing-profile.md)
 - **Items included** - Your invoice includes total charges for all first and third-party software and hardware products purchased under a Microsoft Customer Agreement. That includes items purchased from Microsoft Store for Business and Azure Marketplace. 
 - **Charges** - Your invoice provides information about products purchased and their related charges and taxes. Purchases are aggregated to provide a concise view of your bill. 

store-for-business/configure-mdm-provider-microsoft-store-for-business.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content.
 

store-for-business/device-guard-signing-portal.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > We are introducing a new version of the Device Guard Signing Service (DGSS) to be more automation friendly. The new version of the service (DGSS v2) is now available. As announced earlier, you will have until June 9, 2021 to transition to DGSS v2. On June 9, 2021, the existing web-based mechanisms for the current version of the DGSS service will be retired and will no longer be available for use. Please make plans to migrate to the new version of the service by June 9, 2021.
@@ -30,7 +30,7 @@ ms.date: 07/21/2021
 > Following are the major changes we are making to the service: 
 > - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
-> -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
+> -    DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
 >
 > The following functionality will be available via these PowerShell cmdlets:
 > - Get a CI policy

store-for-business/distribute-apps-from-your-private-store.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store.
 

store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md

@@ -23,7 +23,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Distribute apps to your employees from Microsoft Store for Business and Microsoft Store for Education. You can assign apps to employees, or let employees install them from your private store.
 

store-for-business/distribute-apps-with-management-tool.md

@@ -23,7 +23,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
 
@@ -46,7 +46,7 @@ MDM tool requirements:
 
 ## Distribute offline-licensed apps
 
-If your vendor doesn’t support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business](./apps-in-microsoft-store-for-business.md#licensing-model).
+If your vendor doesn't support the ability to synchronize applications from the management tool services, or can't connect to the management tool services, your vendor may support the ability to deploy offline licensed applications by downloading the application and license from the store and then deploying the app through your MDM. For more information on online and offline licensing with Store for Business, see [Apps in the Microsoft Store for Business](./apps-in-microsoft-store-for-business.md#licensing-model).
 
 This diagram shows how you can use a management tool to distribute offline-licensed app to employees in your organization. Once synchronized from Store for Business, management tools can use the Windows Management framework to distribute applications to devices.
 

store-for-business/distribute-offline-apps.md

@@ -23,8 +23,8 @@ ms.date: 07/21/2021
 - Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
-
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> 
 Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store.
 
 ## Why offline-licensed apps?

store-for-business/find-and-acquire-apps-overview.md

@@ -23,7 +23,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
 

store-for-business/index.md

@@ -21,12 +21,12 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.
 
 > [!IMPORTANT]
-> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If you’ve already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you won’t be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of “free” will still be available. This change doesn’t impact apps in the Microsoft Store on Windows 10.
+> Starting April 14, 2021, all apps that charge a base price above free will no longer be available to buy in the Microsoft Store for Business and Education. If you've already bought a paid app, you can still use it, but no new purchases will be possible from businessstore.microsoft.com or educationstore.microsoft.com. Also, you won't be able to buy additional licenses for apps you already bought. You can still assign and reassign licenses for apps that you already own and use the private store. Apps with a base price of "free" will still be available. This change doesn't impact apps in the Microsoft Store on Windows 10.
 >
 > Also starting April 14, 2021, you must sign in with your Azure Active Directory (Azure AD) account before you browse Microsoft Store for Business and Education.
 

store-for-business/manage-access-to-private-store.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
 

store-for-business/manage-apps-microsoft-store-for-business-overview.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Manage products and services in Microsoft Store for Business and Microsoft Store for Education. This includes apps, software, products, devices, and services available under **Products & services**. 
 

store-for-business/manage-orders-microsoft-store-for-business.md

@@ -17,7 +17,7 @@ manager: dansimp
 # Manage app orders in Microsoft Store for Business and Education
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds.
 

store-for-business/manage-private-store-settings.md

@@ -22,7 +22,7 @@ ms.localizationpriority: medium
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store.
 

store-for-business/manage-settings-microsoft-store-for-business.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.
 

store-for-business/manage-users-and-groups-microsoft-store-for-business.md

@@ -23,7 +23,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md), but not to groups.
 

store-for-business/microsoft-store-for-business-education-powershell-module.md

@@ -20,7 +20,7 @@ manager: dansimp
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education PowerShell module (preview) is now available on [PowerShell Gallery](https://go.microsoft.com/fwlink/?linkid=853459).
 
