Merge branch 'main' into aljupudi-5864419-cspimprovement-part7

2025-05-12 05:17:22 +00:00 · 2022-06-10 14:33:16 -07:00 · 2022-06-10 14:33:16 -07:00 · bea96b09d1
commit bea96b09d1
parent 1726db6298 dee5669222
808 changed files with 14295 additions and 8240 deletions
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@ -19448,7 +19448,7 @@
    {
      "source_path": "windows/security/threat-protection/intelligence/supply-chain-malware.md",
      "redirect_url": "/microsoft-365/security/intelligence/supply-chain-malware",
-      "redirect_document_id": true  
+      "redirect_document_id": false 
    },
    {
      "source_path": "windows/security/threat-protection/intelligence/support-scams.md",
@ -19498,7 +19498,7 @@
    { 
     "source_path": "education/itadmins.yml",
     "redirect_url": "/education",
-     "redirect_document_id": true
+     "redirect_document_id": false
    },
    { 
     "source_path": "education/partners.yml",
@ -19539,6 +19539,21 @@
      "source_path": "windows/client-management/mdm/messaging-csp.md",
      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
      "redirect_document_id": false
-     }      
+     },
     { 
      "source_path": "windows/client-management/mdm/policymanager-csp.md",
      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
      "redirect_document_id": false
     }, 
     { 
      "source_path": "windows/client-management/mdm/proxy-csp.md",
      "redirect_url": "/windows/client-management/mdm/configuration-service-provider-reference",
      "redirect_document_id": false
     },
     {
      "source_path": "windows/client-management/img-boot-sequence.md",
      "redirect_url": "/windows/client-management/advanced-troubleshooting-boot-problems#boot-sequence",
      "redirect_document_id": false
     }
  ]
 }
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@ -2,104 +2,84 @@
 Thank you for your interest in the Windows IT professional documentation! We appreciate your feedback, edits, and additions to our docs.
 This page covers the basic steps for editing our technical documentation.
 For a more up-to-date and complete contribution guide, see the main [Microsoft Docs contributor guide overview](https://docs.microsoft.com/contribute/).
 ## Sign a CLA
-All contributors who are ***not*** a Microsoft employee must [sign a Microsoft Contribution Licensing Agreement (CLA)](https://cla.microsoft.com/) before editing any Microsoft repositories. 
+All contributors who are ***not*** a Microsoft employee or vendor must [sign a Microsoft Contributor License Agreement (CLA)](https://cla.microsoft.com/) before editing any Microsoft repositories.
-If you've already edited within Microsoft repositories in the past, congratulations! 
+If you've already edited within Microsoft repositories in the past, congratulations!
 You've already completed this step.
 ## Editing topics
 We've tried to make editing an existing, public file as simple as possible.
->**Note**<br>
+> **Note**<br>
->At this time, only the English (en-us) content is available for editing.
+> At this time, only the English (en-us) content is available for editing. If you have suggestions for edits to localized content, file feedback on the article.
-**To edit a topic**
+### To edit a topic
-1. Go to the page on docs.microsoft.com that you want to update, and then click **Edit**.
+1. Go to the page on [docs.microsoft.com](https://docs.microsoft.com/) that you want to update.
-    ![GitHub Web, showing the Edit link.](images/contribute-link.png)
+    > **Note**<br>
    > If you're a Microsoft employee or vendor, before you edit the article, append `review.` to the beginning of the URL. This action lets you use the private repository, **windows-docs-pr**. For more information, see the [internal contributor guide](https://review.docs.microsoft.com/help/get-started/edit-article-in-github?branch=main).
-2. Log into (or sign up for) a GitHub account.
+1. Then select the **Pencil** icon.
    You must have a GitHub account to get to the page that lets you edit a topic.
-3. Click the **Pencil** icon (in the red box) to edit the content.
+    ![Microsoft Docs Web, showing the Edit This Document link.](images/contribute-link.png)
-    ![GitHub Web, showing the Pencil icon in the red box.](images/pencil-icon.png)
+    If the pencil icon isn't present, the content might not be open to public contributions. Some pages are generated (for example, from inline documentation in code) and must be edited in the project they belong to. This isn't always the case and you might be able to find the documentation by searching the [Microsoft Docs Organization on GitHub](https://github.com/MicrosoftDocs).
-4. Using Markdown language, make your changes to the topic. For info about how to edit content using Markdown, see:
+    > **TIP**<br>
-    - **If you're linked to the Microsoft organization in GitHub:** [Windows authoring guide](https://aka.ms/WindowsAuthoring)
+    > View the page source in your browser, and look for the following metadata: `original_content_git_url`. This path always points to the source markdown file for the article.
    - **If you're external to Microsoft:** [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) 
-5. Make your suggested change, and then click **Preview Changes** to make sure it looks correct.
+1. In GitHub, select the **Pencil** icon to edit the article. If the pencil icon is grayed out, you need to either sign in to your GitHub account or create a new account.
-    ![GitHub Web, showing the Preview Changes tab.](images/preview-changes.png)
+    ![GitHub Web, showing the Pencil icon.](images/pencil-icon.png)
-6. When you’re done editing the topic, scroll to the bottom of the page, and then click **Propose file change** to create a fork in your personal GitHub account.
+1. Using Markdown language, make your changes to the file. For info about how to edit content using Markdown, see the [Microsoft Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference) and GitHub's [Mastering Markdown](https://guides.github.com/features/mastering-markdown/) documentation.
-    ![GitHub Web, showing the Propose file change button.](images/propose-file-change.png)
+1. Make your suggested change, and then select **Preview changes** to make sure it looks correct.
-    The **Comparing changes** screen appears to see what the changes are between your fork and the original content.
+    ![GitHub Web, showing the Preview changes tab.](images/preview-changes.png)
-7. On the **Comparing changes** screen, you’ll see if there are any problems with the file you’re checking in.
+1. When you're finished editing, scroll to the bottom of the page. In the **Propose changes** area, enter a title and optionally a description for your changes. The title will be the first line of the commit message. Briefly state _what_ you changed. Select **Propose changes** to commit your changes:
    ![GitHub Web, showing the Propose changes button.](images/propose-changes.png)
 1. The **Comparing changes** screen appears to show what the changes are between your fork and the original content. On the **Comparing changes** screen, you'll see if there are any problems with the file you're checking. If there are no problems, you'll see the message **Able to merge**.
    If there are no problems, you’ll see the message, **Able to merge**.
    ![GitHub Web, showing the Comparing changes screen.](images/compare-changes.png)
-8. Click **Create pull request**.
+     Select **Create pull request**. Next, enter a title and description to give the approver the appropriate context about _why_ you're suggesting this change. Make sure that only your changed files are in this pull request; otherwise, you could overwrite changes from other people.
-9. Enter a title and description to give the approver the appropriate context about what’s in the request.
+1. Select **Create pull request** again to actually submit the pull request.
-10. Scroll to the bottom of the page, making sure that only your changed files are in this pull request. Otherwise, you could overwrite changes from other people.
+    The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to their respective article. This repository contains articles on some of the following topics:
-11. Click **Create pull request** again to actually submit the pull request.
+    - [Windows client documentation for IT Pros](https://docs.microsoft.com/windows/resources/)
    The pull request is sent to the writer of the topic and your edits are reviewed. If your request is accepted, updates are published to one of the following places:
    - [Windows 10](https://docs.microsoft.com/windows/windows-10)
    - [Microsoft Edge](https://docs.microsoft.com/microsoft-edge/deploy)
    - [Surface](https://docs.microsoft.com/surface)
    - [Surface Hub](https://docs.microsoft.com/surface-hub)
    - [HoloLens](https://docs.microsoft.com/hololens)
    - [Microsoft Store](https://docs.microsoft.com/microsoft-store)
    - [Windows 10 for Education](https://docs.microsoft.com/education/windows)
    - [Windows 10 for SMB](https://docs.microsoft.com/windows/smb)
-    
+    - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer/)
    - [Internet Explorer 11](https://docs.microsoft.com/internet-explorer)
    - [Microsoft Desktop Optimization Pack](https://docs.microsoft.com/microsoft-desktop-optimization-pack)
 ## Making more substantial changes
-To make substantial changes to an existing article, add or change images, or contribute a new article, you will need to create a local clone of the content. 
+To make substantial changes to an existing article, add or change images, or contribute a new article, you'll need to create a local clone of the content.
-For info about creating a fork or clone, see the GitHub help topic, [Fork a Repo](https://help.github.com/articles/fork-a-repo/).
+For info about creating a fork or clone, see [Set up a local Git repository](https://docs.microsoft.com/contribute/get-started-setup-local). The GitHub docs topic, [Fork a Repo](https://docs.github.com/articles/fork-a-repo), is also insightful.
-Fork the official repo into your personal GitHub account, and then clone the fork down to your local device.  Work locally, then push your changes back into your fork.  Then open a pull request back to the master branch of the official repo.
+Fork the official repo into your personal GitHub account, and then clone the fork down to your local device.  Work locally, then push your changes back into your fork.  Finally, open a pull request back to the main branch of the official repo.
 ## Using issues to provide feedback on documentation
 If you just want to provide feedback rather than directly modifying actual documentation pages, you can create an issue in the repository.
-At the top of a topic page you'll see an **Issues** tab. Click the tab and then click the **New issue** button. 
+At the top of an article, you'll see a feedback icon. Select the icon to go to the **Feedback** section at the bottom of the article. Then select **This page** to file feedback for the current article.
-Be sure to include the topic title and the URL for the page you're submitting the issue for, if that page is different from the page you launched the **New issue** dialog from.  
+In the new issue form, enter a brief title. In the body of the form, describe the concern, but don't modify the **Document Details** section. You can use markdown in this form. When you're ready, select **Submit new issue**.
 ## Resources
-You can use your favorite text editor to edit Markdown.  We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
+- You can use your favorite text editor to edit Markdown files.  We recommend [Visual Studio Code](https://code.visualstudio.com/), a free lightweight open source editor from Microsoft.
-
+- You can learn the basics of Markdown in just a few minutes.  To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
-You can learn the basics of Markdown in just a few minutes.  To get started, check out [Mastering Markdown](https://guides.github.com/features/mastering-markdown/).
+- Microsoft Docs uses several custom Markdown extensions. To learn more, see the [Microsoft Docs Markdown reference](https://docs.microsoft.com/contribute/markdown-reference).
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@ -111,7 +111,7 @@ Back up all your data before installing Windows 10 in S mode. Only personal file
 Windows 10 in S mode doesn't support non-Azure Active Directory domain accounts. Before installing Windows 10 in S mode, you must have at least one of these administrator accounts:
 - Local administrator
- Microsoft Account (MSA) administrator
+- Microsoft account administrator
 - Azure Active Directory administrator 
 > [!WARNING]
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@ -52,6 +52,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run
 |DRC INSIGHT Online Assessments	        |12.0.0.0  |Store    |Data recognition Corporation|
 |Duo from Cisco	                        |2.25.0     |Win32    |Cisco|
 |e-Speaking Voice and Speech recognition	|4.4.0.8 |Win32   |e-speaking|
 |eTests                                 |4.0.25    |Win32   |CASAS|
 |FortiClient	                        |7.0.1.0083	|Win32    |Fortinet|
 |Free NaturalReader	                    |16.1.2	    |Win32    |Natural Soft|
 |GoGuardian	                            |1.4.4	   |Win32     |GoGuardian|
@ -73,7 +74,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run
 |NextUp Talker	                        |1.0.49	    |Win32    |NextUp Technologies|
 |NonVisual Desktop Access	            |2021.3.1	|Win32    |NV Access|
 |NWEA Secure Testing Browser	        |5.4.300.0	 |Win32   |NWEA|
-|Pearson TestNav	                    |1.10.2.0	|Win32    |Pearson|
+|Pearson TestNav	                    |1.10.2.0	|Store    |Pearson|
 |Questar Secure Browser	                |4.8.3.376	|Win32    |Questar|
 |ReadAndWriteForWindows	                |12.0.60.0	 |Win32   |Texthelp Ltd.|
 |Remote Help	                        |3.8.0.12	 |Win32   |Microsoft|
@ -81,7 +82,7 @@ Windows 11 SE comes with some preinstalled apps. The following apps can also run
 |Safe Exam Browser                   	|3.3.2.413	  |Win32  |Safe Exam Browser|
 |Secure Browser	                    |14.0.0	   |Win32     |Cambium Development|
 |Secure Browser	                        |4.8.3.376	  |Win32  |Questar, Inc|
-|SensoCloud test	                    |2021.11.15.0	|Win32|Senso.Cloud|
+|Senso.Cloud	                    |2021.11.15.0	|Win32|Senso.Cloud|
 |SuperNova Magnifier & Screen Reader	|21.02	     |Win32   |Dolphin Computer Access|
 |Zoom	                                |5.9.1 (2581)|Win32	|Zoom|
 |ZoomText Fusion	                    |2022.2109.10|Win32	|Freedom Scientific|
--- a/images/compare-changes.png
+++ b/images/compare-changes.png
--- a/images/contribute-link.png
+++ b/images/contribute-link.png
--- a/images/pencil-icon.png
+++ b/images/pencil-icon.png
--- a/images/preview-changes.png
+++ b/images/preview-changes.png
--- a/images/propose-changes.png
+++ b/images/propose-changes.png
--- a/images/propose-file-change.png
+++ b/images/propose-file-change.png
--- a/smb/breadcrumb/toc.yml
+++ b/smb/breadcrumb/toc.yml
@ -1,10 +1,11 @@
 items:
 - name: Docs
  tocHref: /
  topicHref: /
  items:
    - name: Windows
      tocHref: /windows
-      topicHref: https://docs.microsoft.com/windows/#pivot=it-pro
+      topicHref: /windows/resources/
      items:
      - name: SMB
        tocHref: /windows/smb
--- a/smb/cloud-mode-business-setup.md
+++ b/smb/cloud-mode-business-setup.md
@ -574,7 +574,7 @@ See [Add users to Office 365](/microsoft-365/admin/add-users/add-users) to learn
 To learn more about the services and tools mentioned in this walkthrough, and learn what other tasks you can do, follow these links:
 - [Set up Office 365 for business](/microsoft-365/admin/setup)
 - Common admin tasks in Office 365 including email and OneDrive in [Manage Office 365](/microsoft-365/admin/)
- More info about managing devices, apps, data, troubleshooting, and more in the [/mem/intune/](/mem/intune/)
+- More info about managing devices, apps, data, troubleshooting, and more in the [Intune documentation](/mem/intune/)
 - Learn more about Windows client in the [Windows client documentation for IT Pros](/windows/resources/).
 - Info about distributing apps to your employees, managing apps, managing settings, and more in [Microsoft Store for Business](/microsoft-store/)
--- a/store-for-business/manage-private-store-settings.md
+++ b/store-for-business/manage-private-store-settings.md
@ -50,10 +50,11 @@ You can create collections of apps within your private store. Collections allow
 You can add a collection to your private store from the private store, or from the details page for an app.
 **From private store**
 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
 2. Click your private store.</br>
-    ![Image showing private store name on MSfB store UI.](images/msfb-click-private-store.png)
+    ![Image showing private store name on Microsoft Store for Business store UI.](images/msfb-click-private-store.png)
 3. Click **Add a Collection**.</br>
    ![Image showing Add a Collection.](images/msfb-add-collection.png)
@ -65,6 +66,7 @@ You can add a collection to your private store from the private store, or from t
 > New collections require at least one app, or they will not be created.
 **From app details page**
 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
 2. Click **Manage**, and then click **Products & services**.
 3. Under **Apps & software**, choose an app you want to include in a new collection.
@ -84,12 +86,13 @@ If you've already added a Collection to your private store, you can easily add a
 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
 2. Click your private store.</br>
-    ![Image showing private store name on MSfB store UI.](images/msfb-click-private-store.png)
+    ![Image showing private store name on Microsoft Store for Business store UI.](images/msfb-click-private-store.png)
 3. Click the ellipses next to the collection name, and click **Edit collection**.
 4. Add or remove products from the collection, and then click **Done**.
 You can also add an app to a collection from the app details page.
 1. Sign in to [Microsoft Store for Business](https://businessstore.microsoft.com) or [Microsoft Store for Education](https://educationstore.microsoft.com).
 2. Click **Manage**, and then click **Products & services**.
 3. Under **Apps & software**, choose an app you want to include in a new collection.
--- a/store-for-business/working-with-line-of-business-apps.md
+++ b/store-for-business/working-with-line-of-business-apps.md
@ -45,7 +45,7 @@ You'll need to set up:
 -   LOB publishers need to have an app in Microsoft Store, or have an app ready to submit to the Store.
 The process and timing look like this:
-![Process showing LOB workflow in Microsoft Store for Business. Includes workflow for MSFB admin, LOB publisher, and Developer.](images/lob-workflow.png)
+![Process showing LOB workflow in Microsoft Store for Business. Includes workflow for Microsoft Store for Business admin, LOB publisher, and Developer.](images/lob-workflow.png)
 ## <a href="" id="add-lob-publisher"></a>Add an LOB publisher (Admin)
 Admins need to invite developer or ISVs to become an LOB publisher.
