diff --git a/.openpublishing.redirection.windows-deployment.json b/.openpublishing.redirection.windows-deployment.json
index 09479f4eca..5d117ed99e 100644
--- a/.openpublishing.redirection.windows-deployment.json
+++ b/.openpublishing.redirection.windows-deployment.json
@@ -1660,6 +1660,26 @@
       "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/planning/windows-10-enterprise-faq-itpro",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/deployment/do/mcc-enterprise-appendix.md",
+      "redirect_url": "/windows/deployment/do/mcc-ent-early-preview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/do/mcc-enterprise-deploy.md",
+      "redirect_url": "/windows/deployment/do/mcc-ent-early-preview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/do/mcc-enterprise-prerequisites.md",
+      "redirect_url": "/windows/deployment/do/mcc-ent-early-preview",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/do/mcc-enterprise-update-uninstall.md",
+      "redirect_url": "/windows/deployment/do/mcc-ent-early-preview",
+      "redirect_document_id": false
+    },          
     {
       "source_path": "windows/deployment/planning/windows-10-deployment-considerations.md",
       "redirect_url": "/previous-versions/windows/it-pro/windows-10/deployment/planning/windows-10-deployment-considerations",
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index cd2bf997f6..863938353d 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -37,7 +37,7 @@ If set to 1 then any MDM policy that's set that has an equivalent GP policy will
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 
 > [!NOTE]
-> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs such as the [Defender CSP](defender-csp.md). Nor does it apply to the [Update Policy CSP](policy-csp-update.md) for managing Windows updates.
+> MDMWinsOverGP only applies to policies in Policy CSP. MDM policies win over Group Policies where applicable; not all Group Policies are available via MDM or CSP. It does not apply to other MDM settings with equivalent GP settings that are defined in other CSPs such as the [Defender CSP](defender-csp.md). 
 
 This policy is used to ensure that MDM policy wins over GP when policy is configured on MDM channel. The default value is 0. The MDM policies in Policy CSP will behave as described if this policy value is set 1.
 
diff --git a/windows/configuration/start/layout.md b/windows/configuration/start/layout.md
index 30baa389a1..81f5d11c75 100644
--- a/windows/configuration/start/layout.md
+++ b/windows/configuration/start/layout.md
@@ -304,10 +304,10 @@ Column="2"/>
 
 You can use the `start:SecondaryTile` tag to pin a web link through a Microsoft Edge secondary tile. This method doesn't require more actions compared to the method of using legacy `.url` shortcuts (through the `start:DesktopApplicationTile` tag).
 
-The following example shows how to create a tile of the Web site's URL using the Microsoft Edge secondary tile:
+The following example shows how to create a tile of the Web site's URL using the Microsoft Edge secondary tile. Ensure to replace `<--Microsoft Edge AUMID-->` with the AUMID of Microsoft Edge (learn how to [Find the Application User Model ID of an installed app](../store/find-aumid.md)):
 
 ```XML
-<start:SecondaryTile AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge"
+<start:SecondaryTile AppUserModelID="<--Microsoft Edge AUMID-->"
 TileID="MyWeblinkTile"
 Arguments="http://msn.com"
 DisplayName="MySite"
@@ -427,13 +427,13 @@ You can edit the JSON file to make any modifications to the **Pinned** section o
 1. Open the `LayoutModification.json` file in a JSON editor, such as Visual Studio Code or Notepad
 1. The `pinnedList` section includes all the pins that are applied to the Start layout
 
-You can add more apps to the section using the following keys:
+    You can add more apps to the section using the following keys:
 
-| Key | Description |
-|--|--|
-| `packagedAppID` | Used for Universal Windows Platform (UWP) apps. To pin a UWP app, use the app's AUMID. |
-| `desktopAppID` | Used for desktop apps. To pin a desktop app, use the app's AUMID. If the app doesn't have an AUMID, use the `desktopAppLink` instead. |
-| `desktopAppLink` | Used for desktop apps that don't have an associated AUMID. To pin this type of app, use the path to the `.lnk` shortcut that points to the app. |
+    | Key | Description |
+    |--|--|
+    | `packagedAppID` | Used for Universal Windows Platform (UWP) apps. To pin a UWP app, use the app's AUMID. |
+    | `desktopAppID` | Used for desktop apps. To pin a desktop app, use the app's AUMID. If the app doesn't have an AUMID, use the `desktopAppLink` instead. |
+    | `desktopAppLink` | Used for desktop apps that don't have an associated AUMID. To pin this type of app, use the path to the `.lnk` shortcut that points to the app. |
 
 ::: zone-end
 
diff --git a/windows/deployment/customize-boot-image.md b/windows/deployment/customize-boot-image.md
index 31420e8890..858a5e63bf 100644
--- a/windows/deployment/customize-boot-image.md
+++ b/windows/deployment/customize-boot-image.md
@@ -1,6 +1,6 @@
 ---
 title: Customize Windows PE boot images
-description: This article describes how to customize a Windows PE (WinPE) boot image including updating it with the latest cumulative update, adding drivers, and adding optional components.
+description: This article describes how to customize a Windows PE (WinPE) boot image, including updating it with the latest cumulative update, adding drivers, and adding optional components.
 ms.service: windows-client
 ms.localizationpriority: medium
 author: frankroj
@@ -23,13 +23,13 @@ appliesto:
 
 The Windows PE (WinPE) boot images that are included with the Windows ADK have a minimal number of features and drivers. However the boot images can be customized by adding drivers, optional components, and applying the latest cumulative update.
 
-Microsoft recommends updating Windows PE boot images with the latest cumulative update for maximum security and protection. The latest cumulative updates may also resolve known issues. For example, the Windows PE boot image can be updated with the latest cumulative update to address the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+Microsoft recommends updating Windows PE boot images with the latest cumulative update for maximum security and protection. The latest cumulative updates may also resolve known issues. For example, the Windows PE boot image can be updated with the latest cumulative update to address the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://support.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
 
 > [!TIP]
 >
 > The boot images from the [ADK 10.1.26100.1 (May 2024)](/windows-hardware/get-started/adk-install) and later already contain the cumulative update to address the BlackLotus UEFI bootkit vulnerability.
 
-This walkthrough describes how to customize a Windows PE boot image including updating with the latest cumulative update, adding drivers, and adding optional components. Additionally this walkthrough goes over how customizations in boot images affect several different popular products that utilize boot images, such as Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS).
+This walkthrough describes how to customize a Windows PE boot image, including updating with the latest cumulative update, adding drivers, and adding optional components. Additionally this walkthrough goes over how customizations in boot images affect several different popular products that utilize boot images, such as Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), and Windows Deployment Services (WDS).
 
 ## Prerequisites
 
@@ -332,7 +332,7 @@ The cumulative update installed later in this walkthrough doesn't affect drivers
     **Example**:
 
     ```powershell
-     Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab" -Path "C:\Mount" -Verbose   
+     Add-WindowsPackage -PackagePath "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Windows Preinstallation Environment\amd64\WinPE_OCs\en-us\WinPE-Scripting_en-us.cab" -Path "C:\Mount" -Verbose
     ```
 
     These examples assume a 64-bit boot image. If a different architecture is being used, then adjust the paths accordingly.
@@ -668,7 +668,7 @@ For more information, see [copy](/windows-server/administration/windows-commands
 
 This step doesn't update or change the boot image. However, it makes sure that the latest bootmgr boot files are available to the Windows ADK when creating bootable media via the Windows ADK. When these files are updated in the Windows ADK, products that use the Windows ADK to create bootable media, such as **Microsoft Deployment Toolkit (MDT)**, also have access to the updated bootmgr boot files.
 
-In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
+In particular, this step is needed when addressing the BlackLotus UEFI bootkit vulnerability as documented in [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932](https://support.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d) and [CVE-2023-24932](https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-24932).
 
 > [!TIP]
 >
@@ -839,7 +839,7 @@ For more information, see [Modify a Windows image using DISM: Unmounting an imag
     ---
 
 1. Once the export has completed:
-  
+
     1. Delete the original updated boot image:
 
         ### [:::image type="icon" source="images/icons/powershell-18.svg"::: **PowerShell**](#tab/powershell)
@@ -1295,4 +1295,4 @@ For more information, see [Windows Server 2012 R2 Lifecycle](/lifecycle/products
 
 - [Create bootable Windows PE media: Update the Windows PE add-on for the Windows ADK](/windows-hardware/manufacture/desktop/winpe-create-usb-bootable-drive#update-the-windows-pe-add-on-for-the-windows-adk)
 - [Update Windows installation media with Dynamic Update: Update WinPE](/windows/deployment/update/media-dynamic-update#update-winpe)
-- [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932: Updating bootable media](https://prod.support.services.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d?preview=true#updatebootable5025885)
+- [KB5025885: How to manage the Windows Boot Manager revocations for Secure Boot changes associated with CVE-2023-24932: Updating bootable media](https://support.microsoft.com/topic/kb5025885-how-to-manage-the-windows-boot-manager-revocations-for-secure-boot-changes-associated-with-cve-2023-24932-41a975df-beb2-40c1-99a3-b3ff139f832d)
diff --git a/windows/deployment/do/TOC.yml b/windows/deployment/do/TOC.yml
index 097f3c1c5c..b9d7757f89 100644
--- a/windows/deployment/do/TOC.yml
+++ b/windows/deployment/do/TOC.yml
@@ -35,16 +35,40 @@
       href: waas-microsoft-connected-cache.md
     - name: Microsoft Connected Cache for Enterprise and Education
       items:
-      - name: Connected Cache for Enterprise and Education Overview
+      - name: Connected Cache for Enterprise and Education overview
         href: mcc-ent-edu-overview.md
       - name: Requirements
-        href: mcc-enterprise-prerequisites.md
-      - name: Deploy Microsoft Connected Cache
-        href: mcc-enterprise-deploy.md
-      - name: Update or uninstall Connected Cache
-        href: mcc-enterprise-update-uninstall.md
-      - name: Appendix
-        href: mcc-enterprise-appendix.md
+        href: mcc-ent-prerequisites.md
+      - name: How-to guides
+        items:
+        - name: Create and configure Connected Cache resources and cache nodes
+          href: mcc-ent-create-resource-and-cache.md
+        - name: Deploy Connected Cache nodes to host machines
+          items:
+          - name: Deploy Connected Cache to Linux
+            href: mcc-ent-deploy-to-linux.md
+          - name: Deploy Connected Cache to Windows
+            href: mcc-ent-deploy-to-windows.md
+        - name: Use Azure CLI to manage Connected Cache
+          href: mcc-ent-manage-using-cli.md 
+        - name: Verify Connected Cache node functionality
+          href: mcc-ent-verify-cache-node.md
+        - name: Monitor Connected Cache nodes
+          href: mcc-ent-monitoring.md
+        - name: Update Connected Cache nodes
+          href: mcc-ent-update-cache-node.md 
+        - name: Uninstall Connected Cache nodes
+          href: mcc-ent-uninstall-cache-node.md     
+      - name: Resources
+        items:
+        - name: Frequent Asked Questions
+          href: mcc-ent-faq.yml
+        - name: Troubleshooting
+          href: mcc-ent-troubleshooting.md
+        - name: Microsoft Connected Cache for Enterprise and Education early preview
+          href: mcc-ent-early-preview.md
+      - name: Release notes
+        href: mcc-ent-release-notes.md        
     - name: Microsoft Connected Cache for ISPs
       items:
       - name: Connected Cache for ISPs Overview
@@ -71,5 +95,4 @@
           href: mcc-isp.md
 - name: Endpoints for Microsoft Connected Cache content and services
   href: delivery-optimization-endpoints.md 
-
   
diff --git a/windows/deployment/do/images/mcc_ent_publicpreview.png b/windows/deployment/do/images/mcc_ent_publicpreview.png
new file mode 100644
index 0000000000..6f6f292d58
Binary files /dev/null and b/windows/deployment/do/images/mcc_ent_publicpreview.png differ
diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml
index 42eddd71c7..dc1e99b304 100644
--- a/windows/deployment/do/index.yml
+++ b/windows/deployment/do/index.yml
@@ -15,7 +15,7 @@ metadata:
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
-  ms.date: 12/22/2023 #Required; mm/dd/yyyy format.
+  ms.date: 10/30/2024 #Required; mm/dd/yyyy format.
   ms.localizationpriority: medium
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
@@ -67,10 +67,12 @@ landingContent:
     linkLists:
       - linkListType: deploy
         links:
-          - text: Connected Cache for Enterprise and Education (early preview)
-            url: waas-microsoft-connected-cache.md
-          - text: Sign up
-            url: https://aka.ms/MSConnectedCacheSignup
+          - text: Connected Cache for Enterprise and Education overview
+            url: mcc-ent-edu-overview.md
+          - text: Connected Cache for Enterprise and Education requirements
+            url: mcc-ent-prerequisites.md
+          - text: Create the Microsoft Connected Cache Azure resource and cache nodes
+            url: mcc-ent-create-resource-and-cache.md
 
   # Card
   - title: Microsoft Connected Cache for Internet Service Providers (ISPs)
@@ -79,8 +81,6 @@ landingContent:
         links:
           - text: Connected Cache for ISPs (public preview)
             url: mcc-isp-signup.md
-          - text: Sign up
-            url: https://aka.ms/MCCForISPSurvey
           - text: Connected Cache for ISPs (early preview)
             url: mcc-isp.md
 
diff --git a/windows/deployment/do/mcc-ent-create-resource-and-cache.md b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
new file mode 100644
index 0000000000..bae29c6ffa
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-create-resource-and-cache.md
@@ -0,0 +1,348 @@
+---
+title: Create and configure Microsoft Connected Cache nodes
+description: Details on how to create and configure Microsoft Connected Cache for Enterprise and Education cache nodes.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+manager: naengler
+ms.author: nidos
+author: doshnid
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ Supported Linux distributions
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>	
+ms.date: 10/30/2024
+---
+
+# Create Microsoft Connected Cache Azure resource and cache nodes
+
+This article outlines how to create and configure your Microsoft Connected Cache for Enterprise and Education cache nodes. The creation and configuration of your cache node takes place in Azure. The deployment of your cache node requires downloading and running an OS-specific provisioning package on your host machine.
+
+## Prerequisites
+
+1. **Azure Pay-As-You-Go subscription**: Microsoft Connected Cache is a free-of-charge service hosted in Azure. You'll need a pay-as-you-go Azure subscription in order to onboard to our service. To create a subscription, go to [pay-as-you-go subscription page](https://azure.microsoft.com/offers/ms-azr-0003p/).
+2. **Hardware to host Connected Cache**: The recommended configuration serves approximately 35,000 managed devices, downloading a 2-GB payload in 24-hour timeframe at a sustained rate of 6.5 Gbps.
+
+For more information on sizing and OS requirements, see [the prerequisites for using Connected Cache](mcc-ent-prerequisites.md).
+
+
+## Create Connected Cache Azure resource
+
+# [Azure portal](#tab/portal)
+
+1. In the [Azure portal](https://portal.azure.com), select **Create a Resource** and search for `Microsoft Connected Cache for Enterprise and Education`.
+<!--
+    :::image type="content" source="images/mcc-isp-provision-cache-node-numbered.png" alt-text="Screenshot of the Azure portal depicting the cache node configuration page of a cache node. This screenshot shows all of the fields you can choose to configure the cache node." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::  
+-->
+
+1. Select the Microsoft Connected Cache for Enterprise resource. When prompted, choose the subscription, resource group, and location for the resource. Then enter a name for the resource, then select Review + Create.
+
+1. After a few moments, you'll see a "Validation successful" message, indicating you can move onto the next step and select Create.
+
+1. The creation of the resource might take a few minutes. After a successful creation, you'll see a page stating the deployment is complete. Select **Go to resource** to create cache nodes.
+
+
+# [Azure CLI](#tab/cli)
+
+### Prerequisites
+
+* An Azure CLI environment:
+
+  * Use the Bash environment in [Azure Cloud Shell](/azure/cloud-shell/get-started/classic).
+
+  * Or, if you prefer to run CLI reference commands locally, [install the Azure CLI](/cli/azure/install-azure-cli)
+
+    * Sign in to the Azure CLI by using the [az login](/cli/azure/reference-index#az-login) command.
+
+    * Run [az version](/cli/azure/reference-index#az-version) to find the version and dependent libraries that are installed. To upgrade to the latest version, run [az upgrade](/cli/azure/reference-index#az-upgrade).
+
+    * Install Azure CLI extension **mcc** by following the instructions [here](/cli/azure/azure-cli-extensions-overview#how-to-install-extensions).
+
+    * Resource group under which a Connected Cache resource can be created. Use the [az group create](/cli/azure/group#az-group-create) command to create a new Resource group if you don't already have one.
+
+#### Create Connected Cache Azure resource
+
+Replace the following placeholders with your own information:
+* *\<resource-group>*: Name of an existing resource group in your subscription.
+* *\<mcc-resource-name>*: A name for your Microsoft Connected Cache for Enterprise resource.
+* *\<location>*: The Azure region where your Microsoft Connected Cache will be located.
+
+```azurecli-interactive
+az mcc ent resource create --mcc-resource-name <mymccresource> --resource-group <myrg> --location <region>
+```
+
+---
+
+## Create Connected Cache cache node
+
+# [Azure portal](#tab/portal)
+
+  1. Open Azure portal and navigate to the Microsoft Connected Cache for Enterprise resource that you created.<br>
+  1. Under Cache Node Management, select **Cache Nodes** then **Create Cache Node**.<br>
+  
+  1. Provide a name for your cache node and select the host OS you plan to deploy the cache node on, then select **Create**. Note, cache node names have to be unique under the Microsoft Connected Cache resource.
+  <!--
+    :::image type="content" source="images/mcc-isp-provision-cache-node-numbered.png" alt-text="Screenshot of the Azure portal depicting the cache node configuration page of a cache node. This screenshot shows all of the fields you can choose to configure the cache node." lightbox="./images/mcc-isp-provision-cache-node-numbered.png":::  
+    -->
+  The creation of the cache node might take a few minutes. Select **Refresh** to see your recently created cache node.
+Once the cache node state changes to **Not Configured**, you can now configure your cache node.<br>
+For more information about different cache node states, see [Cache node states](#cache-node-states).
+
+
+# [Azure CLI](#tab/cli)
+
+Use the following command to create a new cache node if you don't already have one.
+
+Replace the following placeholders with your own information:
+* *\<resource-group>*: Name of existing resource group in your subscription.
+* *\<mcc-resource-name>*: Name of the Microsoft Connected Cache for Enterprise resource.
+* *\<cache-node-name>*: A name for your Microsoft Connected Cache node.
+* *\<host-os>*: The OS on which cache node will be provisioned.
+  Accepted values: `windows`, `linux`
+
+```azurecli-interactive
+az mcc ent node create --cache-node-name <mycachenode> --mcc-resource-name <mymccresource> --resource-group <myrg> --host-os <linux>
+```
+
+<br>
+
+>[!NOTE]
+>To ensure cache node has been created successfully, run the following command before continuing with cache node configuration.
+>```azurecli-interactive
+>az mcc ent node show --cache-node-name <mycachenode> --mcc-resource-name <mymccresource> --resource-group <myrg>  
+>```
+>In the output look for **cacheNodeState**. If ***cacheNodeState = Not Configured***, you can continue with cache node configuration.
+>If ***cacheNodeState = Registration in Progress***, then the cache node is still in process of being created. Wait a couple of minutes and run the command again.
+>To know more about different cache node state, see [Cache node states](#cache-node-states).
+
+---
+
+## Configure Connected Cache node
+
+# [Azure portal](#tab/portal)
+Enter required values to configure your cache node. For more information about the definitions of each field, review the [Configuration fields](#general-configuration-fields) at the bottom of this article.
+Don't forget to select save after adding configuration information.
+
+
+# [Azure CLI](#tab/cli)
+
+### Configure Linux-hosted Connected Cache node
+Use the following command to configure cache node for deployment to a **Linux** host machine.
+
+Replace the following placeholders with your own information:
+
+* *\<resource-group>*: Name of the resource group in your subscription.
+* *\<mcc-resource-name>*: Name of your Microsoft Connected Cache for Enterprise resource.
+* *\<cache-node-name>*: Name for your Microsoft Connected Cache node.
+* *\<physical-path>*: The cache drive path. You can add up to nine cache drives.
+* *\<size-in-gb>*: The size of cache drive. Must be at least 50 Gb.
+* *\<proxy>*: If proxy needs to be enabled or not.<br>
+  Accepted values: `enabled`, `disabled`<br>
+  Proxy should be set to enabled if the cache node will need to pass through a network proxy to download content. The provided proxy will also be used during deployment of the Connected Cache cache node to your host machine.
+* *\<proxy-host>*: The proxy host name or ip address. Required if proxy is set to enabled.
+* *\<proxy-port>*: Proxy port number. Required if proxy is set to enabled.