@@ -129,7 +129,7 @@ Remove-MSStoreSeatAssignment -ProductId 9NBLGGH4R2R6 -SkuId 0016 -Username 'user
 ```
 
 ## Assign or reclaim a product with a .csv file
-You can also use the PowerShell module to perform bulk operations on items in **Product and Services**. You'll need a .CSV file with at least one column for “Principal Names” (for example, user@host.com). You can create such a CSV using the AzureAD PowerShell Module.
+You can also use the PowerShell module to perform bulk operations on items in **Product and Services**. You'll need a .CSV file with at least one column for "Principal Names" (for example, user@host.com). You can create such a CSV using the AzureAD PowerShell Module.
 
 **To assign or reclaim seats in bulk:**
 

store-for-business/microsoft-store-for-business-overview.md

@@ -19,10 +19,10 @@ ms.date: 07/21/2021
 
 **Applies to**
 
--   Windows 10
+- Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).
@@ -42,7 +42,7 @@ Organizations or schools of any size can benefit from using Microsoft Store for
     - **Microsoft Store for Education** – Apps acquired from Microsoft Store for Education
     - **Office 365** – Subscriptions
     - **Volume licensing** - Apps purchased with volume licensing
-- **Private store** - Create a private store for your business that’s easily available from any Windows 10 device. Your private store is available from Microsoft Store on Windows 10, or with a browser on the Web. People in your organization can download apps from your organization's private store on Windows 10 devices. 
+- **Private store** - Create a private store for your business that's easily available from any Windows 10 device. Your private store is available from Microsoft Store on Windows 10, or with a browser on the Web. People in your organization can download apps from your organization's private store on Windows 10 devices. 
 - **Flexible distribution options** - Flexible options for distributing content and apps to your employee devices:
     - Distribute through Microsoft Store services. You can assign apps to individual employees, or make apps available to all employees in your private store.
     - Use a management tool from Microsoft, or a 3rd-party tool for advanced distribution and management functions, or for managing images.
@@ -68,7 +68,7 @@ Microsoft Azure Active Directory (AD) accounts for your employees:
 - Employees need Azure AD account when they access Store for Business content from Windows devices.
 - If you use a management tool to distribute and manage online-licensed apps, all employees will need an Azure AD account
 - For offline-licensed apps, Azure AD accounts are not required for employees.
-- Admins can add or remove user accounts in the Microsoft 365 admin center, even if you don’t have an Office 365 subscription. You can access the Office 365 admin portal directly from the Store for Business and Education. 
+- Admins can add or remove user accounts in the Microsoft 365 admin center, even if you don't have an Office 365 subscription. You can access the Office 365 admin portal directly from the Store for Business and Education. 
 
 For more information on Azure AD, see [About Office 365 and Azure Active Directory](/previous-versions//dn509517(v=technet.10)), and [Intro to Azure: identity and access](https://go.microsoft.com/fwlink/p/?LinkId=708611).
 
@@ -83,7 +83,7 @@ While not required, you can use a management tool to distribute and manage apps.
 
 ## Sign up!
 
-The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or we’ll quickly create an account for you. You must be a Global Administrator for your organization.
+The first step for getting your organization started with Store for Business and Education is signing up. Sign up using an existing account (the same one you use for Office 365, Dynamics 365, Intune, Azure, etc.) or we'll quickly create an account for you. You must be a Global Administrator for your organization.
 
 ## Set up
 
@@ -101,7 +101,7 @@ After your admin signs up for the Store for Business and Education, they can ass
 
 In some cases, admins will need to add Azure Active Directory (AD) accounts for their employees. For more information, see [Manage user accounts and groups](manage-users-and-groups-microsoft-store-for-business.md).
 
-Also, if your organization plans to use a management tool, you’ll need to configure your management tool to sync with Store for Business and Education.
+Also, if your organization plans to use a management tool, you'll need to configure your management tool to sync with Store for Business and Education.
 
 ## Get apps and content
 
@@ -128,7 +128,7 @@ App distribution is handled through two channels, either through the Microsoft S
 
 **Distribute with Store for Business and Education**:
 - Email link – After purchasing an app, Admins can send employees a link in an email message. Employees can click the link to install the app.
-- Curate private store for all employees – A private store can include content you’ve purchased from Microsoft Store for Business, and your line-of-business apps that you’ve submitted to Microsoft Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed.
+- Curate private store for all employees – A private store can include content you've purchased from Microsoft Store for Business, and your line-of-business apps that you've submitted to Microsoft Store for Business. Apps in your private store are available to all of your employees. They can browse the private store and install apps when needed.
 - To use the options above users must be signed in with an Azure AD account on a Windows 10 device. Licenses are assigned as individuals install apps. 
 
 **Using a management tool** – For larger organizations that want a greater level of control over how apps are distributed and managed, a management tools provides other distribution options:

store-for-business/notifications-microsoft-store-business.md

@@ -24,7 +24,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Microsoft Store for Education use a set of notifications to alert admins if there is an issue or outage with Microsoft Store. 
 
@@ -32,9 +32,9 @@ Microsoft Store for Business and Microsoft Store for Education use a set of noti
 
 | Store area | Notification message | Customer impact |
 | ---------- | -------------------- | --------------- |
-| General | We’re on it. Something happened on our end with the Store. Waiting a bit might help. | You might be unable to sign in. There might be an intermittent Azure AD outage. |
-| Manage | We’re on it. Something happened on our end with management for apps and software. We’re working to fix the problem. | You might be unable to manage inventory, including viewing inventory, distributing apps, assigning licenses, or viewing and managing order history.  |
-| Shop | We’re on it. Something happened on our end with purchasing. We’re working to fix the problem. | Shop might not be available. You might not be able to purchase new, or additional licenses. |
-| Private store | We’re on it. Something happened on our end with your organization’s private store. People in your organization can’t download apps right now. We’re working to fix the problem. | People in your organization might not be able to view the private store, or get apps. |
-| Acquisition and licensing | We’re on it. People in your org might not be able to install or use certain apps. We’re working to fix the problem. | People in your org might not be able to claim a license from your private store. |
-| Partner | We’re on it. Something happened on our end with Find a Partner. We’re working to fix the problem. | You might not be able to search for a partner.  |
+| General | We're on it. Something happened on our end with the Store. Waiting a bit might help. | You might be unable to sign in. There might be an intermittent Azure AD outage. |
+| Manage | We're on it. Something happened on our end with management for apps and software. We're working to fix the problem. | You might be unable to manage inventory, including viewing inventory, distributing apps, assigning licenses, or viewing and managing order history.  |
+| Shop | We're on it. Something happened on our end with purchasing. We're working to fix the problem. | Shop might not be available. You might not be able to purchase new, or additional licenses. |
+| Private store | We're on it. Something happened on our end with your organization's private store. People in your organization can't download apps right now. We're working to fix the problem. | People in your organization might not be able to view the private store, or get apps. |
+| Acquisition and licensing | We're on it. People in your org might not be able to install or use certain apps. We're working to fix the problem. | People in your org might not be able to claim a license from your private store. |
+| Partner | We're on it. Something happened on our end with Find a Partner. We're working to fix the problem. | You might not be able to search for a partner.  |

store-for-business/payment-methods.md

@@ -18,7 +18,7 @@ manager: dansimp
 # Payment methods
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can purchase products and services from Microsoft Store for Business using your credit card. You can enter your credit card information on **Payment methods**, or when you purchase an app. We currently accept these credit cards:
 - VISA
@@ -54,4 +54,4 @@ Once you select **Add**, the information you provided will be validated with a t
 Once you click **Update**, the information you provided will be validated with a test authorization transaction and, if validated, the payment option will be added to your list of available payment options. Otherwise, you will be prompted for additional information or notified if there are any problems.
 
 > [!NOTE]
-> Certain actions, like updating or adding a payment option, require temporary “test authorization” transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance.
+> Certain actions, like updating or adding a payment option, require temporary "test authorization" transactions to validate the payment option. These may appear on your statement as $0.00 authorizations or as small pending transactions. These transactions are temporary and should not impact your account unless you make several changes in a short period of time, or have a low balance.

store-for-business/prerequisites-microsoft-store-for-business.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

store-for-business/release-history-microsoft-store-business-education.md

@@ -16,7 +16,7 @@ manager: dansimp
 # Microsoft Store for Business and Education release history
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
 
@@ -39,13 +39,13 @@ Looking for info on the latest release? Check out [What's new in Microsoft Store
 - **Immersive Reader app available in Microsoft Store for Education** - This app is a free tool that uses proven techniques to improve reading and writing for people regardless of their age or ability. You can add the app to your private store, so students can easily install and use it.  
 
 ## April 2018
-- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We’ll figure out who’s in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we’ll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
+- **Assign apps to larger groups** - We're making it easier for admins to assign apps to groups of people. Admins can assign licenses to groups of any size, and include subgroups within those groups. We'll figure out who's in those groups, and assign licenses to people in the groups (skipping people who already have licenses). Along the way, we'll let you know how many licenses are needed, and provide an estimate on the time required to assign licenses.
 - **Change collection order in private store** - Private store collections make it easy for groups of people to find the apps that they need. Now, you can customize the order of your private store collections. 
 - **Office 365 subscription management** -  We know that sometimes customers need to cancel a subscription. While we don't want to lose a customer, we want the process for managing subscriptions to be easy. Now, you can delete your Office 365 subscription without calling Support. From Microsoft Store for Business and Education, you can request to delete an Office 365 subscription. We'll wait three days before permanently deleting the subscription. In case of a mistake, customers are welcome to reactivate subscriptions during the three-day period.
 
 ## March 2018
 - **Performance improvements in private store** - We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. [Get more info](./manage-private-store-settings.md#private-store-performance)
-- **Private store collection updates** - We’ve made it easier to find apps when creating private store collections – now you can search and filter results. 
+- **Private store collection updates** - We've made it easier to find apps when creating private store collections – now you can search and filter results. 
  [Get more info](./manage-private-store-settings.md#private-store-collections) 
 - **Manage Skype Communication credits** - Office 365 customers that own Skype Communication Credits can now see and manage them in Microsoft Store for Business. You can view your account, add funds to your account, and manage auto-recharge settings.
 - **Upgrade Microsoft 365 trial subscription** - Customers with Office 365 can upgrade their subscription and automatically re-assign their user licenses over to a new target subscription. For example, you could upgrade your Office 365 for business subscription to a Microsoft 365 for business subscription.

store-for-business/roles-and-permissions-microsoft-store-for-business.md

@@ -23,7 +23,7 @@ ms.date: 07/21/2021
 - Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

store-for-business/settings-reference-microsoft-store-for-business.md

@@ -18,7 +18,7 @@ ms.date: 07/21/2021
 # Settings reference: Microsoft Store for Business and Education
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 
 The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.

store-for-business/sign-code-integrity-policy-with-device-guard-signing.md

@@ -18,7 +18,7 @@ ms.date: 07/21/2021
 # Sign code integrity policy with Device Guard signing
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 
 > [!IMPORTANT]
@@ -27,7 +27,7 @@ ms.date: 07/21/2021
 > Following are the major changes we are making to the service: 
 > - The method for consuming the service will change to a more automation-friendly method based on PowerShell cmdlets. These cmdlets are available as a NuGet download, https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client/.
 > - In order to achieve desired isolation, you will be required to get a new CI policy from DGSS v2 (and optionally sign it). 
-> -	DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
+> -    DGSS v2 will not have support for downloading leaf certificates used to sign your files (however, the root certificate will still be available to download).  Note that the certificate used to sign a file can be easily extracted from the signed file itself.  As a result, after DGSS v1 is retired, you will no longer be able to download the leaf certificates used to sign your files.
 >
 > The following functionality will be available via these PowerShell cmdlets:
 > - Get a CI policy

store-for-business/sign-up-microsoft-store-for-business-overview.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.
 

store-for-business/troubleshoot-microsoft-store-for-business.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Troubleshooting topics for Microsoft Store for Business.
 

store-for-business/update-microsoft-store-for-business-account-settings.md

@@ -18,7 +18,7 @@ manager: dansimp
 # Update Billing account settings
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 A billing account contains defining information about your organization. 
 
@@ -35,9 +35,9 @@ We need your business address, email contact, and tax-exemption certificates tha
 
 Before purchasing apps that have a fee, you need to add or update your organization's business address, contact email address, and contact name.
 
-We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we’ll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don’t have an address, we’ll ask you to enter it during your first purchase.
+We use the Business address to calculate sales tax. If your organization's address has already been entered for other commercial purchases through Microsoft Store, or through other online purchases such as Office 365 or Azure subscriptions, then we'll use the same address in Microsoft Store for Business and Microsoft Store for Education. If we don't have an address, we'll ask you to enter it during your first purchase.
 
-We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization’s Office 365 or Azure AD tenant that is used with Microsoft Store.
+We need an email address in case we need to contact you about your Microsoft Store for Business and for Education account. This email account should reach the admin for your organization's Office 365 or Azure AD tenant that is used with Microsoft Store.
 
 **To update billing account information**
 1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com)
@@ -100,7 +100,7 @@ If you qualify for tax-exempt status in your market, start a service request to
 1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
 2. Select **Manage**, click **Support**, and then under **Store settings & configuration** select **Create technical support ticket**.
 
-You’ll need this documentation:
+You'll need this documentation:
 
 |Country or locale | Documentation |
 |------------------|----------------|

store-for-business/whats-new-microsoft-store-business-education.md

@@ -16,7 +16,7 @@ manager: dansimp
 # What's new in Microsoft Store for Business and Education
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education regularly releases new and improved features.  
 
@@ -35,7 +35,7 @@ Microsoft Store for Business and Education regularly releases new and improved f
 
 
 <!---
-We’ve been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
+We've been working on bug fixes and performance improvements to provide you a better experience. Stay tuned for new features!
 |  |  |
 |-----------------------|---------------------------------|
 | ![Private store performance icon.](images/perf-improvement-icon.png) |**Performance improvements in private store**<br /><br /> We've made it significantly faster for you to update the private store. Many changes to the private store are available immediately after you make them. <br /><br />[Get more info](./manage-private-store-settings.md#private-store-performance)<br /><br />**Applies to**:<br /> Microsoft Store for Business <br /> Microsoft Store for Education |