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@ -31,7 +31,7 @@ Organizations that use Windows Server Update Services (WSUS) must take action to
   1. Download the FOD .cab file:
        - [Windows 11, version 21H2](https://software-download.microsoft.com/download/sg/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd_64~~.cab)
-        - [Windows 10, version 2004](https://software-download.microsoft.com/download/pr/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
+        - [Windows 10, version 2004](https://software-static.download.prss.microsoft.com/pr/download/6cf73b63/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
        - [Windows 10, version 1903 and 1909](https://software-download.microsoft.com/download/pr/Microsoft-Windows-Holographic-Desktop-FOD-Package-31bf3856ad364e35-amd64.cab)
        - [Windows 10, version 1809](https://software-download.microsoft.com/download/pr/microsoft-windows-holographic-desktop-fod-package31bf3856ad364e35amd64_1.cab)
        - [Windows 10, version 1803](https://download.microsoft.com/download/9/9/3/9934B163-FA01-4108-A38A-851B4ACD1244/Microsoft-Windows-Holographic-Desktop-FOD-Package~31bf3856ad364e35~amd64~~.cab)
--- a/windows/client-management/advanced-troubleshooting-boot-problems.md
+++ b/windows/client-management/advanced-troubleshooting-boot-problems.md
@ -2,11 +2,11 @@
 title: Advanced troubleshooting for Windows boot problems
 description: Learn to troubleshoot when Windows can't boot. This article includes advanced troubleshooting techniques intended for use by support agents and IT professionals.
 ms.prod: w10
-ms.sitesec: library
+ms.technology: windows
 author: aczechowski
 ms.localizationpriority: medium
 ms.date: 06/02/2022
 author: aczechowski
 ms.author: aaroncz
 ms.date: 11/16/2018
 ms.reviewer: 
 manager: dougeby
 ms.topic: troubleshooting
@ -15,16 +15,15 @@ ms.collection: highpri
 # Advanced troubleshooting for Windows boot problems
-<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=boot" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues</span>
+<p class="alert is-flex is-primary"><span class="has-padding-left-medium has-padding-top-extra-small"><a class="button is-primary" href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=boot" target='_blank'><b>Try our Virtual Agent</b></a></span><span class="has-padding-small"> - It can help you quickly identify and fix common Windows boot issues.</span>
 > [!NOTE]
-> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/help/12415).
+> This article is intended for use by support agents and IT professionals. If you're looking for more general information about recovery options, see [Recovery options in Windows 10](https://support.microsoft.com/windows/recovery-options-in-windows-31ce2444-7de3-818c-d626-e3b5a3024da5).
 ## Summary
 There are several reasons why a Windows-based computer may have problems during startup. To troubleshoot boot problems, first determine in which of the following phases the computer gets stuck:
 |   Phase   |     Boot Process     |                BIOS                |               UEFI                |
 |-----------|----------------------|------------------------------------|-----------------------------------|
 |     1     |       PreBoot        |      MBR/PBR (Bootstrap Code)      |           UEFI Firmware           |
@ -32,31 +31,21 @@ There are several reasons why a Windows-based computer may have problems during
 |     3     |  Windows OS Loader   | %SystemRoot%\system32\winload.exe  | %SystemRoot%\system32\winload.efi |
 |     4     | Windows NT OS Kernel | %SystemRoot%\system32\ntoskrnl.exe |                                   |
-**1. PreBoot**
+1. **PreBoot**: The PC's firmware initiates a power-on self test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
-The PC’s firmware initiates a Power-On Self Test (POST) and loads firmware settings. This pre-boot process ends when a valid system disk is detected. Firmware reads the master boot record (MBR), and then starts Windows Boot Manager.
+2. **Windows Boot Manager**: Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
-**2. Windows Boot Manager**
+3. **Windows operating system loader**: Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
-Windows Boot Manager finds and starts the Windows loader (Winload.exe) on the Windows boot partition.
+4. **Windows NT OS Kernel**: The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
-**3. Windows operating system loader**
+    The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
 Essential drivers required to start the Windows kernel are loaded and the kernel starts to run.
 **4. Windows NT OS Kernel**
 The kernel loads into memory the system registry hive and other drivers that are marked as BOOT_START.
 The kernel passes control to the session manager process (Smss.exe) which initializes the system session, and loads and starts the devices and drivers that aren't marked BOOT_START.
 Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before starting troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement.
 ![thumbnail of boot sequence flowchart.](images/boot-sequence-thumb.png)<br>
 [Click to enlarge](img-boot-sequence.md)<br>
 <a name="boot-sequence"></a>
 Here's a summary of the boot sequence, what will be seen on the display, and typical boot problems at that point in the sequence. Before you start troubleshooting, you have to understand the outline of the boot process and display status to ensure that the issue is properly identified at the beginning of the engagement. Select the thumbnail to view it larger.
 :::image type="content" source="images/boot-sequence-thumb.png" alt-text="Diagram of the boot sequence flowchart." lightbox="images/boot-sequence.png":::
 Each phase has a different approach to troubleshooting. This article provides troubleshooting techniques for problems that occur during the first three phases.
@ -69,7 +58,6 @@ Each phase has a different approach to troubleshooting. This article provides tr
 >
 > `Bcdedit /set {default} bootmenupolicy legacy`
 ## BIOS phase
 To determine whether the system has passed the BIOS phase, follow these steps:
@ -86,26 +74,25 @@ To determine whether the system has passed the BIOS phase, follow these steps:
 If the screen is black except for a blinking cursor, or if you receive one of the following error codes, this status indicates that the boot process is stuck in the Boot Loader phase:
-   Boot Configuration Data (BCD) missing or corrupted
+- Boot Configuration Data (BCD) missing or corrupted
-   Boot file or MBR corrupted
+- Boot file or MBR corrupted
-   Operating system Missing
+- Operating system Missing
-   Boot sector missing or corrupted
+- Boot sector missing or corrupted
-   Bootmgr missing or corrupted
+- Bootmgr missing or corrupted
-   Unable to boot due to system hive missing or corrupted
+- Unable to boot due to system hive missing or corrupted
 To troubleshoot this problem, use Windows installation media to start the computer, press Shift+F10 for a command prompt, and then use any of the following methods.
 To troubleshoot this problem, use Windows installation media to start the computer, press **Shift** + **F10** for a command prompt, and then use any of the following methods.
 ### Method 1: Startup Repair tool
 The Startup Repair tool automatically fixes many common problems. The tool also lets you quickly diagnose and repair more complex startup problems. When the computer detects a startup problem, the computer starts the Startup Repair tool. When the tool starts, it performs diagnostics. These diagnostics include analyzing startup log files to determine the cause of the problem. When the Startup Repair tool determines the cause, the tool tries to fix the problem automatically.
-To do this task of invoking the Startup Repair tool, follow these steps.
+To do this task of invoking the Startup Repair tool, follow these steps.
 > [!NOTE]
-> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#span-identrypointsintowinrespanspan-identrypointsintowinrespanspan-identrypointsintowinrespanentry-points-into-winre).
+> For additional methods to start WinRE, see [Windows Recovery Environment (Windows RE)](/windows-hardware/manufacture/desktop/windows-recovery-environment--windows-re--technical-reference#entry-points-into-winre).
-1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/help/15088).
+1. Start the system to the installation media for the installed version of Windows. For more information, see [Create installation media for Windows](https://support.microsoft.com/windows/create-installation-media-for-windows-99a58364-8c02-206f-aa6f-40c3b507420d).
 2. On the **Install Windows** screen, select **Next** > **Repair your computer**.
@ -117,28 +104,26 @@ To do this task of invoking the Startup Repair tool, follow these steps.
 The Startup Repair tool generates a log file to help you understand the startup problems and the repairs that were made. You can find the log file in the following location:
-**%windir%\System32\LogFiles\Srt\Srttrail.txt**
+`%windir%\System32\LogFiles\Srt\Srttrail.txt`
 For more information, see [A Stop error occurs, or the computer stops responding when you try to start Windows Vista or Windows 7](https://support.microsoft.com/help/925810/a-stop-error-occurs-or-the-computer-stops-responding-when-you-try-to-s)
 For more information, see [Troubleshoot blue screen errors](https://support.microsoft.com/sbs/windows/troubleshoot-blue-screen-errors-5c62726c-6489-52da-a372-3f73142c14ad).
 ### Method 2: Repair Boot Codes
 To repair boot codes, run the following command:
-```console
+```command
 BOOTREC /FIXMBR
 ```
 To repair the boot sector, run the following command:
-```console
+```command
 BOOTREC /FIXBOOT
 ```
 > [!NOTE]
-> Running **BOOTREC** together with **Fixmbr** overwrites only the master boot code. If the corruption in the MBR affects the partition table, running **Fixmbr** may not fix the problem.
+> Running `BOOTREC` together with `Fixmbr` overwrites only the master boot code. If the corruption in the MBR affects the partition table, running `Fixmbr` may not fix the problem.
 ### Method 3: Fix BCD errors
@ -146,15 +131,15 @@ If you receive BCD-related errors, follow these steps:
 1. Scan for all the systems that are installed. To do this step, run the following command:
-   ```console
+   ```command
   Bootrec /ScanOS
   ```
 2. Restart the computer to check whether the problem is fixed.
 3. If the problem isn't fixed, run the following commands:
-    
+
-    ```console
+    ```command
    bcdedit /export c:\bcdbackup
    attrib c:\boot\bcd -r -s -h
@ -172,128 +157,116 @@ If methods 1, 2 and 3 don't fix the problem, replace the Bootmgr file from drive
 1. At a command prompt, change the directory to the System Reserved partition.
-2. Run the **attrib** command to unhide the file:
+2. Run the `attrib` command to unhide the file:
-    ```console
+    ```command
    attrib -r -s -h
    ```
 3. Navigate to the system drive and run the same command:
-    ```console
+    ```command
    attrib -r -s -h
    ```
-4. Rename the Bootmgr file as Bootmgr.old:
+4. Rename the `bootmgr` file as `bootmgr.old`:
-    ```console
+    ```command
    ren c:\bootmgr bootmgr.old
    ```
 5. Navigate to the system drive.
-6. Copy the Bootmgr file, and then paste it to the System Reserved partition.
+6. Copy the `bootmgr` file, and then paste it to the System Reserved partition.
 7. Restart the computer.
-### Method 5: Restore System Hive
+### Method 5: Restore system hive
-If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step,, use the Windows Recovery Environment or use Emergency Repair Disk (ERD) to copy the files from the C:\Windows\System32\config\RegBack to C:\Windows\System32\config.
+If Windows can't load the system registry hive into memory, you must restore the system hive. To do this step, use the Windows Recovery Environment or use the Emergency Repair Disk (ERD) to copy the files from the `C:\Windows\System32\config\RegBack` directory to `C:\Windows\System32\config`.
 If the problem persists, you may want to restore the system state backup to an alternative location, and then retrieve the registry hives to be replaced.
 > [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder)
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
 ## Kernel Phase
 If the system gets stuck during the kernel phase, you experience multiple symptoms or receive multiple error messages. These error messages include, but aren't limited to, the following examples:
-   A Stop error appears after the splash screen (Windows Logo screen).
+- A Stop error appears after the splash screen (Windows Logo screen).
-   Specific error code is displayed.
+- Specific error code is displayed. For example, `0x00000C2` , `0x0000007B` , or `inaccessible boot device`.
  - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
  - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
-    For example, "0x00000C2" , "0x0000007B" , "inaccessible boot device" and so on.  
+- The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
    - [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
    - [Advanced troubleshooting for Event ID 41 "The system has rebooted without cleanly shutting down first"](troubleshoot-event-id-41-restart.md)
-   The screen is stuck at the "spinning wheel" (rolling dots) "system busy" icon.
+- A black screen appears after the splash screen.
 -   A black screen appears after the splash screen.
 To troubleshoot these problems, try the following recovery boot options one at a time.
-**Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration**
+### Scenario 1: Try to start the computer in Safe mode or Last Known Good Configuration
 On the **Advanced Boot Options** screen, try to start the computer in **Safe Mode** or **Safe Mode with Networking**. If either of these options works, use Event Viewer to help identify and diagnose the cause of the boot problem. To view events that are recorded in the event logs, follow these steps:
-1.  Use one of the following methods to open Event Viewer:
+1. Use one of the following methods to open Event Viewer:
-    -   Click **Start**, point to **Administrative Tools**, and then click
+    - Go to the **Start** menu, select **Administrative Tools**, and then select **Event Viewer**.
        **Event Viewer**.
-    -   Start the Event Viewer snap-in in Microsoft Management Console (MMC).
+    - Start the Event Viewer snap-in in Microsoft Management Console (MMC).
-2.  In the console tree, expand Event Viewer, and then click the log that you
+2. In the console tree, expand Event Viewer, and then select the log that you want to view. For example, choose **System log** or **Application log**.
    want to view. For example, click **System log** or **Application log**.
-3.  In the details pane, double-click the event that you want to view.
+3. In the details pane, open the event that you want to view.
-4.  On the **Edit** menu, click **Copy**, open a new document in the program in
+4. On the **Edit** menu, select **Copy**. Open a new document in the program in which you want to paste the event. For example, Microsoft Word. Then select **Paste**.
    which you want to paste the event (for example, Microsoft Word), and then
    click **Paste**.
 5.  Use the Up Arrow or Down Arrow key to view the description of the previous
    or next event.
 5. Use the up arrow or down arrow key to view the description of the previous or next event.
 ### Clean boot
-To troubleshoot problems that affect services, do a clean boot by using System Configuration (msconfig).
+To troubleshoot problems that affect services, do a clean boot by using System Configuration (`msconfig`).
 Select **Selective startup** to test the services one at a time to determine which one is causing the problem. If you can't find the cause, try including system services. However, in most cases, the problematic service is third-party.
 Disable any service that you find to be faulty, and try to start the computer again by selecting **Normal startup**.
-For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/help/929135/how-to-perform-a-clean-boot-in-windows).
+For detailed instructions, see [How to perform a clean boot in Windows](https://support.microsoft.com/topic/how-to-perform-a-clean-boot-in-windows-da2f9573-6eec-00ad-2f8a-a97a1807f3dd).
 If the computer starts in Disable Driver Signature mode, start the computer in Disable Driver Signature Enforcement mode, and then follow the steps that are documented in the following article to determine which drivers or files require driver signature enforcement:
-[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64)
+[Troubleshooting boot problem caused by missing driver signature (x64)](/archive/blogs/askcore/troubleshooting-boot-issues-due-to-missing-driver-signature-x64)
 > [!NOTE]
 > If the computer is a domain controller, try Directory Services Restore mode (DSRM).
 >
 > This method is an important step if you encounter Stop error "0xC00002E1" or "0xC00002E2"
-
+#### Examples
 **Examples**
 > [!WARNING]
-> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft cannot guarantee that these
+> Serious problems might occur if you modify the registry incorrectly by using Registry Editor or by using another method. These problems might require that you reinstall the operating system. Microsoft can't guarantee that these problems can be solved. Modify the registry at your own risk.
 problems can be solved. Modify the registry at your own risk.
 *Error code INACCESSIBLE_BOOT_DEVICE (STOP 0x7B)*
 To troubleshoot this Stop error, follow these steps to filter the drivers:
-1.  Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
+1. Go to Windows Recovery Environment (WinRE) by putting an ISO disk of the system in the disk drive. The ISO should be of the same version of Windows or a later version.
-2.  Open the registry.
+2. Open the registry.
-3.  Load the system hive, and name it as "test."
+3. Load the system hive, and name it **test**.
-4.  Under the following registry subkey, check for lower filter and upper filter items for Non-Microsoft Drivers:  
+4. Under the following registry subkey, check for lower filter and upper filter items for non-Microsoft drivers:
    **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Control\\Class**  
 5.  For each third-party driver that you locate, click the upper or lower filter, and then delete the value data.
-6.  Search through the whole registry for similar items. Process as an appropriate, and then unload the registry hive.
+    `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class`
-7.  Restart the server in Normal mode.
+5. For each third-party driver that you locate, select the upper or lower filter, and then delete the value data.
-For more troubleshooting steps, see the following articles:
+6. Search through the whole registry for similar items. Process as appropriate, and then unload the registry hive.
- [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md)
+7. Restart the server in Normal mode.
 For more troubleshooting steps, see [Advanced troubleshooting for Stop error 7B or Inaccessible_Boot_Device](./troubleshoot-inaccessible-boot-device.md).
 To fix problems that occur after you install Windows updates, check for pending updates by using these steps:
@ -301,16 +274,15 @@ To fix problems that occur after you install Windows updates, check for pending
 2. Run the command:
-    ```console
+    ```command
    DISM /image:C:\ /get-packages
    ```
 3. If there are any pending updates, uninstall them by running the following commands:
-    ```console
+    ```command
    DISM /image:C:\ /remove-package /packagename: name of the package
-    ```
+
    ```console
    DISM /Image:C:\ /Cleanup-Image /RevertPendingActions
    ```
@ -318,72 +290,67 @@ To fix problems that occur after you install Windows updates, check for pending
 If the computer doesn't start, follow these steps:
-1.  Open A Command Prompt window in WinRE, and start a text editor, such as Notepad.
+1. Open a command prompt window in WinRE, and start a text editor, such as Notepad.
-2.  Navigate to the system drive, and search for windows\winsxs\pending.xml.
+2. Navigate to the system drive, and search for `windows\winsxs\pending.xml`.
-3.  If the Pending.xml file is found, rename the file as Pending.xml.old.
+3. If the pending.xml file is found, rename the file as `pending.xml.old`.
-4.  Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as a test.
+4. Open the registry, and then load the component hive in HKEY_LOCAL_MACHINE as test.
-5.  Highlight the loaded test hive, and then search for the **pendingxmlidentifier** value.
+5. Highlight the loaded test hive, and then search for the `pendingxmlidentifier` value.
-6.  If the **pendingxmlidentifier** value exists, delete the value.
+6. If the `pendingxmlidentifier` value exists, delete it.
-7.  Unload the test hive.
+7. Unload the test hive.
-8.  Load the system hive, name it as "test".
+8. Load the system hive, name it **test**.
-9.  Navigate to the following subkey:  
+9. Navigate to the following subkey:
-      
+
-    **HKEY_LOCAL_MACHINE\\SYSTEM\\ControlSet001\\Services\\TrustedInstaller**  
+    `HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\TrustedInstaller`
-    
+
-10. Change the **Start** value from **1** to **4**
+10. Change the **Start** value from `1` to `4`.