+* *\<auto-update-ring>*: Update ring the cache node should have.<br>
+  Accepted values: `slow`, `fast`.<br>
+  If update ring is set to slow, you must provide the day of week, time of day and week of month the cache node should be updated.
+* *\<auto-update-day>*: The day of the week cache node should be updated. Week starts from Monday.<br>
+  Accepted values: 1,2,3,4,5,6,7
+* *\<auto-update-time>*: The time of day cache node should be updated in 24 hour format (hh:mm)
+* *\<auto-update-week>*: The week of month cache node should be updated.<br>
+  Accepted values: 1,2,3,4
+
+```azurecli-interactive
+az mcc ent node update --cache-node-name <mycachenode> --mcc-resource-name <mymccresource> --resource-group <myrg>
+--cache-drive "[{physical-path:</physical/path>,size-in-gb:<size of cache drive>},{</physical/path>,size-in-gb:<size of cache drive>}...]"> --proxy <enabled> --proxy-host <"proxy host name"> --proxy-port <proxy port>  --auto-update-day <day of week> --auto-update-time <time of day> --auto-update-week <week of month> --auto-update-ring <update ring>
+```
+
+<br>
+<br>
+
+### Configure Windows-hosted Connected Cache node
+Use the following command to configure cache node for deployment to a **Windows** host machine.
+
+Replace the following placeholders with your own information:
+  
+* *\<resource-group>*: Name of the resource group in your subscription.
+* *\<mcc-resource-name>*: Name of your Microsoft Connected Cache for Enterprise resource.
+* *\<cache-node-name>*: Name for your Microsoft Connected Cache node.
+* *\<physical-path>*: The cache drive path.<br>
+  Accepted value: /var/mcc
+* *\<size-in-gb>*: The size of cache drive. Must be at least 50 Gb.
+* *\<proxy>*: If proxy needs to be enabled or not.<br>
+  Accepted values: `enabled`, `disabled`<br>
+  Proxy should be set to enabled if the cache node will need to pass through a network proxy to download content. The provided proxy will also be used during deployment of the Connected Cache cache node to your host machine.
+* *\<proxy-host>*: The proxy host name or ip address. Required if proxy is set to enabled.
+* *\<proxy-port>*: Proxy port number. Required if proxy is set to enabled.
+* *\<auto-update-ring>*: Update ring the cache node should have.<br>
+  Accepted values: `slow`, `fast`.<br>
+  If update ring is set to slow, you must provide the day of week, time of day and week of month the cache node should be updated.
+* *\<auto-update-day>*: The day of the week cache node should be updated. Week starts from Monday.<br>
+  Accepted values: 1,2,3,4,5,6,7
+* *\<auto-update-time>*: The time of day cache node should be updated in 24 hour format (hh:mm)
+* *\<auto-update-week>*: The week of month cache node should be updated.<br>
+  Accepted values: 1,2,3,4
+  
+```azurecli-interactive
+az mcc ent node update --cache-node-name <mycachenode> --mcc-resource-name <mymccresource> --resource-group <myrg>
+--cache-drive "[{physical-path:/var/mcc,size-in-gb:<size of cache drive>}]" --proxy <enabled> --proxy-host <"proxy host name"> --proxy-port <proxy port>  --auto-update-day <day of week> --auto-update-time <time of day> --auto-update-week <week of month> --auto-update-ring <update ring>
+```
+
+---
+
+## Next step
+
+### [Azure portal](#tab/portal)
+To deploy the cache node to a **Windows** host machine, see 
+>[!div class="nextstepaction"]
+>[Deploy cache node to Windows](mcc-ent-deploy-to-windows.md)
+
+To deploy the cache node to a **Linux** host machine, see 
+>[!div class="nextstepaction"]
+>[Deploy cache node to Linux](mcc-ent-deploy-to-linux.md)
+
+### [Azure CLI](#tab/cli)
+To deploy cache nodes using Azure CLI, see 
+>[!div class="nextstepaction"]
+>[Manage cache nodes using CLI](mcc-ent-manage-using-CLI.md)
+
+---
+<br>
+<br>
+
+
+### General configuration fields
+
+| Field Name |Expected Value |Description|
+|---|---|---|
+|**Cache node name** | Alphanumeric string that contains no spaces| The name of the cache node. You may choose names based on location such as "Seattle-1". This name must be unique and can't be changed later |
+|**Host OS** | Linux or Windows| This is the operating system of the host machine that the cache node will be deployed to.|
+
+### Storage fields
+
+##### Cache node for Linux
+
+>[!Important]
+>All cache drives must have full read/write permissions set or the cache node will not function. For example, in a terminal you can run: sudo chmod 777 /path/to/cachedrivefolder
+<br>
+
+| Field Name |Expected Value |Description|
+|---|---|---|
+|**Cache drive folder**| File path string |Up to nine drive folders accessible by the cache node can be configured for each cache node to configure cache storage. Enter the location of the folder in Ubuntu where the external physical drive is mounted. For example: /dev/sda3/. Each cache drive should have read/write permissions configured. Ensure your disks are mounted and visit Attach a data disk to a Linux VM for more information.|
+|**Cache drive size in gigabytes**| Integer in GB| Set the size of each drive configured for the cache node. Minimum cache drive size is 50 GB.|
+
+##### Cache node for Windows
+
+| Field Name |Expected Value |Description|
+|---|---|---|
+|**Cache drive folder**| File path string /var/mcc| This is the folder path where content is cached. You can't change the folder path.|
+|**Cache drive size in gigabytes**| Integer in GB| Set the size of each drive configured for the cache node. Minimum cache drive size is 50 GB. |
+
+#### Proxy settings
+<br>
+You can choose to enable or disable proxy settings on your cache node. Proxy should be set to enabled if the cache node will need to pass through a network proxy to download content. The provided proxy will also be used during deployment of the Connected Cache node to your host machine.
+
+<br>
+
+>[!IMPORTANT]
+>Enabling or disabling the proxy settings after your cache node has been deployed will require running the provisioning script on the host machine again. This will ensure that proxy changes are in effect on the cache node. 
+
+| Field Name	|Expected Value	 |Description|
+|---|---|---|
+|**Proxy host name**|	String or number|	Proxy host name or address|
+|**Proxy port**|	Integer|	Proxy port
+
+<br>
+<br>
+
+## Other operations on resource and cache nodes
+<br>
+
+### List all Connected Cache resources
+
+# [Azure portal](#tab/portal)
+Navigate to the resource group under which you would like to see the Connected Cache resources.
+
+
+# [Azure CLI](#tab/cli)
+Use the following command to list all the Connected Cache resources under the resource group. 
+
+Replace the following placeholders with your own information:
+* *\<resource-group>*: An existing resource group in your subscription.
+
+
+```azurecli-interactive
+az mcc ent resource list  --resource-group <myrg>
+```
+---
+
+### List all cache nodes
+
+# [Azure portal](#tab/portal)
+On the left pane, select **Cache Nodes** under **Cache Node Management** to see all the cache nodes under the Connected Cache resource.
+
+
+# [Azure CLI](#tab/cli)
+Use the following command to list all the cache nodes under the resource. 
+
+Replace the following placeholders with your own information:
+* *\<resource-group>*: Name of the resource group in your subscription.
+* *\<mcc-resource-name>*: Name of your Microsoft Connected Cache for Enterprise resource.
+
+```azurecli-interactive
+az mcc ent node list --mcc-resource-name <mymccresource> --resource-group <myrg>
+```
+
+---
+<br>
+
+### Delete Connected Cache resource
+
+# [Azure portal](#tab/portal)
+Navigate to the Connected Cache resource to delete, then select the **Delete** option on top.
+
+
+# [Azure CLI](#tab/cli)
+Use the following command to delete the Connected Cache resource.
+
+Replace the following placeholders with your own information:
+* *\<resource-group>*: Name of the resource group in your subscription.
+* *\<mcc-resource-name>*: Name of your Microsoft Connected Cache for Enterprise resource.
+* *\<cache-node-name>*: The name for your Microsoft Connected Cache node.
+
+
+```azurecli-interactive
+az mcc ent node delete --cache-node-name <mycachenode> --mcc-resource-name <mymccresource> --resource-group <myrg> 
+```
+---
+
+### Delete cache node
+
+# [Azure portal](#tab/portal)
+On the left pane, select **Cache Nodes** under **Cache Node Management** to see all the cache nodes under the Connected Cache resource. Select the cache node you wish to delete and select the **Delete** option on top of the page.
+
+
+# [Azure CLI](#tab/cli)
+Use the following command to delete the cache node under the resource. 
+
+Replace the following placeholders with your own information:
+* *\<resource-group>*: Name of the resource group in your subscription.
+* *\<mcc-resource-name>*: Name of your Microsoft Connected Cache for Enterprise resource.
+
+```azurecli-interactive
+az mcc ent node delete --mcc-resource-name <mymccresource> --resource-group <myrg>
+```
+
+---
+<br>
+
+##### Cache node states
+| Cache node state |Description|
+|---|---|
+|Operation in progress| An operation is being done on the cache node|
+|Registration in progress| Cache node is being registered|
+|Not configured| Cache node is ready to be configured|
+|Not provisioned| Cache node is ready to be provisioned on host machine|
+|Healthy| Cache node phoning home|
+|Unhealthy| Cache node has stopped phoning home|
+|Never phoned home| Cache node has provisioned but has never phoned home|
\ No newline at end of file
diff --git a/windows/deployment/do/mcc-ent-deploy-to-linux.md b/windows/deployment/do/mcc-ent-deploy-to-linux.md
new file mode 100644
index 0000000000..0fc31cdf23
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-deploy-to-linux.md
@@ -0,0 +1,68 @@
+---
+title: Deploy Microsoft Connected Cache software to a Linux host machine
+description: Details on how to deploy Microsoft Connected Cache for Enterprise and Education cache software to a Linux host machine.
+author: chrisjlin
+ms.author: lichris
+manager: naengler
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+ms.date: 10/30/2024
+appliesto: 
+- ✅ Supported Linux distributions
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>	
+---
+
+# Deploy Microsoft Connected Cache caching software to a Linux host machine
+
+This article describes how to deploy Microsoft Connected Cache for Enterprise and Education caching software to a Linux host machine.
+
+Before deploying Connected Cache to a Linux host machine, ensure that the host machine meets all [requirements](mcc-ent-prerequisites.md), and that you have [created and configured your Connected Cache Azure resource and cache node](mcc-ent-create-resource-and-cache.md).
+
+## Steps to deploy Connected Cache cache node to Linux
+
+# [Azure portal](#tab/portal)
+
+1. Within the Azure portal, navigate to the **Provisioning** tab of your cache node and copy the provisioning command.
+1. Download the provisioning package using the option at the top of the Cache Node Configuration page and extract the package onto the host machine.
+1. Open a command line window *as administrator* on the host machine, then change directory to the extracted provisioning package.
+1. Set access permissions to allow the `provisionmcc.sh` script within the provisioning package directory to execute.
+1. Run the provisioning command on the host machine.
+
+# [Azure CLI](#tab/cli)
+
+To deploy a cache node programmatically, you'll need to use Azure CLI to get the cache node's provisioning details and then run the provisioning command on the host machine.
+
+1. To get the cache node's provisioning details, use `az mcc ent node get-provisioning-details`
+
+   ```azurecli-interactive
+   az mcc ent node get-provisioning-details --cache-node-name mycachenode --mcc-resource-name mymccresource --resource-group myrg
+   ```
+
+1. Save the resulting output. These values will be passed as parameters within the provisioning command.
+1. Download and extract the [Connected Cache provisioning package for Linux](https://aka.ms/MCC-Ent-InstallScript-Linux) to your host machine.
+1. Open a command line window *as administrator* on the host machine, then change directory to the extracted provisioning package.
+1. Set access permissions to allow the `provisionmcc.sh` script within the provisioning package directory to execute.
+1. Replace the values in the following provisioning command before running it on the host machine.
+
+   ```azurepowershell-interactive
+   sudo ./provisionmcc.sh customerid="enter mccResourceId here" cachenodeid="enter cacheNodeId here" customerkey=" enter customerKey here " registrationkey="enter registrationKey here" drivepathandsizeingb="enter physicalPath value,enter sizeInGb value here" shoulduseproxy="enter true if present, enter false if not" proxyurl=http://enter proxy hostname:enter port
+   ```
+
+---
+
+## Steps to point Windows client devices at Connected Cache node
+
+Once you have successfully deployed Connected Cache to your Linux host machine, you'll need to configure your Windows client devices to request Microsoft content from the Connected Cache node.
+
+You can do this by setting the [DOCacheHost or DOCacheHostSource policies via Intune](./waas-delivery-optimization-reference.md#cache-server-hostname).
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Verify cache node functionality](mcc-ent-verify-cache-node.md)
+
+## Related content
+
+- [Deploy to a Windows host machine](mcc-ent-deploy-to-windows.md)
+- [Uninstall Connected Cache node](mcc-ent-uninstall-cache-node.md)
\ No newline at end of file
diff --git a/windows/deployment/do/mcc-ent-deploy-to-windows.md b/windows/deployment/do/mcc-ent-deploy-to-windows.md
new file mode 100644
index 0000000000..ba27a5f82f
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-deploy-to-windows.md
@@ -0,0 +1,82 @@
+---
+title: Deploy Microsoft Connected Cache software to a Windows host machine
+description: Details on how to deploy Microsoft Connected Cache for Enterprise and Education cache software to a Windows host machine.
+author: chrisjlin
+ms.author: lichris
+manager: naengler
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+ms.date: 10/30/2024
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>	
+---
+
+# Deploy Microsoft Connected Cache caching software to a Windows host machine
+
+This article describes how to deploy Microsoft Connected Cache for Enterprise and Education caching software to a Windows host machine.
+
+Deploying Connected Cache to a Windows host machine requires designating a [Group Managed Service Account (gMSA)](/windows-server/security/group-managed-service-accounts/getting-started-with-group-managed-service-accounts) or a [Local User Account](https://support.microsoft.com/windows/create-a-local-user-or-administrator-account-in-windows-20de74e0-ac7f-3502-a866-32915af2a34d) as the Connected Cache runtime account. This prevents tampering with the Connected Cache container and the cached content on the host machine.
+
+Before deploying Connected Cache to a Windows host machine, ensure that the host machine meets all [requirements](mcc-ent-prerequisites.md), and that you have [created and configured your Connected Cache Azure resource](mcc-ent-create-resource-and-cache.md).
+
+## Steps to deploy Connected Cache node to Windows
+
+# [Azure portal](#tab/portal)
+
+1. Within the Azure portal, navigate to the **Provisioning** tab of your cache node and copy the provisioning command.
+1. Download the provisioning package using the option at the top of the Cache Node Configuration page and extract the package onto the host machine. **Note**: The installer should be in a folder that isn't synced to OneDrive, as this will interfere with the installation process.
+1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package.
+1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run.
+1. Create a `$User` environment variable containing the username of the account you intend to designate as the Connected Cache runtime account. 
+
+    For gMSAs, the value should be formatted as `"Domain\Username$"`. For Local User accounts, `$User` should be formatted as `"LocalMachineName\Username"`.
+
+   If you're using a Local User account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. **Note**: You'll need to apply a local security policy to permit the Local User account to `Log on as a batch job`.
+
+1. Run the provisioning command on the host machine.
+
+# [Azure CLI](#tab/cli)
+
+To deploy a cache node programmatically, you'll need to use Azure CLI to get the cache node's provisioning details and then run the provisioning command on the host machine.
+
+1. To get the cache node's provisioning details, use `az mcc ent node get-provisioning-details`.
+
+   ```azurecli-interactive
+   az mcc ent node get-provisioning-details --cache-node-name mycachenode --mcc-resource-name mymccresource --resource-group myrg
+   ```
+
+1. Save the resulting output. These values will be passed as parameters within the provisioning command.
+1. Download and extract the [Connected Cache provisioning package for Windows](https://aka.ms/MCC-Ent-InstallScript-WSL) to your host machine. **Note**: The installer should be in a folder that isn't synced to OneDrive, as this will interfere with the installation process.
+1. Open a PowerShell window *as administrator* on the host machine, then change directory to the extracted provisioning package.
+1. Set the Execution Policy to *Unrestricted* to allow the provisioning scripts to run.
+1. Create a `$User` environment variable containing the username of the account you intend to designate as the Connected Cache runtime account. 
+
+    For gMSAs, the value should be formatted as `"Domain\Username$"`. For Local User accounts, `$User` should be formatted as `"LocalMachineName\Username"`.
+
+   If you're using a Local User account as the Connected Cache runtime account, you'll also need to create a [PSCredential Object](/dotnet/api/system.management.automation.pscredential) named `$myLocalAccountCredential`. **Note**: You'll need to apply a local security policy to permit the Local User account to `Log on as a batch job`.
+
+1. Replace the values in the following provisioning command before running it on the host machine. **Note**:  `-mccLocalAccountCredential $myLocalAccountCredential` is only needed if you're using a Local User account as the Connected Cache runtime account.
+
+   ```powershell-interactive
+   ./provisionmcconwsl.ps1 -installationFolder c:\mccwsl01 -customerid [enter mccResourceId here] -cachenodeid [enter cacheNodeId here] -customerkey [enter customerKey here] -registrationkey [enter registration key] -cacheDrives "/var/mcc,enter drive size"  -shouldUseProxy [enter true if present, enter false if not] -proxyurl "http://[enter proxy host name]:[enter port]"  -mccRunTimeAccount $User -mccLocalAccountCredential $myLocalAccountCredential
+   ```
+
+--- 
+
+## Steps to point Windows client devices at Connected Cache node
+
+Once you have successfully deployed Connected Cache to your Windows host machine, you'll need to configure your Windows client devices to request Microsoft content from the Connected Cache node.
+
+You can do this by setting the [DOCacheHost or DOCacheHostSource policies via Intune](./waas-delivery-optimization-reference.md#cache-server-hostname).
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [Verify cache node functionality](mcc-ent-verify-cache-node.md)
+
+## Related content
+
+- [Deploy to a Linux host machine](mcc-ent-deploy-to-linux.md)
+- [Uninstall Connected Cache node](mcc-ent-uninstall-cache-node.md)
diff --git a/windows/deployment/do/mcc-ent-early-preview.md b/windows/deployment/do/mcc-ent-early-preview.md
new file mode 100644
index 0000000000..1e1922f15a
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-early-preview.md
@@ -0,0 +1,28 @@
+---
+title: Microsoft Connected Cache for Enterprise and Education early preview
+description: Details on Microsoft Connected Cache for Enterprise early preview
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: conceptual
+manager: naengler
+ms.author: lichris
+author: chrisjlin
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>	
+ms.date: 10/30/2024
+---
+
+
+# Microsoft Connected Cache for Enterprise and Education (early preview)
+
+If you participated in the early preview program, thank you for your collaboration and feedback.
+
+To continue using supported version of Microsoft Connected Cache, we strongly recommend that you upgrade your existing cache nodes to the new release. Cache nodes created and deployed during early preview should still function but can no longer be managed or monitored remotely via the Microsoft Connected Cache Azure service.
+
+We strongly recommend you [recreate your existing cache nodes in Azure](mcc-ent-create-resource-and-cache.md) and then [redeploy the caching software to your host machines](mcc-ent-deploy-to-windows.md) using the latest OS-specific installer.
+
+
+## Next step
+
+> [!div class="nextstepaction"]
+> [View documentation for Connected Cache public preview](mcc-ent-edu-overview.md)
diff --git a/windows/deployment/do/mcc-ent-edu-overview.md b/windows/deployment/do/mcc-ent-edu-overview.md
index 42d89b1513..125aed12f4 100644
--- a/windows/deployment/do/mcc-ent-edu-overview.md
+++ b/windows/deployment/do/mcc-ent-edu-overview.md
@@ -4,35 +4,68 @@ description: Overview, supported scenarios, and content types for Microsoft Conn
 ms.service: windows-client
 ms.subservice: itpro-updates
 ms.topic: conceptual
-ms.author: carmenf
-author: cmknox
-manager: aaroncz
+ms.author: andyriv
+author: chrisjlin
+manager: naengler
 ms.reviewer: mstewart
 ms.collection: tier3
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
 - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>	
-ms.date: 05/23/2024
+ms.date: 10/30/2024
 ---
 
 # Microsoft Connected Cache for Enterprise and Education Overview
 
 > [!IMPORTANT]
->
-> - Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
-> - As we near the release of public preview, we have paused onboarding. Please continue to submit the form to express interest so we can follow up with you once public preview of Microsoft Connected Cache for Enteprise and Education is available. To register your interest, fill out the form located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
+> Microsoft Connected Cache is currently a preview feature. For more information, see [Supplemental Terms of Use for Microsoft Azure Previews](https://azure.microsoft.com/support/legal/preview-supplemental-terms/).
 
-Microsoft Connected Cache for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. Connected Cache can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune.