store-for-business/working-with-line-of-business-apps.md

@@ -19,38 +19,41 @@ ms.date: 07/21/2021
 
 **Applies to**
 
--   Windows 10
+- Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution).
+> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Endpoint Manager integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your school or organization – they might be internal apps, or apps specific to your school, business, or industry.
 
 Developers within your organization, or ISVs that you invite, can become LOB publishers and submit apps to Microsoft Store for your company or school. Once an LOB publisher submits an app for your company, the app is only available to your company. LOB publishers submit apps through the Windows Dev Center using the same process as all apps that are in Microsoft Store, and then can be managed or deployed using the same process as any other app that has been acquired through Microsoft Store.
 
-One advantage of making apps available through Microsoft Store for Business is that the app has been signed by Microsoft Store, and uses the standard Microsoft Store policies. For organizations that can’t submit their application through the Windows Dev Center (for example, those needing additional capabilities or due to compliance purposes), [Sideloading](/windows/application-management/sideload-apps-in-windows-10) is also supported on Windows 10.
+One advantage of making apps available through Microsoft Store for Business is that the app has been signed by Microsoft Store, and uses the standard Microsoft Store policies. For organizations that can't submit their application through the Windows Dev Center (for example, those needing additional capabilities or due to compliance purposes), [Sideloading](/windows/application-management/sideload-apps-in-windows-10) is also supported on Windows 10.
 
-## <a href="" id="adding-lob-apps"></a>Adding LOB apps to your private store
+## Adding LOB apps to your private store
 
 Admins and ISVs each own different parts of the process for getting LOB apps created, submitted, and deployed to your employees or students. Admins use Microsoft Store for Business  or Microsoft Store for Education portal; ISVs or devs use the Windows Dev center on MSDN. 
 
-Here’s what’s involved:
--   Microsoft Store for Business admin invites a developer or ISV to become an LOB publisher for your company.
--   LOB publisher develops and submits app to Microsoft Store, tagging the app so it is only available to your company.
--   Microsoft Store for Business admin accepts the app and can distribute the app to employees in your company.
+Here's what's involved:
+
+- Microsoft Store for Business admin invites a developer or ISV to become an LOB publisher for your company.
+- LOB publisher develops and submits app to Microsoft Store, tagging the app so it is only available to your company.
+- Microsoft Store for Business admin accepts the app and can distribute the app to employees in your company.
 
 You'll need to set up:
--   Your company needs to be signed up with Microsoft Store for Business or Microsoft Store for Education.
--   LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](https://go.microsoft.com/fwlink/p/?LinkId=623432).
--   LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store.
+
+- Your company needs to be signed up with Microsoft Store for Business or Microsoft Store for Education.
+- LOB publishers need to have an active developer account. To learn more about account options, see [Ready to sign up](https://go.microsoft.com/fwlink/p/?LinkId=623432).
+- LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store.
 
 The process and timing look like this:
 ![Process showing LOB workflow in Microsoft Store for Business. Includes workflow for Microsoft Store for Business admin, LOB publisher, and Developer.](images/lob-workflow.png)
 
-## <a href="" id="add-lob-publisher"></a>Add an LOB publisher (Admin)
+## Add an LOB publisher (Admin)
+
 Admins need to invite developer or ISVs to become an LOB publisher.
 
-**To invite a developer to become an LOB publisher**
+### To invite a developer to become an LOB publisher
 
 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com).
 2. Click **Manage**, click **Permissions**, and then choose **Line-of-business publishers**.
@@ -59,49 +62,50 @@ Admins need to invite developer or ISVs to become an LOB publisher.
    >[!Note]
    > This needs to be the email address listed in contact info for the developer account.
   
-## <a href="" id="submit-lob-app"></a>Submit apps (LOB publisher)
+## Submit apps (LOB publisher)
 
 The developer receives an email invite to become an LOB publisher for your company. Once they accept the invite, they can log in to the Windows Dev Center to create an app submission for your company. The info here assumes that devs or ISVs have an active developer account.
 
 After an app is published and available in the Store, ISVs publish an updated version by creating another submission in their dashboard. Creating a new submission allows the ISV to make the changes required to create a LOB app for your company. To learn more about updates to an app submission, see [App submissions](/windows/uwp/publish/app-submissions) and [Distributing LOB apps to enterprises](/windows/uwp/publish/distribute-lob-apps-to-enterprises).
 
-**To create a new submission for an app**
+## To create a new submission for an app
 
-1.  Sign in to the [Windows Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=623486), go to your Dashboard, and click the app you want to make available as an LOB app.
-2.  On the App overview page, under **Action**, click **Update**.
+1. Sign in to the [Windows Dev Center](https://go.microsoft.com/fwlink/p/?LinkId=623486), go to your Dashboard, and click the app you want to make available as an LOB app.
+2. On the App overview page, under **Action**, click **Update**.
 
     -OR-
 
     Submit your app following the guidelines in [App submissions](/windows/uwp/publish/app-submissions). Be sure to completed steps 3 and 4 when you set app pricing and availability options.
 
-3.  On the **Pricing and availability** page, under **Distribution and visibility**, click **Line-of-business (LOB) distribution**, and then choose the enterprise(s) who will get the LOB app. No one else will have access to the app.
-4.  Under **Organizational licensing**, click **Show options**.
+3. On the **Pricing and availability** page, under **Distribution and visibility**, click **Line-of-business (LOB) distribution**, and then choose the enterprise(s) who will get the LOB app. No one else will have access to the app.
+4. Under **Organizational licensing**, click **Show options**.
 
     Organizational licensing options apply to all apps, not just LOB apps:
 
-    -   **Store-managed (online) volume licensing** - This is required. You must select this item to make your app available as an a LOB app. By default, it will be selected. This won't make the app available to anyone outside of the enterprise(s) that you selected in **Distribution and visibility**.
+    - **Store-managed (online) volume licensing** - This is required. You must select this item to make your app available as an a LOB app. By default, it will be selected. This won't make the app available to anyone outside of the enterprise(s) that you selected in **Distribution and visibility**.
 
-    -   **Disconnected (offline) licensing** - This is optional for LOB apps.
+    - **Disconnected (offline) licensing** - This is optional for LOB apps.
 
-5.  Click **Save** to save your changes and start the app submission process.
+5. Click **Save** to save your changes and start the app submission process.
 
-For more information, see [Organizational licensing options]( https://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](/windows/uwp/publish/distribute-lob-apps-to-enterprises).<br>
+For more information, see [Organizational licensing options]( https://go.microsoft.com/fwlink/p/?LinkId=708615) and [Distributing LOB apps to enterprises](/windows/uwp/publish/distribute-lob-apps-to-enterprises).
 
  >[!Note]
  > In order to get the LOB app, the organization must be located in a [supported market](./microsoft-store-for-business-overview.md#supported-markets), and you must not have excluded that market when submitting your app.
 
-## <a href="" id="add-lob-app-to-inventory"></a>Add app to inventory (admin)
+## Add app to inventory (admin)
 
 After an ISV submits the LOB app for your company or school, someone with Microsoft Store for Business and Education admin permissions needs to accept the app.
 
-**To add the LOB app to your inventory**
+### To add the LOB app to your inventory
 
-1.  Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
-2.  Click **Manage**, click **Products & services**, and then choose **New LOB apps**.
-3.  Click the ellipses under **Action** for the app you want to add to your inventory, and then choose **Add to inventory**.
+1. Sign in to the [Microsoft Store for Business](https://businessstore.microsoft.com).
+2. Click **Manage**, click **Products & services**, and then choose **New LOB apps**.
+3. Click the ellipses under **Action** for the app you want to add to your inventory, and then choose **Add to inventory**.
 
 After you add the app to your inventory, you can choose how to distribute the app. For more information, see:
--   [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md)
--   [Distribute apps from your private store](distribute-apps-from-your-private-store.md)
--   [Assign apps to employees](assign-apps-to-employees.md)
--   [Distribute offline apps](distribute-offline-apps.md)
+
+- [Distribute apps to your employees from the Microsoft Store for Business](distribute-apps-to-your-employees-microsoft-store-for-business.md)
+- [Distribute apps from your private store](distribute-apps-from-your-private-store.md)
+- [Assign apps to employees](assign-apps-to-employees.md)
+- [Distribute offline apps](distribute-offline-apps.md)

windows/application-management/docfx.json

@@ -21,6 +21,7 @@
         "files": [
           "**/*.png",
           "**/*.jpg",
+          "**/*.svg",
           "**/*.gif"
         ],
         "exclude": [

windows/application-management/manage-windows-mixed-reality.md

@@ -1,104 +0,0 @@
----
-title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10/11)
-description: Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises.
-ms.reviewer: 
-author: nicholasswhite
-ms.author: nwhite
-manager: aaroncz
-ms.prod: w10
-ms.localizationpriority: medium
-ms.topic: article
----
-
-# Enable or block Windows Mixed Reality apps in enterprises
-
-[!INCLUDE [Applies to Windows client versions](./includes/applies-to-windows-client-versions.md)]
-
-
-[Windows Mixed Reality](https://blogs.windows.com/windowsexperience/2017/10/03/the-era-of-windows-mixed-reality-begins-october-17/) was introduced in Windows 10, version 1709 (also known as the Fall Creators Update), as a [Windows Feature on Demand (FOD)](/windows-hardware/manufacture/desktop/features-on-demand-v2--capabilities). Features on Demand are Windows feature packages that can be added at any time. When a Windows client needs a new feature, it can request the feature package from Windows Update.
-
-Organizations that use Windows Server Update Services (WSUS) must take action to [enable Windows Mixed Reality](#enable-windows-mixed-reality-in-wsus). Any organization that wants to prohibit use of Windows Mixed Reality can [block the installation of the Mixed Reality Portal](#block-the-mixed-reality-portal).
-
-## Enable Windows Mixed Reality in WSUS
-
-1. [Check your version of Windows.](https://support.microsoft.com/help/13443/windows-which-operating-system)
-
-   >[!NOTE]
-   >You must be on at least Windows 10, version 1709, to run Windows Mixed Reality.
-
-2. Windows Mixed Reality Feature on Demand (FOD) is downloaded from Windows Update. If access to Windows Update is blocked, you must manually install the Windows Mixed Reality FOD.
-
-   1. Download the FOD .cab file:
-
-        - [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab)
-        - [Windows 10, version 2004](https://software-static.download.prss.microsoft.com/pr/download/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
-        - [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab)
-        - [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab)
-        - [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
-        - [Windows 10, version 1709](https://download.microsoft.com/download/6/F/8/6F816172-AC7D-4F45-B967-D573FB450CB7/Microsoft-Windows-Holographic-Desktop-FOD-Package.cab)
-
-        > [!NOTE]
-        > You must download the FOD .cab file that matches your operating system version.
-
-   1. Use `Dism` to add Windows Mixed Reality FOD to the image.
-
-        ```powershell
-        Dism /Online /Add-Package /PackagePath:(path)
-        ```
-      
-        > [!NOTE]
-        > On Windows 10 and 11, you must rename the FOD .CAB file to: **Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab**
-
-   1. In **Settings** > **Update & Security** > **Windows Update**, select **Check for updates**.
-
-
-IT admins can also create [Side by side feature store (shared folder)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj127275(v=ws.11)) to allow access to the Windows Mixed Reality FOD.
-
-## Block the Mixed Reality Portal
-
-You can use the [AppLocker configuration service provider (CSP)](/windows/client-management/mdm/applocker-csp) to block the Mixed Reality software.
-
-In the following example, the **Id** can be any generated GUID and the **Name** can be any name you choose. `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
-
-```xml
-<SyncML xmlns="SYNCML:SYNCML1.2">
-    <SyncBody>
-        <Add>
-            <CmdID>$CmdID$</CmdID>
-            <Item>
-                <Target>
-                    <LocURI>./Vendor/MSFT/PolicyManager/My/ApplicationManagement/ApplicationRestrictions</LocURI>
-                </Target>
-                <Meta>
-                    <Format xmlns="syncml:metinf">chr</Format>
-                    <Type xmlns="syncml:metinf">text/plain</Type>
-                </Meta>
-                <Data>
-                  <RuleCollection Type="Appx" EnforcementMode="Enabled">
-                   <FilePublisherRule Id="a9e18c21-ff8f-43cf-b9fc-db40eed693ba" Name="(Default Rule) All signed packaged apps" Description="Allows members of the Everyone group to run packaged apps that are signed." UserOrGroupSid="S-1-1-0" Action="Allow">
-                    <Conditions>
-                      <FilePublisherCondition PublisherName="*" ProductName="*" BinaryName="*">
-                        <BinaryVersionRange LowSection="0.0.0.0" HighSection="*" />
-                      </FilePublisherCondition>
-                    </Conditions>
-                  </FilePublisherRule>
-                  <FilePublisherRule Id="d26da4e7-0b01-484d-a8d3-d5b5341b2d55" Name="Block Mixed Reality Portal" Description="" UserOrGroupSid="S-1-1-0" Action="Deny">
-                   <Conditions>
-                     <FilePublisherCondition PublisherName="CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US" ProductName="Microsoft.Windows.HolographicFirstRun" BinaryName="*">
-                      <BinaryVersionRange LowSection="*" HighSection="*" />
-                      </FilePublisherCondition>
-                    </Conditions>
-                  </FilePublisherRule>
-                 </RuleCollection>>
-                </Data>
-            </Item>
-        </Add>
-        <Final/>
-    </SyncBody>
-</SyncML>
-```
-
-
-## Related articles
-
-- [Mixed reality](https://developer.microsoft.com/windows/mixed-reality/mixed_reality)

windows/client-management/connect-to-remote-aadj-pc.md

@@ -83,6 +83,9 @@ The table below lists the supported configurations for remotely connecting to an
 > [!NOTE]
 > If the RDP client is running Windows Server 2016 or Windows Server 2019, to be able to connect to Azure Active Directory-joined PCs, it must [allow Public Key Cryptography Based User-to-User (PKU2U) authentication requests to use online identities](/windows/security/threat-protection/security-policy-settings/network-security-allow-pku2u-authentication-requests-to-this-computer-to-use-online-identities).
 
+> [!NOTE]
+> When an Azure Active Directory group is added to the Remote Desktop Users group on a Windows device, it isn't honoured when the user that belongs to the Azure AD group logs in through Remote Desktop Protocol (they can't sign in using Remote Desktop Connection). In this scenario, Network Level Authentication should be disabled to run the connection.
+
 ## Related topics
 
 [How to use Remote Desktop](https://support.microsoft.com/windows/how-to-use-remote-desktop-5fe128d5-8fb1-7a23-3b8a-41e636865e8c)

windows/client-management/docfx.json

@@ -21,6 +21,7 @@
         "files": [
           "**/*.png",
           "**/*.jpg",
+          "**/*.svg",
           "**/*.gif"
         ],
         "exclude": [

windows/client-management/mdm/bitlocker-csp.md

@@ -1348,6 +1348,13 @@ Value type is string.
 
 Supported operation is Execute. Request ID is expected as a parameter.
 
+> [!NOTE]
+> Key rotation is supported only on these enrollment types. For more information, see [deviceEnrollmentType enum](/graph/api/resources/intune-devices-deviceenrollmenttype).
+>   - windowsAzureADJoin.
+>   - windowsBulkAzureDomainJoin. 
+>   - windowsAzureADJoinUsingDeviceAuth.
+>   - windowsCoManagement.
+
 > [!TIP]
 > Key rotation feature will only work when:
 >

windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md

@@ -14,7 +14,7 @@ ms.collection: highpri
 
 # Diagnose MDM failures in Windows 10
 
-To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs.
+To help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server, you can examine the MDM logs collected from the desktop. The following sections describe the procedures for collecting MDM logs.
 
 ## Download the MDM Diagnostic Information log from Windows 10 PCs
 
@@ -30,32 +30,34 @@ To help diagnose enrollment or device management issues in Windows 10 devices m
 
 1. In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
 
-## Use command to collect logs directly from Windows 10 PCs
+## Use command to collect logs directly from Windows 10 PCs
 
 You can also collect the MDM Diagnostic Information logs using the following command:
 