 11. Unload the hive.
 12. Try to start the computer.
-If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For details, see the following articles:
+If the Stop error occurs late in the startup process, or if the Stop error is still being generated, you can capture a memory dump. A good memory dump can help determine the root cause of the Stop error. For more information, see [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md).
- [Generate a kernel or complete crash dump](./generate-kernel-or-complete-crash-dump.md) 
+For more information about page file problems in Windows 10 or Windows Server 2016, see [Introduction to page files](./introduction-page-file.md).
-For more information about page file problems in Windows 10 or Windows Server 2016, see the following article:
+For more information about Stop errors, see [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md).
 - [Introduction to page files](./introduction-page-file.md)
-For more information about Stop errors, see the following Knowledge Base article:
+Sometimes the dump file shows an error that's related to a driver. For example, `windows\system32\drivers\stcvsm.sys` is missing or corrupted. In this instance, follow these guidelines:
 - [Advanced troubleshooting for Stop error or blue screen error issue](./troubleshoot-stop-errors.md)
-
+- Check the functionality that's provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
 If the dump file shows an error that is related to a driver (for example, windows\system32\drivers\stcvsm.sys is missing or corrupted), follow these guidelines:
 - Check the functionality that is provided by the driver. If the driver is a third-party boot driver, make sure that you understand what it does.
 - If the driver isn't important and has no dependencies, load the system hive, and then disable the driver.
 - If the stop error indicates system file corruption, run the system file checker in offline mode.
-    - To do this, open WinRE, open a command prompt, and then run the following command:
+  - To do this action, open WinRE, open a command prompt, and then run the following command:
-        ```console
+    ```command
-        SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
+    SFC /Scannow /OffBootDir=C:\ /OffWinDir=C:\Windows
-        ```
+    ```
-        For more information, see [Using System File Checker (SFC) To Fix  Issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues)
+    For more information, see [Using system file checker (SFC) to fix issues](/archive/blogs/askcore/using-system-file-checker-sfc-to-fix-issues).
-    - If there's disk corruption, run the check disk command:
+  - If there's disk corruption, run the check disk command:
-        ```console
+    ```command
-        chkdsk /f /r
+    chkdsk /f /r
-        ```
+    ```
-    - If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
+- If the Stop error indicates general registry corruption, or if you believe that new drivers or services were installed, follow these steps:
-        1. Start WinRE, and open a Command Prompt window.
+  1. Start WinRE, and open a command prompt window.
-        2. Start a text editor, such as Notepad.
+  2. Start a text editor, such as Notepad.
-        3. Navigate to C:\Windows\System32\Config\.
+  3. Navigate to `C:\Windows\System32\Config\`.
-        4. Rename the all five hives by appending ".old" to the name.
+  4. Rename the all five hives by appending `.old` to the name.
-        5. Copy all the hives from the Regback folder, paste them in the Config folder, and then try to start the computer in Normal mode.
+  5. Copy all the hives from the `Regback` folder, paste them in the `Config` folder, and then try to start the computer in Normal mode.
 > [!NOTE]
-> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more details, check [this article](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
+> Starting in Windows 10, version 1803, Windows no longer automatically backs up the system registry to the RegBack folder.This change is by design, and is intended to help reduce the overall disk footprint size of Windows. To recover a system with a corrupt registry hive, Microsoft recommends that you use a system restore point. For more information, see [The system registry is no longer backed up to the RegBack folder starting in Windows 10 version 1803](/troubleshoot/windows-client/deployment/system-registry-no-backed-up-regback-folder).
--- a/windows/client-management/img-boot-sequence.md
+++ b/windows/client-management/img-boot-sequence.md
@ -1,17 +0,0 @@
 ---
 title: Boot sequence flowchart
 description: View a full-sized view of the boot sequence flowchart. Use the link to return to the Advanced troubleshooting for Windows boot problems article.
 ms.date: 11/16/2018
 ms.reviewer: 
 manager: dansimp
 ms.author: dansimp
 author: dansimp
 ms.topic: article
 ms.prod: w10
 ---
 # Boot sequence flowchart
 Return to: [Advanced troubleshooting for Windows boot problems](advanced-troubleshooting-boot-problems.md)<br>
 ![Full-sized boot sequence flowchart.](images/boot-sequence.png)
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@ -1,140 +1,136 @@
 ---
 title: Manage Windows 10 in your organization - transitioning to modern management
-description: This topic offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment.
+description: This article offers strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment.
 keywords: ["MDM", "device management", "group policy", "Azure Active Directory"]
 ms.prod: w10
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: devices
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 04/26/2018
+ms.date: 06/03/2022
 author: aczechowski
 ms.author: aaroncz
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
-ms.author: dansimp
+ms.topic: overview
 ms.topic: article
 ---
 # Manage Windows 10 in your organization - transitioning to modern management
 Use of personal devices for work, and employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows 10 offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows 10 devices gradually, following the normal upgrade schedules used in your organization.
-Your organization might have considered bringing in Windows 10 devices and downgrading them to Windows 7 until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it’s easy for versions to coexist.
+Your organization might have considered bringing in Windows 10 devices and downgrading them to an earlier version of Windows until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it's easy for versions to coexist.
-Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This “managed diversity” enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
+Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This "managed diversity" enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
 This six-minute video demonstrates how users can bring in a new retail device and be up and working with their personalized settings and a managed experience in a few minutes, without being on the corporate network. It also demonstrates how IT can apply policies and configurations to ensure device compliance.
 > [!VIDEO https://www.youtube.com/embed/g1rIcBhhxpA]
- >[!NOTE]
+> [!NOTE]
- >The video demonstrates the configuration process using the classic Azure portal, which is retired. Customers should use the new Azure portal. [Learn how use the new Azure portal to perform tasks that you used to do in the classic Azure portal.](/information-protection/deploy-use/migrate-portal)
+> The video demonstrates the configuration process using the classic Azure portal, which is retired. Customers should use the new Azure portal. [Learn how use the new Azure portal to perform tasks that you used to do in the classic Azure portal.](/information-protection/deploy-use/migrate-portal)
-This topic offers guidance on strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. The topic covers [management options](#reviewing-the-management-options-with-windows-10) plus the four stages of the device lifecycle:
+This article offers guidance on strategies for deploying and managing Windows 10, including deploying Windows 10 in a mixed environment. It covers [management options](#reviewing-the-management-options-with-windows-10) plus the four stages of the device lifecycle:
-   [Deployment and Provisioning](#deployment-and-provisioning)
+- [Deployment and Provisioning](#deployment-and-provisioning)
-   [Identity and Authentication](#identity-and-authentication)
+- [Identity and Authentication](#identity-and-authentication)
-   [Configuration](#settings-and-configuration)
+- [Configuration](#settings-and-configuration)
-   [Updating and Servicing](#updating-and-servicing)
+- [Updating and Servicing](#updating-and-servicing)
 ## Reviewing the management options with Windows 10
 Windows 10 offers a range of management options, as shown in the following diagram:
-<img src="images/windows-10-management-range-of-options.png" alt="The path to modern IT" width="766" height="654" />
+:::image type="content" source="images/windows-10-management-range-of-options.png" alt-text="Diagram of the path to modern IT." lightbox="images/windows-10-management-range-of-options.png":::
-As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like Group Policy, Active Directory, and Microsoft Configuration Manager. It also delivers a “mobile-first, cloud-first” approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
+As indicated in the diagram, Microsoft continues to provide support for deep manageability and security through technologies like group Policy, Active Directory, and Configuration Manager. It also delivers a "mobile-first, cloud-first" approach of simplified, modern management using cloud-based device management solutions such as Microsoft Enterprise Mobility + Security (EMS). Future Windows innovations, delivered through Windows as a Service, are complemented by cloud services like Microsoft Intune, Azure Active Directory, Azure Information Protection, Office 365, and the Microsoft Store for Business.
-## Deployment and Provisioning
+## Deployment and provisioning
-With Windows 10, you can continue to use traditional OS deployment, but you can also “manage out of the box.” To transform new devices into fully configured, fully managed devices, you can:
+With Windows 10, you can continue to use traditional OS deployment, but you can also "manage out of the box." To transform new devices into fully configured, fully managed devices, you can:
 - Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management service such as [Windows Autopilot](/mem/autopilot/windows-autopilot) or [Microsoft Intune](/mem/intune/fundamentals/).
-   Avoid reimaging by using dynamic provisioning, enabled by a cloud-based device management services such as [Microsoft Autopilot](/windows/deployment/windows-10-auto-pilot) or [Microsoft Intune](/mem/intune/fundamentals/).
+- Create self-contained provisioning packages built with the Windows Configuration Designer. For more information, see [Provisioning packages for Windows](/windows/configuration/provisioning-packages/provisioning-packages).
-   Create self-contained provisioning packages built with the [Windows Configuration Designer](/windows/configuration/provisioning-packages/provisioning-packages).
+- Use traditional imaging techniques such as deploying custom images using [Configuration Manager](/mem/configmgr/core/understand/introduction).
-   Use traditional imaging techniques such as deploying custom images using [Microsoft Endpoint Configuration Manager](/configmgr/core/understand/introduction).
+You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive - everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today.
-You have multiple options for [upgrading to Windows 10](/windows/deployment/windows-10-deployment-scenarios). For existing devices running Windows 7 or Windows 8.1, you can use the robust in-place upgrade process for a fast, reliable move to Windows 10 while automatically preserving all the existing apps, data, and settings. This process usage can mean lower deployment costs, and improved productivity as end users can be immediately productive – everything is right where they left it. You can also use a traditional wipe-and-load approach if you prefer, using the same tools that you use today with Windows 7.
+## Identity and authentication
-## Identity and Authentication
+You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **"bring your own device" (BYOD)** or to **"choose your own device" (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
 You can use Windows 10 and services like [Azure Active Directory](/azure/active-directory/fundamentals/active-directory-whatis) in new ways for cloud-based identity, authentication, and management. You can offer your users the ability to **“bring your own device” (BYOD)** or to **“choose your own device” (CYOD)** from a selection you make available. At the same time, you might be managing PCs and tablets that must be domain-joined because of specific applications or resources that are used on them.
 You can envision user and device management as falling into these two categories:
-   **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
+- **Corporate (CYOD) or personal (BYOD) devices used by mobile users for SaaS apps such as Office 365.** With Windows 10, your employees can self-provision their devices:
-    -   For corporate devices, they can set up corporate access with [Azure AD Join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.<br>Azure AD Join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
+    - For corporate devices, they can set up corporate access with [Azure AD join](/azure/active-directory/devices/overview). When you offer them Azure AD Join with automatic Intune MDM enrollment, they can bring devices into a corporate-managed state in [*one step*](https://techcommunity.microsoft.com/t5/azure-active-directory-identity/windows-10-azure-ad-and-microsoft-intune-automatic-mdm/ba-p/244067), all from the cloud.
-    -   Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
+    Azure AD join is also a great solution for temporary staff, partners, or other part-time employees. These accounts can be kept separate from the on-premises AD domain but still access needed corporate resources.
-   **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises.
+    - Likewise, for personal devices, employees can use a new, simplified [BYOD experience](/azure/active-directory/devices/overview) to add their work account to Windows, then access work resources on the device.
    With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that’s [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides:
-    -   Single sign-on to cloud and on-premises resources from everywhere
+- **Domain joined PCs and tablets used for traditional applications and access to important resources.** These applications and resources may be traditional ones that require authentication or accessing highly sensitive or classified resources on-premises.
-    -   [Enterprise roaming of settings](/azure/active-directory/devices/enterprise-state-roaming-overview)
+    With Windows 10, if you have an on-premises [Active Directory](/windows-server/identity/whats-new-active-directory-domain-services) domain that's [integrated with Azure AD](/azure/active-directory/devices/hybrid-azuread-join-plan), when employee devices are joined, they automatically register with Azure AD. This registration provides:
-    -   [Conditional access](/azure/active-directory/conditional-access/overview) to corporate resources based on the health or configuration of the device
+    - Single sign-on to cloud and on-premises resources from everywhere
-    -   [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification)
+    - [Enterprise roaming of settings](/azure/active-directory/devices/enterprise-state-roaming-enable)
-    -   Windows Hello
+    - [Conditional access](/azure/active-directory/conditional-access/overview) to corporate resources based on the health or configuration of the device
-    Domain joined PCs and tablets can continue to be managed with the [Configuration Manager](/configmgr/core/understand/introduction) client or Group Policy.
+    - [Windows Hello for Business](/windows/security/identity-protection/hello-for-business/hello-identity-verification)
    - Windows Hello
    Domain joined PCs and tablets can continue to be managed with the [Configuration Manager](/mem/configmgr/core/understand/introduction) client or group policy.
 For more information about how Windows 10 and Azure AD optimize access to work resources across a mix of devices and scenarios, see [Using Windows 10 devices in your workplace](/azure/active-directory/devices/overview).
 As you review the roles in your organization, you can use the following generalized decision tree to begin to identify users or devices that require domain join. Consider switching the remaining users to Azure AD.
-![Decision tree for device authentication options.](images/windows-10-management-cyod-byod-flow.png)
+:::image type="content" source="images/windows-10-management-cyod-byod-flow.png" alt-text="Diagram of decision tree for device authentication options." lightbox="images/windows-10-management-cyod-byod-flow.png":::
-## Settings and Configuration
+## Settings and configuration
-Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer. 
+Your configuration requirements are defined by multiple factors, including the level of management needed, the devices and data managed, and your industry requirements. Meanwhile, employees are frequently concerned about IT applying strict policies to their personal devices, but they still want access to corporate email and documents. With Windows 10, you can create a consistent set of configurations across PCs, tablets, and phones through the common MDM layer.
-**MDM**: [MDM](https://www.microsoft.com/cloud-platform/mobile-device-management) gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, Group Policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using GP that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go.
+**MDM**: MDM gives you a way to configure settings that achieve your administrative intent without exposing every possible setting. (In contrast, group policy exposes fine-grained settings that you control individually.) One benefit of MDM is that it enables you to apply broader privacy, security, and application management settings through lighter and more efficient tools. MDM also allows you to target Internet-connected devices to manage policies without using group policy that requires on-premises domain-joined devices. This provision makes MDM the best choice for devices that are constantly on the go.
-**Group Policy** and **Microsoft Endpoint Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer’s 1,500 configurable Group Policy settings. If so, Group Policy and Configuration Manager continue to be excellent management choices:
+**Group policy** and **Configuration Manager**: Your organization might still need to manage domain joined computers at a granular level such as Internet Explorer's 1,500 configurable group policy settings. If so, group policy and Configuration Manager continue to be excellent management choices:
-   Group Policy is the best way to granularly configure domain joined Windows PCs and tablets connected to the corporate network using Windows-based tools. Microsoft continues to add Group Policy settings with each new version of Windows.
+- Group policy is the best way to granularly configure domain joined Windows PCs and tablets connected to the corporate network using Windows-based tools. Microsoft continues to add group policy settings with each new version of Windows.
-   Configuration Manager remains the recommended solution for granular configuration with robust software deployment, Windows updates, and OS deployment.
+- Configuration Manager remains the recommended solution for granular configuration with robust software deployment, Windows updates, and OS deployment.
 ## Updating and servicing
-## Updating and Servicing
+With Windows as a Service, your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Whether on current branch (CB) or current branch for business (CBB), devices receive the latest feature and quality updates through simple - often automatic - patching processes. For more information, see [Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios).
-With Windows as a Service, your IT department no longer needs to perform complex imaging (wipe-and-load) processes with each new Windows release. Whether on current branch (CB) or current branch for business (CBB), devices receive the latest feature and quality updates through simple – often automatic – patching processes. For more information, see [Windows 10 deployment scenarios](/windows/deployment/windows-10-deployment-scenarios).
+MDM with Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules.
 MDM with Intune provide tools for applying Windows updates to client computers in your organization. Configuration Manager allows rich management and tracking capabilities of these updates, including maintenance windows and automatic deployment rules.
 ## Next steps
 There are various steps you can take to begin the process of modernizing device management in your organization:
-**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, re-evaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use the [MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat) to help determine which Group Policies are set for a target user/computer and cross-reference them against the list of available MDM policies.
+**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, reevaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use [Group policy analytics in Microsoft Endpoint Manager](/mem/intune/configuration/group-policy-analytics) to help determine which group policies supported by cloud-based MDM providers, including Microsoft Intune.
 **Assess the different use cases and management needs in your environment.** Are there groups of devices that could benefit from lighter, simplified management? BYOD devices, for example, are natural candidates for cloud-based management. Users or devices handling more highly regulated data might require an on-premises Active Directory domain for authentication. Configuration Manager and EMS provide you the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs.
 **Review the decision trees in this article.** With the different options in Windows 10, plus Configuration Manager and Enterprise Mobility + Security, you have the flexibility to handle imaging, authentication, settings, and management tools for any scenario.
-**Take incremental steps.** Moving towards modern device management doesn’t have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this “managed diversity,” users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. Starting with Windows 10, version 1803, the new policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) was added to allow MDM policies to take precedence over GP when both GP and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your GP environment. Here's the list of MDM policies with equivalent GP - [Policies supported by GP](./mdm/policy-configuration-service-provider.md)
+**Take incremental steps.** Moving towards modern device management doesn't have to be an overnight transformation. New operating systems and devices can be brought in while older ones remain. With this "managed diversity," users can benefit from productivity enhancements on new Windows 10 devices, while you continue to maintain older devices according to your standards for security and manageability. The CSP policy [MDMWinsOverGP](./mdm/policy-csp-controlpolicyconflict.md#controlpolicyconflict-mdmwinsovergp) allows MDM policies to take precedence over group policy when both group policy and its equivalent MDM policies are set on the device. You can start implementing MDM policies while keeping your group policy environment. For more information, including the list of MDM policies with equivalent group policies, see [Policies supported by group policy](./mdm/policy-configuration-service-provider.md).