+Microsoft Connected Cache for Enterprise and Education (preview) is a software-only caching solution that delivers Microsoft content within enterprise and education networks. Connected Cache can be managed from the Azure portal or through Azure CLI. It can be deployed to as many Windows devices, Linux devices, or VMs as needed. Managed Windows devices can be configured to download cloud content from a Connected Cache server by applying the client policy using management tools such as Microsoft Intune.
 
-Microsoft Connected Cache for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For information about Microsoft Connected Cache in Configuration Manager (generally available, starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache).
+For information about Microsoft Connected Cache in Configuration Manager<!-- version 2111-->, see [Microsoft Connected Cache in Configuration Manager](/configmgr/core/plan-design/hierarchy/microsoft-connected-cache).
 
-## Supported scenarios
+Microsoft Connected Cache deployed directly to Windows relies on [Windows Subsystem for Linux (WSL](/windows/wsl/about) and either a [Group Managed Service Account](/windows-server/identity/ad-ds/manage/group-managed-service-accounts/group-managed-service-accounts/getting-started-with-group-managed-service-accounts), local user account, or domain user account are required to run WSL. WSL needs to run in a user context and any user, even if the currently logged-in user, could be used to run WSL and Microsoft Connected Cache.
 
-Connected Cache (early preview) supports the following scenarios:
+## Supported scenarios and configurations
+
+Microsoft Connected Cache for Enterprise and Education (preview) is intended to support the following content delivery scenarios:
 
 - Pre-provisioning of devices using Windows Autopilot
-- Cloud-only devices, such as Intune-enrolled devices
+- Co-managed clients that get monthly updates and Win32 apps from Microsoft Intune
+- Cloud-only managed devices, such as Intune-enrolled devices without the Configuration Manager client, that get monthly updates and Win32 apps from Microsoft Intune
+
+Microsoft Connected Cache is built for flexible deployments to support several different enterprise configurations:
+
+### Branch office
+
+Customers may have globally dispersed offices that meet some or all of the following parameters:
+
+- Have 10 to 50 Windows devices on-site
+- Don't have dedicated server hardware
+- Have internet bandwidth that is limited (satellite internet)
+- Have intermittent internet connectivity
+
+To support the branch office scenario, customers can deploy a Connected Cache node to a Windows 11 client device.
+
+### Large Enterprise
+
+Customers may have office spaces, data centers, or Azure deployments that meet some or all of the following parameters:  
+
+- Have 100s or 1,000s of Windows devices (desktop or server)
+- Have some existing server hardware (Decommissioned Distribution Point, file server, cloud print server)
+- Have Azure VMs and/or Azure Virtual Desktop deployed
+- Have limited internet bandwidth (T1 or T3 lines)
+
+To support the large enterprise scenario, customers can deploy a Connected Cache node to a server running Windows Server 2022 or Ubuntu 22.04.
+
+See [Connected Cache node host machine requirements](mcc-ent-prerequisites.md) for recommended host machine specifications in each configuration.
+
+| Enterprise configuration | Download speed range | Download speeds and approximate content volume delivered in 8 Hours |
+|---|---|---|
+|Branch office|< 1 Gbps Peak| 500 Mbps => 1,800 GB </br></br> 250 Mbps => 900 GB </br></br> 100 Mbps => 360 GB </br></br> 50 Mbps => 180 GB|
+|Small to medium enterprises/Autopilot provisioning center (50 - 500 devices in a single location) |1 - 5 Gbps| 5 Gbps => 18,000 GB </br></br>3 Gbps => 10,800 GB </br></br>1 Gbps => 3,600 GB|
+|Medium to large enterprises/Autopilot provisioning center (500 - 5,000 devices in a single location) |5 - 10 Gbps Peak|   9 Gbps => 32,400 GB </br></br> 5 Gbps => 18,000 GB </br></br>3 Gbps => 10,800 GB|
 
 ## Supported content types
 
@@ -47,27 +80,21 @@ For the full list of content endpoints that Microsoft Connected Cache for Enterp
 
 ## How it works
 
-Connected Cache is a hybrid (mix of on-premises and cloud resources) SaaS solution built as an Azure IoT Edge module and Docker compatible Linux container deployed to your Windows devices. The Delivery Optimization team chose IoT Edge for Linux on Windows (EFLOW) as a secure, reliable container management infrastructure. EFLOW is a Linux virtual machine, based on Microsoft's first party CBL-Mariner operating system. It's built with the IoT Edge runtime and validated as a tier 1 supported environment for IoT Edge workloads. Connected Cache is a Linux IoT Edge module running on the Windows Host OS.  
-
-1. The Azure Management Portal is used to create Connected Cache nodes.
-1. The Connected Cache container is deployed and provisioned to the server using the installer provided in the portal.
-1. Client policy is set in your management solution to point to the IP address or FQDN of the cache server.
-1. Microsoft end-user devices make range requests for content from the Connected Cache node.
-1. The Connected Cache node pulls content from the CDN, seeds its local cache stored on disk, and delivers the content to the client.
-1. Subsequent requests from end-user devices for content will now come from cache.
-1. If the Connected Cache node is unavailable, the client pulls content from CDN to ensure uninterrupted service for your subscribers.
-
 The following diagram displays an overview of how Connected Cache functions:
 
-:::image type="content" source="./images/waas-mcc-diag-overview.png" alt-text="Diagram displaying the components of Connected Cache." lightbox="./images/waas-mcc-diag-overview.png":::
+:::image type="content" source="./images/mcc_ent_publicpreview.png" alt-text="Diagram displaying the components of Connected Cache." lightbox="./images/mcc_ent_publicpreview.png":::
 
-## IoT Edge
+1. The Azure management portal for Microsoft Connected Cache or CLI are used to create cache nodes, configure deployments, including unauthenticated proxy settings.
+1. Prepare Windows or Linux devices. If deploying to Windows devices, prepare accounts - gMSA, local user account, domain account. Deploy to Windows or Linux devices using scripts.
+1. The Microsoft Connected Cache container is deployed to the device using Azure IoT Edge container management services and the cache server begins reporting status and metrics to Delivery Optimization services.
+1. The DOCacheHost setting is configured using Intune or other MDM, DHCP custom option, or registry key.
+1. Devices request content from the cache server, the cache server forwards the requests to the CDN and fills the cache, the cache server delivers the content requested to the devices, and uses Peer to Peer (depending on DO Download mode settings) for all DO content.
+1. Devices can fall back to CDN if the cache server is unavailable for any reason or use Delivery Optimization delay fallback to http (CDN) settings to prefer the local cache server.
+You can view data about Microsoft Connected Cache downloads on management portal and Windows Update for Business reports.
 
-Even though your Connected Cache scenario isn't related to IoT, Azure IoT Edge is used as a more generic Linux container deployment and management infrastructure. The Azure IoT Edge runtime sits on your designated Connected Cache device and performs management and communication operations. The runtime performs several functions important to manage Connected Cache on your edge device:
+## Next steps
 
-1. Installs and updates Connected Cache on your edge device.
-1. Maintains Azure IoT Edge security standards on your edge device.
-1. Ensures that Connected Cache is always running.
-1. Reports Connected Cache health and usage to the cloud for remote monitoring.
-  
-For more information on Azure IoT Edge, see the Azure IoT Edge [documentation](/azure/iot-edge/about-iot-edge).
+>[!div class="nextstepaction"]
+
+>[Create Connected Cache Azure resources](mcc-ent-create-resource-and-cache.md)
+>
diff --git a/windows/deployment/do/mcc-ent-faq.yml b/windows/deployment/do/mcc-ent-faq.yml
new file mode 100644
index 0000000000..089613eb36
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-faq.yml
@@ -0,0 +1,78 @@
+### YamlMime:FAQ
+metadata:
+  title: Microsoft Connected Cache for Enterprise and Education Frequently Asked Questions
+  description: The following article is a list of frequently asked questions for Microsoft Connected Cache for Enterprise.
+  ms.service: windows-client
+  ms.subservice: itpro-updates
+  ms.topic: faq
+  ms.author: nidos
+  author: doshnid
+  ms.reviewer: mstewart
+  manager: aaroncz
+  ms.collection:
+    - highpri
+    - tier3
+  appliesto: 
+    - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+    - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+  ms.date: 10/30/2024
+title: Microsoft Connected Cache for Enterprise Frequently Asked Questions
+summary: |
+  Frequently asked questions about Microsoft Connected Cache for Enterprise
+  
+sections:
+  - name: Ignored
+    questions:
+      - question: What are the licesning requirement?
+        answer: Microsoft Connected Cache for Enterprise and Education is available to all Windows E3, E5 and F3 and Education A3 and A5 customers.
+      - question: Is there a charge to create Connected Cache resources and cache node on Azure?
+        answer: No. You won't be charged to create Connected Cache resource and cache nodes on Azure. However, you need an Azure pay-as-you-go subscription to create the resources but there is no charge for the resource itself.
+      - question: Is there a nondisclosure agreement to sign?
+        answer: No, a nondisclosure agreement isn't required.
+      - question: What will Microsoft Connected Cache for Enterprise and Education do for me? 
+        answer: "[Delivery Optimization](waas-delivery-optimization-reference.md) and Microsoft Connected Cache are Microsoft’s comprehensive solutions for minimizing enterprises’ internet bandwidth consumption, with Delivery Optimization acting as the distributed content source and Connected Cache as a dedicated content source. Microsoft customers have benefited from these solutions, seeing savings of more than 90% of bandwidth when managing Windows 11 upgrades, Autopilot device provisioning, Intune application installations, and monthly update deployments."
+      - question: Can I deploy Connected Cache to a production environment?
+        answer: The core caching engine of Microsoft Connected Cache is deployed to hundreds of ISPs globally and has been reliably delivering Microsoft content to customers. Connected Cache relies on production Azure services for the deployment and management of Connected Cache nodes and for Windows installations Windows Subsystem for Linux. Microsoft support is fully onboarded to support your organization whether you deploy Connected Cache in a lab for testing or in production.
+      - question: When will Microsoft Connected Cache for Enterprise and Education be made generally available (GA)?
+        answer: "[Delivery Optimization](waas-delivery-optimization-reference.md) and Microsoft Connected Cache are Microsoft’s comprehensive solutions for minimizing enterprises’ internet bandwidth consumption. Microsoft is committed to making Connected Cache generally available soon. Additionally, Microsoft support is fully onboarded to support your organization in whatever capacity you deploy Connected Cache."
+      - question: What are the prerequisites and hardware requirements?
+        answer:  | 
+         - [Azure pay-as-you-go subscription](https://azure.microsoft.com/offers/ms-azr-0003p/).
+         - [Hardware to host Microsoft Connected Cache](mcc-ent-edu-overview.md)
+         - [Host machine requirements](mcc-ent-prerequisites.md)
+      - question: What host OS do I need to deploy Connected Cache?
+        answer: You can use Linux or Windows OS. Depending on the OS, the provisioning script and certain provisioning steps are different. 
+      - question: What content is cached by Microsoft Connected Cache?
+        answer: For more information about content cached, see [Delivery Optimization and Microsoft Connected Cache content endpoints](delivery-optimization-endpoints.md).
+      - question: Do I need to provide hardware BareMetal server or a virtual machine (VM)?
+        answer: Microsoft Connected Cache is a software-only caching solution and requires you to provide your own server to host the software.   
+      - question: Can we use hard drives instead of SSDs?
+        answer: We highly recommend using SSDs as Microsoft Connected Cache is a read intensive application. We also recommend using multiple drives to improve performance.
+      - question: Where should we install Microsoft Connected Cache?
+        answer: You are in control of your hardware and you can pick the location based on your traffic and end clients. You can choose the location where you have your routers or where you have dense traffic or any other parameters.   
+      - question: How can I set up a gMSA account?
+        answer: For more information about gMSA accounts, see [Learn how to provision a Group Managed Service Account on a Domain Controller](/windows-server/identity/ad-ds/manage/group-managed-service-accounts/group-managed-service-accounts/getting-started-with-group-managed-service-accounts#create-group-managed-service-accounts). Make sure that your gMSA has been granted permissions to "Log on as batch job" within the host machine's [local security policies](/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings).
+      - question: How can I set up a local account?
+        answer: For more information, see [Learn how to provision a Local User Account](https://support.microsoft.com/topic/104dc19f-6430-4b49-6a2b-e4dbd1dcdf32). Make sure that your gMSA has been granted permissions to "Log on as batch job" within the host machine's [local security policies](/previous-versions/windows/it-pro/windows-10/security/threat-protection/security-policy-settings/how-to-configure-security-policy-settings).
+      - question: Where can I monitor cache node usage?
+        answer: You can monitor your cache node usage on Azure portal. For more information, see [Monitor cache node usage Info on Reporting Capabilities](mcc-ent-monitoring.md).
+      - question: How does Microsoft Connected Cache populate its content? Can I precache content?
+        answer: Microsoft Connected Cache is a cold cache warmed by client requests at the byte range level so your clients only request the content they need. The client requests content and that is what fills the cache which means there's no cache fill necessary. "Preseeding" can be achieved by use of update rings. A test ring or early adopter ring can be used to fill the cache and all subsequent requests by other clients will come from cache.
+      - question: How long would a piece of content live within the Microsoft Connected Cache? Is content purged from the cache?
+        answer: Once a request for said content is made, NGINX looks at the cache control headers from the original acquisition. If that content is expired, NGINX continues to serve the stale content while it's downloading the new content. We cache the content for 30 days. The content is in the hot cache path (open handles and such) for 24 hrs, but resides on disk for 30 days. The drive fills up and nginx starts to delete content based on its own algorithm, probably some combination of least recently used.
+      - question: Is it possible to not update the Microsoft Connected Cache software or delay update longer than the timeline provided in the updates configuration?
+        answer: No. It's important to keep the Microsoft Connected Cache software up to date, especially when it comes to security issues. Microsoft validates updates prior to releasing Enterprises Connected Cache updates and only releases updates when it's necessary to keep customers secure or to ensure the continued successful operation of Connected Cache nodes for customers.  
+      - question: How do I set up CLI?
+        answer: For more information, see [How to install the Azure CLI](/cli/azure/install-azure-cli).
+      - question: How do I install the Microsoft Connected Cache Azure CLI extension?
+        answer: For more information, see [Install the Microsoft Connected Cache extension](mcc-ent-manage-using-cli.md#prerequisites).
+      - question: What do I do if I have to set up or change existing proxy?
+        answer: You can enable proxy and provide proxy information on Azure portal or use the CLI. Don't forget to rerun the provisioning script after making any proxy changes. For more information, see [Set up or change existing proxy](mcc-ent-create-resource-and-cache.md#proxy-settings).
+      - question: How do we set up Microsoft Connected Cache if we support multiple countries or regions?
+        answer: Microsoft Connected Cache isn't a service that has dependency on a specific Azure region, and there isn't personal or organizational identifiable information stored in the resource that necessitates data residency. The three regions that the Connected Cache resource can be deployed to are (Europe) North Europe, (Asia Pacific) Korea Central, and (US) West US.
+      - question: Should I use a gMSA, local user, or domain account to deploy Microsoft Connected Cache to Windows?
+        answer: There are pros and cons to the account options available to customers. We anticipate that security and manageability are top priories for customers. Microsoft provides guidance on both Active Directory and Microsoft Entra-based service accounts ([Introduction to Active Directory service accounts - Choose the right type of service account](/entra/architecture/service-accounts-on-premises#types-of-on-premises-service-accounts)) and user-based service accounts ([Secure user-based service accounts in Active Directory)](/entra/architecture/service-accounts-user-on-premises#assess-on-premises-user-account-security)).
+      - question: Does the user have to be logged using the account that installed Microsoft Connected Cache on Windows or Linux?
+        answer: No. As part of the installation on Windows a scheduled task is created using the account used to install Connected Cache. Regardless of which user is logged in or not logged in, the scheduled task remains running. On Linux, Connected Cache is installed by the user and remains running regardless of which user is logged in to the OS.
+      - question: What do I do if I need more support and have more questions even after reading this FAQ page?
+        answer: For further support for Microsoft Connected Cache, see [Troubleshooting issues for Microsoft Connected Cache for Enterprise and Education](mcc-ent-troubleshooting.md). If you still need more support, you can contact customer support.
diff --git a/windows/deployment/do/mcc-ent-manage-using-cli.md b/windows/deployment/do/mcc-ent-manage-using-cli.md
new file mode 100644
index 0000000000..ffb7e198d8
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-manage-using-cli.md
@@ -0,0 +1,210 @@
+---
+title: Manage Microsoft Connected Cache nodes using CLI
+description: Details on how to manage Microsoft Connected Cache for Enterprise cache nodes via Azure CLI commands.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+manager: aaroncz
+ms.author: nidos
+author: doshnid
+ms.reviewer: mstewart
+ms.collection: tier3
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>	
+ms.date: 10/30/2024
+---
+
+# Manage cache nodes using CLI
+
+<br>
+
+This article outlines how to create, configure, and deploy Microsoft Connected Cache for Enterprise cache nodes using Azure CLI.
+
+ 
+## Prerequisites:
+1. **Install Azure CLI**: [How to install the Azure CLI](/cli/azure/install-azure-cli)
+1. **Install Connected Cache extension**: Install Connected Cache extension via the command below
+
+```azurecli-interactive
+az extension add --name mcc
+```
+
+To learn more about installing extensions, see [Install the Connected Cache extension.](/cli/azure/azure-cli-extensions-overview#how-to-install-extensions)
+
+<br>
+<br>
+
+### 1. Create a Resource group
+
+The first step is to create a resource group if you don't already have one.
+An Azure resource group is a logical container into which Azure resources are deployed and managed.
+
+To create a resource group, use `az group create`. You can find more details on this CLI command [here](/cli/azure/group#az-group-create).
+<br>
+
+```azurecli-interactive
+az group create --name myrg --location westus
+```
+
+Once the resource group is created, you'll need to create a Microsoft Connected Cache for Enterprise resource.
+
+### 2. Create a Connected Cache Azure resource
+
+A Connected Cache Azure resource is a top-level Azure resource under which cache nodes can be created.
+
+To create a Connected Cache Azure resource, use `az mcc ent resource create`
+
+```azurecli-interactive
+az mcc ent resource create --mcc-resource-name mymccresource --resource-group myrg
+```
+
+<br>
+
+>[!IMPORTANT]
+>In the output, look for operationStatus. **operationStatus = Succeeded** indicates that our services have successfully started creating your Connected Cache resource.
+
+<br>
+
+The next step is to create a cache node under this resource.
+
+
+### 3. Create a cache node
+
+To create a cache node, use `az mcc ent node create`
+
+```azurecli-interactive
+az mcc ent node create --cache-node-name mycachenode --mcc-resource-name mymccresource --resource-group myrg --host-os <linux or windows>
+```
+
+<br>
+
+>[!IMPORTANT]
+>In the output, look for operationStatus. **operationStatus = Succeeded** indicates that our services have successfully started creating cache node.
+
+<br>
+
+### 4. Confirm cache node creation
+
+Before you can start configuring your cache node, you need to confirm that the cache node was successfully created.
+
+To confirm cache node creation, use `az mcc ent node show`
+
+<br>
+
+```azurecli-interactive
+az mcc ent node show --cache-node-name mycachenode --mcc-resource-name mymccresource --resource-group myrg  
+```
+
+>[!IMPORTANT]
+>In the output look for cacheNodeState. If **cacheNodeState = Not Configured**, you can continue with cache node configuration.
+>If **cacheNodeState = Registration in Progress**, then the cache node is still in process of being created. Please wait for a minute or two more and run the command again.
+
+<br>
+
+Once successful cache node creation is confirmed, you can proceed to configure the cache node.
+
+
+### 5. Configure cache node
+
+To configure your cache node, use `az mcc ent node update`
+
+The below example configures a Linux cache node with proxy enabled:
+
+```azurecli-interactive
+az mcc ent node update --cache-node-name <mycachenode> --mcc-resource-name <mymccresource> --resource-group <myrg>
+--cache-drive "[{physical-path:</physical/path>,size-in-gb:<size of cache drive>},{</physical/path>,size-in-gb:<size of cache drive>}...]"> --proxy <enabled> --proxy-host <"proxy host name"> --proxy-port <proxy port>  --auto-update-day <day of week> --auto-update-time <time of day> --auto-update-week <week of month> --auto-update-ring <update ring>
+```
+
+>[!Note]
+>* For a cache node that is to be deployed on Windows host OS, the physical path of the cache drive <u>must</u> be **/var/mcc**.<br>
+>* In the output, look for operationStatus. **operationStatus = Succeeded** indicates that our services have successfully updated the cache node. You will also see that cacheNodeState will show *Not Provisioned*. <br>
+>* Please save values for <u>physicalPath, sizeInGb, proxyPort, proxyHostName</u> as these values will be needed to construct the provisioning script.