 ```xml
-mdmdiagnosticstool.exe -area DeviceEnrollment;DeviceProvisioning;Autopilot -zip c:\users\public\documents\MDMDiagReport.zip
+mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zip "c:\users\public\documents\MDMDiagReport.zip"
 ```
--   In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
+
+- In File Explorer, navigate to c:\Users\Public\Documents\MDMDiagnostics to see the report.
 
 ### Understanding zip structure
+
 The zip file will have logs according to the areas that were used in the command. This explanation is based on DeviceEnrollment, DeviceProvisioning and Autopilot areas. It applies to the zip files collected via command line or Feedback Hub
 
--   DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
--   DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
--   MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device ID, certificates, policies.
--   MdmDiagLogMetadata, json: mdmdiagnosticstool metadata file, contains command-line arguments used to run the tool
--   MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables
--   MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
--   MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
--   *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
+- DiagnosticLogCSP_Collector_Autopilot_*: Autopilot etls
+- DiagnosticLogCSP_Collector_DeviceProvisioning_*: Provisioning etls (Microsoft-Windows-Provisioning-Diagnostics-Provider)
+- MDMDiagHtmlReport.html: Summary snapshot of MDM space configurations and policies. Includes, management url, MDM server device ID, certificates, policies.
+- MdmDiagLogMetadata, json: mdmdiagnosticstool metadata file, contains command-line arguments used to run the tool
+- MDMDiagReport.xml: contains a more detail view into the MDM space configurations, e.g enrollment variables
+- MdmDiagReport_RegistryDump.reg: contains dumps from common MDM registry locations
+- MdmLogCollectorFootPrint.txt: mdmdiagnosticslog tool logs from running the command
+- *.evtx: Common event viewer logs microsoft-windows-devicemanagement-enterprise-diagnostics-provider-admin.evtx main one that contains MDM events.
 
-## Collect logs directly from Windows 10 PCs
+## Collect logs directly from Windows 10 PCs
 
-Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
+Starting with the Windows 10, version 1511, MDM logs are captured in the Event Viewer in the following location:
 
--   Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
+- Applications and Services Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostic-Provider
 
 Here's a screenshot:
 
@@ -63,34 +65,34 @@ Here's a screenshot:
 
 In this location, the **Admin** channel logs events by default. However, if you need more details logs you can enable **Debug** logs by choosing **Show Analytic and Debug** logs option in **View** menu in Event Viewer.
 
-**To collect Admin logs**
+### Collect admin logs
 
-1.  Right click on the **Admin** node.
-2.  Select **Save all events as**.
-3.  Choose a location and enter a filename.
-4.  Click **Save**.
-5.  Choose **Display information for these languages** and then select **English**.
-6.  Click **Ok**.
+1. Right click on the **Admin** node.
+2. Select **Save all events as**.
+3. Choose a location and enter a filename.
+4. Click **Save**.
+5. Choose **Display information for these languages** and then select **English**.
+6. Click **Ok**.
 
 For more detailed logging, you can enable **Debug** logs. Right click on the **Debug** node and then click **Enable Log**.
 
-**To collect Debug logs**
+### Collect debug logs
 
-1.  Right click on the **Debug** node.
-2.  Select **Save all events as**.
-3.  Choose a location and enter a filename.
-4.  Click **Save**.
-5.  Choose **Display information for these languages** and then select **English**.
-6.  Click **Ok**.
+1. Right click on the **Debug** node.
+2. Select **Save all events as**.
+3. Choose a location and enter a filename.
+4. Click **Save**.
+5. Choose **Display information for these languages** and then select **English**.
+6. Click **Ok**.
 
-You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC running the November 2015 update.
+You can open the log files (.evtx files) in the Event Viewer on a Windows 10 PC running the November 2015 update.
 
-## Collect logs remotely from Windows 10 PCs
+## Collect logs remotely from Windows 10 PCs
 
 When the PC is already enrolled in MDM, you can remotely collect logs from the PC through the MDM channel if your MDM server supports this facility. The [DiagnosticLog CSP](diagnosticlog-csp.md) can be used to enable an event viewer channel by full name. Here are the Event Viewer names for the Admin and Debug channels:
 
--   Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
--   Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
+- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FAdmin
+- Microsoft-Windows-DeviceManagement-Enterprise-Diagnostics-Provider%2FDebug
 
 Example: Enable the Debug channel logging
 
@@ -235,27 +237,27 @@ After the logs are collected on the device, you can retrieve the files through t
 
 For best results, ensure that the PC or VM on which you're viewing logs matches the build of the OS from which the logs were collected.
 
-1.  Open eventvwr.msc.
-2.  Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
+1. Open eventvwr.msc.
+2. Right-click on **Event Viewer(Local)** and select **Open Saved Log**.
 
     ![event viewer screenshot.](images/diagnose-mdm-failures9.png)
 
-3.  Navigate to the etl file that you got from the device and then open the file.
-4.  Click **Yes** when prompted to save it to the new log format.
+3. Navigate to the etl file that you got from the device and then open the file.
+4. Click **Yes** when prompted to save it to the new log format.
 
     ![event viewer prompt.](images/diagnose-mdm-failures10.png)
 
     ![diagnose mdm failures.](images/diagnose-mdm-failures11.png)
 
-5.  The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
+5. The new view contains traces from the channel. Click on **Filter Current Log** from the **Actions** menu.
 
     ![event viewer actions.](images/diagnose-mdm-failures12.png)
 
-6.  Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
+6. Add a filter to Event sources by selecting **DeviceManagement-EnterpriseDiagnostics-Provider** and click **OK**.
 
     ![event filter for Device Management.](images/diagnose-mdm-failures13.png)
 
-7.  Now you're ready to start reviewing the logs.
+7. Now you're ready to start reviewing the logs.
 
     ![event viewer review logs.](images/diagnose-mdm-failures14.png)
 
@@ -283,5 +285,3 @@ Here's an example of how to collect current MDM device state data using the [Dia
   </SyncBody>
 </SyncML>
 ```
-
- 

windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md

@@ -7,7 +7,7 @@ ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: vinaypamnani-msft
-ms.date: 01/03/2022
+ms.date: 08/19/2022
 ms.reviewer: 
 manager: aaroncz
 ---
@@ -3757,7 +3757,7 @@ ADMX Info:
 
 <!--/Scope-->
 <!--Description-->
-This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 14 days.
+This policy setting allows you to define the number of days that must pass before spyware security intelligence is considered out of date. If security intelligence is determined to be out of date, this state may trigger several other actions, including falling back to an alternative update source or displaying a warning icon in the user interface. By default, this value is set to 7 days.
 
 We don't recommend setting the value to less than 2 days to prevent machines from going out of date.
 

windows/client-management/mdm/policy-csp-experience.md

@@ -925,10 +925,10 @@ The following list shows the supported values:
 
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
-|Home|No|Yes|
+|Home|No|No|
 |Pro|No|Yes|
 |Windows SE|No|Yes|
-|Business|No|No|
+|Business|No|Yes|
 |Enterprise|No|Yes|
 |Education|No|Yes|
 

windows/client-management/mdm/policy-csp-update.md

@@ -3524,8 +3524,8 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
-- 0: (Default) Detect, download, and deploy Driver from Windows Update. 
-- 1: Enabled, Detect, download, and deploy Driver from Windows Server Update Server (WSUS). 
+- 0: (Default) Detect, download, and deploy Drivers from Windows Update. 
+- 1: Enabled, Detect, download, and deploy Drivers from Windows Server Update Server (WSUS). 
 
 <!--/SupportedValues-->
 <!--/Policy-->
@@ -3560,7 +3560,7 @@ The table below shows the applicability of Windows:
 
 <!--/Scope-->
 <!--Description-->
-Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
+Configure this policy to specify whether to receive Windows Feature Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
 
 If you configure this policy, also configure the scan source policies for other update types:
 - SetPolicyDrivenUpdateSourceForQualityUpdates
@@ -3582,8 +3582,8 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
-- 0: (Default) Detect, download, and deploy Feature from Windows Update. 
-- 1: Enabled, Detect, download, and deploy Feature from Windows Server Update Server (WSUS). 
+- 0: (Default) Detect, download, and deploy Feature Updates from Windows Update. 
+- 1: Enabled, Detect, download, and deploy Feature Updates from Windows Server Update Server (WSUS). 
 
 <!--/SupportedValues-->
 <!--/Policy-->
@@ -3618,7 +3618,7 @@ The table below shows the applicability of Windows:
 
 <!--/Scope-->
 <!--Description-->
-Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
+Configure this policy to specify whether to receive Other Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
 
 If you configure this policy, also configure the scan source policies for other update types:
 - SetPolicyDrivenUpdateSourceForFeatureUpdates
@@ -3640,8 +3640,8 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
-- 0: (Default) Detect, download, and deploy Other from Windows Update.
-- 1: Enabled, Detect, download, and deploy Other from Windows Server Update Server (WSUS). 
+- 0: (Default) Detect, download, and deploy Other updates from Windows Update.
+- 1: Enabled, Detect, download, and deploy Other updates from Windows Server Update Server (WSUS). 
 
 <!--/SupportedValues-->
 <!--/Policy-->
@@ -3676,7 +3676,7 @@ The table below shows the applicability of Windows:
 
 <!--/Scope-->
 <!--Description-->
-Configure this policy to specify whether to receive Windows Driver Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
+Configure this policy to specify whether to receive Windows Quality Updates from Windows Update endpoint, managed by Windows Update for Business policies, or through your configured Windows Server Update Service (WSUS) server. 
 
 If you configure this policy, also configure the scan source policies for other update types:
 - SetPolicyDrivenUpdateSourceForFeatureUpdates
@@ -3698,8 +3698,8 @@ ADMX Info:
 <!--SupportedValues-->
 The following list shows the supported values:
 
-- 0: (Default) Detect, download, and deploy Quality from Windows Update. 
-- 1: Enabled, Detect, download, and deploy Quality from Windows Server Update Server (WSUS). 
+- 0: (Default) Detect, download, and deploy Quality Updates from Windows Update. 
+- 1: Enabled, Detect, download, and deploy Quality Updates from Windows Server Update Server (WSUS). 
 
 <!--/SupportedValues-->
 <!--/Policy-->

windows/client-management/troubleshoot-stop-errors.md

@@ -14,6 +14,8 @@ ms.collection: highpri
 
 # Advanced troubleshooting for stop or blue screen errors
 
+<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=31806236" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues</span>
+
 > [!NOTE]
 > If you're not a support agent or IT professional, you'll find more helpful information about stop error ("blue screen") messages in [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).
 

windows/client-management/troubleshoot-windows-startup.md

@@ -13,6 +13,8 @@ manager: dansimp
 
 # Advanced troubleshooting for Windows start-up issues
 
+<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=31806273" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues</span>
+
 In these topics, you will learn how to troubleshoot common problems that are related to Windows startup.
 
 ## How it works

windows/configuration/docfx.json

@@ -21,6 +21,7 @@
         "files": [
           "**/*.png",
           "**/*.jpg",
+          "**/*.svg",
           "**/*.gif"
         ],
         "exclude": [

windows/deployment/update/windows-update-errors.md

@@ -17,6 +17,8 @@ ms.collection: highpri
 -   Windows 10
 -   Windows 11
 
+<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=31806295" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows Update issues</span>
+
 The following table provides information about common errors you might run into with Windows Update, as well as steps to help you mitigate them.
 
 ## 0x8024402F

windows/deployment/upgrade/troubleshoot-upgrade-errors.md

@@ -18,6 +18,8 @@ ms.topic: article
 > This is a 300 level topic (moderately advanced).<br>
 > See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
 
+<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=31806293" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues</span>
+
 If a Windows 10 upgrade is not successful, it can be very helpful to understand *when* an error occurred in the upgrade process. 
 
 > [!IMPORTANT]

windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md

@@ -117,8 +117,8 @@ Since existing Windows 365 Cloud PCs already have an existing Azure AD device ID
 **To register devices with Windows Autopatch:**
 
 1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
-2. Select **Windows Autopatch** from the left navigation menu.
-3. Select **Devices**.
+2. Select **Devices** from the left navigation menu.
+3. Under the **Windows Autopatch** section, select **Devices**.
 4. Select either the **Ready** or the **Not ready** tab, then select the **Windows Autopatch Device Registration** hyperlink. The Azure Active Directory group blade opens.
 5. Add either devices through direct membership, or other Azure AD dynamic or assigned groups as nested groups in the **Windows Autopatch Device Registration** group.
 
@@ -148,6 +148,7 @@ Windows 365 Enterprise gives IT admins the option to register devices with the W
 1. Select **Create**. Now your newly provisioned Windows 365 Enterprise Cloud PCs will automatically be enrolled and managed by Windows Autopatch.
 
 For more information, see [Create a Windows 365 Provisioning Policy](/windows-365/enterprise/create-provisioning-policy).
+
 ### Contact support for device registration-related incidents
 
 Support is available either through Windows 365, or the Windows Autopatch Service Engineering team for device registration-related incidents.

windows/deployment/windows-autopatch/operate/windows-autopatch-maintain-environment.md

@@ -26,5 +26,4 @@ After you've completed enrollment in Windows Autopatch, some management settings
 
 | Setting | Description |
 | ----- | ----- |
-| Conditional access policies | If you create any new conditional access or multi-factor authentication policies related to Azure AD, or Microsoft Intune after Windows Autopatch enrollment, exclude the Modern Workplace Service Accounts Azure AD group from them. For more information, see [Conditional Access: Users and groups](/azure/active-directory/conditional-access/concept-conditional-access-users-groups). Windows Autopatch maintains separate conditional access policies to restrict access to these accounts.<p>**To review the Windows Autopatch conditional access policy (Modern Workplace – Secure Workstation):**</p><p>Go to Microsoft Endpoint Manager and navigate to **Conditional Access** in **Endpoint Security**. Do **not** modify any Azure AD conditional access policies created by Windows Autopatch that have "**Modern Workplace**" in the name.</p> |
 | Update rings for Windows 10 or later | For any update rings for Windows 10 or later policies you've created, exclude the **Modern Workplace Devices - All** Azure AD group from each policy. For more information, see [Create and assign update rings](/mem/intune/protect/windows-10-update-rings#create-and-assign-update-rings).<p>Windows Autopatch will also have created some update ring policies. all of which The policies will have "**Modern Workplace**" in the name. For example:</p><ul><li>Modern Workplace Update Policy [Broad]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Fast]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [First]-[Windows Autopatch]</li><li>Modern Workplace Update Policy [Test]-[Windows Autopatch]</li></ul><p>When you update your own policies, ensure that you don't exclude the **Modern Workplace Devices - All** Azure AD group from the policies that Windows Autopatch created.</p><p>**To resolve the Not ready result:**</p><p>After enrolling into Autopatch, make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p><p>**To resolve the Advisory result:**</p><ol><li>Make sure that any update ring policies you have **exclude** the **Modern Workplace Devices - All** Azure Active Directory (AD) group.</li> <li>If you have assigned Azure AD user groups to these policies, make sure that any update ring policies you have also **exclude** the **Modern Workplace - All** Azure AD group that you add your Windows Autopatch users to (or an equivalent group).</li></ol><p>For more information, see [Manage Windows 10 software updates in Intune](/mem/intune/protect/windows-update-for-business-configure).</p> |

windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md

@@ -41,8 +41,6 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro
 | ----- | ----- |
 | Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices.  You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. |
 | Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. For more information, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). |
-| Windows Autopatch cloud service accounts | After unenrollment, you may safely remove the cloud service accounts created during the enrollment process. The accounts are:<ul><li>MsAdmin</li><li>MsAdminInt</li><li>MsTest</li></ul> |
-| Conditional access policy | After unenrollment, you may safely remove the **Modern Workplace – Secure Workstation** conditional access policy. |
 | Microsoft Endpoint Manager roles | After unenrollment, you may safely remove the Modern Workplace Intune Admin role. |
 
 ## Unenroll from Windows Autopatch

windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md

@@ -46,7 +46,7 @@ Each deployment ring has a different set of update deployment policies to contro
 Also, during the [device registration process](../deploy/windows-autopatch-device-registration-overview.md), Windows Autopatch assigns each device being registered to one of its deployment rings so that the service has the proper representation of the device diversity across the organization in each deployment ring. The deployment ring distribution is designed to release software update deployments to as few devices as possible to get the signals needed to make a quality evaluation of a given update deployment.
 