 **Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. For more information, see the following articles:
-**Optimize your existing investments**. On the road from traditional on-premises management to modern cloud-based management, take advantage of the flexible, hybrid architecture of Configuration Manager and Intune. Configuration Manager 1710 onward, co-management enables you to concurrently manage Windows 10 devices by using both Configuration Manager and Intune. See these topics for details:
+- [Co-management for Windows devices](/mem/configmgr/comanage/overview)
 - [Prepare Windows devices for co-management](/mem/configmgr/comanage/how-to-prepare-Win10)
 - [Switch Configuration Manager workloads to Intune](/mem/configmgr/comanage/how-to-switch-workloads)
 - [Co-management dashboard in Configuration Manager](/mem/configmgr/comanage/how-to-monitor)
-   [Co-management for Windows 10 devices](/configmgr/core/clients/manage/co-management-overview)
+## Related articles
 -   [Prepare Windows 10 devices for co-management](/configmgr/core/clients/manage/co-management-prepare)
 -   [Switch Configuration Manager workloads to Intune](/configmgr/core/clients/manage/co-management-switch-workloads)
 -   [Co-management dashboard in Configuration Manager](/configmgr/core/clients/manage/co-management-dashboard)
-## Related topics
+- [What is Intune?](/mem/intune/fundamentals/what-is-intune)
-
+- [Windows 10 policy CSP](./mdm/policy-configuration-service-provider.md)
-   [What is Intune?](/mem/intune/fundamentals/what-is-intune)
+- [Windows 10 configuration service providers](./mdm/configuration-service-provider-reference.md)
 -   [Windows 10 Policy CSP](./mdm/policy-configuration-service-provider.md)
 -   [Windows 10 Configuration service Providers](./mdm/configuration-service-provider-reference.md)
--- a/windows/client-management/mdm/Language-pack-management-csp.md
+++ b/windows/client-management/mdm/Language-pack-management-csp.md
@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|No|Yes|
 |Windows SE|No|Yes|
 |Business|No|No|
 |Enterprise|No|Yes|
 |Education|No|Yes|
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/application-csp.md
+++ b/windows/client-management/mdm/application-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@ -76,6 +76,7 @@ Allows the administrator to require encryption that needs to be turned on by usi
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -136,6 +137,7 @@ Allows you to set the default encryption method for each of the different drive
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -209,6 +211,7 @@ Allows you to associate unique organizational identifiers to a new drive that is
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -266,6 +269,7 @@ Allows users on devices that are compliant with InstantGo or the Microsoft Hardw
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -305,6 +309,7 @@ Allows users to configure whether or not enhanced startup PINs are used with Bit
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -347,6 +352,7 @@ Allows you to configure whether standard users are allowed to change BitLocker P
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -389,6 +395,7 @@ Allows users to enable authentication options that require user input from the p
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -438,6 +445,7 @@ Allows you to configure the encryption type that is used by BitLocker.
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -485,6 +493,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Require addition
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -582,6 +591,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure minimu
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -648,6 +658,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Configure pre-bo
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -724,6 +735,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -812,6 +824,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Choose how BitLo
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -903,6 +916,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -960,6 +974,7 @@ Allows you to configure the encryption type on fixed data drives that is used by
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1007,6 +1022,7 @@ This setting is a direct mapping to the BitLocker Group Policy "Deny write acces
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1073,6 +1089,7 @@ Allows you to configure the encryption type that is used by BitLocker.
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1114,6 +1131,7 @@ Allows you to control the use of BitLocker on removable data drives.
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1170,6 +1188,7 @@ Allows the admin to disable the warning prompt for other disk encryption on the
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1224,6 +1243,7 @@ If "AllowWarningForOtherDiskEncryption" isn't set, or is set to "1", "RequireDev
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1268,6 +1288,7 @@ This setting initiates a client-driven recovery password refresh after an OS dri
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1315,6 +1336,7 @@ Each server-side recovery key rotation is represented by a request ID. The serve
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1353,6 +1375,7 @@ This node reports compliance state of device encryption on the system.
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1413,6 +1436,7 @@ Status code can be one of the following values:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1439,6 +1463,7 @@ This node needs to be queried in synchronization with RotateRecoveryPasswordsSta
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@ -1,13 +1,13 @@
 ---
 title: Change history for MDM documentation
 description: This article lists new and updated articles for Mobile Device Management.
 author: aczechowski
 ms.author: aaroncz
 ms.reviewer: 
-manager: dansimp
+manager: dougeby
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
 ms.date: 10/19/2020
 ---
@ -174,7 +174,6 @@ This article lists new and updated articles for the Mobile Device Management (MD
 |New or updated article | Description|
 |--- | ---|
 |[Mobile device management](index.md#mmat) | Added information about the MDM Migration Analysis Tool (MMAT).|
 |[Policy CSP - DeviceGuard](policy-csp-deviceguard.md) | Updated ConfigureSystemGuardLaunch policy and replaced EnableSystemGuard with it.|
 ## August 2018
@ -227,7 +226,6 @@ This article lists new and updated articles for the Mobile Device Management (MD
 |[WindowsDefenderApplicationGuard CSP](windowsdefenderapplicationguard-csp.md)|Added the following node in Windows 10, version 1803:<li>Settings/AllowVirtualGPU<li>Settings/SaveFilesToHost|
 |[NetworkProxy CSP](networkproxy-csp.md)|Added the following node in Windows 10, version 1803:<li>ProxySettingsPerUser|
 |[Accounts CSP](accounts-csp.md)|Added a new CSP in Windows 10, version 1803.|
 |[MDM Migration Analysis Tool (MMAT)](https://aka.ms/mmat)|Updated version available. MMAT is a tool you can use to determine which Group Policies are set on a target user/computer and cross-reference them against the list of supported MDM policies.|
 |[CSP DDF files download](configuration-service-provider-reference.md#csp-ddf-files-download)|Added the DDF download of Windows 10, version 1803 configuration service providers.|
 |[Policy CSP](policy-configuration-service-provider.md)|Added the following new policies for Windows 10, version 1803:<li>Bluetooth/AllowPromptedProximalConnections<li>KioskBrowser/EnableEndSessionButton<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AddRemoteServerExceptionsForNTLMAuthentication<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_AuditIncomingNTLMTraffic<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_IncomingNTLMTraffic<li>LocalPoliciesSecurityOptions/NetworkSecurity_RestrictNTLM_OutgoingNTLMTrafficToRemoteServers|
--- a/windows/client-management/mdm/cleanpc-csp.md
+++ b/windows/client-management/mdm/cleanpc-csp.md
@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|No|No|
 |Windows SE|No|No|
 |Business|No|No|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |---|---|---|
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@ -14,6 +14,17 @@ ms.date: 06/26/2017
 # CMPolicyEnterprise CSP
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|No|No|
 |Windows SE|No|No|
 |Business|No|No|
 |Enterprise|No|No|
 |Education|No|No|
 The CMPolicyEnterprise configuration service provider is used by the enterprise to define rules that the Connection Manager uses to identify the correct connection for a connection request.
 > [!NOTE]
@ -21,9 +32,12 @@ The CMPolicyEnterprise configuration service provider is used by the enterprise
 Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies
 Each policy entry identifies one or more applications in combination with a host pattern. The policy entry is assigned a list of connection details that Connection Manager uses to satisfy connection requests matching the application and host patterns. CMPolicyEnterprise configuration service provider can have multiple policies
 **Policy Ordering**: There's no explicit ordering of policies. The general rule is that the most concrete or specific policy mappings take a higher precedence.
-**Default Policies**: Policies are applied in order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
+**Default Policies**: Policies are applied in the order of their scope with the most specific policies considered before the more general policies. The phone’s default behavior applies to all applications and all domains and is only used when no other, more specific policy is available. The default policy is to use any available Wi-Fi network first and then any available APN.
 The following shows the CMPolicyEnterprise configuration service provider management object in tree format as used by both Open Mobile Alliance (OMA) Client Provisioning and OMA Device Management.
@ -72,7 +86,8 @@ Specifies whether the list of connections is in preference order.
 A value of "0" specifies that the connections aren't listed in order of preference. A value of "1" indicates that the listed connections are in order of preference.
 <a href="" id="connxxx"></a>**Conn**<strong>*XXX*</strong>  
-Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three digits that increment starting from "000". For example, a policy applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
+
 Enumerates the connections associated with the policy. Element names begin with "Conn" followed by three-digits, which increment starting from "000". For example, a policy which applied to five connections would have element entries named "Conn000", "Conn001", "Conn002", "Conn003", and "Conn004".
 <a href="" id="connectionid"></a>**ConnectionID**  
 Specifies a unique identifier for a connection within a group of connections. The exact value is based on the Type parameter.
@ -90,7 +105,6 @@ For `CMST_CONNECTION_TYPE`, specify the GUID for the desired connection type. Th
 |Wi-Fi|{8568B401-858E-4B7B-B3DF-0FD4927F131B}|
 |Wi-Fi hotspot|{072FC7DC-1D93-40D1-9BB0-2114D7D73434}|
 For `CMST_CONNECTION_NETWORK_TYPE`, specify the GUID for the desired network type. The curly brackets {} around the GUID are required. The following network types are available:
@ -133,7 +147,6 @@ Specifies the type of connection being referenced. The following list describes
 ## OMA client provisioning examples
 Adding an application-based mapping policy. In this example, the ConnectionId for type CMST\_CONNECTION\_NAME is set to the name of the connection (“GPRSConn1”) that is configured with the CM\_CellularEntries configuration service provider.
 ```xml
@ -227,7 +240,6 @@ Adding a host-based mapping policy. In this example, the ConnectionId for type C
 ## OMA DM examples
 Adding an application-based mapping policy:
 ```xml
@ -364,7 +376,6 @@ Adding a host-based mapping policy:
 ## Microsoft Custom Elements
 |Element|Available|
 |--- |--- |
 |parm-query|Yes|
@ -373,7 +384,6 @@ Adding a host-based mapping policy:
 ## Related topics
 [Configuration service provider reference](configuration-service-provider-reference.md)
--- a/windows/client-management/mdm/config-lock.md
+++ b/windows/client-management/mdm/config-lock.md
@ -1,93 +1,90 @@
 ---
-title: Secured-Core Configuration Lock
+title: Secured-core configuration lock
-description: A Secured-Core PC (SCPC) feature that prevents configuration drift from Secured-Core PC features (shown below) caused by unintentional misconfiguration. 
+description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration.
 manager: dansimp
 keywords: mdm,management,administrator,config lock
 ms.author: v-lsaldanha
 ms.topic: article
 ms.prod: w11
 ms.technology: windows
 author: lovina-saldanha
-ms.date: 03/14/2022
+ms.date: 05/24/2022
 ---
-# Secured-Core PC Configuration Lock 
+# Secured-core PC configuration lock
 **Applies to**
-   Windows 11
+- Windows 11
-In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with Config Lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds.
+In an enterprise organization, IT administrators enforce policies on their corporate devices to keep the devices in a compliant state and protect the OS by preventing users from changing configurations and creating config drift. Config drift occurs when users with local admin rights change settings and put the device out of sync with security policies. Devices in a non-compliant state can be vulnerable until the next sync and configuration reset with the MDM. Windows 11 with config lock enables IT administrators to prevent config drift and keep the OS configuration in the desired state. With config lock, the OS monitors the registry keys that configure each feature and when it detects a drift, reverts to the IT-desired state in seconds.
-Secured-Core Configuration Lock (Config Lock) is a new [Secured-Core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from Secured-Core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a Secured-Core PC remains a Secured-Core PC.
+Secured-core configuration lock (config lock) is a new [secured-core PC (SCPC)](/windows-hardware/design/device-experiences/oem-highly-secure) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration. In short, it ensures a device intended to be a secured-core PC remains a secured-core PC.
-To summarize, Config Lock:
+To summarize, config lock:
- Enables IT to “lock” Secured-Core PC features when managed through MDM
+- Enables IT to "lock" secured-core PC features when managed through MDM
 - Detects drift remediates within seconds
- DOES NOT prevent malicious attacks
+- Doesn't prevent malicious attacks
 ## Configuration Flow
-After a Secured-Core PC reaches the desktop, Config Lock will prevent configuration drift by detecting if the device is a Secured-Core PC or not. When the device isn't a Secured-Core PC, the lock won't apply. If the device is a Secured-Core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
+After a secured-core PC reaches the desktop, config lock will prevent configuration drift by detecting if the device is a secured-core PC or not. When the device isn't a secured-core PC, the lock won't apply. If the device is a secured-core PC, config lock will lock the policies listed under [List of locked policies](#list-of-locked-policies).
 ## System Requirements
-Config Lock will be available for all Windows Professional and Enterprise Editions running on [Secured-Core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).  
+Config lock will be available for all Windows Professional and Enterprise Editions running on [secured-core PCs](/windows-hardware/design/device-experiences/oem-highly-secure).
-## Enabling Config Lock using Microsoft Intune
+## Enabling config lock using Microsoft Intune
-Config Lock isn't enabled by default (or turned on by the OS during boot). Rather, an IT Admin must intentionally turn it on.
+Config lock isn't enabled by default, or turned on by the OS during boot. Rather, you need to turn it on.
 The steps to turn on Config Lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows:
-1. Ensure that the device to turn on Config Lock is enrolled in Microsoft Intune.
+The steps to turn on config lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows:
 1. Ensure that the device to turn on config lock is enrolled in Microsoft Intune.
 1. From the Microsoft Intune portal main page, select **Devices** > **Configuration Profiles** > **Create a profile**.
 1. Select the following and press **Create**:
    - **Platform**: Windows 10 and later
    - **Profile type**: Templates
    - **Template name**: Custom
-    :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates":::
+    :::image type="content" source="images/configlock-mem-createprofile.png" alt-text="In Configuration profiles, the Create a profile page is showing, with the Platform set to Windows 10 and later, and a Profile Type of Templates.":::
 1. Name your profile.
-1. When you reach the Configuration Settings step, select “Add” and add the following information:
+1. When you reach the Configuration Settings step, select "Add" and add the following information:
    - **OMA-URI**: ./Vendor/MSFT/DMClient/Provider/MS%20DM%20Server/ConfigLock/Lock
    - **Data type**: Integer
    - **Value**: 1 </br>
-    To turn off Config Lock, change the value to 0.
+    To turn off config lock, change the value to 0.
-    :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of Config Lock, a Description of Turn on Config Lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1":::
+    :::image type="content" source="images/configlock-mem-editrow.png" alt-text="In the Configuration settings step, the Edit Row page is shown with a Name of config lock, a Description of Turn on config lock and the OMA-URI set as above, along with a Data type of Integer set to a Value of 1.":::
-1. Select the devices to turn on Config Lock. If you're using a test tenant, you can select “+ Add all devices”.
+1. Select the devices to turn on config lock. If you're using a test tenant, you can select "+ Add all devices".
 1. You'll not need to set any applicability rules for test purposes.
-1. Review the Configuration and select “Create” if everything is correct.
+1. Review the Configuration and select "Create" if everything is correct.
-1. After the device syncs with the Microsoft Intune server, you can confirm if the Config Lock was successfully enabled.
+1. After the device syncs with the Microsoft Intune server, you can confirm if the config lock was successfully enabled.
-    :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the Config Lock device configuration profile, showing one device has succeeded in having this profile applied":::
+    :::image type="content" source="images/configlock-mem-dev.png" alt-text="The Profile assignment status dashboard when viewing the config lock device configuration profile, showing one device has succeeded in having this profile applied.":::
-    :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the Config Lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending":::
+    :::image type="content" source="images/configlock-mem-devstatus.png" alt-text="The Device Status for the config lock Device Configuration Profile, showing one device with a Deployment Status as Succeeded and two with Pending.":::
-## Configuring Secured-Core PC features
+## Configuring secured-core PC features
-Config Lock is designed to ensure that a Secured-Core PC isn't unintentionally misconfigured.  IT Admins retain the ability to change (enable/disable) SCPC features (for example Firmware protection) via Group Policies and/or mobile device management (MDM) tools, such as Microsoft Intune.
+Config lock is designed to ensure that a secured-core PC isn't unintentionally misconfigured. You keep the ability to enable or disable SCPC features, for example, firmware protection. You can make these changes with group policies or MDM services like Microsoft Intune.
 :::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off.":::
 :::image type="content" source="images/configlock-mem-firmwareprotect.png" alt-text="The Defender Firmware protection setting, with a description of Windows Defender System Guard protects your device from compromised firmware. The setting is set to Off":::
 ## FAQ
-**Can an IT admins disable Config Lock ?** </br>
+- Can I disable config lock? Yes. You can use MDM to turn off config lock completely or put it in temporary unlock mode for helpdesk activities.