+
+
+<br>
+
+### 6. Get provisioning details for the cache node
+
+After successfully configuring the cache node, the next step is to deploy the cache node to a host machine. To deploy the cache node, you'll need to create a provisioning script with relevant information.
+
+To get the relevant information for provisioning script, use `az mcc ent node get-provisioning-details`
+
+```azurecli-interactive
+az mcc ent node get-provisioning-details --cache-node-name mycachenode --mcc-resource-name mymccresource --resource-group myrg
+```
+
+>[!IMPORTANT]
+>* Save the resulting values for cacheNodeId, customerKey, mccResourceId, registrationKey. These GUIDs are needed to create the provisioning script.
+>* In the output look for cacheNodeState. If **cacheNodeState = Not Provisioned**, you can continue with cache node provisioning.
+>* If **cacheNodeState = Not Configured**, then the cache node has not been configured. Configure the cache node before provisioning.
+
+### Example script:
+
+Below is a pseudocode example of how to script bulk creation and configuration of a Connected Cache Azure resource and multiple Connected Cache cache nodes:
+
+<!--# [Bash](#tab/bash)
+
+:::code language="azurecli" source="~/azure_cli_scripts/azure-cli/create-azure-resources-at-scale/bash/create-azure-resources-at-scale.sh" id="step4":::
+
+In your console output, are you missing the last row in your CSV file?  This can be caused by a missing line continuation character after the last line. Add a blank line at the end of your CSV file to fix the issue.
+
+# [PowerShell](#tab/powershell)
+
+:::code language="azurecli" source="~/azure_cli_scripts/azure-cli/create-azure-resources-at-scale/powershell/create-azure-resources-at-scale.ps1" id="step4":::
+
+-->
+
+# [PowerShell](#tab/powershell)
+
+```powershell
+#Define variables
+$mccResourceName = "myMCCResource"
+$cacheNodeName = "demo-node"
+$cacheNodeOperatingSystem = "Windows"
+$resourceGroup = "myRG"
+$resourceLocation = "westus"
+$cacheNodesToCreate = 2
+$proxyHost = "myProxy.com"
+$proxyPort = "8080"
+$waitTime = 3
+
+# Create Microsoft Connected Cache Azure resource
+az mcc ent resource create --mcc-resource-name $mccResourceName --location $resourceLocation --resource-group $resourceGroup
+
+#Loop through $cacheNodesToCreate iterations
+for ($cacheNodeNumber = 1; $cacheNodeNumber -le $cacheNodesToCreate; $cacheNodeNumber++) {
+    $iteratedCacheNodeName = $cacheNodeName + "-" + $cacheNodeNumber
+    
+    #Create cache node
+    az mcc ent node create --cache-node-name $iteratedCacheNodeName --mcc-resource-name $mccResourceName --host-os $cacheNodeOperatingSystem --resource-group $resourceGroup
+
+    #Get cache node state
+    $cacheNodeState = $(az mcc ent node show --cache-node-name $iteratedCacheNodeName --mcc-resource-name $mccResourceName --resource-group $resourceGroup --query "cacheNodeState") | ConvertFrom-Json
+
+    $howLong = 0
+    #Wait until cache node state returns "Not Configured"
+    while ($cacheNodeState -ne "Not Configured") {
+        Write-Output "Waiting for cache node creation to complete...$howLong seconds"
+        Start-Sleep -Seconds $waitTime
+        $howLong += $waitTime
+    
+        $cacheNodeState = $(az mcc ent node show --cache-node-name $iteratedCacheNodeName --mcc-resource-name $mccResourceName --resource-group $resourceGroup --query "cacheNodeState") | ConvertFrom-Json
+    }
+
+    #Configure cache node
+    az mcc ent node update --cache-node-name $iteratedCacheNodeName --mcc-resource-name $mccResourceName --resource-group $resourceGroup --cache-drive  "[{physical-path:/var/mcc,size-in-gb:50}]" --proxy enabled --proxy-host $proxyHost --proxy-port $proxyPort
+}
+```
+---
+
+## Next step
+
+To deploy the cache node to a **Windows** host machine, see 
+>[!div class="nextstepaction"]
+>[Deploy cache node to Windows](mcc-ent-deploy-to-windows.md)
+
+To deploy the cache node to a **Linux** host machine, see 
+>[!div class="nextstepaction"]
+>[Deploy cache node to Linux](mcc-ent-deploy-to-linux.md)
diff --git a/windows/deployment/do/mcc-ent-monitoring.md b/windows/deployment/do/mcc-ent-monitoring.md
new file mode 100644
index 0000000000..9a4894896e
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-monitoring.md
@@ -0,0 +1,91 @@
+---
+title: Monitor usage of Microsoft Connected Cache nodes
+description: Details on how to monitor the usage of Microsoft Connected Cache for Enterprise cache nodes.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+manager: naengler
+ms.author: lichris
+author: chrisjlin
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ Supported Linux distributions
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>	
+ms.date: 10/30/2024
+---
+
+# Monitor cache node usage
+
+Tracking the status and performance of your Connected Cache node is essential to making sure you're getting the most out of the service.
+
+For basic monitoring, navigate to the **Overview** tab. Here you'll be able to view a collection of predefined metrics and charts. All the monitoring in this section will function right after your Connected Cache node has been deployed.
+
+For advanced monitoring, navigate to the **Metrics** section under the **Monitoring** tab. Here you'll be able to access more sampled metrics (hits, misses, inbound traffic) and specify different aggregations (count, avg, min, max, sum). You can then use this data to create customized charts and configure alerts.
+
+Between the two monitoring sections, you'll be able to gather essential insights into the health, performance, and efficiency of your Connected Cache nodes.
+
+## Basic Monitoring
+
+### Cache node summary
+
+Below are the metrics you'll find in the **Cache Node Summary** dashboard, along with their descriptions. This dashboard only reflects data received from cache nodes in the last 24 hours.
+
+![Screenshot of cache node summary in the Azure portal interface.](../images/mcc-ent-cache-node-summary.png)
+
+| Metric | Description |
+| --- | --- |
+| Healthy nodes | Your Connected Cache node will periodically send heartbeat messages to the Connected Cache service. If the Connected Cache service has received a heartbeat message from your Connected Cache node in the last 24 hours, the node will be labeled as healthy. |
+| Unhealthy nodes | If the Connected Cache service hasn't received a heartbeat message from your Connected Cache node in the last 24 hours, the node will be labeled as unhealthy. |
+| Max in | The maximum ingress in Megabits per second (Mbps) that your node has pulled from CDN endpoints in the last 24 hours. |
+| Max out | The minimum egress in Mbps that your node has sent to Windows devices in its network over the last 24 hours. |
+| Average in | The average ingress in Mbps that your node has pulled from CDN endpoints in the last 24 hours. |
+| Average out | The average egress in Mbps that your node has sent to Windows devices in its network over the last 24 hours. |
+| Cache efficiency | The percentage of all content requests your Connected Cache node receives that can be fulfilled using your node's cached content. A well-performing node should have an efficiency > 90%. |
+
+### Key metric charts
+
+The two predefined charts on the Overview page visually represent the egress and types of content served by your Connected Cache node. The filters that are displayed below the cache node summary dashboard only affect the data shown in the key metric charts.
+
+![Screenshot of key metric charts in the Azure portal interface.](../images/mcc-ent-key-metric-charts.png)
+
+#### Filters
+
+There are two filter controls that can be used to configure the key metric charts.
+
+- Timespan: Select how far back the chart should display
+- Cache nodes: Select which Connected Cache nodes the chart should display data for
+
+#### Outbound Traffic Chart
+
+This chart displays the average egress in bits per second (b/s) that your selected Connected Cache nodes delivered over the specified timespan.
+
+#### Volume by Content Type
+
+This chart displays the volume of each supported content type in bytes (B) that your selected Connected Cache nodes delivered over the specified timespan. See [Microsoft Connected Cache content and services endpoints](delivery-optimization-endpoints.md) for a complete list of supported content types.
+
+The content types displayed in the chart each have a distinct color and are sorted in descending order of volume. The bar chart is stacked such that you can visually compare total volume being delivered at different points in time.
+
+## Advanced Monitoring
+
+To expand upon the metrics shown in the Overview tab, navigate to the **Metrics** tab in the left side toolbar of Azure portal.
+
+Listed below are the metrics you can access in this section:
+
+| Metric | Description |
+| --- | --- |
+| Inbound | The number of content requests your Connected Cache node receives over a specified period of time. |
+| Hits | The number of times your Connected Cache node fulfills a content request by pulling from its cache. |
+| Misses | The number of times your Connected Cache node isn't able to fulfill a content request by pulling from its cache |
+
+### Customizable Dashboards
+
+Once you select the charts you would like to track, you can save them to a personalized dashboard. You can configure the chart title, filters, range, legend, and more. You can also use this personalized dashboard to set up alerts that will notify you if your Connected Cache node dips in performance.
+
+Some example scenarios where you would want to set up a custom alert:
+
+- My Connected Cache node is being shown as unhealthy and I want to know exactly when it stopped egressing last
+- A new Microsoft Word update was released last night and I want to know if my Connected Cache node is helping deliver this content to my Windows devices
+
+## Additional Metrics
+
+Your Connected Cache node can keep track of how much content has been sent to requesting Windows devices, but the node can't track whether the content was successfully received by the device. For more information on accessing client-side data from your Windows devices, see [Monitor Delivery Optimization](waas-delivery-optimization-monitor.md).
diff --git a/windows/deployment/do/mcc-ent-prerequisites.md b/windows/deployment/do/mcc-ent-prerequisites.md
new file mode 100644
index 0000000000..f30f503e31
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-prerequisites.md
@@ -0,0 +1,72 @@
+---
+title: Microsoft Connected Cache for Enterprise and Education prerequisites
+description: Details of prerequisites and recommendations for using Microsoft Connected Cache for Enterprise and Education.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: conceptual
+ms.author: lichris
+author: chrisjlin
+manager: naengler
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>
+ms.date: 10/30/2024
+---
+
+# Microsoft Connected Cache for Enterprise and Education Requirements
+
+This article details the requirements and recommended specifications for using Microsoft Connected Cache for Enterprise and Education.
+
+## Licensing requirements
+
+- **Valid Azure subscription**: To use the Microsoft Connected Cache for Enterprise and Education service, you'll need a valid Azure subscription that can be used to provision the necessary [Azure resources](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management).
+
+    If you don't have an Azure subscription already, you can create an Azure [pay-as-you-go](https://azure.microsoft.com/offers/ms-azr-0003p/) account, which requires a credit card for verification purposes. For more information, see the [Azure Free Account FAQ](https://azure.microsoft.com/free/free-account-faq/).
+
+    The Azure resources used for Connected Cache will be free to you during this public preview.
+
+- **E3/E5 or A3/A5 license**: Your organization must have one of the following license subscriptions for each device that downloads content from a Connected Cache node:
+
+    - [Windows Enterprise E3 or E5](/windows/whats-new/windows-licensing#windows-11-enterprise), included in [Microsoft 365 F3, E3, or E5](https://www.microsoft.com/microsoft-365/enterprise/microsoft365-plans-and-pricing?msockid=32c407b43d5968050f2b13443c746916)
+    - Windows Education A3 or A5, included in [Microsoft 365 A3 or A5](https://www.microsoft.com/education/products/microsoft-365?msockid=32c407b43d5968050f2b13443c746916#Education-plans)
+
+## Cache node host machine requirements
+
+### General requirements
+
+- Any previous installations of Connected Cache must be [uninstalled](mcc-ent-uninstall-cache-node.md) from the host machine before installing the latest version of Connected Cache.
+- [These listed endpoints](delivery-optimization-endpoints.md) must be reachable by the host machine.
+- The host machine must have no other services / applications utilizing port 80 (for example, Configuration Manager or a distribution point).
+- The host machine must have at least 4 GB of free memory.
+
+### Additional requirements for Windows host machines
+
+- The Windows host machine must be using Windows 11 or Windows Server 2022 with the latest cumulative update applied.
+    - Windows 11 must have [OS Build 22631.3296](https://support.microsoft.com/topic/march-12-2024-kb5035853-os-builds-22621-3296-and-22631-3296-a69ac07f-e893-4d16-bbe1-554b7d9dd39b) or later
+    - Windows Server 2022 must have [OS Build 20348.2227](https://support.microsoft.com/topic/january-9-2024-kb5034129-os-build-20348-2227-6958a36f-efaf-4ef5-a576-c5931072a89a) or later
+- The Windows host machine must support nested virtualization. Ensure that any security settings that may restrict nested virtualization are not enabled, such as ["Trusted launch" in Azure VMs](/azure/virtual-machines/trusted-launch-portal).
+- The Windows host machine must have [WSL 2 installed](/windows/wsl/install#install-wsl-command). You can install this on Windows 11 and Windows Server 2022 by logging on as a local administrator and running the PowerShell command `wsl.exe --install --no-distribution` in an elevated PowerShell window.
+
+### Additional requirements for Linux host machines
+
+- The Linux host machine must be using one of the following operating systems:
+    - Ubuntu 22.04
+    - Red Hat Enterprise Linux (RHEL) 8.* or 9.*
+        - If using RHEL, the default container engine (Podman) must be replaced with [Moby](https://github.com/moby/moby#readme)
+
+### Recommended host machine networking specifications
+
+- Multiple network interface cards (NICs) on a single Connected Cache host machine isn't supported.
+- 1 Gbps NIC is the minimum speed recommended but any NIC is supported.
+- The NIC and BIOS should support SR-IOV for best performance.
+
+### Recommended host machine hardware specifications
+
+Based on your [enterprise configuration](mcc-ent-edu-overview.md), it's recommended to deploy your Connected Cache nodes to host machines that meet the following recommended hardware specifications:
+
+| Component | Branch office | Small / medium enterprise | Large enterprise |
+| --- | --- | --- | --- |
+| CPU cores | 4 | 8 | 16 |
+| Memory | 8 GB, 4 GB free | 16 GB, 4 GB free | 32 GB, 4 GB free |
+| Disk storage | 100 GB free  | 500 GB free | 2x 200-500 GB free |
+| NIC | 1 Gbps | 5 Gbps | 10 Gbps |
diff --git a/windows/deployment/do/mcc-ent-release-notes.md b/windows/deployment/do/mcc-ent-release-notes.md
new file mode 100644
index 0000000000..28471a7fb7
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-release-notes.md
@@ -0,0 +1,41 @@
+---
+title: Microsoft Connected Cache Release Notes
+description: Release Notes for Microsoft Connected Cache for Enterprise and Education.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: conceptual
+ms.author: lichris
+author: chrisjlin
+manager: naengler
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ Supported Linux distributions
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>	
+ms.date: 10/30/2024
+---
+
+# Release Notes for Microsoft Connected Cache for Enterprise and Education
+
+This article contains details about the latest releases of Connected Cache. Since Connected Cache is a preview service, some releases may contain breaking changes.
+
+## Release v1.2.1.2076_E (public preview launch)
+
+The public preview released on **10/30/2024**
+
+For customers that installed earlier versions of Connected Cache, this release contains breaking changes that affect both Linux and Windows host machines. Please see the [early preview documentation page](mcc-ent-early-preview.md) for more details.
+
+### Feature updates
+
+- **Metrics and charts in Azure portal**: You can now visualize *Outbound egress* and *Volume by Content type* charts for your cache node on Azure portal. You can also create custom monitoring charts for your cache nodes. This capability is under the **Metrics** tab on Azure portal.
+- **Cache nodes for Windows or Linux host machines**: Cache nodes can now be created and deployed to Windows host machine or Linux host machines by simply choosing the OS when creating cache nodes.
+- **Ubuntu 22.04 LTS**: Cache nodes can now be deployed on Ubuntu 22.04 LTS.
+- **Azure CLI support**: Cache nodes can now be created and managed via Azure CLI.
+- **Proxy**: We added support for unauthenticated proxy and cloud proxy integration.
+- **Updates**: Your cache nodes are now updated automatically and we also added the capability to set each cache node's update ring to govern the cadence of Microsoft Connected Cache container updates.
+
+### Fixes
+- We fixed various bugs to achieve a smoother installation experience.
+
+## Related content
+
+- [Overview of Connected Cache](mcc-ent-edu-overview.md)
diff --git a/windows/deployment/do/mcc-ent-troubleshooting.md b/windows/deployment/do/mcc-ent-troubleshooting.md
new file mode 100644
index 0000000000..0f5b02bc00
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-troubleshooting.md
@@ -0,0 +1,119 @@
+---
+title: Microsoft Connected Cache for Enterprise and Education troubleshooting
+description: Details on how to troubleshoot common issues for Microsoft Connected Cache for Enterprise.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+manager: naengler
+ms.author: lichris
+author: chrisjlin
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ Supported Linux distributions
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise</a>	
+ms.date: 10/30/2024
+---
+
+
+# Troubleshoot Microsoft Connected Cache for Enterprise and Education
+
+This article contains instructions on how to troubleshoot different issues you may encounter while using Connected Cache. These issues are categorized by the task in which they may be encountered.
+
+## Steps to obtain an Azure subscription ID
+
+<!--Using include file, get-azure-subscription.md, do/mcc-isp.md for shared content-->
+[!INCLUDE [Get Azure subscription](includes/get-azure-subscription.md)]
+
+## Troubleshooting Azure resource creation
+
+[Connected Cache Azure resource creation](mcc-ent-create-resource-and-cache.md) can be initiated using either the Azure portal user interface or the Azure CLI command set.
+
+If you're encountering an error during resource creation, check that you have the necessary permissions to create Azure resources under your subscription and have filled out all required fields during the resource creation process.
+
+## Troubleshooting cache node configuration
+
+[Configuration of your Connected Cache node](mcc-ent-create-resource-and-cache.md) can be done using either the Azure portal user interface or the Azure CLI command set.
+
+If you're encountering a validation error, check that you have filled out all required configuration fields.
+
+If your configuration doesn't appear to be taking effect, check that you have selected the **Save** option at the top of the configuration page in the Azure portal user interface.
+
+If you have changed the proxy configuration, you will need to re-provision the Connected Cache software on the host machine for the proxy configuration to take effect.
+
+## Troubleshooting cache nodes created during early preview
+
+Cache nodes created and deployed during the [Microsoft Connected Cache for Enterprise and Education early preview](mcc-ent-early-preview.md) should continue to function but can no longer be managed or monitored remotely via the Connected Cache Azure service.
+
+As such, we strongly recommend you [recreate your existing resources in Azure](mcc-ent-create-resource-and-cache.md) and then [redeploy the Connected Cache software to your host machines](mcc-ent-deploy-to-windows.md) using the latest OS-specific installer.
+
+## Troubleshooting cache node deployment to Windows host machine
+
+### Collecting Windows-hosted installation logs
+
+[Deploying a Connected Cache node to a Windows host machine](mcc-ent-deploy-to-windows.md) involves running a series of PowerShell scripts contained within the Windows provisioning package. These scripts will attempt to write log files to the installation directory specified in the provisioning command (`C:\mccwsl01\InstallLogs` by default).
+
+There are three types of installation log files:
+
+1. **WSL_Mcc_Install_Transcript**: This log file records the lines printed to the PowerShell window when running the installation script
+1. **WSL_Mcc_Install_FromRegisteredTask_Status**: This log file records the high level status that is written during the registered tasks install
+1. **WSL_Mcc_Install_FromRegisteredTask_Transcript**: This log file records the detailed status that is written during the registered tasks install
+
+The Registered Task Transcript is usually the most useful for diagnosing the installation issue.
+
+### WSL2 fails to install with message "A specified logon session does not exist"
+
+If you are encountering this failure message when attempting to run the PowerShell command `wsl.exe --install --no-distribution` on your Windows host machine, verify that you are logged on as a local administrator and running the command from an elevated PowerShell window.
+
+### Updating the WSL2 kernel
+
+If the Connected Cache installation is failing due to WSL-related issues, try running `wsl.exe --update` to get the latest version of the WSL kernel.
+
+### Checking if the Connected Cache container is running
+
+Once the Connected Cache software has been successfully deployed to the Windows host machine, you can check if the cache node is running properly by doing the following on the Windows host machine:
+
+1. Launch a PowerShell process as the account specified as the runtime account during the Connected Cache install
+1. Run `wsl -d Ubuntu-22.04-Mcc-Base` to access the Linux distribution that hosts the Connected Cache container
+1. Run `sudo iotedge list` to show which containers are running within the IoT Edge runtime
+
+If it shows the **edgeAgent** and **edgeHub** containers but doesn't show **MCC**, you can view the status of the IoT Edge security manager using `sudo iotedge system logs -- -f`.
+
+You can also reboot the IoT Edge runtime using `sudo systemctl restart iotedge`.
+
+### Checking Connected Cache scheduled tasks
+
+Once the Connected Cache container is running, a scheduled task is periodically run under the Connected Cache runtime account to keep WSL from cleaning up the Connected Cache container.