 > [!NOTE]
-> Windows Autopatch deployment rings only apply to Windows quality updates. Additionally, you can't create additional deployment rings or use your own for devices managed by the Windows Autopatch service.
+> You can't create additional deployment rings or use your own for devices managed by the Windows Autopatch service.
 
 ### Deployment ring calculation logic
 

windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml

@@ -4,7 +4,7 @@ metadata:
   description: Answers to frequently asked questions about Windows Autopatch.
   ms.prod: w11
   ms.topic: faq
-  ms.date: 08/08/2022
+  ms.date: 08/26/2022
   audience: itpro
   ms.localizationpriority: medium
   manager: dougeby
@@ -67,10 +67,10 @@ sections:
           No, Windows 365 Enterprise Cloud PC's support all features of Windows Autopatch. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
       - question: Do my Cloud PCs appear any differently in the Windows Autopatch admin center?
         answer: |
-          Cloud PC displays the model as the license type you have provisioned. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
+          Cloud PC displays the model as the license type you have provisioned. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#windows-autopatch-on-windows-365-enterprise-workloads).
       - question: Can I run Autopatch on my Windows 365 Business Workloads?
         answer: |
-          No. Autopatch is only available on enterprise workloads. For more information, see [Virtual devices](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#virtual-devices).
+          No. Autopatch is only available on enterprise workloads. For more information, see [Windows Autopatch on Windows 365 Enterprise Workloads](/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices#windows-autopatch-on-windows-365-enterprise-workloads).
   - name: Update Management
     questions: 
       - question: What systems does Windows Autopatch update?

windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md

@@ -14,7 +14,7 @@ msreviewer: hathind
 
 # Enroll your tenant
 
-Before you enroll in Windows Autopatch, there are settings and other parameters you must set ahead of time.
+Before you enroll in Windows Autopatch, there are settings, and other parameters you must set ahead of time.
 
 > [!IMPORTANT]
 > You must be a Global Administrator to enroll your tenant.
@@ -30,7 +30,7 @@ To start using the Windows Autopatch service, ensure you meet the [Windows Autop
 > [!IMPORTANT]
 > The online Readiness assessment tool helps you check your readiness to enroll in Windows Autopatch for the first time. Once you enroll, you'll no longer be able to access the  tool again.
 
-The Readiness assessment tool checks the settings in [Microsoft Endpoint Manager](#microsoft-intune-settings) (specifically, Microsoft Intune) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager Co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
+The Readiness assessment tool checks the settings in [Microsoft Endpoint Manager](#microsoft-intune-settings) (specifically, Microsoft Intune) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
 
 **To access and run the Readiness assessment tool:**
 
@@ -43,8 +43,6 @@ The Readiness assessment tool checks the settings in [Microsoft Endpoint Manager
 > [!IMPORTANT]
 > If you don't see the Tenant enrollment blade, this is because you don't meet the prerequisites or the proper licenses. For more information, see [Windows Autopatch prerequisites](windows-autopatch-prerequisites.md#more-about-licenses).
 
-A Global Administrator should be used to run this tool. Other roles, such as the Global Reader and Intune Administrator have insufficient permissions to complete the checks on Conditional Access Policies and Multi-factor Authentication. For more information about the extra permissions, see [Conditional access policies](../prepare/windows-autopatch-fix-issues.md#conditional-access-policies).
-
 The Readiness assessment tool checks the following settings:
 
 ### Microsoft Intune settings
@@ -62,9 +60,7 @@ The following are the Azure Active Directory settings:
 
 | Check | Description |
 | ----- | ----- |
-| Conditional access | Verifies that conditional access policies and multi-factor authentication aren't assigned to all users.<p><p>Your conditional access policies must not prevent our service accounts from accessing the service and must not require multi-factor authentication. For more information, see [Conditional access policies](../prepare/windows-autopatch-fix-issues.md#conditional-access-policies). |
-| Windows Autopatch cloud service accounts | Checks that no usernames conflict with ones that Windows Autopatch reserves for its own use. The cloud service accounts are:<ul><li>MsAdmin</li><li>MsAdminInt</li><li>MsTest</li></ul> For more information, see [Tenant access](../references/windows-autopatch-privacy.md#tenant-access). |
-| Security defaults | Checks whether your Azure Active Directory organization has security defaults enabled. |
+| Co-management |  This advisory check only applies if co-management is applied to your tenant. This check ensures that the proper workloads are in place for Windows Autopatch. If co-management doesn't apply to your tenant, this check can be safely disregarded, and won't block device deployment. |
 | Licenses | Checks that you've obtained the necessary [licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). |
 
 ### Check results

windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md

@@ -25,7 +25,7 @@ For each check, the tool will report one of four possible results:
 | Ready | No action is required before completing enrollment. |
 | Advisory | Follow the steps in the tool or this article for the best experience with enrollment and for users.<p><p>You can complete enrollment, but you must fix these issues before you deploy your first device. |
 | Not ready | You must fix these issues before enrollment. You won’t be able to enroll into Windows Autopatch if you don't fix these issues. Follow the steps in the tool or this article to resolve them.  |
-| Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permission to run this check or your tenant is not properly licensed for Microsoft Intune. |
+| Error | The Azure Active Directory (AD) role you're using doesn't have sufficient permission to run this check or your tenant isn't properly licensed for Microsoft Intune. |
 
 > [!NOTE]
 > The results reported by this tool reflect the status of your settings only at the time that you ran it. If you make changes later to policies in Microsoft Intune, Azure Active Directory (AD), or Microsoft 365, items that were "Ready" can become "Not ready". To avoid problems with Windows Autopatch operations, review the specific settings described in this article before you change any policies.
@@ -55,14 +55,13 @@ Your "Windows 10 update ring" policy in Intune must not target any Windows Autop
 
 You can access Azure Active Directory (AD) settings in the [Azure portal](https://portal.azure.com/).
 
-### Conditional access policies
+### Co-management
 
-Conditional access policies must not prevent Windows Autopatch from connecting to your tenant.
+Co-management enables you to concurrently manage Windows 10 or later devices by using both Configuration Manager and Microsoft Intune.
 
 | Result | Meaning |
 | ----- | ----- |
-| Advisory | You have at least one conditional access policy that targets all users or at least one conditional access policy set as required for multi-factor authentication. These policies could prevent Windows Autopatch from managing the Windows Autopatch service.<p><p>During enrollment, we'll attempt to exclude Windows Autopatch service accounts from relevant conditional access policies and apply new conditional access policies to restrict access to these accounts. However, if we're unsuccessful, this can cause errors during your enrollment experience.<p><p>For best practice, [create an assignment that targets a specific Azure Active Directory (AD) group](/azure/active-directory/fundamentals/active-directory-groups-create-azure-portal) that doesn't include Windows Autopatch service accounts.</p> |
-| Error | The Intune Administrator  role doesn't have sufficient permissions for this check. You'll also need to have these Azure Active Directory (AD) roles assigned to run this check:<br><ul><li>Security Reader</li><li>Security Administrator</li><li>Conditional Access Administrator</li><li>Global Reader</li><li>Devices Administrator</li></ul> |
+| Advisory | To successfully enroll devices that are co-managed into Windows Autopatch, it's necessary that the following co-managed workloads are set to **Intune**:<ul><li>Device configuration</li><li>Windows update policies</li><li>Office 365 client apps</li></ul><p>If co-management doesn't apply to your tenant, this check can be safely disregarded, and it won't block device deployment.</p> |
 
 ### Licenses
 
@@ -71,19 +70,3 @@ Windows Autopatch requires the following licenses:
 | Result | Meaning |
 | ----- | ----- |
 | Not ready | Windows Autopatch requires Windows 10/11 Enterprise E3 (or higher) to be assigned to your users. Additionally, Azure Active Directory Premium, and Microsoft Intune are required. For more information, see [more about licenses](../prepare/windows-autopatch-prerequisites.md#more-about-licenses). |
-
-### Windows Autopatch cloud service accounts
-
-Certain account names could conflict with account names created  by Windows Autopatch.
-
-| Result | Meaning |
-| ----- | ----- |
-| Not ready | You have at least one account name that will conflict with account names created by Windows Autopatch. The cloud service accounts are:<ul><li>MsAdmin</li><li>MsAdminInt</li><li>MsTest</li></ul><p>You must either rename or remove conflicting accounts to move forward with enrolling to the Windows Autopatch service as we'll create these accounts as part of running our service. For more information, see [Tenant Access](../references/windows-autopatch-privacy.md#tenant-access).</p> |
-
-### Security defaults
-
-Security defaults in Azure Active Directory (AD) will prevent Windows Autopatch from managing your devices.
-
-| Result | Meaning |
-| ----- | ----- |
-| Not ready | You have Security defaults turned on. Turn off Security defaults and set up conditional access policies. For more information, see [Common conditional access policies](/azure/active-directory/conditional-access/concept-conditional-access-policy-common). |

windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md

@@ -22,7 +22,7 @@ Windows Autopatch will create a service principal in your tenant allowing the se
 
 ## Azure Active Directory groups
 
-Windows Autopatch will create Azure Active Directory groups that are required to operate the service. The following groups are used for targeting Windows Autopatch configurations to devices and management of the service by our service accounts.
+Windows Autopatch will create Azure Active Directory groups that are required to operate the service. The following groups are used for targeting Windows Autopatch configurations to devices and management of the service by our [first party enterprise applications](#windows-autopatch-enterprise-applications).
 
 | Group name | Description |
 | ----- | ----- |
@@ -37,10 +37,6 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 | Modern Workplace Devices Dynamic - Windows 11 | Microsoft Managed Desktop Devices with Windows 11<p>Group Rule:<ul><li>`(device.devicePhysicalIds -any _ -startsWith \"[OrderID]:Microsoft365Managed_\")`</li><li>`(device.deviceOSVersion -startsWith \"10.0.22000\")`</li></ul><br>Exclusions:<ul><li>Modern Workplace - Telemetry Settings for Windows 10</li></ul> |
 | Modern Workplace Roles - Service Administrator | All users granted access to Modern Workplace Service Administrator Role |
 | Modern Workplace Roles - Service Reader | All users granted access to Modern Workplace Service Reader Role |
-| Modern Workplace Service - Intune Admin All | Group for Intune Admins<p>Assigned to: <ul><li>Modern Workplace Service Accounts</li></ul>|
-| Modern Workplace Service - Intune Reader All | Group for Intune readers<p>Assigned to: <ul><li>Modern Workplace Service Accounts</li></ul>|
-| Modern Workplace Service - Intune Reader MMD | Group for Intune readers of MMD devices and users<p>Assigned to:<ul><li>Modern Workplace Service Accounts</li></ul>| 
-| Modern Workplace Service Accounts | Group for Windows Autopatch service accounts |
 | Windows Autopatch Device Registration | Group for automatic device registration for Windows Autopatch |
 
 ## Windows Autopatch enterprise applications
@@ -56,19 +52,6 @@ Windows Autopatch creates an enterprise application in your tenant. This enterpr
 > [!NOTE]
 > Enterprise application authentication is only available on tenants enrolled after July 9th, 2022. For tenants enrolled before this date, Enterprise Application authentication will be made available for enrollment soon.
 