 	Yes. IT admins can use MDM to turn off Config Lock.</br>
 ### List of locked policies
 |**CSPs**     |
 |-----|
-|[BitLocker ](bitlocker-csp.md)      |
+|[BitLocker](bitlocker-csp.md)      |
 |[PassportForWork](passportforwork-csp.md)       |
 |[WindowsDefenderApplicationGuard](windowsdefenderapplicationguard-csp.md)       |
-|[ApplicationControl](applicationcontrol-csp.md) 
+|[ApplicationControl](applicationcontrol-csp.md)
 |**MDM policies**     | **Supported by Group Policy** |
 |-----|-----|
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@ -616,18 +616,6 @@ Additional lists:
 <!--EndSKU-->
 <!--EndCSP-->
 <!--StartCSP-->
 [Proxy CSP](proxy-csp.md)
 <!--StartSKU-->
 |Home|Pro|Business|Enterprise|Education|
 |--- |--- |--- |--- |--- |
 |Yes|Yes|Yes|Yes|Yes|
 <!--EndSKU-->
 <!--EndCSP-->
 <!--StartCSP-->
 [PXLogical CSP](pxlogical-csp.md)
@ -676,18 +664,6 @@ Additional lists:
 <!--EndSKU-->
 <!--EndCSP-->
 <!--StartCSP-->
 [PolicyManager CSP](policymanager-csp.md)
 <!--StartSKU-->
 |Home|Pro|Business|Enterprise|Education|
 |--- |--- |--- |--- |--- |
 |No|No|No|No|No|
 <!--EndSKU-->
 <!--EndCSP-->
 <!--StartCSP-->
 [Provisioning CSP](provisioning-csp.md)
@ -821,6 +797,15 @@ Additional lists:
 <!--EndCSP-->
 <!--StartCSP-->
 [SurfaceHub](surfacehub-csp.md)
 <!--StartSKU-->
 <!--EndSKU-->
 <!--EndCSP-->
 <!--StartCSP-->
 [TenantLockdown CSP](tenantlockdown-csp.md)
 <!--StartSKU-->
@ -905,6 +890,16 @@ Additional lists:
 <!--EndCSP-->
 <!--StartCSP-->
 [W4 Application CSP](w4-application-csp.md)
 <!--StartSKU-->
 <!--EndSKU-->
 <!--EndCSP-->
 <!--StartCSP-->
 [WiFi CSP](wifi-csp.md)
 <!--StartSKU-->
@ -989,6 +984,15 @@ Additional lists:
 <!--EndSKU-->
 <!--EndCSP-->
 <!--StartCSP-->
 [w7 Application CSP](w7-application-csp.md)
 <!--StartSKU-->
 <!--EndSKU-->
 <!--EndCSP-->
 <hr/>
 <!--EndCSPs-->
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@ -42,7 +42,6 @@ Package Full Name of the application that needs to be launched in the background
 ## SyncML examples
 **Set StartupAppID**
 ```xml
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@ -15,6 +15,15 @@ ms.date: 02/22/2022
 # Defender CSP
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 > [!WARNING]
 > Some information relates to prereleased products, which may be substantially modified before it's commercially released. Microsoft makes no warranties, expressed or implied, concerning the information provided here.
@ -355,7 +364,7 @@ Network Protection inspects DNS traffic that occurs over a UDP channel, to provi
 <a href="" id="enablenetworkprotection-disablehttpparsing"></a>**EnableNetworkProtection/DisableHttpParsing**
-Network Protection inspects HTTP traffic to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. HTTP connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
+Network Protection inspects HTTP traffic to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. HTTP connections to malicious websites can also be blocked if Enable Network Protection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
 - Type: Boolean
 - Position: Named
@ -365,7 +374,7 @@ Network Protection inspects HTTP traffic to see if a connection is being made to
 <a href="" id="enablenetworkprotection-disablerdpparsing"></a>**EnableNetworkProtection/DisableRdpParsing**
-Network Protection inspects RDP traffic so that it can block connections from known malicious hosts if -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. RDP inspection can be disabled by setting this value to "$true".
+Network Protection inspects RDP traffic so that it can block connections from known malicious hosts if Enable Network Protection is set to be enabled, and to provide metadata to behavior monitoring. RDP inspection can be disabled by setting this value to "$true".
 - Type: Boolean
 - Position: Named
@ -375,7 +384,7 @@ Network Protection inspects RDP traffic so that it can block connections from kn
 <a href="" id="enablenetworkprotection-disablesshparsing"></a>**EnableNetworkProtection/DisableSshParsing**
-Network Protection inspects SSH traffic, so that it can block connections from known malicious hosts. If -EnableNetworkProtection is set to be enabled, and to provide metadata to behavior monitoring. SSH inspection can be disabled by setting this value to "$true".
+Network Protection inspects SSH traffic, so that it can block connections from known malicious hosts. If Enable Network Protection is set to be enabled, and to provide metadata to behavior monitoring. SSH inspection can be disabled by setting this value to "$true".
 - Type: Boolean
 - Position: Named
@ -385,7 +394,7 @@ Network Protection inspects SSH traffic, so that it can block connections from k
 <a href="" id="enablenetworkprotection-disabletlsparsing"></a>**EnableNetworkProtection/DisableTlsParsing**
-Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. TLS connections to malicious websites can also be blocked if -EnableNetworkProtection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
+Network Protection inspects TLS traffic (also known as HTTPS traffic) to see if a connection is being made to a malicious website, and to provide metadata to Behavior Monitoring. TLS connections to malicious websites can also be blocked if Enable Network Protection is set to enabled. HTTP inspection can be disabled by setting this value to "$true".
 - Type: Boolean
 - Position: Named
@ -594,11 +603,13 @@ An interior node to group Windows Defender configuration information.
 Supported operation is Get.
 <a href="" id="configuration-tamperprotection"></a>**Configuration/TamperProtection**  
 Tamper protection helps protect important security features from unwanted changes and interference. This protection includes real-time protection, behavior monitoring, and more. Accepts signed string to turn the feature on or off. Settings are configured with an MDM solution, such as Intune and is available in Windows 10 Enterprise E5 or equivalent subscriptions.
 Send off blob to device to reset the tamper protection state before setting this configuration to "not configured" or "unassigned" in Intune.
-The data type is a Signed blob.
+The data type is a Signed BLOB.
 Supported operations are Add, Delete, Get, Replace.
@ -610,7 +621,7 @@ Intune tamper protection setting UX supports three states:
 When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.
 <a href="" id="configuration-disablelocaladminmerge"></a>**Configuration/DisableLocalAdminMerge**<br>
-This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusions.
+This policy setting controls whether or not complex list settings configured by a local administrator are merged with managed settings. This setting applies to lists such as threats and exclusion list.
 If you disable or don't configure this setting, unique items defined in preference settings configured by the local administrator will be merged into the resulting effective policy. If conflicts occur, management settings will override preference settings.
@ -630,6 +641,7 @@ Valid values are:
 - 0 (default) – Disable.
 <a href="" id="configuration-hideexclusionsfromlocaladmins"></a>**Configuration/HideExclusionsFromLocalAdmins**<br>
 This policy setting controls whether or not exclusions are visible to Local Admins.  For end users (that aren't Local Admins) exclusions aren't visible, whether or not this setting is enabled.
 If you disable or don't configure this setting, Local Admins will be able to see exclusions in the Windows Security App, in the registry, and via PowerShell.
@ -639,22 +651,23 @@ If you enable this setting, Local Admins will no longer be able to see the exclu
 > [!NOTE]
 > Applying this setting won't remove exclusions, it will only prevent them from being visible to Local Admins. This is reflected in **Get-MpPreference**.
-Supported OS versions:  Windows 10
+Supported OS versions: Windows 10
 The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 Valid values are:  
 - 1 – Enable.
 - 0 (default) – Disable.
 <a href="" id="configuration-disablecputhrottleonidlescans"></a>**Configuration/DisableCpuThrottleOnIdleScans**<br>	
 Indicates whether the CPU will be throttled for scheduled scans while the device is idle.  This feature is enabled by default and won't throttle the CPU for scheduled scans performed when the device is otherwise idle, regardless of what ScanAvgCPULoadFactor is set to. For all other scheduled scans, this flag will have no impact and normal throttling will occur.	
 The data type is integer.	
-Supported operations are Add, Delete, Get, Replace.	
+Supported operations are Add, Delete, Get, and Replace.	
 Valid values are:	
 -	1 (default) – Enable.	
@ -665,7 +678,7 @@ Allow managed devices to update through metered connections. Data charges may ap
 The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 Valid values are:
 - 1 – Enable.
@ -676,7 +689,7 @@ This settings controls whether Network Protection is allowed to be configured in
 The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 Valid values are:
 - 1 – Enable.
@ -687,7 +700,7 @@ Allows an administrator to explicitly disable network packet inspection made by
 The data type is string.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 <a href="" id="configuration-enablefilehashcomputation"></a>**Configuration/EnableFileHashComputation**  
 Enables or disables file hash computation feature.
@ -695,7 +708,7 @@ When this feature is enabled, Windows Defender will compute hashes for files it
 The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 Valid values are:  
 - 1 – Enable.
@ -706,7 +719,7 @@ The support log location setting allows the administrator to specify where the M
 Data type is string.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 Intune Support log location setting UX supports three states:  
@ -714,7 +727,7 @@ Intune Support log location setting UX supports three states:
 - 1 - Enabled. Enables the Support log location feature. Requires admin to set custom file path.
 - 0 - Disabled. Turns off the Support log location feature. 
-When enabled or disabled exists on the client and admin moves the setting to be configured not , it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.  
+When enabled or disabled exists on the client and admin moves the setting to not configured, it won't have any impact on the device state. To change the state to either enabled or disabled would require to be set explicitly.  
 More details:  
@ -738,7 +751,7 @@ If you disable or don't configure this policy, the device will stay up to date a
 The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 Valid values are:
 - 0: Not configured (Default)
@ -771,7 +784,7 @@ If you disable or don't configure this policy, the device will stay up to date a
 The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 Valid values are:
 - 0: Not configured (Default)
@ -796,7 +809,7 @@ Current Channel (Broad): Devices will be offered updates only after the gradual
 If you disable or don't configure this policy, the device will stay up to date automatically during the daily release cycle. Suitable for most devices.
 The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 Valid Values are:
 - 0: Not configured (Default)
@ -819,7 +832,7 @@ If you disable or don't configure this policy, the device will remain in Current
 The data type is integer.
-Supported operations are Add, Delete, Get, Replace.
+Supported operations are Add, Delete, Get, and Replace.
 Valid values are:
 - 1 – Enabled.
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@ -14,6 +14,16 @@ ms.date: 03/27/2020
 # DevDetail CSP
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The DevDetail configuration service provider handles the management object that provides device-specific parameters to the OMA DM server. These device parameters can be queried by servers using OMA DM commands. They aren't sent from the client to the server automatically.
 > [!NOTE]
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@ -861,7 +861,7 @@ Here's the list of corresponding Group Policy settings in HKLM\\Software\\Polici
 |DeferFeatureUpdates|REG_DWORD|1: defer feature updates<br><br>Other value or absent: don’t defer feature updates|
 |DeferFeatureUpdatesPeriodInDays|REG_DWORD|0-180: days to defer feature updates|
 |PauseFeatureUpdates|REG_DWORD|1: pause feature updates<br><br>Other value or absent: don’t pause feature updates|
-|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude WU drivers<br><br>Other value or absent: offer WU drivers|
+|ExcludeWUDriversInQualityUpdate|REG_DWORD|1: exclude Windows Update drivers<br><br>Other value or absent: offer Windows Update drivers|
 Here's the list of older policies that are still supported for backward compatibility. You can use these older policies for Windows 10, version 1511 devices.
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -50,6 +51,8 @@ DMClient
 ------------Unenroll
 ------------AADResourceID
 ------------AADDeviceID
 ------------AADSendDeviceToken
 ------------ForceAadToken
 ------------EnrollmentType
 ------------EnableOmaDmKeepAliveMessage
 ------------HWDevID
@ -72,6 +75,21 @@ DMClient
 ----------------NumberOfRemainingScheduledRetries
 ----------------PollOnLogin
 ----------------AllUsersPollOnFirstLogin
 ------------LinkedEnrollment
 ----------------Priority
 ----------------Enroll
 ----------------Unenroll
 ----------------EnrollStatus
 ----------------LastError
 ------------Recovery
 ----------------AllowRecovery
 ----------------RecoveryStatus
 ----------------InitiateRecovery
 ------------MultipleSession
 ----------------NumAllowedConcurrentUserSessionForBackgroundSync
 ----------------NumAllowedConcurrentUserSessionAtUserLogonSync
 ----------------IntervalForScheduledRetriesForUserSession
 ----------------NumberOfScheduledRetriesForUserSession
 ----Unenroll
 ----UpdateManagementServiceAddress
 ```
@ -325,6 +343,11 @@ Supported operations are Add, Delete, Get, and Replace.
 Value type is bool.
 <a href="" id="provider-providerid-forceaadtoken"></a>**Provider/*ProviderID*/ForceAadToken**
 The value type is integer/enum.
 The value is "1" and it means client should always send AAD device token during check-in/sync.
 <a href="" id="provider-providerid-poll"></a>**Provider/*ProviderID*/Poll**  
 Optional. Polling schedules must use the DMClient CSP. The Registry paths previously associated with polling using the Registry CSP are now deprecated.
@ -443,6 +466,117 @@ Optional. Boolean value that allows the IT admin to require the device to start
 Supported operations are Add, Get, and Replace.
 <a href="" id="provider-providerid-linkedenrollment-priority"></a>**Provider/*ProviderID*/LinkedEnrollment/Priority**
 This node is an integer, value is "0" or "1".
 Default is 1, meaning the MDM enrollment is the “winning” authority for conflicting policies/resources. Value 1 means MMP-C enrollment is the “winning” one.
 Support operations are Get and Set.
 <a href="" id="provider-providerid-linkedenrollment-enroll"></a>**Provider/*ProviderID*/LinkedEnrollment/Enroll**
 This is an execution node and will trigger a silent MMP-C enrollment, using the AAD device token pulled from the AADJ’ed device. There is no user interaction needed.
 Support operation is Exec.
 <a href="" id="provider-providerid-linkedenrollment-unenroll"></a>**Provider/*ProviderID*/LinkedEnrollment/Unenroll**
 This is an execution node and will trigger a silent MMP-C unenroll, there is no user interaction needed. On un-enrollment, all the settings/resources set by MMPC will be rolled back(rollback details will be covered later).
 Support operation is Exec.
 <a href="" id="provider-providerid-linkedenrollment-enrollstatus"></a>**Provider/*ProviderID*/LinkedEnrollment/EnrollStatus**
 This node can be used to check both enroll and unenroll statuses.
 This will return the enroll action status and is defined as a enum class LinkedEnrollmentStatus. The values are aas follows:
 - Undefined = 0
 - EnrollmentNotStarted = 1
 - InProgress = 2
 - Failed = 3
 - Succeeded = 4
 - UnEnrollmentQueued = 5
 - UnEnrollmentSucceeded = 8
 Support operation is Get only.
 <a href="" id="provider-providerid-linkedenrollment-lasterror"></a>**Provider/*ProviderID*/LinkedEnrollment/LastError**
 This specifies the Hresult to report the enrollment/unenroll results.
 <a href="" id="provider-providerid-recovery-allowrecovery"></a>**Provider/*ProviderID*/Recovery/AllowRecovery**
 This node determines whether or not the client will automatically initiate a MDM Recovery operation when it detects issues with the MDM certificate.
 Supported operations are Get, Add, Replace and Delete.
 The supported values for this node are 1-true (allow) and 0-false(not allow). Default value is 0.
 <a href="" id="provider-providerid-recovery-recoverystatus"></a>**Provider/*ProviderID*/Recovery/RecoveryStatus**
 This node tracks the status of a Recovery request from the InitiateRecovery node. The values are as follows:
 0 - No Recovery request has been processed.  
 1 - Recovery is in Process.  
 2 - Recovery has finished successfully.  
 3 - Recovery has failed to start because TPM is not available.  
 4 - Recovery has failed to start because AAD keys are not protected by the TPM.  
 5 - Recovery has failed to start because the MDM keys are already protected by the TPM.  
 6 - Recovery has failed to start because the TPM is not ready for attestation.  
 7 - Recovery has failed because the client cannot authenticate to the server.  
 8 - Recovery has failed because the server has rejected the client's request.
 Supported operation is Get only.
 <a href="" id="provider-providerid-recovery-initiaterecovery"></a>**Provider/*ProviderID*/Recovery/InitiateRecovery**
 This node initiates an MDM Recovery operation on the client.  
 If initiated with argument 0, it triggers MDM Recovery, no matter the state of the device.
 If initiated with argument 1, it triggers only if the MDM certificate’s private key isn’t already protected by the TPM, if there is a TPM to put the private key into, and if the TPM is ready for attestation. 
 Supported operation is Exec only.
 <a href="" id="provider-providerid-multiplesession-numallowedconcurrentusersessionforbackgroundsync"></a>**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionForBackgroundSync**
 Optional. This node specifies maximum number of concurrent user sync sessions in background. 
 The default value is dynamically decided by the client based on CPU usage.
 The values are : 0= none, 1= sequential, anything else=  parallel.
 Supported operations are Get, Add, Replace and Delete.
 Value type is integer. Only applicable for Windows Enterprise multi-session.
 <a href="" id="provider-providerid-multiplesession-numallowedconcurrentusersessionatuserlogonsync"></a>**Provider/*ProviderID*/MultipleSession/NumAllowedConcurrentUserSessionAtUserLogonSync**
 Optional. This node specifies maximum number of concurrent user sync sessions at User Login. 
 The default value is dynamically decided by the client based on CPU usage.
 The values are : 0= none, 1= sequential, anything else= parallel.
 Supported operations are Get, Add, Replace and Delete. 
 Value type is integer. Only applicable for Windows Enterprise multi-session. 
 <a href="" id="provider-providerid-multiplesession-intervalforscheduledretriesforusersession"></a>**Provider/*ProviderID*/MultipleSession/IntervalForScheduledRetriesForUserSession**
 Optional. This node specifies the waiting time (in minutes) for the initial set of retries as specified by the number of retries in `/<ProviderID>/Poll/NumberOfScheduledRetriesForUserSession`. 