+
+You can use Task Scheduler on the host machine to check the status of this scheduled task.
+
+1. Open Task Scheduler on the host machine
+1. Navigate to the Active Tasks section and double-click on **MCC_Monitor_Task**
+1. Select the scheduled task **MCC_Monitor_Task**
+1. Select the **Triggers** tab and confirm that the Status is **Enabled**
+
+> [!Note]
+> If the password of the runtime account changes, you'll need to update the user in all of the Connected Cache scheduled tasks in order for the Connected Cache node to continue functioning properly.
+
+## Troubleshooting cache node deployment to Linux host machine
+
+[Deploying a Connected Cache node to a Linux host machine](mcc-ent-deploy-to-linux.md) involves running a series of Bash scripts contained within the Linux provisioning package.
+
+Once the Connected Cache software has been successfully deployed to the Linux host machine, you can check if the cache node is running properly by doing the following on the Linux host machine:
+
+1. Run `sudo iotedge list` to show which containers are running within the IoT Edge runtime
+
+If it shows the **edgeAgent** and **edgeHub** containers but doesn't show **MCC**, you can view the status of the IoT Edge security manager using `sudo iotedge system logs -- -f`.
+
+You can also reboot the IoT Edge runtime using `sudo systemctl restart iotedge`.
+
+## Troubleshooting cache node monitoring
+
+Connected Cache node status and performance can be [monitored using the Azure portal user interface](mcc-ent-monitoring.md).
+
+If the [basic monitoring](mcc-ent-monitoring.md#basic-monitoring) visuals on the Overview tab are showing unexpected or erroneous values, refresh the browser window.
+
+If the issue persists, check that you have configured the Timespan and Cache node filters as desired.
+
+## Diagnose and Solve
+
+You can also use the **Diagnose and solve problems** functionality provided by the Azure portal interface. This tab within the Microsoft Connected Cache Azure resource will walk you through a few prompts to help narrow down the solution to your issue.
diff --git a/windows/deployment/do/mcc-ent-uninstall-cache-node.md b/windows/deployment/do/mcc-ent-uninstall-cache-node.md
new file mode 100644
index 0000000000..3fde904642
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-uninstall-cache-node.md
@@ -0,0 +1,35 @@
+---
+title: Uninstall Microsoft Connected Cache for Enterprise and Education cache nodes
+description: Details on how to uninstall Microsoft Connected Cache for Enterprise and Education from a host machine.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+ms.author: lichris
+author: chrisjlin
+manager: naengler
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ Supported Linux distributions
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a> 
+ms.date: 10/30/2024
+---
+
+# Uninstall Connected Cache software from a host machine
+
+This article describes how to uninstall Microsoft Connected Cache for Enterprise and Education caching software from a host machine. These steps should be taken after deleting the cache node in the Azure portal.
+
+## Steps to uninstall Connected Cache from a Windows host machine
+
+1. Launch a PowerShell window *as administrator* and navigate to the Connected Cache installation directory (C:\mcconwsl01 by default)
+1. Run the `uninstallmcconwsl.ps1` script
+
+## Steps to uninstall Connected Cache from a Linux host machine
+
+The `uninstallmcc.sh` script within the provisioning package uninstalls the Connected Cache caching software and all related components, including:
+
+- IoT Edge
+- IoT Edge Agent
+- IoT Edge Hub
+- Connected Cache container
+- Moby CLI
+- Moby engine
diff --git a/windows/deployment/do/mcc-ent-update-cache-node.md b/windows/deployment/do/mcc-ent-update-cache-node.md
new file mode 100644
index 0000000000..40f8c24f4c
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-update-cache-node.md
@@ -0,0 +1,60 @@
+---
+title: Update Microsoft Connected Cache for Enterprise and Education cache nodes
+description: Details on how Microsoft Connected Cache for Enterprise and Education cache nodes are updated by Microsoft.
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+ms.author: andyriv
+author: chrisjlin
+manager: naengler
+appliesto: 
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
+- ✅ Supported Linux distributions
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a> 
+ms.date: 10/30/2024
+---
+# Configure container update frequency for Microsoft Connected Cache for Enterprise and Education
+
+Microsoft Connected Cache for Enterprise and Education caching software is deployed to host machines as a container. The container OS and any software component within the container need to be updated to address security vulnerabilities and improve quality and performance. These Microsoft-published container updates are referred to as "Connected Cache updates" in this article.
+
+Microsoft silently deploys Connected Cache updates to your cache nodes based on the **Update Ring** setting you configure for each cache node.
+
+## Update rings
+
+Connected Cache nodes can be configured to either the `Fast` or `Slow` update ring. If configured to update as part of the Fast ring, the cache node will be silently updated by Microsoft soon after the update is made available. If configured to update as part of the `Slow` ring, the cache node is silently updated by Microsoft within five weeks of the update becoming available.
+
+In other words, configuring cache nodes to update as part of the `Slow` ring provides users with the option to delay the update process until they have validated that the latest Connected Cache update works within their environment. For example, a user could configure a test cache node to update as part of the `Fast` ring and validate that clients can successfully interact with the test cache node after the latest Connected Cache update has been applied. This builds confidence that service won't be interrupted when the production cache nodes are updated as part of the `Slow` ring.
+
+### Update ring options
+
+>[!IMPORTANT]
+> In the event of a critical security patch, Microsoft may elect to initiate a Connected Cache update to your cache node as soon as possible (even if the cache node has been set to the `Slow` Ring). Visit the [Release notes](mcc-ent-release-notes.md) page for a detailed changelog of each Connected Cache update.
+
+#### Fast Ring
+
+All Connected Cache nodes are configured to update as part of the `Fast` ring by default. Connected Cache nodes in the `Fast` ring will be updated soon after an update is made available. The update will silently update cache nodes at a time of day when update traffic is likely to be minimal, such as 3:00 AM (local time) on Saturday.
+
+#### Slow Ring
+
+Configuring a Connected Cache node to update as part of the `Slow` ring provides users with the option to delay Connected Cache software updates until the update can be validated. There are three settings that control when Connected Cache updates will be applied to Connected Cache nodes. All update ring settings can be managed from the Azure portal or through the Azure CLI.
+
+| Setting | Description |
+| --- | --- |
+| Week of the month | 1st to 4th week can be selected. There are three to four months in a year that could have a fifth week. If there's a fifth week, the update could be applied during that fifth week if the day of the week falls near the last day of the month.|
+| Day of the week | Monday through Sunday can be selected. |
+| Time of day | Time of day is based on UTC and a 24 hour clock. |
+
+## Update process
+
+When Microsoft publishes a Connected Cache update, the Connected Cache service attempts to update all Connected Cache nodes based on their **Update Ring** membership. If a cache node can't complete the silent Connected Cache update within 6 hours of starting, an error message is surfaced in the Azure portal.
+
+## Update terminology, criteria, and information
+
+Connected Cache updates are released based on need instead of on a set cadence.
+
+| Update type | Criteria and information |
+| --- | --- |
+| Security | Security updates are the highest priority and are released based on the severity rating of the vulnerability. Updates for [Critical and High](https://nvd.nist.gov/vuln-metrics/cvss) vulnerabilities are released by Microsoft within 60 days of discovery. Updates for [Medium and Low](https://nvd.nist.gov/vuln-metrics/cvss) vulnerabilities are released by Microsoft within 120 days. |
+| Quality | Quality updates fix a specific problem and addresses a noncritical, non-security-related bug. Quality updates could include performance fixes for a specific problem or changes related to cache efficiency or maximum egress for example. Quality updates are released along with security updates or when necessary to ensure proper functioning of the Microsoft Connected Cache software. |
+
+For information on all released Microsoft Connected Cache updates, see the [Connected Cache release notes](mcc-ent-release-notes.md).
diff --git a/windows/deployment/do/mcc-ent-verify-cache-node.md b/windows/deployment/do/mcc-ent-verify-cache-node.md
new file mode 100644
index 0000000000..6d1eacb092
--- /dev/null
+++ b/windows/deployment/do/mcc-ent-verify-cache-node.md
@@ -0,0 +1,46 @@
+---
+title: Verify Microsoft Connected Cache for Enterprise and Education cache node functionality
+description: Details on how to verify functionality of Microsoft Connected Cache for Enterprise and Education cache nodes.
+author: chrisjlin
+ms.author: lichris
+manager: naengler
+ms.service: windows-client
+ms.subservice: itpro-updates
+ms.topic: how-to
+ms.date: 10/30/2024
+appliesto: 
+- ✅ Windows-hosted Connected Cache cache nodes
+- ✅ Linux-hosted Connected Cache cache nodes
+- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>	
+---
+
+# Verify Connected Cache node functionality
+
+This article describes how to verify that a Microsoft Connected Cache for Enterprise and Education cache node is functioning correctly.
+
+These steps should be taken after deploying Connected Cache software to a [Windows](mcc-ent-deploy-to-windows.md) or [Linux](mcc-ent-deploy-to-linux.md) host machine.
+
+## Steps to verify functionality of Connected Cache node
+
+1. To verify that the Connected Cache container on the host machine is running and reachable, run the following command from the host machine:
+
+    ```powershell
+    wget http://localhost/filestreamingservice/files/7bc846e0-af9c-49be-a03d-bb04428c9bb5/Microsoft.png?cacheHostOrigin=dl.delivery.mp.microsoft.com
+    ```
+
+    If successful, there should be an HTTP response with StatusCode 200.
+
+1. To verify that Windows clients in your network can reach the Connected Cache node, visit the following address from a web browser on a Windows client device:
+
+    `http://[HostMachine-IP-address]/filestreamingservice/files/7bc846e0-af9c-49be-a03d-bb04428c9bb5/Microsoft.png?cacheHostOrigin=dl.delivery.mp.microsoft.com`
+
+    If successful, the Windows client device should begin to download a small image file from the Connected Cache node.
+
+1. To check how much content an individual Windows client has downloaded from a Connected Cache node, open the [Delivery Optimization activity monitor](/microsoft-365-apps/updates/delivery-optimization#viewing-data-about-the-use-of-delivery-optimization) on the Windows client device.
+
+    You should see a donut chart titled **Download Statistics**. If the Windows client has downloaded content from the cache node, you'll see a segment of the donut labeled **From Microsoft cache server**.
+
+## Related content
+
+- [Monitor cache node usage](mcc-ent-monitoring.md)
+- [Troubleshoot cache node](mcc-ent-troubleshooting.md)
diff --git a/windows/deployment/do/mcc-enterprise-appendix.md b/windows/deployment/do/mcc-enterprise-appendix.md
deleted file mode 100644
index 0a0239d690..0000000000
--- a/windows/deployment/do/mcc-enterprise-appendix.md
+++ /dev/null
@@ -1,138 +0,0 @@
----
-title: Appendix for Microsoft Connected Cache for Enterprise and Education
-description: This article contains reference information for Microsoft Connected Cache for Enterprise and Education.
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: reference
-ms.author: carmenf
-author: cmknox
-manager: aaroncz
-ms.reviewer: mstewart
-ms.collection:
-  - tier3
-  - must-keep
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>
-ms.date: 05/23/2024
----
-
-# Appendix
-
-## Steps to obtain an Azure subscription ID
-
-<!--Using include file, get-azure-subscription.md, do/mcc-isp.md for shared content-->
-[!INCLUDE [Get Azure subscription](includes/get-azure-subscription.md)]
-
-### Troubleshooting
-
-If you're not able to sign up for a Microsoft Azure subscription with the **Account belongs to a directory that cannot be associated with an Azure subscription. Please sign in with a different account.** error, see the following articles:
-
-- [Can't sign up for a Microsoft Azure subscription](/troubleshoot/azure/general/cannot-sign-up-subscription).
-- [Troubleshoot issues when you sign up for a new account in the Azure portal](/azure/cost-management-billing/manage/troubleshoot-azure-sign-up).
-
-## Hardware specifications
-
-Most customers choose to install their cache node on a Windows Server with a nested Hyper-V VM. If this isn't supported in your network, some customers have also opted to install their cache node using VMware. At this time, a Linux-only solution isn't available and Azure VMs don't support the standalone Microsoft Connected Cache.
-
-### Installing on VMware
-
-Microsoft Connected Cache for Enterprise and Education can be successfully installed on VMware. To do so, there are a couple of additional configurations to be made. Ensure the VM is turned off before making the following configuration changes:
-
-1. Ensure that you're using ESX. In the VM settings, turn on the option **Expose hardware assisted virtualization to the guest OS**.
-1. Using the Hyper-V Manager, create an external switch. For the external switch to have internet connection, ensure **"Allow promiscuous mode"** and **"Forged transmits"** are switched to **Yes**.
-
-### Installing on Hyper-V
-
-To learn more about how to configure Intel and AMD processors to support nested virtualization, see [Run Hyper-V in a Virtual Machine with Nested Virtualization](/virtualization/hyper-v-on-windows/user-guide/nested-virtualization).
-
-## Diagnostics Script
-
-If you're having issues with your Microsoft Connected Cache, we included a diagnostics script. The script collects all your logs and zips them into a single file. You can then send us these logs via email for the Connected Cache team to debug.
-
-To run this script:
-
-1. Navigate to the following folder in the Connected Cache installation files:
-
-    mccinstaller > Eflow > Diagnostics
-
-1. Run the following commands:
-
-   ```powershell
-   Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process
-   .\collectMccDiagnostics.ps1
-   ```
-
-1. The script stores all the debug files into a folder and then creates a tar file. After the script is finished running, it will output the path of the tar file, which you can share with us. The location should be **\<currentpath\>**\mccdiagnostics\support_bundle_\$timestamp.tar.gz
-
-1. [Email the Connected Cache team](mailto:mccforenterprise@microsoft.com?subject=Debugging%20Help%20Needed%20for%20MCC%20for%20Enterprise) and attach this file asking for debugging support. Screenshots of the error along with any other warnings you saw will be helpful during out debugging process.
-
-## IoT Edge runtime
-
-The Azure IoT Edge runtime enables custom and cloud logic on IoT Edge devices.
-The runtime sits on the IoT Edge device, and performs management and
-communication operations. The runtime performs several functions:
-
-- Installs and update workloads (Docker containers) on the device.
-- Maintains Azure IoT Edge security standards on the device.
-- Ensures that IoT Edge modules (Docker containers) are always running.
-- Reports module (Docker containers) health to the cloud for remote monitoring.
-- Manages communication between an IoT Edge device and the cloud.
-
-For more information on Azure IoT Edge, see the [Azure IoT Edge documentation](/azure/iot-edge/about-iot-edge).
-
-## Routing local Windows clients to a Connected Cache
-
-### Get the IP address of your Connected Cache using ifconfig
-
-There are multiple methods that can be used to apply a policy to PCs that should participate in downloading from the Connected Cache.
-
-#### Registry key
-
-You can either set your Connected Cache IP address or FQDN using:
-
-1. Registry key (version 1709 and later):  
-    `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization`
-</br>
-    "DOCacheHost"=" "  
-
-    From an elevated command prompt:
-
-    ```powershell
-        reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\DeliveryOptimization" /v DOCacheHost /t REG_SZ /d "10.137.187.38" /f
-    ```
-
-1. MDM path (version 1809 and later):
-
-    `.Vendor/MSFT/Policy/Config/DeliveryOptimization/DOCacheHost`
-
-1. In Windows (release version 1809 and later), you can apply the policy via Group Policy Editor. The policy to apply is **DOCacheHost**. To configure the clients to pull content from the Connected Cache using Group Policy, go to **Computer Configuration** > **Administrative Templates** > **Windows Components** > **Delivery Optimization**. Set the **Cache Server Hostname** to the IP address of your Connected Cache, such as `10.137.187.38`.
-
-   :::image type="content" source="./images/ent-mcc-group-policy-hostname.png" alt-text="Screenshot of the Group Policy editor showing the Cache Server Hostname Group Policy setting." lightbox="./images/ent-mcc-group-policy-hostname.png":::
-
-## Verify content using the DO client
-
-To verify that the Delivery Optimization client can download content using Connected Cache, you can use the following steps:
-
-1. Download a game or application from the Microsoft Store.
-
-   :::image type="content" source="./images/ent-mcc-store-example-download.png" alt-text="Screenshot of the Microsoft Store with the game, Angry Birds 2, selected.":::
-
-1. Verify downloads came from Connected Cache by one of two methods:
-
-    - Using the PowerShell Cmdlet Get-DeliveryOptimizationStatus you should see *BytesFromCacheServer*.
-
-      :::image type="content" source="./images/ent-mcc-get-deliveryoptimizationstatus.png" alt-text="Screenshot of the output of Get-DeliveryOptimization | FT from PowerShell." lightbox="./images/ent-mcc-get-deliveryoptimizationstatus.png":::
-
-    - Using the Delivery Optimization Activity Monitor
-
-      :::image type="content" source="./images/ent-mcc-delivery-optimization-activity.png" alt-text="Screenshot of the Delivery Optimization Activity Monitor.":::
-
-## EFLOW
-
-- [What is Azure IoT Edge for Linux on Windows](/azure/iot-edge/iot-edge-for-linux-on-windows)
-- [Install Azure IoT Edge for Linux on Windows](/azure/iot-edge/how-to-provision-single-device-linux-on-windows-symmetric#install-iot-edge)
-- [PowerShell functions for Azure IoT Edge for Linux on Windows](/azure/iot-edge/reference-iot-edge-for-linux-on-windows-functions)
-- EFLOW FAQ and Support: [Support · Azure/iotedge-eflow Wiki (github.com)](https://github.com/Azure/iotedge-eflow/wiki/Support#how-can-i-apply-updates-to-eflow)
-- [Now ready for Production: Linux IoT Edge Modules on Windows - YouTube](https://www.youtube.com/watch?v=pgqVCg6cxVU&ab_channel=MicrosoftIoTDevelopers)
diff --git a/windows/deployment/do/mcc-enterprise-deploy.md b/windows/deployment/do/mcc-enterprise-deploy.md
deleted file mode 100644
index b5b7ae1435..0000000000
--- a/windows/deployment/do/mcc-enterprise-deploy.md
+++ /dev/null
@@ -1,418 +0,0 @@
----
-title: Deploying your cache node
-description: How to deploy a Microsoft Connected Cache for Enterprise and Education cache node from the Azure portal.
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.author: carmenf
-author: cmknox
-ms.reviewer: mstewart
-manager: aaroncz
-ms.collection: tier3
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>	
-ms.date: 05/23/2024
----
-
-# Deploy your cache node
-
-This article describes how to deploy a Microsoft Connected Cache for Enterprise and Education cache node.
-
-## Steps to deploy Connected Cache
-
-To deploy Connected Cache to your server:
-
-1. [Provide Microsoft with the Azure subscription ID](#provide-microsoft-with-the-azure-subscription-id)
-1. [Create the Connected Cache Resource in Azure](#create-the-connected-cache-resource-in-azure)
-1. [Create a Connected Cache Node](#create-a-connected-cache-node-in-azure)
-1. [Edit Cache Node Information](#edit-cache-node-information)
-1. [Install Connected Cache on a physical server or VM](#install-connected-cache-on-windows)
-1. [Verify Connected Cache functionality](#verify-connected-cache-server-functionality)
-1. [Review common Issues](#common-issues) if needed.
-
-### Provide Microsoft with the Azure subscription ID
-
-As part of the Connected Cache preview onboarding process an Azure subscription ID must be provided to Microsoft.
-
-> [!IMPORTANT]
-> As we near the release of public preview, we have paused onboarding. Please continue to submit the form to express interest so we can follow up with you once public preview of Microsoft Connected Cache for Enteprise and Education is available. To register your interest, fill out the form located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
-
-For information about creating or locating your subscription ID, see [Steps to obtain an Azure subscription ID](mcc-enterprise-appendix.md#steps-to-obtain-an-azure-subscription-id).
-
-### Create the Connected Cache resource in Azure
-
-The Connected Cache Azure management portal is used to create and manage Connected Cache nodes. An Azure subscription ID is used to grant access to the preview and to create the Connected Cache resource in Azure and Cache nodes.
-
-Once you take the survey above and the Connected Cache team adds your subscription ID to the allowlist, you'll be given a link to the Azure portal where you can create the resource described below.
-
-1. In the Azure portal home page, choose **Create a resource**:  
-
-   :::image type="content" source="./images/ent-mcc-create-azure-resource.png" alt-text="Screenshot of the Azure portal. The create a resource option is outlined in red.":::
-
-1. Type **Microsoft Connected Cache** into the search box, and hit **Enter** to show search results.
-
-   > [!NOTE]
-   > You won't see Microsoft Connected Cache in the drop-down list. You'll need to type the string and press enter to see the result.
-
-1. Select **Microsoft Connected Cache Enterprise** and choose **Create** on the next screen to start the process of creating the Connected Cache resource.