-## Windows Autopatch cloud service accounts  
-
-Windows Autopatch will create three cloud service accounts in your tenant. These accounts are used to run the service and all need to be excluded from any multi-factor authentication controls.
-
-> [!NOTE]
-> Effective Aug 15th, 2022, these accounts will no longer be added to newly enrolled tenants, and existing tenants will be provided an option to migrate to enterprise application-based authentication. These accounts will be removed with that transition.
-
-| Cloud service account name | Usage | Mitigating controls |
-| ----- | ----- | ------ |
-| MsAdmin@tenantDomain.onmicrosoft.com | <ul><li>This account is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Microsoft Modern desktop devices.</li><li>This account doesn't have interactive sign-in permissions.  The account performs operations only through the service.</li></ul> | Audited sign-ins |
-| MsAdminInt@tenantDomain.onmicrosoft.com | <ul><li>This account is an Intune and User administrator account used to define and configure the tenant for Modern Workplace devices.</li><li>This account is used for interactive sign-in to the customers’ tenant.</li><li>The use of this account is extremely limited as most operations are exclusively through msadmin (non-interactive).</li> | <ul><li>Restricted to be accessed only from defined secure access workstations (SAWs) through the Modern Workplace - Secure Workstation conditional access policy.</li><li>Audited sign-ins</li></ul> |
-| MsTest@tenantDomain.onmicrosoft.com | This is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins |
-
 ## Device configuration policies
 
 - Modern Workplace - Set MDM to Win Over GPO
@@ -145,15 +128,6 @@ Windows Autopatch will create three cloud service accounts in your tenant. These
 | Modern Workplace - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
 | Modern Workplace - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test </li></ul>| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
 
-## Conditional access policies
-
-> [!NOTE]
-> Effective Aug 15, 2022, the following policy will no longer be added to newly enrolled tenants, and existing tenants will be provided an option to migrate to enterprise application-based authentication. This policy will be removed with that transition.
-
-| Conditional access policy | Description |
-| ----- | ----- |
-| Modern Workplace - Secure Workstation | This policy is targeted to only the Windows Autopatch cloud service accounts. The policy blocks access to the tenant unless the user is accessing the tenant from a Microsoft authorized location. |
-
 ## PowerShell scripts
 
 | Script | Description |

windows/privacy/changes-to-windows-diagnostic-data-collection.md

@@ -108,7 +108,7 @@ If you don’t sign up for any of these enterprise services, Microsoft will act
 
 ### Rollout plan for this change
 
-This change will roll out initially to Windows devices enrolled in the [Dev Channel](/windows-insider/flighting#dev-channel) of the Windows Insider program no earlier than July 2022. Once the rollout is initiated, devices in the Dev Channel that are joined to an Azure AD tenant with a billing address in the EU or EFTA will be automatically enabled for the processor configuration option.
+This change will rollout in phases, starting  with Windows devices enrolled in the [Dev Channel](/windows-insider/flighting#dev-channel) of the Windows Insider program. Starting in build 25169, devices in the Dev Channel that are joined to an Azure AD tenant with a billing address in the EU or EFTA will be automatically enabled for the processor configuration option.
 
 During this initial rollout, the following conditions apply to devices in the Dev Channel that are joined to an Azure AD tenant with a billing address outside of the EU or EFTA:
 

windows/privacy/docfx.json

@@ -21,6 +21,7 @@
         "files": [
           "**/*.png",
           "**/*.jpg",
+          "**/*.svg",
           "**/*.gif"
         ],
         "exclude": [

windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md

@@ -234,70 +234,34 @@ The _PIN reset_ configuration can be viewed by running [**dsregcmd /status**](/a
 
 **Applies to:**
 
-- Windows 10, version 1803 or later
-- Windows 11
-- Azure AD joined
-
-The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that are allowed to be navigated to during PIN reset flows on Azure AD-joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
-
-### Configuring Policy Using Intune
-
-1. Sign-in to [Endpoint Manager admin center](https://endpoint.microsoft.com/) using a Global administrator account.
-
-1. Click **Devices**. Click **Configuration profiles**. Click **Create profile**.
-
-1. For Platform select **Windows 10 and later** and for Profile type select **Templates**. In the list of templates that is loaded, select **Custom** and click Create.
-
-1. In the **Name** field type **Web Sign In Allowed URLs** and optionally provide a description for the configuration. Click Next.
-
-1. On the Configuration settings page, click **Add** to add a custom OMA-URI setting. Provide the following information for the custom settings:
-
-    - **Name:** Web Sign In Allowed URLs
-    - **Description:** (Optional) List of domains that are allowed during PIN reset flows.
-    - **OMA-URI:** ./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls
-    - **Data type:** String
-    - **Value**: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be _signin.contoso.com;portal.contoso.com_ (without quotation marks)
-
-    :::image type="content" alt-text="Custom Configuration for ConfigureWebSignInAllowedUrls policy." source="images/pinreset/allowlist.png" lightbox="images/pinreset/allowlist.png":::
-
-1. Click the **Save** button to save the custom configuration.
-
-1. On the Assignments page, use the Included groups and Excluded groups sections to define the groups of users or devices that should receive this policy. Once you have completed configuring groups click the Next button.
-
-1. On the Applicability rules page, click **Next**.
-
-1. Review the configuration that is shown on the Review + create page to make sure that it is accurate. Click create to save the profile and apply it to the configured groups.
-
-### Configure Web Sign-in Allowed URLs for Third Party Identity Providers on Azure AD Joined Devices
+- Azure AD joined devices
 
 The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that can be reached during PIN reset flows on Azure AD-joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
 
+### Configure Web Sign-in Allowed URLs using Microsoft Intune
 
-#### Configure Web Sign-in Allowed URLs using Microsoft Intune
-
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
-1. Select **Devices** > **Configuration profiles** > **Create profile**.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com)
+1. Select **Devices** > **Configuration profiles** > **Create profile**
 1. Enter the following properties:
-    - **Platform**: Select **Windows 10 and later**.
-    - **Profile type**: Select **Templates**.
-    - In the list of templates that is loaded, select **Custom** > **Create**.
+    - **Platform**: Select **Windows 10 and later**
+    - **Profile type**: Select **Templates**
+    - In the list of templates that is loaded, select **Custom** > **Create**
 1. In **Basics**, enter the following properties:
-    - **Name**: Enter a descriptive name for the profile.
-    - **Description**: Enter a description for the profile. This setting is optional, but recommended.
-1. Select **Next**.
+    - **Name**: Enter a descriptive name for the profile
+    - **Description**: Enter a description for the profile. This setting is optional, but recommended
+1. Select **Next**
 1. In **Configuration settings**, select **Add** and enter the following settings:
     - Name: **Web Sign In Allowed URLs**
     - Description: **(Optional) List of domains that are allowed during PIN reset flows**
     - OMA-URI: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`
     - Data type: **String**
-    - Value: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be **signin.contoso.com;portal.contoso.com** (without quotation marks).
+    - Value: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be **signin.contoso.com;portal.contoso.com**
     :::image type="content" alt-text="Custom Configuration for ConfigureWebSignInAllowedUrls policy." source="images/pinreset/allowlist.png" lightbox="images/pinreset/allowlist-expanded.png":::
-1. Select **Save** > **Next**.
-1. In **Assignments**, select the security groups that will receive the policy.
-1. Select **Next**.
-1. In **Applicability Rules**, select **Next**.
-1. In **Review + create**, review your settings and select **Create**.
-
+1. Select **Save** > **Next**
+1. In **Assignments**, select the security groups that will receive the policy
+1. Select **Next**
+1. In **Applicability Rules**, select **Next**
+1. In **Review + create**, review your settings and select **Create**
 
 > [!NOTE]
 > For Azure Government, there is a known issue with PIN reset on Azure AD Joined devices failing. When the user attempts to launch PIN reset, the PIN reset UI shows an error page that says, "We can't open that page right now." The ConfigureWebSignInAllowedUrls policy can be used to work around this issue. If you are experiencing this problem and you are using Azure US Government cloud, set **login.microsoftonline.us** as the value for the ConfigureWebSignInAllowedUrls policy.

windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md

@@ -253,3 +253,7 @@ Windows Hello for Business cloud trust requires line of sight to a domain contro
 ### Can I use RDP/VDI with Windows Hello for Business cloud trust?
 
 Windows Hello for Business cloud trust cannot be used as a supplied credential with RDP/VDI. Similar to key trust, cloud trust can be used for RDP with [remote credential guard](/windows/security/identity-protection/remote-credential-guard) or if a [certificate is enrolled into Windows Hello for Business](hello-deployment-rdp-certs.md) for this purpose.
+
+### Do all my domain controllers need to be fully patched as per the prerequisites for me to use Windows Hello for Business cloud trust?
+
+No, only the number necessary to handle the load from all cloud trust devices.

windows/security/information-protection/bitlocker/bitlocker-recovery-guide-plan.md

@@ -497,7 +497,7 @@ You can reset the recovery password in two ways:
 > [!NOTE]
 > To manage a remote computer, you can specify the remote computer name rather than the local computer name.
 