 If IntervalForScheduledRetriesForUserSession is not set, then the default value is used. The default value is 0. If the value is set to 0, this schedule is disabled.
 This configuration is only applicable for Windows Multi-session Editions.
 Supported operations are Get and Replace.
 <a href="" id="provider-providerid-multiplesession-numberofscheduledretriesforusersession"></a>**Provider/*ProviderID*/MultipleSession/NumberOfScheduledRetriesForUserSession**
 Optional. This node specifies the number of times the DM client should retry to connect to the server when the client is initially configured or enrolled to communicate with the server. 
 If the value is set to 0 and the IntervalForScheduledRetriesForUserSession value is not 0, then the schedule will be set to repeat an infinite number of times. 
 The default value is 0. This configuration is only applicable for Windows Multi-session Editions.
 Supported operations are Get and Replace.
 <a href="" id="provider-providerid-configlock"></a>**Provider/*ProviderID*/ConfigLock**
 Optional. This node enables [Config Lock](config-lock.md) feature. If enabled, policies defined in the Config Lock document will be monitored and quickly remediated when a configuration drift is detected.
@ -496,7 +630,7 @@ The status error mapping is listed below.
 |--- |--- |
 |0|Success|
 |1|Failure: invalid PFN|
-|2|Failure: invalid or expired device authentication with MSA|
+|2|Failure: invalid or expired device authentication with Microsoft account|
 |3|Failure: WNS client registration failed due to an invalid or revoked PFN|
 |4|Failure: no Channel URI assigned|
 |5|Failure: Channel URI has expired|
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|No|No|
 |Windows SE|No|No|
 |Business|No|No|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@ -14,12 +14,10 @@ ms.date: 06/26/2017
 # EAP configuration
 This article provides a step-by-step guide for creating an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including information about EAP certificate filtering in Windows 10.
 ## Create an EAP configuration XML for a VPN profile
 To get the EAP configuration from your desktop using the rasphone tool that is shipped in the box:
 1.  Run rasphone.exe.
@ -107,15 +105,13 @@ To get the EAP configuration from your desktop using the rasphone tool that is s
    ```
    > [!NOTE]
-    > You should check with mobile device management (MDM) vendor if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
+    > You should check with Mobile Device Management (MDM) vendor, if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
-    -   C:\\Windows\\schemas\\EAPHost
+    > -   C:\\Windows\\schemas\\EAPHost
-    -   C:\\Windows\\schemas\\EAPMethods
+    > -   C:\\Windows\\schemas\\EAPMethods
 ## EAP certificate filtering
 In your deployment, if you have multiple certificates provisioned on the device and the Wi-Fi profile provisioned doesn't have a strict filtering criteria, you might see connection failures when connecting to Wi-Fi. The solution is to ensure that the Wi-Fi profile provisioned has strict filtering criteria so that it matches only one certificate.
 Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can encounter a situation where there are multiple certificates that meet the default criteria for authentication. This situation can lead to issues such as:
@ -123,11 +119,11 @@ Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can
 -   The user might be prompted to select the certificate.
 -   The wrong certificate might be auto-selected and cause an authentication failure.
-A production ready deployment must have the appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and the appropriate certificate can be used for the authentication.
+A production ready deployment must have appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and appropriate certificate can be used for the authentication.
-EAP XML must be updated with relevant information for your environment. This task can be done manually by editing the following XML sample, or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
+EAP XML must be updated with relevant information for your environment. This task can be done manually by editing the following XML sample or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
-   For Wi-Fi, look for the `<EAPConfig>` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags you'll find the complete EAP configuration. Replace the section under `<EAPConfig>` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
+-   For Wi-Fi, look for the `<EAPConfig>` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags, you'll find the complete EAP configuration. Replace the section under `<EAPConfig>` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
 -   For VPN, EAP configuration is a separate field in the MDM configuration. Work with your MDM provider to identify and update the appropriate field.
 For information about EAP settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>.
@ -142,9 +138,9 @@ The following list describes the prerequisites for a certificate to be used with
 -   The certificate must have at least one of the following EKU properties:
-    -   Client Authentication. As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
+    -   Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
-    -   Any Purpose. This property is an EKU-defined one and is published by Microsoft, and is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
+    -   Any Purpose: This property is an EKU-defined one and is published by Microsoft. It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
-    -   All Purpose. As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
+    -   All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
 -   The user or the computer certificate on the client must chain to a trusted root CA.
 -   The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
@ -157,7 +153,6 @@ The following XML sample explains the properties for the EAP TLS XML, including
 > For PEAP or TTLS profiles, the EAP TLS XML is embedded within some PEAP-specific or TTLS-specific elements.
 ```xml
 <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
 <EapMethod>
@ -261,7 +256,6 @@ The following XML sample explains the properties for the EAP TLS XML, including
 > The EAP TLS XSD is located at %systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd.
 Alternatively, you can use the following procedure to create an EAP configuration XML:
 1.  Follow steps 1 through 7 in the EAP configuration article.
@ -290,8 +284,7 @@ Alternatively, you can use the following procedure to create an EAP configuratio
 > [!NOTE]
 > You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)) article.
- 
+## Related topics
- 
+[Configuration service provider reference](configuration-service-provider-reference.md)
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@ -17,6 +17,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|No|No|
 |Windows SE|No|No|
 |Business|No|No|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@ -20,18 +20,19 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The EnterpriseDataProtection configuration service provider (CSP) is used to configure settings for Windows Information Protection (WIP), formerly known as Enterprise Data Protection. For more information about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip).
-> [!Note]
+> [!NOTE]
-> To make WIP functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md).
+> To make Windows Information Protection functional, the AppLocker CSP and the network isolation-specific settings must also be configured. For more information, see [AppLocker CSP](applocker-csp.md) and NetworkIsolation policies in [Policy CSP](policy-configuration-service-provider.md).
-While WIP has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md).
+While Windows Information Protection has no hard dependency on VPN, for best results you should configure VPN profiles first before you configure the WIP policies. For VPN best practice recommendations, see [VPNv2 CSP](vpnv2-csp.md).
-To learn more about WIP, see the following articles:
+To learn more about Windows Information Protection, see the following articles:
 - [Create a Windows Information Protection (WIP) policy](/windows/security/information-protection/windows-information-protection/overview-create-wip-policy)
 - [General guidance and best practices for Windows Information Protection (WIP)](/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip)
@ -62,8 +63,8 @@ The root node for the Windows Information Protection (WIP) configuration setting
 <a href="" id="settings-edpenforcementlevel"></a>**Settings/EDPEnforcementLevel**  
 Set the WIP enforcement level. 
-> [!Note]
+> [!NOTE]
-> Setting this value isn't sufficient to enable WIP on the device. Attempts to change this value will fail when the WIP cleanup is running.
+> Setting this value isn't sufficient to enable Windows Information Protection on the device. Attempts to change this value will fail when the WIP cleanup is running.
 The following list shows the supported values:
@ -75,14 +76,13 @@ The following list shows the supported values:
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 <a href="" id="settings-enterpriseprotecteddomainnames"></a>**Settings/EnterpriseProtectedDomainNames**  
-A list of domains used by the enterprise for its user identities separated by pipes (&quot;|&quot;). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for WIP. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
+A list of domains used by the enterprise for its user identities separated by pipes (&quot;|&quot;). The first domain in the list must be the primary enterprise ID, that is, the one representing the managing authority for Windows Information Protection. User identities from one of these domains is considered an enterprise managed account and data associated with it should be protected. For example, the domains for all email accounts owned by the enterprise would be expected to appear in this list. Attempts to change this value will fail when the WIP cleanup is running.
 Changing the primary enterprise ID isn't supported and may cause unexpected behavior on the client.
-> [!Note]
+> [!NOTE]
 > The client requires domain name to be canonical, otherwise the setting will be rejected by the client.
 Here are the steps to create canonical domain names:
 1. Transform the ASCII characters (A-Z only) to lowercase. For example, Microsoft.COM -> microsoft.com.
@ -241,7 +241,7 @@ For EFSCertificate KeyTag, it's expected to be a DER ENCODED binary certificate.
 Supported operations are Add, Get, Replace, and Delete. Value type is base-64 encoded certificate.
 <a href="" id="settings-revokeonunenroll"></a>**Settings/RevokeOnUnenroll**  
-This policy controls whether to revoke the WIP keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
+This policy controls whether to revoke the Windows Information Protection keys when a device unenrolls from the management service. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after unenrollment. If the keys aren't revoked, there will be no revoked file cleanup, later. Prior to sending the unenroll command, when you want a device to do a selective wipe when it's unenrolled, then you should explicitly set this policy to 1.
 The following list shows the supported values:
@ -251,7 +251,7 @@ The following list shows the supported values:
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 <a href="" id="settings-revokeonmdmhandoff"></a>**Settings/RevokeOnMDMHandoff**  
-Added in Windows 10, version 1703. This policy controls whether to revoke the WIP keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
+Added in Windows 10, version 1703. This policy controls whether to revoke the Windows Information Protection keys when a device upgrades from mobile application management (MAM) to MDM. If set to 0 (Don't revoke keys), the keys won't be revoked and the user will continue to have access to protected files after upgrade. This setting is recommended if the MDM service is configured with the same WIP EnterpriseID as the MAM service.
 - 0 - Don't revoke keys.
 - 1 (default) - Revoke keys.
@ -264,7 +264,7 @@ TemplateID GUID to use for Rights Management Service (RMS) encryption. The RMS t
 Supported operations are Add, Get, Replace, and Delete. Value type is string (GUID).
 <a href="" id="settings-allowazurermsforedp"></a>**Settings/AllowAzureRMSForEDP**  
-Specifies whether to allow Azure RMS encryption for WIP.
+Specifies whether to allow Azure RMS encryption for Windows Information Protection.
 - 0 (default) – Don't use RMS.
 - 1 – Use RMS.
@ -277,7 +277,7 @@ When this policy isn't specified, the existing auto-encryption behavior is appli
 Supported operations are Add, Get, Replace and Delete. Value type is string.
 <a href="" id="settings-edpshowicons"></a>**Settings/EDPShowIcons**  
-Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the WIP icon in the title bar of a WIP-protected app.
+Determines whether overlays are added to icons for WIP protected files in Explorer and enterprise only app tiles on the **Start** menu. Starting in Windows 10, version 1703 this setting also configures the visibility of the Windows Information Protection icon in the title bar of a WIP-protected app.
 The following list shows the supported values:
 - 0 (default) - No WIP overlays on icons or tiles.
@ -286,7 +286,7 @@ The following list shows the supported values:
 Supported operations are Add, Get, Replace, and Delete. Value type is integer.
 <a href="" id="status"></a>**Status**  
-A read-only bit mask that indicates the current state of WIP on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
+A read-only bit mask that indicates the current state of Windows Information Protection on the Device. The MDM service can use this value to determine the current overall state of WIP. WIP is only on (bit 0 = 1) if WIP mandatory policies and WIP AppLocker settings are configured.
 Suggested values:
@ -298,7 +298,7 @@ Bit 0 indicates whether WIP is on or off.
 Bit 1 indicates whether AppLocker WIP policies are set.
-Bit 3 indicates whether the mandatory WIP policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero).
+Bit 3 indicates whether the mandatory Windows Information Protection policies are configured. If one or more of the mandatory WIP policies aren't configured, the bit 3 is set to 0 (zero).
 Here's the list of mandatory WIP policies:
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@ -19,6 +19,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@ -5,8 +5,7 @@ ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: manikadhiman
+author: dansimp
 ms.date: 11/29/2021
 ms.reviewer: 
 manager: dansimp
 ---
@ -19,6 +18,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -244,7 +244,7 @@ Default value is true.
 Value type is bool. Supported operations are Add, Get and Replace.
 <a href="" id="defaultoutboundaction"></a>**/DefaultOutboundAction**
-This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will block all outbound traffic unless it's explicitly specified not to block.
+This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The merge law for this option is to let the value of the GroupPolicyRSoPStore win if it's configured; otherwise, the local store value is used. DefaultOutboundAction will allow all outbound traffic unless it's explicitly specified not to allow.
 - 0x00000000 - allow
 - 0x00000001 - block
@ -440,4 +440,4 @@ Value type is string. Supported operations are Add, Get, Replace, and Delete.
 ## Related topics
-[Configuration service provider reference](configuration-service-provider-reference.md)
+[Configuration service provider reference](configuration-service-provider-reference.md)
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@ -20,6 +20,7 @@ The table below shows the applicability of Windows:
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png
+++ b/windows/client-management/mdm/images/configlock-mem-firmwareprotect.png
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
@ -80,17 +80,17 @@ Since the [Poll](dmclient-csp.md#provider-providerid-poll) node isn’t provided
 MAM on Windows supports the following configuration service providers (CSPs). All other CSPs will be blocked. Note the list may change later based on customer feedback:
- [AppLocker CSP](applocker-csp.md) for configuration of WIP enterprise allowed apps.
+- [AppLocker CSP](applocker-csp.md) for configuration of Windows Information Protection enterprise allowed apps.
 - [ClientCertificateInstall CSP](clientcertificateinstall-csp.md) for installing VPN and Wi-Fi certs.
 - [DeviceStatus CSP](devicestatus-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
 - [DevInfo CSP](devinfo-csp.md).
 - [DMAcc CSP](dmacc-csp.md).
 - [DMClient CSP](dmclient-csp.md) for polling schedules configuration and MDM discovery URL.
- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has WIP policies.
+- [EnterpriseDataProtection CSP](enterprisedataprotection-csp.md) has Windows Information Protection policies.
 - [Health Attestation CSP](healthattestation-csp.md) required for Conditional Access support (starting with Windows 10, version 1703).
 - [PassportForWork CSP](passportforwork-csp.md) for Windows Hello for Business PIN management.
 - [Policy CSP](policy-configuration-service-provider.md) specifically for NetworkIsolation and DeviceLock areas.
- [Reporting CSP](reporting-csp.md) for retrieving WIP logs.
+- [Reporting CSP](reporting-csp.md) for retrieving Windows Information Protection logs.
 - [RootCaTrustedCertificates CSP](rootcacertificates-csp.md).
 - [VPNv2 CSP](vpnv2-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM.
 - [WiFi CSP](wifi-csp.md) should be omitted for deployments where IT is planning to allow access and protect cloud-only resources with MAM. 
@ -116,13 +116,13 @@ MAM policy syncs are modeled after MDM. The MAM client uses an Azure AD token to
 Windows doesn't support applying both MAM and MDM policies to the same devices. If configured by the admin, users can change their MAM enrollment to MDM.
 > [!NOTE]
-> When users upgrade from MAM to MDM on Windows Home edition, they lose access to WIP. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
+> When users upgrade from MAM to MDM on Windows Home edition, they lose access to Windows Information Protection. On Windows Home edition, we don't recommend pushing MDM policies to enable users to upgrade.
 To configure MAM device for MDM enrollment, the admin needs to configure the MDM Discovery URL in the DMClient CSP. This URL will be used for MDM enrollment.
-In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when WIP policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that:
+In the process of changing MAM enrollment to MDM, MAM policies will be removed from the device after MDM policies have been successfully applied. Normally when Windows Information Protection policies are removed from the device, the user’s access to WIP-protected documents is revoked (selective wipe) unless EDP CSP RevokeOnUnenroll is set to false. To prevent selective wipe on enrollment change from MAM to MDM, the admin needs to ensure that:
- Both MAM and MDM policies for the organization support WIP.
+- Both MAM and MDM policies for the organization support Windows Information Protection.
 - EDP CSP Enterprise ID is the same for both MAM and MDM.
 - EDP CSP RevokeOnMDMHandoff is set to false.
--- a/windows/client-management/mdm/index.md
+++ b/windows/client-management/mdm/index.md
@ -1,28 +1,28 @@
 ---
 title: Mobile device management
-description: Windows 10 and Windows 11 provides an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy
+description: Windows 10 and Windows 11 provide an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy.
 MS-HAID:
 - 'p\_phDeviceMgmt.provisioning\_and\_device\_management'
 - 'p\_phDeviceMgmt.mobile\_device\_management\_windows\_mdm'
-ms.assetid: 50ac90a7-713e-4487-9cb9-b6d6fdaa4e5b
+ms.topic: overview
 ms.author: dansimp
 ms.topic: article
 ms.prod: w10
 ms.technology: windows
-author: dansimp
+author: aczechowski
 ms.author: aaroncz
 ms.collection: highpri
 ms.date: 06/03/2022
 ---
 # Mobile device management
-Windows 10 and Windows 11 provides an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.
+Windows 10 and Windows 11 provide an enterprise management solution to help IT pros manage company security policies and business applications, while avoiding compromise of the users' privacy on their personal devices. A built-in management component can communicate with the management server.
-There are two parts to the Windows management component:
+There are two parts to the Windows management component:
-   The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
+- The enrollment client, which enrolls and configures the device to communicate with the enterprise management server.
-   The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
+- The management client, which periodically synchronizes with the management server to check for updates and apply the latest policies set by IT.
-Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers don't need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
+Third-party MDM servers can manage Windows 10 by using the MDM protocol. The built-in management client is able to communicate with a third-party server proxy that supports the protocols outlined in this document to perform enterprise management tasks. The third-party server will have the same consistent first-party user experience for enrollment, which also provides simplicity for Windows 10 users. MDM servers don't need to create or download a client to manage Windows 10. For details about the MDM protocols, see [\[MS-MDM\]: Mobile Device Management Protocol](/openspecs/windows_protocols/ms-mdm/33769a92-ac31-47ef-ae7b-dc8501f7104f) and [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692).