-
-   :::image type="content" source="./images/ent-mcc-azure-search-result.png" alt-text="Screenshot of the Azure portal search results for Microsoft Connected Cache.":::
-
-   :::image type="content" source="./images/ent-mcc-azure-marketplace.png" alt-text="Screenshot of Microsoft Connected Cache Enterprise within the Azure Marketplace.":::
-
-1. Fill in the required fields to create the Connected Cache resource.
-
-    - Choose the subscription that you provided to Microsoft.
-    - Azure resource groups are logical groups of resources. Create a new resource group and choose a name for your resource group.
-    - Choose **(US) West US** for the location of the resource. This choice won't impact Connected Cache if the physical location isn't in the West US, it's just a limitation of the preview.
-
-       > [!IMPORTANT]
-       > Your Connected Cache resource will not be created properly if you do not select **(US) West US**
-
-    - Choose a name for the Connected Cache resource.
-      - Your Connected Cache resource must not contain the word **Microsoft** in it.
-
-      :::image type="content" source="./images/ent-mcc-azure-create-connected-cache.png" alt-text="Screenshot of the Create a Connected Cache page within the Azure Marketplace.":::
-
-1. Once all the information has been entered, select the **Review + Create** button. Once validation is complete, select the **Create** button to start the resource creation.
-
-    :::image type="content" source="./images/ent-mcc-azure-cache-created.png" alt-text="Screenshot of the completed cache deployment within the Azure." lightbox="./images/ent-mcc-azure-cache-created.png":::
-
-#### Error: Validation failed
-
-- If you get a Validation failed error message on your portal, it's likely because you selected the **Location** as **US West 2** or some other location that isn't **(US) West US**.
-  - To resolve this error, go to the previous step and choose **(US) West US**.
-
-    :::image type="content" source="./images/ent-mcc-create-cache-failed.png" alt-text="Screenshot of a failed cache deployment due to an incorrect location.":::
-
-### Create a Connected Cache node in Azure
-
-Creating a Connected Cache node is a multi-step process and the first step is to access the Connected Cache early preview management portal.
-
-1. After the successful resource creation, select  **Go to resource**.
-1. Under **Cache Node Management** section on the leftmost panel, select **Cache Nodes**.
-
-    :::image type="content" source="./images/ent-mcc-cache-nodes.png" alt-text="Screenshot of the Cache Node Management section with the navigation link to the Cache Nodes page outlined in red.":::
-
-1. On the **Cache Nodes** blade, select the **Create Cache Node** button.
-
-    :::image type="content" source="./images/ent-mcc-create-cache-node.png" alt-text="Screenshot of the Cache Nodes page with the Create Cache Node option outlined in red.":::
-
-1. Selecting the **Create Cache Node** button will open the **Create Cache Node** page; **Cache Node Name** is the only field required for cache node creation.
-
-   | Field Name | Expected Value | Description |
-   |---|---|---|
-   | **Cache Node Name** | Alphanumeric name that doesn't include any spaces. | The name of the cache node. You may choose names based on location such as `Seattle-1`. This name must be unique and can't be changed later. |
-
-1. Enter the information for the **Cache Node** and select the **Create** button.
-
-   :::image type="content" source="./images/ent-mcc-create-cache-node-name.png" alt-text="Screenshot of the Cache Nodes page displaying the Cache Node Name text entry during the creation process.":::
-
-If there are errors, the form will provide guidance on how to correct the errors.
-
-Once the Connected Cache node has been created, the installer instructions will be exposed. More details on the installer instructions will be addressed later in this article, in the [Install Connected Cache](#install-connected-cache-on-windows) section.
-
-:::image type="content" source="./images/ent-mcc-connected-cache-installer-download.png" alt-text="Screenshot of the Connected Cache installer download button, installer instructions, and script.":::
-
-#### Edit cache node information
-
-Cache nodes can be deleted here by selecting the check box to the left of a **Cache Node Name** and then selecting the delete toolbar item. Be aware that if a cache node is deleted, there's no way to recover the cache node or any of the information related to the cache node.
-
-:::image type="content" source="./images/ent-mcc-delete-cache-node.png" alt-text="Screenshot of deleting a cache node from the Cache Nodes page.":::
-
-### Install Connected Cache on Windows
-
-Installing Connected Cache on your Windows device is a simple process. A PowerShell script performs the following tasks:
-
-- Installs the Azure CLI
-- Downloads, installs, and deploys EFLOW
-- Enables Microsoft Update so EFLOW can stay up to date
-- Creates a virtual machine
-- Enables the firewall and opens ports 80 and 22 for inbound and outbound traffic. Port 80 is used by Connected Cache, and port 22 is used for SSH communications.
-- Configures Connected Cache tuning settings.
-- Creates the necessary *FREE* Azure resource - IoT Hub/IoT Edge.
-- Deploys the Connected Cache container to server.
-
-#### Run the installer
-
-1. Download and unzip `mccinstaller.zip` from the create cache node page or cache node configuration page, both of which contain the necessary installation files.
-
-   :::image type="content" source="./images/ent-mcc-download-installer.png" alt-text="Screenshot of the download installer option on the Create Cache Node page.":::
-
-   The following files are contained in the `mccinstaller.zip` file:
-
-   - **installmcc.ps1**: Main installer file.
-   - **installEflow.ps1**: Installs the necessary prerequisites such as the Linux VM, IoT Edge runtime, and Docker, and makes necessary host OS settings to optimize caching performance.
-   - **resourceDeploymentForConnectedCache.ps1**: Creates Azure cloud resources required to support Connected Cache control plane.
-   - **mccdeployment.json**: Deployment manifest used by IoT Edge to deploy the Connected Cache container and configure settings on the container, such as cache drive location sizes.
-   - **updatemcc.ps1**: The update script used to upgrade Connected Cache to a particular version.
-   - **mccupdate.json**: Used as part of the update script
-
-1. Open Windows PowerShell as administrator then navigate to the location of these files.
-
-   > [!NOTE]
-   > Ensure that Hyper-V is enabled on your device.
-   > - **Windows 10:** [Enable Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v)
-   > - **Windows Server:** [Install the Hyper-V role on Windows Server](/windows-server/virtualization/hyper-v/get-started/install-the-hyper-v-role-on-windows-server)'
-   >
-   > Don't use PowerShell ISE, PowerShell 6.x, or PowerShell 7.x. Only Windows PowerShell version 5.x is supported.
-
-1. **If you're installing Connected Cache on a local virtual machine**, turn the virtual machine **off** while you enable nested virtualization and MAC spoofing.
-   1. Enable nested virtualization:
-
-      ```powershell
-      Set-VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true
-      ```
-
-   1. Enable MAC spoofing:
-
-      ```powershell
-      Get-VMNetworkAdapter -VMName "VM name" | Set-VMNetworkAdapter -MacAddressSpoofing On
-      ```
-
-1. Set the execution policy.
-
-    ```powershell
-    Set-ExecutionPolicy -ExecutionPolicy Unrestricted -Scope Process
-    ```
-
-    > [!NOTE]
-    > After setting the execution policy, you'll see a warning asking if you wish to change the execution policy. Choose **[A] Yes to All**.
-
-1. Copy the command from the Azure portal and run it in Windows PowerShell.
-
-    :::image type="content" source="./images/ent-mcc-installer-script.png" alt-text="Screenshot of the installer script for the connected cache node.":::
-
-    > [!NOTE]
-    > After running the command, and multiple times throughout the installation process, you'll receive the following notice. Select **[R] Run once** to proceed.
-    > </br>
-    > </br> Security warning
-    > </br> Run only scripts that you trust. While scripts from the internet can be useful, this script can potentially harm your computer. If you trust this script, use the Unblock-File cmdlet to allow the script to run without this warning message. Do you want to run C:\Users\mccinstaller\Eflow\installmcc.ps1?
-    > </br>
-    > </br> [D] Do not run **[R] Run once** [S] Suspend [?] Help (default is "D"):
-
-1. Choose whether you would like to create a new external virtual switch or select an existing external virtual switch.
-
-   If creating a new external virtual switch, name your switch and be sure to choose a Local Area Connection (USB adapters work as well however, we do not recommend using Wi-Fi). A computer restart will be required if you're creating a new switch.
-
-   > [!NOTE]
-   > Restarting your computer after creating a switch is recommended. You'll notice network delays during installation if the computer has not been restarted.
-
-   If you restarted your computer after creating a switch, start from step 2 above and skip to step 5.
-
-   If you opt to use an existing external switch, select the switch from the presented options. Local Area Connection (or USB) is preferable to Wi-Fi.
-
-   :::image type="content" source="./images/ent-mcc-script-new-switch.png" alt-text="Screenshot of the installer script running in PowerShell when a new switch is created." lightbox="./images/ent-mcc-script-new-switch.png":::
-
-1. Rerun the script after the restart. This time, choose **No** when asked to create a new switch. Enter the number corresponding to the switch you previously created.
-
-     :::image type="content" source="./images/ent-mcc-script-existing-switch.png" alt-text="Screenshot of the installer script running in PowerShell when using an existing switch." lightbox="./images/ent-mcc-script-existing-switch.png":::
-
-1. Decide whether you would like to use dynamic or static address for the Eflow VM. If you choose to use a static IP, do not use the IP address of the server. It is a VM, and it will have its own IP.
-
-    :::image type="content" source="./images/ent-mcc-script-dynamic-address.png" alt-text="Screenshot of the installer script running in PowerShell asking if you'd like to use a dynamic address." lightbox="./images/ent-mcc-script-dynamic-address.png":::
-
-    > [!NOTE]
-    > Choosing a dynamic IP address might assign a different IP address when the Connected Cache restarts. A static IP address is recommended so you don't have to change this value in your management solution when Connected Cache restarts.
-
-   The IP address you assign to the EFLOW VM should be within the same subnet as the host server (based on the subnet mask) and not used by any other machine on the network.
-   For example, for host configuration where the server IP Address is 192.168.1.202 and the subnet mask is 255.255.255.0, the static IP can be anything 192.168.1.* except 192.168.1.202.
-   <!-- Insert Image 1 & 2. Remove ent-mcc-script-dynamic-address.png image (it is replaced by image 2) -->
-    :::image type="content" source="./images/external-switch-1.jpg" alt-text="Screenshot of a sample output of ipconfig command showing example of subnet mask." lightbox="./images/external-switch-1.jpg":::
-
-    :::image type="content" source="./images/assigning-ip-2.png" alt-text="Screenshot of multiple installer questions about ipv4 address for Eflow." lightbox="./images/assigning-ip-2.png":::
-
-   If you would like to use your own DNS server instead of Google DNS 8.8.8.8, select **n** and set your own DNS server IP.
-
-   :::image type="content" source="./images/use-custom-dns-3.png" alt-text="Screenshot of multiple installer questions about setting an alternate DNS server." lightbox="./images/use-custom-dns-3.png":::
-
-   If you use a dynamic IP address, the DHCP server will automatically configure the IP address and DNS settings.
-
-1. Choose where you would like to download, install, and store the virtual hard disk for EFLOW. You'll also be asked how much memory, storage, and how many cores you would like to allocate for the VM. For this example, we chose the default values for download path, install path, and virtual hard disk path.
-
-   <!-- Insert Image 4 -->
-   :::image type="content" source="./images/installation-info-4.png" alt-text="Screenshot of multiple installer questions about memory and storage for EFLOW." lightbox="./images/installation-info-4.png":::
-
-   For more information, see [Sizing Recommendations](mcc-enterprise-prerequisites.md#sizing-recommendations) for memory, virtual storage, and CPU cores. For this example we chose the recommended values for a Branch Office/Small Enterprise deployment.
-
-   <!-- Insert Image 5 -->
-   :::image type="content" source="./images/memory-storage-5.png" alt-text="Screenshot of multiple installer questions about memory and storage." lightbox="./images/memory-storage-5.png":::
-   <!-- Remove: If this is your first Connected Cache deployment, select **n** so that a new IoT Hub can be created. If you have already configured Connected Cache before, choose **y** so that your Connected Caches are grouped in the same IoT Hub.
-
-    1. You'll be shown a list of existing IoT Hubs in your Azure subscription. Enter the number corresponding to the IoT Hub to select it. **You'll likely have only 1 IoT Hub in your subscription, in which case you want to enter "1"**
-
-       :::image type="content" source="./images/ent-mcc-script-select-hub.png" alt-text="Screenshot of the installer script running in PowerShell prompting you to select which IoT Hub to use." lightbox="./images/ent-mcc-script-select-hub.png":::
-       -->
-1. When the installation is complete, you should see the following output (the values below will be your own)
-
-    :::image type="content" source="./images/ent-mcc-script-complete.png" alt-text="Screenshot of the installer script displaying the completion summary in PowerShell." lightbox="./images/ent-mcc-script-complete.png":::
-       <!-- Insert Image 7 -->
-
-    :::image type="content" source="./images/installation-complete-7.png" alt-text="Screenshot of expected output when installation is complete." lightbox="./images/installation-complete-7.png":::
-
-1. Your Connected Cache deployment is now complete.
-
-   If you don't see any errors, continue to the next section to validate your Connected Cache deployment. Your VM will not appear in Hyper-V Manager as it is an EFLOW VM.
-   - After validating your Connected Cache is properly functional, review your management solution documentation, such as [Intune](/mem/intune/configuration/delivery-optimization-windows), to set the cache host policy to the IP address of your Connected Cache.
-   - If you had errors during your deployment, see the [Common Issues](#common-issues) section in this article.
-
-## Verify Connected Cache server functionality
-
-#### Verify client side
-
-Connect to the EFLOW VM and check if Connected Cache is properly running:
-
-1. Open PowerShell as an Administrator.
-2. Enter the following commands:
-
-   ```powershell
-   Connect-EflowVm
-   sudo -s
-   iotedge list
-   ```
-
-   :::image type="content" source="./images/ent-mcc-connect-eflowvm.png" alt-text="Screenshot of running connect-EflowVm, sudo -s, and iotedge list from PowerShell." lightbox="./images/ent-mcc-connect-eflowvm.png":::
-
-You should see Connected Cache, edgeAgent, and edgeHub running. If you see edgeAgent or edgeHub but not Connected Cache, try this command in a few minutes. The Connected Cache container can take a few minutes to deploy. If iotedge list times out, you can run docker ps -a to list the running containers.
-If the 3 containers are still not running, run the following commands to check if DNS resolution is working correctly:
-
-```bash
-ping www.microsoft.com
-resolvectl query microsoft.com
-```
-
-See the [common issues](#common-issues) section for more information.
-
-#### Verify server side
-
-To validate that Connected Cache is properly functioning, execute the following command in the EFLOW VM or any device in the network. Replace <CacheServerIP\> with the IP address of the cache server.
-
-```powershell
-wget http://<CacheServerIP>/mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com
-```
-
-A successful test result will display a status code of 200 along with additional information.
-
-:::image type="content" source="./images/ent-mcc-verify-server-ssh.png" alt-text="Screenshot of a successful wget with an SSH client." lightbox="./images/ent-mcc-verify-server-ssh.png":::
-
-:::image type="content" source="./images/ent-mcc-verify-server-powershell.png" alt-text="Screenshot of a successful wget using PowerShell." lightbox="./images/ent-mcc-verify-server-powershell.png":::
-
-Similarly, enter the following URL from a browser in the network:
-
-`http://<YourCacheServerIP>/mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com`
-
-If the test fails, see the [common issues](#common-issues) section for more information.
-
-### Intune (or other management software) configuration for Connected Cache
-
-For an [Intune](/mem/intune/) deployment, create a **Configuration Profile** and include the Cache Host eFlow IP Address or FQDN:
-
-:::image type="content" source="./images/ent-mcc-intune-do.png" alt-text="Screenshot of Intune showing the Delivery Optimization cache server host names.":::
-
-## Common Issues
-
-#### PowerShell issues
-
-If you're seeing errors similar to this error: `The term Get-<Something> isn't recognized as the name of a cmdlet, function, script file, or operable program.`
-
-1. Ensure you're running Windows PowerShell version 5.x.
-
-1. Run \$PSVersionTable and ensure you're running version 5.x and *not version 6 or 7*.
-
-1. Ensure you have Hyper-V enabled:
-
-   **Windows 10:** [Enable Hyper-V on Windows 10](/virtualization/hyper-v-on-windows/quick-start/enable-hyper-v)
-
-   **Windows Server:** [Install the Hyper-V role on Windows Server](/windows-server/virtualization/hyper-v/get-started/install-the-hyper-v-role-on-windows-server)
-
-#### Verify Running Connected Cache Container
-
-Connect to the Connected Cache server and check the list of running IoT Edge modules using the following commands:
-
-```bash
-Connect-EflowVm
-sudo iotedge list
-```
-
-:::image type="content" source="./images/ent-mcc-iotedge-list.png" alt-text="Screenshot of the iotedge list command." lightbox="./images/ent-mcc-iotedge-list.png":::
-
-If edgeAgent and edgeHub containers are listed, but not "MCC", you may view the status of the IoT Edge security manager by using the command:
-
-```bash
-sudo journalctl -u iotedge -f
-```
-
-This command will provide the current status of the starting, stopping of a container, or the container pull and start.  
-
-:::image type="content" source="./images/ent-mcc-journalctl.png" alt-text="Screenshot of the output from journalctl -u iotedge -f." lightbox="./images/ent-mcc-journalctl.png":::
-
-> [!NOTE]
-> You should consult the IoT Edge troubleshooting guide ([Common issues and resolutions for Azure IoT Edge](/azure/iot-edge/troubleshoot)) for any issues you may encounter configuring IoT Edge, but we've listed a few issues that we encountered during our internal validation.
-
-
-### DNS needs to be configured
-
-Run the following IoT Edge install state check:
-
-```bash
-sudo iotedge check --verbose
-```
-
-If you see issues with ports 5671, 443, and 8883, your IoT Edge device needs to update the DNS for Docker.
-
-To configure the device to work with your DNS, use the following steps:
-
-1. Use `ifconfig` to find the appropriate NIC adapter name.
-
-   ```bash
-   ifconfig
-   ```
-
-1. Run `nmcli device show <network adapter name>` to show the DNS name for the ethernet adapter. For example, to show DNS information for **eno1**:
-
-   ```bash
-   nmcli device show eno1 
-   ```
-
-   :::image type="content" source="images/mcc-isp-nmcli.png" alt-text="Screenshot of a sample output of nmcli command to show network adapter information." lightbox="./images/mcc-isp-nmcli.png":::
-
-1. Open or create the Docker configuration file used to configure the DNS server.
-
-   ```bash
-   sudo nano /etc/docker/daemon.json
-   ```
-
-1. Paste the following string into the **daemon.json** file, and include the appropriate DNS server address. For example, in the previous screenshot, `IP4.DNS[1]` is `10.50.10.50`.
-
-   ```bash
-   { "dns": ["x.x.x.x"]}
-   ```
-
-1. Save the changes to daemon.json. If you need to change permissions on this file, use the following command:
-
-   ```bash
-   sudo chmod 555 /etc/docker/daemon.json
-   ```
-
-1. Restart Docker to pick up the new DNS setting. Then restart IoT Edge.
-
-   ```bash
-   sudo systemctl restart docker
-   sudo systemctl daemon-reload
-   sudo restart IoTEdge
-   ```
-
-### Resolve DNS issues
-
-Follow these steps if you see a DNS error when trying to resolve hostnames during the provisioning or download of container:
-Run `Get-EflowVmEndpoint` to get interface name
-
-Once you get the name:
-
-```bash
-Set-EflowVmDNSServers -vendpointName "interface name from above" -dnsServers @("DNS_IP_ADDRESS")
-Stop-EflowVm
-Start-EflowVm
-```
diff --git a/windows/deployment/do/mcc-enterprise-prerequisites.md b/windows/deployment/do/mcc-enterprise-prerequisites.md
deleted file mode 100644
index 2f782c468a..0000000000
--- a/windows/deployment/do/mcc-enterprise-prerequisites.md
+++ /dev/null
@@ -1,61 +0,0 @@
----
-title: Requirements for Microsoft Connected Cache for Enterprise and Education
-description: Overview of prerequisites and recommendations for using Microsoft Connected Cache for Enterprise and Education.
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: conceptual
-ms.author: carmenf
-author: cmknox
-manager: aaroncz
-ms.reviewer: mstewart
-ms.collection: tier3
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-- - ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a>
-ms.date: 05/23/2024
----
-
-# Requirements of Microsoft Connected Cache for Enterprise and Education (early preview)
-
-> [!NOTE]
-> As we near the release of public preview, we have paused onboarding. Please continue to submit the form to express interest so we can follow up with you once public preview of Microsoft Connected Cache for Enteprise and Education is available. To register your interest, fill out the form located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
-
-## Enterprise requirements for Connected Cache
-
-1. **Azure subscription**: Connected Cache management portal is hosted within Azure and is used to create the Connected Cache [Azure resource](/azure/cloud-adoption-framework/govern/resource-consistency/resource-access-management) and IoT Hub resource. Both are free services.