-You can use the following sample script to create a VBScript file to reset the recovery passwords:
+You can use the following sample VBScript to reset the recovery passwords:
 
 ```vb
 ' Target drive letter

windows/security/threat-protection/microsoft-defender-application-guard/configure-md-app-guard.md

@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 03/10/2022
+ms.date: 08/22/2022
 ms.reviewer: 
 manager: dansimp
 ms.custom: sasr
@@ -30,6 +30,9 @@ Application Guard uses both network isolation and application-specific settings.
 
 These settings, located at `Computer Configuration\Administrative Templates\Network\Network Isolation`, help you define and manage your organization's network boundaries. Application Guard uses this information to automatically transfer any requests to access the non-corporate resources into the Application Guard container.
 
+> [!NOTE]
+> For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you don't need to configure network isolation policy to enable Application Guard for Microsoft Edge.
+
 > [!NOTE]
 > You must configure either the Enterprise resource domains hosted in the cloud or Private network ranges for apps settings on your employee devices to successfully turn on Application Guard using enterprise mode. Proxy servers must be a neutral resource listed in the **Domains categorized as both work and personal** policy.
  
@@ -55,9 +58,8 @@ These settings, located at `Computer Configuration\Administrative Templates\Wind
 |-----------|------------------|-----------|-------|
 |Configure Microsoft Defender Application Guard clipboard settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether Application Guard can use the clipboard functionality.|**Enabled.** Turns On the clipboard functionality and lets you choose whether to additionally:<br/>- Disable the clipboard functionality completely when Virtualization Security is enabled.<br/>- Enable copying of certain content from Application Guard into Microsoft Edge.<br/>- Enable copying of certain content from Microsoft Edge into Application Guard. **Important:** Allowing copied content to go from Microsoft Edge into Application Guard can cause potential security risks and isn't recommended.<p>**Disabled or not configured.** Completely turns Off the clipboard functionality for Application Guard.|
 |Configure Microsoft Defender Application Guard print settings|Windows 10 Enterprise, 1709 or higher<p>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether Application Guard can use the print functionality.|**Enabled.** Turns On the print functionality and lets you choose whether to additionally:<br/>- Enable Application Guard to print into the XPS format.<br/>- Enable Application Guard to print into the PDF format.<br/>- Enable Application Guard to print to locally attached printers.<br/>- Enable Application Guard to print from previously connected network printers. Employees can't search for other printers.<br/><br/>**Disabled or not configured.** Completely turns Off the print functionality for Application Guard.|
-|Prevent enterprise websites from loading non-enterprise content in Microsoft Edge and Internet Explorer|Windows 10 Enterprise, 1709 or higher<p>Windows 11|Determines whether to allow Internet access for apps not included on the **Allowed Apps** list.|**Enabled.** Prevents network traffic from both Internet Explorer and Microsoft Edge to non-enterprise sites that can't render in the Application Guard container. <p>**NOTE**: This action might also block assets cached by CDNs and references to analytics sites. Add them to the trusted enterprise resources to avoid broken pages.<p>**Disabled or not configured.** Prevents Microsoft Edge to render network traffic to non-enterprise sites that can't render in Application Guard. |
 |Allow Persistence|Windows 10 Enterprise, 1709 or higher<br><br>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether data persists across different sessions in Microsoft Defender Application Guard.|**Enabled.** Application Guard saves user-downloaded files and other items (such as, cookies, Favorites, and so on) for use in future Application Guard sessions.<p>**Disabled or not configured.** All user data within Application Guard is reset between sessions.<p>**NOTE**: If you later decide to stop supporting data persistence for your employees, you can use our Windows-provided utility to reset the container and to discard any personal data.<p>**To reset the container:**<br/>1. Open a command-line program and navigate to `Windows/System32`.<br/>2. Type `wdagtool.exe cleanup`. The container environment is reset, retaining only the employee-generated data.<br/>3. Type `wdagtool.exe cleanup RESET_PERSISTENCE_LAYER`. The container environment is reset, including discarding all employee-generated data.|
-|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher<p>Windows 11|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering non-enterprise domains in the Application Guard container. Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office.|
+|Turn on Microsoft Defender Application Guard in Managed Mode|Windows 10 Enterprise, 1809 or higher<p>Windows 11|Determines whether to turn on Application Guard for Microsoft Edge and Microsoft Office.|**Enabled.** Turns on Application Guard for Microsoft Edge and/or Microsoft Office, honoring the network isolation settings, rendering untrusted content in the Application Guard container. Application Guard won't actually be turned on unless the required prerequisites and network isolation settings are already set on the device. Available options:<br/>- Enable Microsoft Defender Application Guard only for Microsoft Edge<br/>- Enable Microsoft Defender Application Guard only for Microsoft Office<br/>- Enable Microsoft Defender Application Guard for both Microsoft Edge and Microsoft Office<br/><br/>**Disabled.** Turns off Application Guard, allowing all apps to run in Microsoft Edge and Microsoft Office. <br/><br/>**Note:** For Windows 10, if you have KB5014666 installed, and for Windows 11, if you have KB5014668 installed, you are no longer required to configure network isolation policy to enable Application Guard for Edge.|
 |Allow files to download to host operating system|Windows 10 Enterprise, 1803 or higher<p>Windows 11|Determines whether to save downloaded files to the host operating system from the Microsoft Defender Application Guard container.|**Enabled.** Allows users to save downloaded files from the Microsoft Defender Application Guard container to the host operating system. This action creates a share between the host and container that also allows for uploads from the host to the Application Guard container.<p>**Disabled or not configured.** Users aren't able to save downloaded files from Application Guard to the host operating system.|
 |Allow hardware-accelerated rendering for Microsoft Defender Application Guard|Windows 10 Enterprise, 1803 or higher<br><br>Windows 10 Pro, 1803 or higher<p>Windows 11|Determines whether Microsoft Defender Application Guard renders graphics using hardware or software acceleration.|**Enabled.** Microsoft Defender Application Guard uses Hyper-V to access supported, high-security rendering graphics hardware (GPUs). These GPUs improve rendering performance and battery life while using Microsoft Defender Application Guard, particularly for video playback and other graphics-intensive use cases. If this setting is enabled without connecting any high-security rendering graphics hardware, Microsoft Defender Application Guard will automatically revert to software-based (CPU) rendering. **Important:** Enabling this setting with potentially compromised graphics devices or drivers might pose a risk to the host device.<br><br>**Disabled or not configured.** Microsoft Defender Application Guard uses software-based (CPU) rendering and won’t load any third-party graphics drivers or interact with any connected graphics hardware.|
 |Allow camera and microphone access in Microsoft Defender Application Guard|Windows 10 Enterprise, 1809 or higher<br><br>Windows 10 Pro, 1809 or higher<p>Windows 11|Determines whether to allow camera and microphone access inside Microsoft Defender Application Guard.|**Enabled.** Applications inside Microsoft Defender Application Guard are able to access the camera and microphone on the user's device. **Important:** Enabling this policy with a potentially compromised container could bypass camera and microphone permissions and access the camera and microphone without the user's knowledge.<p>**Disabled or not configured.** Applications inside Microsoft Defender Application Guard are unable to access the camera and microphone on the user's device.|

windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md

@@ -8,7 +8,7 @@ ms.pagetype: security
 ms.localizationpriority: medium
 author: denisebmsft
 ms.author: deniseb
-ms.date: 10/20/2021
+ms.date: 08/25/2022
 ms.reviewer: 
 manager: dansimp
 ms.custom: asr
@@ -19,8 +19,8 @@ ms.technology: windows-sec
 
 **Applies to** 
 
-- Windows 10
-- Windows 11
+- Windows 10 Education, Enterprise, and Professional
+- Windows 11 Education, Enterprise, and Professional
 
 The threat landscape is continually evolving. While hackers are busy developing new techniques to breach enterprise networks by compromising workstations, phishing schemes remain one of the top ways to lure employees into social engineering attacks. Microsoft Defender Application Guard is designed to help prevent old, and newly emerging attacks, to help keep employees productive.
 
@@ -31,6 +31,9 @@ The threat landscape is continually evolving. While hackers are busy developing
 
 Your environment must have the following hardware to run Microsoft Defender Application Guard.
 
+> [!NOTE]
+> Application Guard currently isn't supported on Windows 11 ARM64 devices.
+
 | Hardware | Description |
 |--------|-----------|
 | 64-bit CPU|A 64-bit computer with minimum four cores (logical processors) is required for hypervisor and virtualization-based security (VBS). For more info about Hyper-V, see [Hyper-V on Windows Server 2016](/windows-server/virtualization/hyper-v/hyper-v-on-windows-server) or [Introduction to Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/about/). For more info about hypervisor, see [Hypervisor Specifications](/virtualization/hyper-v-on-windows/reference/tlfs).|
@@ -45,6 +48,6 @@ Your environment must have the following hardware to run Microsoft Defender Appl
 
 | Software | Description |
 |--------|-----------|
-| Operating system | Windows 10 Enterprise edition, version 1809 or higher <br/> Windows 10 Professional edition, version 1809 or higher <br/> Windows 10 Professional for Workstations edition, version 1809 or higher <br/> Windows 10 Professional Education edition, version 1809 or higher <br/> Windows 10 Education edition, version 1809 or higher <br/> Professional editions are only supported for non-managed devices; Intune or any other third-party mobile device management (MDM) solutions aren't supported with MDAG for Professional editions. <br/> Windows 11 |
+| Operating system | Windows 10 Enterprise edition, version 1809 or higher <br/> Windows 10 Professional edition, version 1809 or higher <br/> Windows 10 Professional for Workstations edition, version 1809 or higher <br/> Windows 10 Professional Education edition, version 1809 or higher <br/> Windows 10 Education edition, version 1809 or higher <br/> Professional editions are only supported for non-managed devices; Intune or any other third-party mobile device management (MDM) solutions aren't supported with MDAG for Professional editions. <br/> Windows 11 Education, Enterprise, and Professional |
 | Browser | Microsoft Edge |
 | Management system <br> (only for managed devices)| [Microsoft Intune](/intune/) <p> **OR** <p> [Microsoft Endpoint Configuration Manager](/configmgr/) <p> **OR** <p> [Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11)) <p> **OR** <p>Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Mirosoft MDM solutions, see the documentation that came with your product. |

windows/whats-new/docfx.json

@@ -21,6 +21,7 @@
         "files": [
           "**/**/*.png",
           "**/**/*.jpg",
+          "**/*.svg",
           "**/**/*.gif"
         ],
         "exclude": [