 ## MDM security baseline
@ -37,7 +37,7 @@ The MDM security baseline includes policies that cover the following areas:
 - Legacy technology policies that offer alternative solutions with modern technology
 - And much more
-For more details about the MDM policies defined in the MDM security baseline and what Microsoft's recommended baseline policy values are, see:
+For more information about the MDM policies defined in the MDM security baseline and what Microsoft's recommended baseline policy values are, see:
 - [MDM Security baseline for Windows 11](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/Windows11-MDM-SecurityBaseLine-Document.zip)
 - [MDM Security baseline for Windows 10, version 2004](https://download.microsoft.com/download/2/C/4/2C418EC7-31E0-4A74-8928-6DCD512F9A46/2004-MDM-SecurityBaseLine-Document.zip)
@ -48,37 +48,27 @@ For more details about the MDM policies defined in the MDM security baseline and
 For information about the MDM policies defined in the Intune security baseline, see [Windows security baseline settings for Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
 <span id="mmat" />
 ## Learn about migrating to MDM
 When an organization wants to move to MDM to manage devices, they should prepare by analyzing their current Group Policy settings to see what they need to transition to MDM management. Microsoft created the [MDM Migration Analysis Tool](https://aka.ms/mmat/) (MMAT) to help. MMAT determines which Group Policies have been set for a target user or computer and then generates a report that lists the level of support for each policy setting in MDM equivalents. For more information, see [MMAT Instructions](https://github.com/WindowsDeviceManagement/MMAT/blob/master/MDM%20Migration%20Analysis%20Tool%20Instructions.pdf).
 ## Learn about device enrollment
-
+- [Mobile device enrollment](mobile-device-enrollment.md)
-   [Mobile device enrollment](mobile-device-enrollment.md)
+- [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
-   [Federated authentication device enrollment](federated-authentication-device-enrollment.md)
+- [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
-   [Certificate authentication device enrollment](certificate-authentication-device-enrollment.md)
+- [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
 -   [On-premise authentication device enrollment](on-premise-authentication-device-enrollment.md)
 ## Learn about device management
-
+- [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
-   [Azure Active Directory integration with MDM](azure-active-directory-integration-with-mdm.md)
+- [Enterprise app management](enterprise-app-management.md)
-   [Enterprise app management](enterprise-app-management.md)
+- [Mobile device management (MDM) for device updates](device-update-management.md)
-   [Mobile device management (MDM) for device updates](device-update-management.md)
+- [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
-   [Enable offline upgrades to Windows 10 for Windows Embedded 8.1 Handheld devices](enable-offline-updates-for-windows-embedded-8-1-handheld-devices-to-windows-10.md)
+- [OMA DM protocol support](oma-dm-protocol-support.md)
-   [OMA DM protocol support](oma-dm-protocol-support.md)
+- [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
-   [Structure of OMA DM provisioning files](structure-of-oma-dm-provisioning-files.md)
+- [Server requirements for OMA DM](server-requirements-windows-mdm.md)
-   [Server requirements for OMA DM](server-requirements-windows-mdm.md)
+- [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md)
 -   [Enterprise settings, policies, and app management](windows-mdm-enterprise-settings.md)
 ## Learn about configuration service providers
-
+- [Configuration service provider reference](configuration-service-provider-reference.md)
-   [Configuration service provider reference](configuration-service-provider-reference.md)
+- [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
-   [WMI providers supported in Windows 10](wmi-providers-supported-in-windows.md)
+- [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
-   [Using PowerShell scripting with the WMI Bridge Provider](using-powershell-scripting-with-the-wmi-bridge-provider.md)
+- [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
 -   [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal)
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@ -13,6 +13,16 @@ manager: dansimp
 # MultiSIM CSP 
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The MultiSIM configuration service provider (CSP) is used by the enterprise to manage devices with dual SIM single active configuration. An enterprise can set policies on whether that user can switch between SIM slots, specify which slot is the default, and whether the slot is embedded. This CSP was added in Windows 10, version 1803.
--- a/windows/client-management/mdm/nap-csp.md
+++ b/windows/client-management/mdm/nap-csp.md
@ -14,6 +14,17 @@ ms.date: 06/26/2017
 # NAP CSP
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The NAP (Network Access Point) Configuration Service Provider is used to manage and query GPRS and CDMA connections.
 > [!Note]
@ -67,7 +78,7 @@ Root node.
 <a href="" id="napx"></a>***NAPX***  
 Required. Defines the name of the network access point.
-It's recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two network access points, use "NAP0" and "NAP1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), but no spaces may appear in the name (use %20 instead).
+It is recommended that this element name is specified as a numbered node beginning at zero. For example, to provision two network access points, use "NAP0" and "NAP1" as the element names. Any unique name can be used if desired (such as "GPRS-NAP"), however, no spaces may appear in the name (use %20 instead).
 <a href="" id="napx-napid"></a>***NAPX*/NAPID**  
 Required. Specifies the identifier of the destination network.
@ -97,7 +108,7 @@ The following table shows some commonly used ADDRTYPE values and the types of co
 Optional node. Specifies the authentication information, including the protocol, user name, and password.
 <a href="" id="napx-authinfo-authtype"></a>***NAPX*/AuthInfo/AuthType**  
-Optional. Specifies the method of authentication. Some supported protocols are PAP, CHAP, HTTP-BASIC, HTTP-DIGEST, WTLS-SS, MD5.
+Optional. Specifies the method of authentication. Some supported protocols are PAP, CHAP, HTTP-BASIC, HTTP-DIGEST, WTLS-SS, and MD5.
 <a href="" id="napx-authinfo-authname"></a>***NAPX*/AuthInfo/AuthName**  
 Optional. Specifies the user name and domain to be used during authentication. This field is in the form *Domain*\\*UserName*.
@ -111,7 +122,8 @@ Queries of this field will return a string composed of 16 asterisks (\*).
 Node.
 <a href="" id="napx-bearer-bearertype"></a>***NAPX*/Bearer/BearerType**  
-Required. Specifies the network type of the destination network. This parameter's value can be set to GPRS, CDMA2000, WCDMA, TDMA, CSD, DTPT, WiFi.
+
 Required. Specifies the network type of the destination network. This can be set to GPRS, CDMA2000, WCDMA, TDMA, CSD, DTPT, and Wi-Fi.
 ## Related articles
--- a/windows/client-management/mdm/napdef-csp.md
+++ b/windows/client-management/mdm/napdef-csp.md
@ -14,7 +14,18 @@ ms.date: 06/26/2017
 # NAPDEF CSP
-The NAPDEF configuration service provider is used to add, modify, or delete WAP network access points (NAPs). For complete information about these settings, see the standard WAP specification WAP-183-ProvCont-20010724-a.
+The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The NAPDEF configuration service provider is used to add, modify, or delete WAP Network Access Points (NAPs). For complete information about these settings, see the standard WAP specification WAP-183-ProvCont-20010724-a.
 > [!Note]
 > You cannot use NAPDEF CSP on the desktop to update the Push Proxy Gateway (PPG) list.
@ -71,7 +82,7 @@ A query of this parameter returns asterisks (\*) in the results.
 <a href="" id="authtype"></a>**AUTHTYPE**  
 Specifies the protocol used to authenticate the user.
-The only permitted values for this element are "POP" (Password Authentication Protocol) and "CHAP" (Challenge Handshake Authentication Protocol) authentication protocols. Note
+The only permitted values for this element are "POP" (Password Authentication Protocol) and "CHAP" (Challenge Handshake Authentication Protocol) authentication protocols.
 > [!Note]
 > **AuthName** and **AuthSecret** are not created if **AuthType** isn't included in the initial device configuration. **AuthName** and **AuthSecret** cannot be changed if **AuthType** isn't included in the provisioning XML used to make the change. 
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@ -13,11 +13,22 @@ manager: dansimp
 # NetworkProxy CSP
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections. These settings do not apply to VPN connections. This CSP was added in Windows 10, version 1703.
 How the settings work:  
- If auto-detect is enabled, the system tries to find the path to a proxy auto config (PAC) script and download it.
+- If auto-detect is enabled, the system tries to find the path to a Proxy Auto Config (PAC) script and download it.
 - If #1 fails and a setup script is specified, the system tries to download the explicitly configured PAC script.
 - If #2 fails and a proxy server is specified, the system tries to use the explicitly configured proxy server.
 - Otherwise, the system tries to reach the site directly.
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@ -13,6 +13,17 @@ manager: dansimp
 # NetworkQoSPolicy CSP
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The NetworkQoSPolicy configuration service provider creates network Quality of Service (QoS) policies. A QoS policy performs a set of actions on network traffic based on a set of matching conditions. This CSP was added in Windows 10, version 1703.
 The following conditions are supported:
@ -71,7 +82,7 @@ NetworkQoSPolicy
 <p>The supported operations are Add, Get, Delete, and Replace.
 <a href="" id="name-apppathnamematchcondition"></a>***Name*/AppPathNameMatchCondition**  
-<p>Specifies the name of an application to be used to match the network traffic, such as application.exe or %ProgramFiles%\application.exe.
+<p>Specifies the name of an application to be used to match the network traffic, such as `application.exe` or `%ProgramFiles%\application.exe`.
 <p>The data type is char. 
@ -111,7 +122,7 @@ NetworkQoSPolicy
 <p>The supported operations are Add, Get, Delete, and Replace.
 <a href="" id="name-dscpaction"></a>***Name*/DSCPAction**  
-<p>The differentiated services code point (DSCP) value to apply to matching network traffic.
+<p>The Differentiated Services Code Point (DSCP) value to apply to matching network traffic.
 <p>Valid values are 0-63.
--- a/windows/client-management/mdm/nodecache-csp.md
+++ b/windows/client-management/mdm/nodecache-csp.md
@ -14,6 +14,16 @@ ms.date: 06/26/2017
 # NodeCache CSP
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The NodeCache configuration service provider is used to manage the client cache. This configuration service provider is to be used only by enterprise management servers. It provides a level of abstraction that decouples the management of the node list from a specific backing store. It synchronizes the client cache with the server side cache. It also provides an API for monitoring device-side cache changes.
@ -72,7 +82,7 @@ NodeCache
 Required. The root node for the NodeCache object. Supported operation is Get. This configuration service provider is used for enterprise device management only. This parameter's value is a predefined MIME type to identify this managed object in OMA DM syntax.
 <a href="" id="providerid"></a>***ProviderID***  
-Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one *ProviderID* node under **NodeCache**. Scope is dynamic.
+Optional. Group settings per DM server. Each group of settings is distinguished by the server’s Provider ID. It should be the same DM server **PROVIDER-ID** value that was supplied through the [w7 APPLICATION configuration service provider](w7-application-csp.md) XML during the enrollment process. Only one enterprise management server is supported. That is, there should be only one **ProviderID** node under **NodeCache**. Scope is dynamic.
 Supported operations are Get, Add, and Delete.
@ -383,10 +393,11 @@ It represents this example:
    <Node Id="20" Uri="./DevDetail/Ext/Microsoft/DeviceName">U09NRU5FV1ZBTFVF</Node>
 </Nodes>
 ```
 Id is the node Id that was added by the MDM server, and Uri is the path that the node is tracking.
 If a Uri isn't set, the node will always be reported as changed, as in Node Id 10.
-The value inside of the node tag is the actual value returned by the Uri, which means that for Node Id 20 the DeviceName didn't match what was previously expected, and the device name is now U09NRU5FV1ZBTFVF instead of what it was previously.
+Id is the node ID that was added by the MDM server, and Uri is the path that the node is tracking.
 If a Uri is not set, the node will always be reported as changed, as in Node ID 10.
 The value inside of the node tag is the actual value returned by the Uri, which means that for Node ID 20 the DeviceName did not match what was previously expected, and the device name is now U09NRU5FV1ZBTFVF instead of what it was previously.
 ## Related topics
--- a/windows/client-management/mdm/office-csp.md
+++ b/windows/client-management/mdm/office-csp.md
@ -13,6 +13,16 @@ manager: dansimp
 # Office CSP
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device via the Office Deployment Tool (ODT). For more information, see [Configuration options for the Office Deployment Tool](/deployoffice/office-deployment-tool-configuration-options) and [How to assign Office 365 apps to Windows 10 devices with Microsoft Intune](/intune/apps-add-office365). 
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@ -14,7 +14,19 @@ ms.date: 07/19/2019
 # PassportForWork CSP
-The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to sign in to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards.
+The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|Yes|Yes|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to log in to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards.
 > [!IMPORTANT]
 > Starting with Windows 10, version 1607 all devices only have one PIN associated with Windows Hello for Business. This means that any PIN on a device will be subject to the policies specified in the PassportForWork CSP. The values specified take precedence over any complexity rules set via Exchange ActiveSync (EAS) or the DeviceLock CSP.
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@ -13,6 +13,17 @@ manager: dansimp
 # Personalization CSP
 The table below shows the applicability of Windows:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|No|No|
 |Windows SE|No|No|
 |Business|No|No|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 The Personalization CSP can set the lock screen and desktop background images. Setting these policies also prevents the user from changing the image. You can also use the Personalization settings in a provisioning package.
 This CSP was added in Windows 10, version 1703.
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@ -9,7 +9,7 @@ ms.prod: w10
 ms.technology: windows
 author: dansimp
 ms.localizationpriority: medium
-ms.date: 03/01/2022
+ms.date: 06/06/2022
 ---
 # Policies in Policy CSP supported by HoloLens 2
@ -50,11 +50,15 @@ ms.date: 03/01/2022
 - [DeviceLock/MinDevicePasswordLength](policy-csp-devicelock.md#devicelock-mindevicepasswordlength)
 - [Experience/AllowCortana](policy-csp-experience.md#experience-allowcortana)
 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
 - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
 - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) <sup>9</sup>
- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) <sup>10</sup>
+- [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) <sup>11</sup>
 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) <sup>9</sup>
 - [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) <sup>*[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)</sup>
 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) <sup>9</sup>
 - [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) <sup>9</sup>
 - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) <sup>9</sup>
 - [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) <sup>10</sup>
 - [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) <sup>9</sup>
 - [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) <sup>9</sup>
 - [Power/DisplayOffTimeoutPluggedIn](./policy-csp-power.md#power-displayofftimeoutpluggedin) <sup>9</sup>
@ -102,13 +106,13 @@ ms.date: 03/01/2022
 - [Update/ActiveHoursStart](./policy-csp-update.md#update-activehoursstart) <sup>9</sup>
 - [Update/AllowAutoUpdate](policy-csp-update.md#update-allowautoupdate)
 - [Update/AllowUpdateService](policy-csp-update.md#update-allowupdateservice)
- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) <sup>10</sup>
+- [Update/AutoRestartNotificationSchedule](policy-csp-update.md#update-autorestartnotificationschedule) <sup>11</sup>
- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) <sup>10</sup>
+- [Update/AutoRestartRequiredNotificationDismissal](policy-csp-update.md#update-autorestartrequirednotificationdismissal) <sup>11</sup>
 - [Update/BranchReadinessLevel](policy-csp-update.md#update-branchreadinesslevel)
- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) <sup>10</sup>
+- [Update/ConfigureDeadlineForFeatureUpdates](policy-csp-update.md#update-configuredeadlineforfeatureupdates) <sup>11</sup>
- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) <sup>10</sup>
+- [Update/ConfigureDeadlineForQualityUpdates](policy-csp-update.md#update-configuredeadlineforqualityupdates) <sup>11</sup>
- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) <sup>10</sup>
+- [Update/ConfigureDeadlineGracePeriod](policy-csp-update.md#update-configuredeadlinegraceperiod) <sup>11</sup>
- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) <sup>10</sup>
+- [Update/ConfigureDeadlineNoAutoReboot](policy-csp-update.md#update-configuredeadlinenoautoreboot) <sup>11</sup>
 - [Update/DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#update-deferfeatureupdatesperiodindays)
 - [Update/DeferQualityUpdatesPeriodInDays](policy-csp-update.md#update-deferqualityupdatesperiodindays)
 - [Update/ManagePreviewBuilds](policy-csp-update.md#update-managepreviewbuilds)
@ -116,10 +120,10 @@ ms.date: 03/01/2022
 - [Update/PauseQualityUpdates](policy-csp-update.md#update-pausequalityupdates)
 - [Update/ScheduledInstallDay](policy-csp-update.md#update-scheduledinstallday)
 - [Update/ScheduledInstallTime](policy-csp-update.md#update-scheduledinstalltime)
- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) <sup>10</sup>
+- [Update/ScheduleImminentRestartWarning](policy-csp-update.md#update-scheduleimminentrestartwarning) <sup>11</sup>
- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) <sup>10</sup>
+- [Update/ScheduleRestartWarning](policy-csp-update.md#update-schedulerestartwarning) <sup>11</sup>
 - [Update/SetDisablePauseUXAccess](policy-csp-update.md#update-setdisablepauseuxaccess)
- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) <sup>10</sup>
+- [Update/UpdateNotificationLevel](policy-csp-update.md#update-updatenotificationlevel) <sup>11</sup>
 - [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#wifi-allowmanualwificonfiguration)
 - [Wifi/AllowWiFi](policy-csp-wifi.md#wifi-allowwifi) <sup>8</sup>
@ -133,8 +137,9 @@ Footnotes:
 - 6 - Available in Windows 10, version 1903.
 - 7 - Available in Windows 10, version 1909.
 - 8 - Available in Windows 10, version 2004.
- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes#windows-holographic-version-20h2)
+- 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2)
- 10 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
+- 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1)
 - 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
 ## Related topics
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@ -41,6 +41,7 @@ manager: dansimp
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@ -31,6 +31,12 @@ manager: dansimp
  <dd>
    <a href="#accounts-allowmicrosoftaccountsigninassistant">Accounts/AllowMicrosoftAccountSignInAssistant</a>
  </dd>
  <dd>
    <a href="#accounts-domainnamesforemailsync">Accounts/DomainNamesForEmailSync</a>
  </dd>
  <dd>
    <a href="#accounts-restricttoenterprisedeviceauthenticationonly">Accounts/RestrictToEnterpriseDeviceAuthenticationOnly</a>
  </dd>
 </dl>
@ -45,6 +51,7 @@ manager: dansimp
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -61,12 +68,12 @@ manager: dansimp
 <!--/Scope-->
 <!--Description-->
-Specifies whether user is allowed to add non-MSA email accounts.