-
-    Your Azure subscription ID is first used to provision Connected Cache services, and enable access to the preview. The Connected Cache server requirement for an Azure subscription costs you nothing. If you don't have an Azure subscription already, you can create an Azure [pay-as-you-go](https://azure.microsoft.com/offers/ms-azr-0003p/) account, which requires a credit card for verification purposes. For more information, see the [Azure Free Account FAQ](https://azure.microsoft.com/free/free-account-faq/).
-
-    The resources used for the preview and in the future when this product is ready for production will be free to you, like other caching solutions.
-1. **Hardware to host Connected Cache**: The recommended configuration serves approximately 35,000 managed devices, downloading a 2-GB payload in 24-hour timeframe at a sustained rate of 6.5 Gbps.
-  
-   > [!NOTE]
-   > Azure VMs are not currently supported. If you'd like to install your cache node on VMWare, see the [Appendix](mcc-enterprise-appendix.md) for a few additional configurations.
-
-    **EFLOW requires Hyper-V support**
-    - On Windows client, enable the Hyper-V feature.
-    - On Windows Server, install the Hyper-V role and create a default network switch.
-    - For more requirements, see [EFLOW requirements](/azure/iot-edge/iot-edge-for-linux-on-windows#prerequisites).
-
-    Disk recommendations:
-    - Using an SSD is recommended as cache read speed of SSD is superior to HDD
-
-    NIC requirements:
-    - Multiple NICs on a single Connected Cache instance aren't supported.
-    - 1 Gbps NIC is the minimum speed recommended but any NIC is supported.
-    - For best performance, NIC and BIOS should support SR-IOV.
-
-    VM networking:
-    -  An external virtual switch to support outbound and inbound network communication (created during the installation process)
-1. **Content endpoints**: If you're using a proxy or firewall, certain endpoints must be allowed through in order for your Connected Cache to cache and serve content. See [Delivery Optimization and Microsoft Connected Cache content type endpoints](delivery-optimization-endpoints.md) for the list of required endpoints. 
-
-## Sizing recommendations
-
-| Component  | Branch Office / Small Enterprise | Large Enterprise |
-| -- | --- | --- |
-| OS|  Windows Server 2019*/2022 <br> Windows 10*/11 (Pro or Enterprise) with Hyper-V Support <br><br>* Windows 10 and Windows Server 2019 build 17763 or later | Same |
-|NIC | 1 Gbps | 5 Gbps |
-|Disk | SSD <br>1 drive <br>50 GB each  |SSD <br>1 drive <br>200 GB each  |
-|Memory | 4 GB | 8 GB |
-|Cores | 4 | 8  |
diff --git a/windows/deployment/do/mcc-enterprise-update-uninstall.md b/windows/deployment/do/mcc-enterprise-update-uninstall.md
deleted file mode 100644
index 27fb6d1cbc..0000000000
--- a/windows/deployment/do/mcc-enterprise-update-uninstall.md
+++ /dev/null
@@ -1,55 +0,0 @@
----
-title: Uninstall Microsoft Connected Cache for Enterprise and Education
-description: Details on how to uninstall Microsoft Connected Cache for Enterprise and Education for your environment.
-ms.service: windows-client
-ms.subservice: itpro-updates
-ms.topic: how-to
-ms.author: carmenf
-author: cmknox
-manager: aaroncz
-ms.reviewer: mstewart
-ms.collection:
-  - tier3
-  - must-keep
-appliesto: 
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
-- ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-- ✅ <a href=https://learn.microsoft.com/windows/deployment/do/waas-microsoft-connected-cache target=_blank>Microsoft Connected Cache for Enterprise and Education</a> 
-ms.date: 05/23/2024
----
- 
-<!-- Customers will no longer update the private preview and instead install public preview
-# Update or uninstall Microsoft Connected Cache for Enterprise and Education
-
-Throughout the preview phase, we'll send you security and feature updates for Connected Cache. Follow these steps to perform the update.
-
-## Update Connected Cache
-
-Run the following command with the **arguments** we provided in the email to update your Connected Cache:
-
-```powershell
-# .\updatemcc.ps1 version="**\<VERSION\>**" tenantid="**\<TENANTID\>**" customerid="**\<CUSTOMERID\>**" cachenodeid="**\<CACHENODEID\>**" customerkey="**\<CUSTOMERKEY\>**"
-```
-
-For example:
-
-```powershell
-# .\updatemcc.ps1 version="msconnectedcacheprod.azurecr.io/mcc/linux/iot/mcc-ubuntu-iot-amd64:1.2.1.659" tenantid="799a999aa-99a1-99aa-99aa-9a9aa099db99" customerid="99a999aa-99a1-99aa-99aa-9aaa9aaa0saa" cachenodeid=" aa99aaaa-999a-9aas-99aa99daaa99 " customerkey="a99d999a-aaaa-aa99-0999aaaa99a"
-```
--->
-# Uninstall Microsoft Connected Cache
-
-Contact the Connected Cache Team before uninstalling to let us know if you're facing issues.
-
-This script removes the following items:
-
-1. EFLOW + Linux VM
-1. IoT Edge
-1. Edge Agent
-1. Edge Hub
-1. Connected Cache
-1. Moby CLI
-1. Moby Engine
-
-To delete Connected Cache, go to Control Panel \> Uninstall a program \> Select Azure IoT
-Edge LTS \> Uninstall
diff --git a/windows/deployment/do/mcc-isp.md b/windows/deployment/do/mcc-isp.md
index 0d3426ca7a..2594e6e96a 100644
--- a/windows/deployment/do/mcc-isp.md
+++ b/windows/deployment/do/mcc-isp.md
@@ -10,7 +10,7 @@ ms.reviewer: mstewart
 manager: aaroncz
 ms.localizationpriority: medium
 ms.collection: tier3
-ms.date: 05/23/2024
+ms.date: 10/30/2024
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
@@ -20,594 +20,20 @@ appliesto:
 # Microsoft Connected Cache for Internet Service Providers (early preview)
 
 > [!IMPORTANT]
-> This document is for Microsoft Connected Cache (early preview). Microsoft Connected Cache for ISPs is now in Public Preview - for our early preview customers, we highly encourage you to onboard onto our Public Preview program. For instructions on signing up and onboarding please visit [Operator sign up and service onboarding for Microsoft Connected Cache](mcc-isp-signup.md).
+> Microsoft Connected Cache for ISPs is now in Public Preview - for our early preview customers, the early preview version is no longer supported. We highly encourage you to onboard onto our Public Preview program. For instructions on signing up and onboarding, visit [Operator sign up and service onboarding for Microsoft Connected Cache](mcc-isp-signup.md).
 
 ## Overview
 
-Microsoft Connected Cache preview is a software-only caching solution that delivers Microsoft content within operator networks. Connected Cache can be deployed to as many physical servers or VMs as needed and is managed from a cloud portal. Microsoft cloud services handle routing of consumer devices to the cache server for content downloads.
+Microsoft Connected Cache preview is a software-only caching solution that delivers Microsoft content within operator networks. Connected Cache can be deployed to as many physical servers or VMs as needed and is managed from a cloud portal. Microsoft cloud services handle routing of consumer devices to the cache server for content downloads. For more information, visit [Microsoft Connected Cache for ISP](mcc-isp-overview.md).
 
-Microsoft Connected Cache is a hybrid application, in that it's a mix of on-premises and cloud resources. It's composed of a Docker-compatible Linux container deployed to your server and a cloud management portal. Microsoft chose Azure IoT Edge as a secure and reliable control plane. For more information on IoT Edge, see the [Appendix](#appendix). Even though your scenario isn't related to IoT, Azure IoT Edge is our secure Linux container deployment and management infrastructure.
-
-## How Connected Cache works
-
-:::image type="content" source="./images/mcc-isp-diagram.png" alt-text="Data flow diagram of how Microsoft Connected Cache works." lightbox="./images/mcc-isp-diagram.png":::
-
-The following steps describe how Connected Cache is provisioned and used:
-
-1. The Azure Management Portal is used to create and manage Connected Cache nodes.
-
-1. A shell script is used to provision the server and deploy the Connected Cache application.
-
-1. A combination of the Azure Management Portal and shell script is used to configure Microsoft Delivery Optimization Services to route traffic to the Connected Cache server.
-
-    - The publicly accessible IPv4 address of the server is configured on the portal.
-
-    - **Manual Routing:** Providing the CIDR blocks that represent the client IP address space, which should be routed to the Connected Cache node.
-
-    - **BGP Routing:** A shell script is used to initiate a peering session with a router in the operator network, and the operator initiates a session with the Connected Cache node.
-
-        > [!NOTE]
-        > Only IPv4 addresses are supported at this time. Entering IPv6 addresses will result in an error.
-
-1. Microsoft end-user devices (clients) periodically connect with Microsoft Delivery Optimization Services, and the services match the IP address of the client with the IP address of the corresponding Connected Cache node.
-
-1. Microsoft clients make the range requests for content from the Connected Cache node.
-
-1. A Connected Cache node gets content from the CDN, seeds its local cache stored on disk, and delivers the content to the client.
-
-1. Subsequent requests from end-user devices for content will be served from cache.
-
-1. If the Connected Cache node is unavailable, the client gets content from the CDN to ensure uninterrupted service for your subscribers.
-
-## ISP requirements for Connected Cache
 
 Microsoft Connected Cache for Internet Service Providers is now in Public Preview! To get started, visit  [Azure portal](https://www.portal.azure.com) to sign up for Microsoft Connected Cache for Internet Service Providers. Please see [Operator sign up and service onboarding for Microsoft Connected Cache](mcc-isp-signup.md) for more information on the requirements for sign up and onboarding.
 
-<!-- ### Azure subscription
 
-The Connected Cache management portal is hosted within Azure. It's used to create the Connected Cache Azure resource and IoT Hub resource. Both are *free* services.
 
-> [!NOTE]
-> If you request Exchange or Public peering in the future, business email addresses must be used to register ASNs. Microsoft doesn't accept Gmail or other non-business email addresses.
 
-Your Azure subscription ID is first used to provision Connected Cache services and enable access to the preview. The Connected Cache server requirement for an Azure subscription will cost you nothing. If you don't have an Azure subscription already, you can create an Azure [Pay-As-You-Go](https://azure.microsoft.com/offers/ms-azr-0003p/) account, which requires a credit card for verification purposes. For more information, see the [Azure free account FAQ](https://azure.microsoft.com/free/free-account-faq/). *Don't submit a trial subscription* as you'll lose access to your Azure resources after the trial period ends.
 
-The resources used for the preview, and in the future when this product is ready for production, will be free to you - like other caching solutions.
-
-### Hardware to host the Connected Cache
-
-This recommended configuration can egress at a rate of 9 Gbps with a 10 Gbps NIC.
-
-#### Disk requirements
-
-- SSDs are recommended due to improved cache read speeds of SSD, compared to HDD.
-- Using multiple disks is recommended to improve cache performance.
-- RAID disk configurations are discouraged because cache performance will be impacted. If you're using RAID disk configurations, ensure striping.
-- The maximum number of disks supported is 10.
-
-#### NIC requirements
-
-- Multiple NICs on a single Connected Cache instance are supported using a *link aggregated* configuration.
-- 10 Gbps NIC is the minimum speed recommended, but any NIC is supported.
-
-### Sizing recommendations
-
-The Connected Cache module is optimized for Ubuntu 20.04 LTS. Install Ubuntu 20.04 LTS on a physical server or VM of your choice. The following recommended configuration can egress at a rate of 9 Gbps with a 10 Gbps NIC.
-
-| Component  | Minimum | Recommended |
-|---|---|---|
-| OS |  Ubuntu 20.04 LTS VM or physical server | Ubuntu 20.04 LTS VM or physical server (preferred) |
-| NIC | 10 Gbps| at least 10 Gbps |
-| Disk | SSD </br>1 drive </br>2 TB each  |SSD </br>2-4 drives </br>at least 2 TB each  |
-| Memory | 8 GB | 32 GB or greater |
-| Cores | 4 | 8 or more  | -->
-
-<!-- ## Steps to deploy Connected Cache
-
-To deploy Connected Cache:
-
-1. [Provide Microsoft with your Azure subscription ID](#provide-microsoft-with-your-azure-subscription-id)
-2. [Create the Connected Cache Resource in Azure](#create-the-mcc-resource-in-azure)
-3. [Create a Cache Node](#create-an-mcc-node-in-azure)
-4. [Configure Cache Node Routing](#edit-cache-node-information)
-5. [Install Connected Cache on a physical server or VM](#install-mcc)
-6. [Verify properly functioning Connected Cache server](#verify-properly-functioning-mcc-server)
-7. [Review common issues if needed](#common-issues)
-
-## Provide Microsoft with your Azure subscription ID
-
-As part of the Connected Cache preview onboarding process, an Azure subscription ID must be provided to Microsoft.
-
-> [!IMPORTANT]
-> For information about creating or locating your subscription ID, see [Steps to obtain an Azure subscription ID](#steps-to-obtain-an-azure-subscription-id).
-
-### Create the Connected Cache resource in Azure
-
-The Connected Cache Azure management portal is used to create and manage Connected Cache nodes. An Azure subscription ID is used to grant access to the preview and to create the Connected Cache resource in Azure and cache nodes.
-
-Operators who have been given access to the program will be sent a link to the Azure portal, which will allow you to create this resource.
-
-1. Choose **Create a resource**.
-
-    :::image type="content" source="./images/mcc-isp-create-resource.png" alt-text="Screenshot of the option to 'Create a resource' in the Azure portal.":::
-
-1. Type **Microsoft Connected Cache** into the search box and press **Enter** to show the search results.
-
-1. Select **Microsoft Connected Cache**.
-
-    :::image type="content" source="./images/mcc-isp-search-marketplace.png" alt-text="Screenshot of searching the Azure Marketplace for 'Microsoft Connected Cache'.":::
-
-    > [!IMPORTANT]
-    > Don't select *Connected Cache Resources*, which is different from **Microsoft Connected Cache**.
-
-1. Select **Create** on the next screen to start the process of creating the Connected Cache resource.
-
-    :::image type="content" source="./images/mcc-isp-create.png" alt-text="Screenshot of the Create option for the Microsoft Connected Cache service.":::
-
-1. Fill in the following required fields to create the Connected Cache resource:
-
-    - Choose the **Subscription** that you provided to Microsoft.
-
-    - Azure resource groups are logical groups of resources. Create a new **Resource group** and choose a name for it.
-
-    - Choose **(US) West US** for the **Location** of the resource. This choice won't impact Connected Cache if the physical location isn't in the West US, it's just a limitation of the preview.
-
-        > [!NOTE]
-        > Your Connected Cache resource won't create properly if you don't select **(US) West US**.
-
-    - Specify a **Connected Cache Resource Name**.
-
-      :::image type="content" source="./images/mcc-isp-location-west.png" alt-text="Screenshot of entering the required information, including the West US location, to create a Connected Cache in Azure.":::
-
-1. Select **Review + Create**. Once validation is complete, select **Create** to start the resource creation.
-
-    :::image type="content" source="./images/mcc-isp-deployment-complete.png" alt-text="'Screenshot of the 'Your deployment is complete' message displaying deployment details.":::
-
-#### Common Resource Creation Errors
-
-##### Error: Validation failed
-
-If you get the error message "Validation failed" in the Azure portal, it's likely because you selected the **Location** as **US West 2** or another unsupported location. To resolve this error, go to the previous step and choose **(US) West US** for the **Location**.
-
-##### Error: Could not create Marketplace item
-
-If you get the error message "Could not create marketplace item" in the Azure portal, use the following steps to troubleshoot:
-
-- Make sure that you've selected **Microsoft Connected Cache** and not *Connected Cache resources* while trying to create a Connected Cache resource.
-
-- Make sure that you're using the same subscription that you provided to Microsoft and you have privileges to create an Azure resource.
-
-- If the issue persists, clear your browser cache and start in a new window.
-
-### Create a Connected Cache node in Azure
-
-1. After you successfully create the resource, select **Go to resource**.
-
-1. Under the **Cache Node Management** section in the left panel, select **Cache Nodes**.
-
-    :::image type="content" source="./images/mcc-isp-cache-nodes-option.png" alt-text="Screenshot of the 'Cache Nodes' option in the Cache Node Management menu section.":::
-
-1. On the **Cache Nodes** section, select **Create Cache Node**.
-
-    :::image type="content" source="./images/mcc-isp-create-cache-node-option.png" alt-text="Screenshot of the selecting the 'Create Cache Node' option.":::
-
-1. This action opens the **Create Cache Node** page. The only required fields are **Cache Node Name** and **Max Allowable Egress (Mbps)**.
-
-    | Field name | Expected value | Description |
-    |--|--|--|
-    | **Cache Node Name** | Alphanumeric name that includes no spaces. | The name of the cache node. You may choose names based on location like Seattle-1. This name must be unique and can't be changed later. |
-    | **Server IP Address** | IPv4 Address | IP address of your Connected Cache server. This address is used to route end-user devices in your network to the server for Microsoft content downloads. *The IP address must be publicly accessible.* |
-    | **Max Allowable Egress (Mbps)** | Integer in Mbps | The maximum egress (Mbps) of your Connected Cache based on the specifications of your hardware. For example, `10,000` Mbps. |
-    | **Address Range/CIDR Blocks** | IPv4 CIDR notation | The IP address range (CIDR blocks) that should be routed to the Connected Cache server as a comma separated list. For example: `2.21.234.0/24, 3.22.235.0/24, 4.23.236.0/24` |
-    | **Enable Cache Node** | Enable or Disable | **Enable** permits the cache node to receive content requests. </br>**Disable** prevents the cache node from receiving content requests. </br>Cache nodes are enabled by default. |
-
-    :::image type="content" source="./images/mcc-isp-create-cache-node-fields.png" alt-text="Screenshot of the available fields on the Create Cache Node page.":::
-
-    > [!TIP]
-    > The information icon next to each field provides a description.
-    >
-    > :::image type="content" source="./images/mcc-isp-node-server-ip.png" alt-text="Screenshot of the Create Cache Node page showing the description for the Server IP Address field.":::
-
-   After you create the cache node, if you return to this page, it populates the values for the two read-only fields:
-
-     | Field name | Description |
-     |--|--|
-     | **IP Space** | Number of IP addresses that will be routed to your cache server. |
-    | **Activation Keys** | Set of keys to activate your cache node with the Connected Cache services. Copy the keys for use during install. The CustomerID is your Azure subscription ID. |
-
-1. Enter the information to create the cache node, and then select **Create**.
-
-    :::image type="content" source="./images/mcc-isp-create-new-node.png" alt-text="Screenshot of selecting 'Create' on the Create Cache Node page.":::
-
-If there are errors, the page gives you guidance on how to correct the errors. For example:
-
-- The cache node name is already in use in the resource or is an incorrect format.
-- The CIDR block notation or list is incorrect.
-- The server IP address or CIDR block is already in use.
-
-See the following example with all information entered:
-
-:::image type="content" source="./images/mcc-isp-create-node-form.png" alt-text="Screenshot of the Create Cache Node page with all information entered.":::
-
-Once you create the Connected Cache node, it will display the installer instructions. For more information on the installer instructions, see the [Install Connected Cache](#install-mcc) section.
-
-:::image type="content" source="./images/mcc-isp-success-instructions.png" alt-text="Screenshot of the Cache node successfully created with Connected Cache installer instructions.":::
-
-### IP address space approval
-
-There are three states for IP address space. Connected Cache configuration supports BGP and has automatic routing capabilities.
-
-- **Valid**: The IP address space is approved.
-
-- **In Review**: The IP address space is under review with Microsoft to ensure valid IP address space.
-
-- **Attention Required**: The IP address space has been reviewed and an issue was discovered. For example:
-
-  - The IP address space overlaps with an existing cache node that belongs to another customer
-
-  - The IP address space was exceedingly large.
-
-  If your IP address space has this status, contact Microsoft for more information.
-
-:::image type="content" source="./images/mcc-isp-node-names.png" alt-text="Screenshot of a list of cache node names with example IP address space statuses.":::
-
-## Edit cache node information
-
-:::image type="content" source="./images/mcc-isp-list-nodes.png" alt-text="Screenshot of the Cache Nodes list in the Azure portal.":::
-
-To modify the configuration for existing Connected Cache nodes in the portal, select the cache node name in the cache nodes list. This action opens the **Cache Node Configuration** page. You can edit the **Server IP Address** or **Address Range/CIDR Blocks** field. You can also enable or disable the cache node.
-
-:::image type="content" source="./images/mcc-isp-node-configuration.png" alt-text="Screenshot of the Cache Node Configuration page, highlighting editable fields.":::
-
-To delete a cache node, select it in the cache nodes list, and then select **Delete** in the toolbar. If you delete a cache node, there's no way to recover it or any of the information related to the cache node. -->
-
-<!-- ## Install Connected Cache
-
-To install Connected Cache on your physical server or VM, you use a Bash script installer, which runs the following tasks:
-
-- Installs the Moby engine and CLI.