+Specifies whether user is allowed to add email accounts other than Microsoft account.
 Most restricted value is 0.
 > [!NOTE]
-> This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the [EMAIL2 CSP](email2-csp.md).
+> This policy will only block UI/UX-based methods for adding non-Microsoft accounts.
 <!--/Description-->
 <!--SupportedValues-->
@ -89,6 +96,7 @@ The following list shows the supported values:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -106,7 +114,7 @@ The following list shows the supported values:
 <!--/Scope-->
 <!--Description-->
-Specifies whether the user is allowed to use an MSA account for non-email related connection authentication and services.
+Specifies whether the user is allowed to use a Microsoft account for non-email related connection authentication and services.
 Most restricted value is 0.
@ -131,6 +139,7 @@ The following list shows the supported values:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -151,10 +160,10 @@ The following list shows the supported values:
 Added in Windows 10, version 1703. Allows IT Admins the ability to disable the "Microsoft Account Sign-In Assistant" (wlidsvc) NT service.
 > [!NOTE]
-> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
+> If the Microsoft account service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See [Feature updates are not being offered while other updates are](/windows/deployment/update/windows-update-troubleshooting#feature-updates-are-not-being-offered-while-other-updates-are).
 > [!NOTE]
-> If the MSA service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the MSA ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app. 
+> If the Microsoft account service is disabled, the Subscription Activation feature will not work properly and your users will not be able to “step-up” from Windows 10 Pro to Windows 10 Enterprise, because the Microsoft account ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app. 
 <!--/Description-->
 <!--SupportedValues-->
@ -168,9 +177,90 @@ The following list shows the supported values:
 <hr/>
 <!--Policy-->
 <a href="" id="accounts-domainnamesforemailsync"></a>**Accounts/DomainNamesForEmailSync**  
 <!--SupportedSKUs-->
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 <!--/Description-->
 <!--SupportedValues-->
 The following list shows the supported values:
 <!--/SupportedValues-->
 <!--/Policy-->
 <hr/>
 <!--Policy-->
 <a href="" id="accounts-restricttoenterprisedeviceauthenticationonly"></a>**Accounts/RestrictToEnterpriseDeviceAuthenticationOnly**  
 <!--SupportedSKUs-->
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
 |Pro|No|Yes|
 |Business|No|Yes|
 |Enterprise|No|Yes|
 |Education|No|Yes|
 <!--/SupportedSKUs-->
 <hr/>
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 > [!div class = "checklist"]
 > * Device
 <hr/>
 <!--/Scope-->
 <!--Description-->
 Added in Windows 11, version 22H2. This setting determines whether to only allow enterprise device authentication for the Microsoft Account Sign-in Assistant service (wlidsvc). By default, this setting is disabled and allows both user and device authentication. When the value is set to 1, we only allow device authentication and block user authentication.
 Most restricted value is 1.
 <!--/Description-->
 <!--SupportedValues-->
 The following list shows the supported values:
 -   0 (default) - Allow both device and user authentication.
 -   1 - Only allow device authentication. Block user authentication.
 <!--/SupportedValues-->
 <!--/Policy-->
 <hr/>
 <!--/Policies-->
 <!--/Policies-->
 ## Related topics
-[Policy CSP](policy-configuration-service-provider.md)
+[Policy CSP](policy-configuration-service-provider.md)
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@ -45,6 +45,7 @@ manager: dansimp
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@ -45,6 +45,7 @@ manager: dansimp
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@ -129,10 +129,11 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|||
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
-|Education|||
+|Education|Yes|Yes|
 <!--/SupportedSKUs-->
 <hr/>
@ -186,8 +187,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -244,8 +246,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -303,8 +306,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -358,8 +362,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -413,8 +418,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -469,8 +475,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -524,8 +531,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -582,8 +590,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -639,8 +648,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@ -54,6 +54,7 @@ manager: dansimp
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -96,6 +97,7 @@ ADMX Info:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -141,6 +143,7 @@ ADMX Info:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -186,6 +189,7 @@ ADMX Info:
 |--- |--- |--- |
 |Home|No|No|
 |Pro|Yes|Yes|
 |Windows SE|No|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@ -76,8 +76,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -129,8 +130,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -176,8 +178,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -227,8 +230,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -278,8 +282,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -332,8 +337,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -375,8 +381,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -425,8 +432,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -474,8 +482,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@ -43,8 +43,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@ -52,8 +52,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -98,8 +99,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -144,8 +146,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -192,8 +195,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@ -55,8 +55,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -106,8 +107,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes
@ -157,8 +159,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -204,8 +207,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -251,8 +255,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@ -43,8 +43,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@ -82,8 +82,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -130,8 +131,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -179,8 +181,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -229,8 +232,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -278,8 +282,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -330,8 +335,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -381,8 +387,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -429,8 +436,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -477,8 +485,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -525,8 +534,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -575,8 +585,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -624,8 +635,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -673,8 +685,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -722,8 +735,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@ -46,8 +46,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -96,8 +97,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@ -46,8 +46,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -98,8 +99,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@ -52,8 +52,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -108,8 +109,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -159,8 +161,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -217,8 +220,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@ -112,8 +112,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -158,8 +159,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -202,8 +204,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -249,8 +252,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -297,8 +301,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -342,8 +347,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -391,8 +397,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -442,8 +449,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -487,8 +495,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -532,8 +541,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -581,8 +591,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -628,8 +639,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -680,8 +692,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -727,8 +740,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -772,8 +786,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -817,8 +832,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -860,8 +876,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -905,8 +922,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -950,8 +968,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1002,8 +1021,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1055,8 +1075,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1107,8 +1128,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1152,8 +1174,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1206,8 +1229,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_Cpls
-description: Policy CSP - ADMX_Cpls
+description: Learn about the Policy CSP - ADMX_Cpls.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -43,8 +43,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -64,7 +65,7 @@ manager: dansimp
 This policy setting allows an administrator to standardize the account pictures for all users on a system to the default account picture. One application for this policy setting is to standardize the account pictures to a company logo.
 > [!NOTE] 
-> The default account picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg. The default guest picture is stored at %PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg. If the default pictures do not exist, an empty frame is displayed.
+> The default account picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\user.jpg.` The default guest picture is stored at `%PROGRAMDATA%\Microsoft\User Account Pictures\guest.jpg.` If the default pictures do not exist, an empty frame is displayed.
 If you enable this policy setting, the default user account picture will display for all users on the system with no customization allowed.
@ -84,6 +85,8 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
 <!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_CredentialProviders
-description: Policy CSP - ADMX_CredentialProviders
+description: Learn about the Policy CSP - ADMX_CredentialProviders.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -50,8 +50,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -100,8 +101,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -122,7 +124,7 @@ This policy setting allows the administrator to assign a specified credential pr
 If you enable this policy setting, the specified credential provider is selected on other user tile.
-If you disable or do not configure this policy setting, the system picks the default credential provider on other user tile.
+If you disable or don't configure this policy setting, the system picks the default credential provider on other user tile.
 > [!NOTE]
 > A list of registered credential providers and their GUIDs can be found in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers.
@ -149,8 +151,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -190,4 +193,8 @@ ADMX Info:
 <hr/>
-<!--/Policies-->
+<!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_CredSsp
-description: Policy CSP - ADMX_CredSsp
+description: Learn about the Policy CSP - ADMX_CredSsp.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -73,8 +73,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -130,8 +131,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -191,8 +193,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -247,8 +250,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -305,8 +309,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -363,8 +368,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -421,8 +427,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -479,8 +486,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -535,8 +543,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -591,8 +600,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -647,8 +657,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -699,3 +710,6 @@ ADMX Info:
 <!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_CredUI
-description: Policy CSP - ADMX_CredUI
+description: Learn about  the Policy CSP - ADMX_CredUI.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -46,8 +46,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -67,7 +68,7 @@ manager: dansimp
 This policy setting requires the user to enter Microsoft Windows credentials using a trusted path, to prevent a Trojan horse or other types of malicious code from stealing the user’s Windows credentials.
 > [!NOTE]
-> This policy affects nonlogon authentication tasks only. As a security best practice, this policy should be enabled.
+> This policy affects non-logon authentication tasks only. As a security best practice, this policy should be enabled.
 If you enable this policy setting, users will be required to enter Windows credentials on the Secure Desktop through the trusted path mechanism.
@ -94,8 +95,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -129,3 +131,6 @@ ADMX Info:
 <
 <!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_CtrlAltDel
-description: Policy CSP - ADMX_CtrlAltDel
+description: Learn about the Policy CSP - ADMX_CtrlAltDel.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -52,8 +52,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -74,7 +75,7 @@ This policy setting prevents users from changing their Windows password on deman
 If you enable this policy setting, the **Change Password** button on the Windows Security dialog box won't appear when you press Ctrl+Alt+Del.
-However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
+However, users will still be able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
 <!--/Description-->
@ -99,8 +100,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -148,8 +150,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -195,8 +198,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -215,11 +219,11 @@ ADMX Info:
 <!--Description-->
 This policy setting disables or removes all menu items and buttons that log the user off the system.
-If you enable this policy setting, users won't see the Log off menu item when they press Ctrl+Alt+Del. This scenario will prevent them from logging off unless they restart or shut down the computer, or clicking Log off from the Start menu.
+If you enable this policy setting, users won't see the Logoff menu item when they press Ctrl+Alt+Del. This scenario will prevent them from logging off unless they restart or shut down the computer, or clicking Log off from the Start menu.
 Also, see the 'Remove Logoff on the Start Menu' policy setting.
-If you disable or don't configure this policy setting, users can see and select the Log off menu item when they press Ctrl+Alt+Del.
+If you disable or don't configure this policy setting, users can see and select the Logoff menu item when they press Ctrl+Alt+Del.
 <!--/Description-->
@ -237,3 +241,6 @@ ADMX Info:
 <!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DataCollection
-description: Policy CSP - ADMX_DataCollection
+description: Learn about the Policy CSP - ADMX_DataCollection.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -43,8 +43,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -86,3 +87,6 @@ ADMX Info:
 <!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DCOM
-description: Policy CSP - ADMX_DCOM
+description: Learn about the Policy CSP - ADMX_DCOM.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -46,8 +46,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -66,9 +67,10 @@ manager: dansimp
 <!--Description-->
 This policy setting allows you to specify that local computer administrators can supplement the "Define Activation Security Check exemptions" list.
- If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
+If you enable this policy setting, and DCOM doesn't find an explicit entry for a DCOM server application ID (appid) in the "Define Activation Security Check exemptions" policy (if enabled). Then DCOM will look for an entry in the locally configured list.
 If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.  
 - If you disable this policy setting, DCOM won't look in the locally configured DCOM activation security check exemption list.  
 If you don't configure this policy setting, DCOM will only look in the locally configured exemption list if the "Define Activation Security Check exemptions" policy isn't configured.
 > [!NOTE]
@ -95,8 +97,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -120,14 +123,20 @@ DCOM server application IDs added to this policy must be listed in curly brace f
 For example, `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`.
 If you enter a non-existent or improperly formatted application, ID DCOM will add it to the list without checking for errors.  
 - If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. 
 If you add an application ID to this list and set its value to one, DCOM won't enforce the Activation security check for that DCOM server.   
 If you add an application ID to this list and set its value to 0, DCOM will always enforce the Activation security check for that DCOM server regardless of local 
-settings.  
+settings.
 - If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.  
-If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.  Notes:  The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.   
+If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. 
 If you disable this policy setting, the application ID exemption list defined by Group Policy is deleted, and the one defined by local computer administrators is used.
 If you don't configure this policy setting, the application ID exemption list defined by local computer administrators is used.  
 >[!Note]  
 > The DCOM Activation security check is done after a DCOM server process is started, but before an object activation request is dispatched to the server process.
 This access check is done against the DCOM server's custom launch permission security descriptor if it exists, or otherwise against the configured defaults. If the DCOM server's custom launch permission contains explicit DENY entries, then the object activations that would have previously succeeded for such specified users, once the DCOM server process was up and running, might now fail instead.  
 The proper action in this situation is to reconfigure the DCOM server's custom launch permission settings for correct security settings, but this policy setting may be used in the short term as an application compatibility deployment aid.  
@ -154,3 +163,6 @@ ADMX Info:
 <!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_Desktop
-description: Policy CSP - ADMX_Desktop
+description: Learn about Policy CSP - ADMX_Desktop.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -127,8 +127,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -175,8 +176,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -225,8 +227,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -273,8 +276,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -321,8 +325,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -370,8 +375,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -413,8 +419,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -459,8 +466,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -508,8 +516,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -552,8 +561,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -603,8 +613,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -653,8 +664,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -700,8 +712,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -746,8 +759,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -776,7 +790,6 @@ If you disable or don't configure this policy setting, the Properties menu comma
 <!--/Description-->
 <!--ADMXBacked-->
 ADMX Info:  
 -   GP Friendly name: *Remove Properties from the Documents icon context menu*
@ -796,8 +809,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -842,8 +856,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -890,8 +905,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -936,8 +952,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -980,8 +997,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1025,8 +1043,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1077,8 +1096,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1122,8 +1142,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1171,8 +1192,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1219,8 +1241,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1263,8 +1286,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1310,8 +1334,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1362,8 +1387,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1414,8 +1440,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1463,8 +1490,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -1501,3 +1529,6 @@ ADMX Info:
 <!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DeviceCompat
-description: Policy CSP - ADMX_DeviceCompat
+description: Learn about Policy CSP - ADMX_DeviceCompat.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -45,8 +45,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -86,8 +87,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -104,7 +106,7 @@ ADMX Info:
 <!--/Scope-->
 <!--Description-->
-Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.		
+Changes behavior of third-party drivers to work around incompatibilities introduced between OS versions.
 <!--/Description-->
@ -118,4 +120,8 @@ ADMX Info:
 <!--/ADMXBacked-->
 <!--/Policy-->
-<!--/Policies-->
+<!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DeviceGuard
-description: Policy CSP - ADMX_DeviceGuard
+description: Learn about Policy CSP - ADMX_DeviceGuard.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -43,8 +43,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -68,11 +69,12 @@ If you deploy a Code Integrity Policy, Windows will restrict what can run in bot
 To enable this policy, the machine must be rebooted.  
 The file path must be either a UNC path (for example, `\\ServerName\ShareName\SIPolicy.p7b`),
 or a locally valid path (for example, `C:\FolderName\SIPolicy.p7b)`. 
- 
+
 The local machine account (LOCAL SYSTEM) must have access permission to the policy file.    
-If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either:  
+If using a signed and protected policy, then disabling this policy setting doesn't remove the feature from the computer. Instead, you must either: 
-1. First update the policy to a non-protected policy and then disable the setting.  
+
-2. Disable the setting and then remove the policy from each computer, with a physically present user.
+- First update the policy to a non-protected policy and then disable the setting. (or)  
 - Disable the setting and then remove the policy from each computer, with a physically present user.
 <!--/Description-->
@ -89,3 +91,6 @@ ADMX Info:
 <!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DeviceInstallation
-description: Policy CSP - ADMX_DeviceInstallation
+description: Learn about Policy CSP - ADMX_DeviceInstallation.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -64,8 +64,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -110,8 +111,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -156,8 +158,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -202,8 +205,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -248,8 +252,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -272,7 +277,8 @@ If you enable this policy setting, set the number of seconds you want the system
 If you disable or don't configure this policy setting, the system doesn't force a reboot.
-Note: If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
+>[!Note]
 > If no reboot is forced, the device installation restriction right won't take effect until the system is restarted.
 <!--/Description-->
@ -296,8 +302,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -341,8 +348,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -387,8 +395,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -426,4 +435,8 @@ ADMX Info:
 <!--/Policy-->
 <hr/>
-<!--/Policies-->
+<!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@ -1,6 +1,6 @@
 ---
 title: Policy CSP - ADMX_DeviceSetup
-description: Policy CSP - ADMX_DeviceSetup
+description: Learn about Policy CSP - ADMX_DeviceSetup.
 ms.author: dansimp
 ms.localizationpriority: medium
 ms.topic: article
@ -46,8 +46,9 @@ manager: dansimp
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -92,8 +93,9 @@ ADMX Info:
 |Edition|Windows 10|Windows 11|
 |--- |--- |--- |
 |Home|No|No|
-|Pro|No|No|
+|Pro|Yes|Yes|
-|Business|No|No|
+|Windows SE|No|Yes|
 |Business|Yes|Yes|
 |Enterprise|Yes|Yes|
 |Education|Yes|Yes|
@ -114,7 +116,10 @@ This policy setting allows you to specify the order in which Windows searches so
 If you enable this policy setting, you can select whether Windows searches for drivers on Windows Update unconditionally, only if necessary, or not at all.
-Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching only if needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
+>[!Note]
 > Searching always implies that Windows will attempt to search Windows Update exactly one time. With this setting, Windows won't continually search for updates. 
 This setting is used to ensure that the best software will be found for the device, even if the network is temporarily available. If the setting for searching is enabled and only when needed is specified, then Windows will search for a driver only if a driver isn't locally available on the system.
 If you disable or don't configure this policy setting, members of the Administrators group can determine the priority order in which Windows searches source locations for device drivers.
@ -133,3 +138,6 @@ ADMX Info:
 <!--/Policies-->
 ## Related topics
 [ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
--- a/Show More
+++ b/Show More