-- Installs IoT Edge.
-- Installs SSH to support remote access to the server.
-- Enables the firewall and opens port 80 for inbound and outbound traffic. The Connected Cache uses port 80.
-- Configures Connected Cache tuning settings.
-- Creates the necessary free Azure resource: IoT Hub/IoT Edge.
-- Deploys the Connected Cache container to the server.
-
-> [!IMPORTANT]
-> Make sure that the following ports are open so that Microsoft can verify proper functionality of the cache server:
->
-> - 80: content delivery
-> - 179: BGP session
-> - 443: IoT Edge secure communication
-> - 5000: (optional) used to view locally running report
-> - 5671: IoT Edge communication/container management
-> - 8883: IoT Edge communication/container management
-
-### Steps to install Connected Cache
-
-Before you start, make sure that you have a data drive configured on your server. You'll need to specify the location for this cache drive during this process. The minimum size for the data drive is 100 GB. For instructions to mount a disk on a Linux VM, see [Attach a data disk to a Linux VM](/azure/virtual-machines/linux/attach-disk-portal#find-the-disk).
-
-1. From either **Create Cache Node** or **Cache Node Configuration** pages, select **Download Installer** to download the installer file.
-
-    :::image type="content" source="./images/mcc-isp-installer-download.png" alt-text="Screenshot of the Create Cache Node page highlighting the Download Installer action.":::
-
-    Unzip the **mccinstaller.zip** file, which includes the following installation files and folders:
-
-    - Diagnostics folder: Used to create diagnostics support bundle.
-    - **installmcc.sh**: Main installer file.
-    - **installIotEdge.sh**: Installs the necessary prerequisites. For example, IoT Edge runtime and Docker. It also makes necessary host OS settings to optimize caching performance.
-    - **resourceDeploymentForConnectedCache.sh**: Creates Azure cloud resources required to support the Connected Cache control plane.
-    - **mccdeployment.json**: Deployment manifest used by IoT Edge to deploy the Connected Cache container. It also configures settings on the container like cache drives location and sizes.
-    - **mccupdate.json**
-    - **packagever.txt**
-    - **uninstallmcc.sh**: Main uninstaller file.
-    - **updatemcc.sh**: Main update file.
-
-1. Copy all files to your Linux server.
-
-1. Open a terminal window. Change the access permissions to execute on the **installmcc.sh** Bash script file using `chmod`.
-
-    ```bash
-    sudo chmod +x installmcc.sh
-    ```
-
-1. In the Azure portal, in the Connected Cache installer instructions, copy the cache node installer Bash script command. Run the Bash script from the terminal.
-
-    :::image type="content" source="./images/mcc-isp-copy-install-script.png" alt-text="Screenshot of the Copy option for the cache node installer Bash script in the Connected Cache installer instructions.":::
-
-1. Sign in to the Azure portal with a device code.
-
-    :::image type="content" source="./images/mcc-isp-bash-device-code.png" alt-text="Screenshot of the Bash script prompt to sign in to the Azure portal with a device code." lightbox="./images/mcc-isp-bash-device-code.png":::
-
-1. Specify the number of drives to configure. Use an integer value less than 10.
-
-    :::image type="content" source="./images/mcc-isp-bash-drive-number.png" alt-text="Screenshot of the Bash script prompt to enter the number of cache drives to configure." lightbox="./images/mcc-isp-bash-drive-number.png":::
-
-1. Specify the location of the cache drives. For example, `/datadrive/`
-
-    :::image type="content" source="./images/mcc-isp-bash-datadrive.png" alt-text="Screenshot of the Bash script prompt to enter the location for cache drive." lightbox="./images/mcc-isp-bash-datadrive.png":::
-
-    > [!IMPORTANT]
-    > The script changes the permission and ownership on the cache drive to **everyone** with the command `chmod 777`.
-    >
-    > Don't point the cache drive to any of the following locations:
-    >
-    > - `.`
-    > - `./var`
-    > - `/`
-    > - `<space>`
-    >
-    > Specifying any of these will corrupt the OS, and you'll need to re-install the image again.
-
-1. Specify an integer value as the size in GB for each cache drive. The minimum is `100` GB.
-
-    :::image type="content" source="./images/mcc-isp-bash-allocate-space.png" alt-text="Screenshot of the Bash script prompt to enter the amount of space to allocate to the cache drive." lightbox="./images/mcc-isp-bash-allocate-space.png":::
-
-1. Specify whether you have an existing IoT Hub.
-
-    - If this process is for your *first Connected Cache deployment*, enter `n`.
-
-    - If you already have a Connected Cache deployment, you can use an existing IoT Hub from your previous installation. Select `Y` to see your existing IoT Hubs. You can copy and paste the resulting IoT Hub name to continue.
-
-    :::image type="content" source="./images/mcc-isp-bash-iot-prompt.png" alt-text="Screenshot of the Bash script output with steps for existing IoT Hub." lightbox="./images/mcc-isp-bash-iot-prompt.png":::
-
-1. If you want to configure BGP, enter `y`. If you want to use manual entered prefixes for routing, enter `n` and skip to Step 16. You can always configure BGP at a later time using the Update Script.
-
-    1. Enter the number of BGP neighbors you want to configure.
-    1. Enter the IP address for the neighbor.
-    1. Enter the ASN corresponding to that neighbor. This value should be the same ASN as the Connected Cache -iBGP connection.
-    1. Repeat these steps for each neighbor you need to configure.
-
-    > [!NOTE]
-    > With the BGP configuration, you're essentially setting up an iBGP neighbor in your public ASN. For example, when you initiate the BGP session from the router to the cache node, you would use your own ASN.
-
-1. BGP is now configured from the Connected Cache side. From your end, establish a neighborship from your router to Connected Cache's host machine. Use the IP address of the host machine that's running the Connected Cache container.
-
-    1. Make sure there aren't any firewall rules blocking this connection.
-    1. Verify that the BGP connection has been established and that you're advertising routes to the Connected Cache.
-    1. Wait five minutes to refresh the cache node page in the Azure portal to see the BGP routes.
-
-1. Confirm the update is complete by running the following command.
-
-    ```bash
-    sudo iotedge list
-    ```
-
-    Make sure Connected Cache is running on the latest version. If you only see **edgeAgent** and **edgeHub**, wait five minutes and run this command again.
-
-1. Make sure Connected Cache is reachable. Replace `<CacheServerIp>` with the IP address of your Connected Cache or localhost.
-
-    ```bash
-    wget http://<CacheServerIP>/mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com
-    ```
-
-1. After you successfully complete the update, go to the Azure portal. To check the routes being reported, select **Download JSON**.
-
-1. To start routing using BGP, change the **Prefix Source** from **Manually Entered** to **Use BGP**.
-
-    :::image type="content" source="./images/mcc-isp-use-bgp.png" alt-text="Screenshot of the Cache Node Configuration page with the Prefix Source set to Use BGP.":::
-
-1. If there are no errors, go to the next section to verify the Connected Cache server.
-
-    If there are errors:
-
-    - Inspect the installer logs, which are in the following path: `/etc/mccresourcecreation/`
-
-    - For more information, see [Troubleshoot your IoT Edge device](/azure/iot-edge/troubleshoot). -->
-
-## Verify properly functioning Connected Cache server
-
-### Verify client side
-
-Sign in to the Connected Cache server or use SSH. Run the following command from a terminal to see the running modules (containers):
-
-```bash
-sudo iotedge list
-```
-
-:::image type="content" source="./images/mcc-isp-running-containers.png" alt-text="Screenshot of the terminal output of iotedge list command, showing the running containers." lightbox="./images/mcc-isp-running-containers.png":::
-
-If it lists the **edgeAgent** and **edgeHub** containers, but doesn't include **MCC**, view the status of the IoT Edge security manager using the command:
-
-```bash
-sudo journalctl -u iotedge -f
-```
-
-For example, this command provides the current status of the starting and stopping of a container, or the container pull and start:
-
-:::image type="content" source="./images/mcc-isp-edge-journalctl.png" alt-text="Terminal output of journalctl command for iotedge." lightbox="./images/mcc-isp-edge-journalctl.png":::
-
-### Verify server side
-
-It can take a few minutes for the container to deploy.
-
-To validate a properly functioning Connected Cache, run the following command in the terminal of the cache server or any device in the network. Replace `<CacheServerIP>` with the IP address of the cache server.
-
-```bash
-wget http://<CacheServerIP>/mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com
-```
-
-The following screenshot shows a successful test result:
-
-:::image type="content" source="./images/mcc-isp-wget.png" alt-text="Screenshot of the terminal output of successful test result with wget command to validate a Microsoft Connected Cache." lightbox="./images/mcc-isp-wget.png":::
-
-Similarly, enter the following URL into a web browser on any device on the network:
-
-```http
-http://<CacheServerIP>/mscomtest/wuidt.gif?cacheHostOrigin=au.download.windowsupdate.com
-```
-
-If the test fails, for more information, see the [common issues](#common-issues) section.
-
-## Common Issues
-
-### Microsoft Connected Cache is no longer serving traffic
-If you did not migrate your cache node then your cache node may still be on early preview version.
-Microsoft Connected Cache for Internet Service Providers is now in Public Preview! To get started, visit  [Azure portal](https://www.portal.azure.com) to sign up for Microsoft Connected Cache for Internet Service Providers. Please see [Operator sign up and service onboarding for Microsoft Connected Cache](mcc-isp-signup.md) for more information on the requirements for sign up and onboarding.
-<br>
-<br>
-<br>
-
-> [!NOTE]
-> This section only lists common issues. For more information on additional issues you may encounter when configuring IoT Edge, see the [IoT Edge troubleshooting guide](/azure/iot-edge/troubleshoot).
-
-Use the following command to check the IoT Edge journal:
-
-```bash
-sudo journalctl -u iotedge -f
-```
-
-### DNS needs to be configured
-
-Run the following IoT Edge install state check:
-
-```bash
-sudo iotedge check --verbose
-```
-
-If you see issues with ports 5671, 443, and 8883, your IoT Edge device needs to update the DNS for Docker.
-
-To configure the device to work with your DNS, use the following steps:
-
-1. Use `ifconfig` to find the appropriate NIC adapter name.
-
-    ```bash
-    ifconfig
-    ```
-
-1. Run `nmcli device show <network adapter name>` to show the DNS name for the ethernet adapter. For example, to show DNS information for **eno1**:
-
-    ```bash
-    nmcli device show eno1 
-    ```
-
-    :::image type="content" source="images/mcc-isp-nmcli.png" alt-text="Screenshot of a sample output of nmcli command to show network adapter information." lightbox="./images/mcc-isp-nmcli.png":::
-
-1. Open or create the Docker configuration file used to configure the DNS server.
-
-    ```bash
-    sudo nano /etc/docker/daemon.json
-    ```
-
-1. Paste the following string into the **daemon.json** file, and include the appropriate DNS server address. For example, in the previous screenshot, `IP4.DNS[1]` is `10.50.10.50`.
-
-    ```bash
-    { "dns": ["x.x.x.x"]}
-    ```
-
-1. Save the changes to daemon.json. If you need to change permissions on this file, use the following command:
-
-    ```bash
-    sudo chmod 555 /etc/docker/daemon.json
-    ```
-
-1. Restart Docker to pick up the new DNS setting. Then restart IoT Edge.
-
-    ```bash
-    sudo systemctl restart docker
-    sudo systemctl daemon-reload
-    sudo restart IoTEdge
-    ```
-
-<!-- ### Diagnostics script
-
-If you're having issues with your Connected Cache, the installer file includes a diagnostics script. The script collects all logs and zips them into a single file. 
-
-To run the script:
-
-1. Navigate to the following folder in the Connected Cache installation files:
-
-    `mccinstaller > MccResourceInstall > Diagnostics`
-
-1. Run the following commands:
-
-    ```bash
-    sudo chmod +x collectMccDiagnostics.sh
-    sudo ./collectMccDiagnostics.sh
-    ```
-
-1. The script stores all the debug files into a folder and creates a tar file. After the script is finished running, it displays the path of the tar file that you can share with the Connected Cache team. The file should be `/etc/mccdiagnostics/support_bundle_\$timestamp.tar.gz`
-
-1. [Email the Connected Cache team](mailto:msconnectedcache@microsoft.com?subject=Debugging%20Support%20Request%20for%20MCC) and attach this tar file, asking for debugging support. Screenshots of the error along with any other warnings you saw will be helpful during the debugging process. -->
-
-<!-- ## Updating your Connected Cache
-
-Throughout the early preview phase, Microsoft will release security and feature updates for Connected Cache. Follow these steps to update your Connected Cache.
-
-Run the following commands, replacing the variables with the values provided in the email to update your Connected Cache:
-
-```bash
-sudo chmod +x updatemcc.sh
-sudo chmod +x installIoTEdge.sh
-sudo ./updatemcc.sh version="<VERSION>" tenantid="<TENANTID>" customerid="<CUSTOMERID>" cachenodeid="<CACHENODEID>" customerkey="<CUSTOMERKEY>"
-```
-
-For example:
-
-```bash
-sudo ./updatemcc.sh version="msconnectedcacheprod.azurecr.io/mcc/linux/iot/mcc-ubuntu-iot-amd64:1.2.1.981" tenantid="799a999aa-99a1-99aa-99aa-9a9aa099db99" customerid="99a999aa-99a1-99aa-99aa-9aaa9aaa0saa" cachenodeid=" aa99aaaa-999a-9aas-99aa99daaa99 " customerkey="a99d999a-aaaa-aa99-0999aaaa99aa"
-``` -->
-
-<!-- ### Configure BGP on an Existing Connected Cache
-
-If you have a Connected Cache that's already active and running, follow the steps below to configure BGP.
-
-1. Run the Update commands as described above.
-
-1. Sign in with your Azure credentials using the device code.
-
-1. To finish configuring your Connected Cache with BGP routing, continue from Step 10 of [Steps to Install Connected Cache](#steps-to-install-mcc). -->
-
-
-## Uninstalling Connected Cache
-
-In the installer zip file, you'll find the file **uninstallmcc.sh**. This script uninstalls Connected Cache and all the related components. Before you run this script, contact the Connected Cache team. Only run it if you're facing issues with Connected Cache installation.
-
-> [!WARNING]
-> Be cautious before running this script. It will also erase existing IoT workflows in this VM.
-
-The **uninstallmcc.sh** script removes the following components:
-
-- IoT Edge
-- Edge Agent
-- Edge Hub
-- Connected Cache
-- Moby CLI
-- Moby engine
-
-To run the script, use the following commands:
-
-```bash
-sudo chmod +x uninstallmcc.sh
-sudo ./uninstallmcc.sh
-```
-
-## Appendix
-
-### Steps to obtain an Azure subscription ID
-
-<!--Using include file, get-azure-subscription.md, for shared content-->
-[!INCLUDE [Get Azure subscription](includes/get-azure-subscription.md)]
-
-### Performance of Connected Cache in virtual environments
-
-In virtual environments, the cache server egress peaks at around 1.1 Gbps. If you want to maximize the egress in virtual environments, it's critical to change the following two settings:
-
-1. Enable **SR-IOV** in the following three locations:
-
-    - The BIOS of the Connected Cache VM
-    - The Connected Cache VM's network card properties
-    - The hypervisor for the Connected Cache VM
-
-    Microsoft has found these settings to double egress when using a Microsoft Hyper-V deployment.
-
-2. Enable "high performance" in the BIOS instead of energy savings. Microsoft has found this setting nearly doubled egress in a Microsoft Hyper-V deployment.
-
-### Grant other users access to manage your Connected Cache
-
-More users can be given access to manage Microsoft Connected Cache, even if they don't have an Azure account. Once you've created the first cache node in the portal, you can add other users as **Owners** of the Microsoft Connected Cache resource group and the Microsoft Connected Cache resource.
-
-For more information on how to add other users as an owner, see [Grant a user access to Azure resources using the Azure portal](/azure/role-based-access-control/quickstart-assign-role-user-portal). Make sure to do this action for both the *Connected Cache resource* and *Connected Cache resource group*.
+<!-- 
 
 ### Setting up a VM on Windows Server
 
@@ -727,3 +153,5 @@ For more information on Azure IoT Edge, see the [Azure IoT Edge documentation](/
 [Microsoft Connected Cache overview](waas-microsoft-connected-cache.md)
 
 [Introducing Microsoft Connected Cache](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/introducing-microsoft-connected-cache-microsoft-s-cloud-managed/ba-p/963898)
+
+-->
diff --git a/windows/deployment/do/waas-microsoft-connected-cache.md b/windows/deployment/do/waas-microsoft-connected-cache.md
index 5fe3139709..ac5b29ba36 100644
--- a/windows/deployment/do/waas-microsoft-connected-cache.md
+++ b/windows/deployment/do/waas-microsoft-connected-cache.md
@@ -13,7 +13,7 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 05/23/2024
+ms.date: 10/30/2024
 ---
 
 # What is Microsoft Connected Cache?
@@ -24,7 +24,7 @@ ms.date: 05/23/2024
 Microsoft Connected Cache is a software-only caching solution that delivers Microsoft content. Microsoft Connected Cache has two main offerings:
 
 - Microsoft Connected Cache for Internet Service Providers
-- Microsoft Connected Cache for Enterprise and Education (early preview)
+- Microsoft Connected Cache for Enterprise and Education (preview)
 
 Both products are created and managed in the cloud portal.
 
@@ -35,14 +35,14 @@ Both products are created and managed in the cloud portal.
 
 Microsoft Connected Cache for Internet Service Providers is currently in preview. Connected Cache can be deployed to as many bare-metal servers or VMs as needed and is managed from a cloud portal. When deployed, Connected Cache can help to reduce your network bandwidth usage for Microsoft software content and updates. Cache nodes are created in the cloud portal and are configured to deliver traffic to customers by manual CIDR or BGP routing. Learn more at [Microsoft Connected Cache for ISPs Overview](mcc-isp-overview.md).
 
-## Microsoft Connected Cache for Enterprise and Education (early preview)
+## Microsoft Connected Cache for Enterprise and Education (preview)
 
 > [!NOTE]
-> As we near the release of public preview, we have paused onboarding. Please continue to submit the form to express interest so we can follow up with you once public preview of Microsoft Connected Cache for Enteprise and Education is available. To register your interest, fill out the form located at [https://aka.ms/MSConnectedCacheSignup](https://aka.ms/MSConnectedCacheSignup).
+> Microsoft Connected Cache for Enterprise and Education is now in public preview. To get started, follow the instructions in the [Create Microsoft Connected Cache Azure resource and cache nodes](mcc-ent-create-resource-and-cache.md) article.
 
-Microsoft Connected Cache for Enterprise and Education (early preview) is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. Connected Cache can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. Learn more at [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md).
+Microsoft Connected Cache for Enterprise and Education is a software-only caching solution that delivers Microsoft content within Enterprise and Education networks. Connected Cache can be deployed to as many Windows servers, bare-metal servers, or VMs as needed, and is managed from a cloud portal. Cache nodes are created in the cloud portal and are configured by applying the client policy using management tools such as Intune. Learn more at [Microsoft Connected Cache for Enterprise and Education Overview](mcc-ent-edu-overview.md).
 
-Microsoft Connected Cache for Enterprise and Education (early preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache)
+Microsoft Connected Cache for Enterprise and Education (preview) is a standalone cache for customers moving towards modern management and away from Configuration Manager distribution points. For Microsoft Connected Cache in Configuration Manager (generally available starting Configuration Manager version 2111), see [Microsoft Connected Cache in Configuration Manager](/mem/configmgr/core/plan-design/hierarchy/microsoft-connected-cache)
 
 ## Next steps
 
diff --git a/windows/deployment/images/mcc-ent-cache-node-summary.png b/windows/deployment/images/mcc-ent-cache-node-summary.png
new file mode 100644
index 0000000000..596b382728
Binary files /dev/null and b/windows/deployment/images/mcc-ent-cache-node-summary.png differ
diff --git a/windows/deployment/images/mcc-ent-key-metric-charts.png b/windows/deployment/images/mcc-ent-key-metric-charts.png
new file mode 100644
index 0000000000..b1d05e6103
Binary files /dev/null and b/windows/deployment/images/mcc-ent-key-metric-charts.png differ
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
index cf387f0042..5e7b3411e6 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@@ -135,10 +135,13 @@ For more information about feature entitlement, see [Features and capabilities](
 The following Windows 10/11 editions, build version, and architecture are supported when [devices are registered with Windows Autopatch](../deploy/windows-autopatch-register-devices.md):
 
 - Windows 11 Professional, Education, Enterprise, Pro Education, or Pro for Workstations editions
+- Windows 11 IoT Enterprise edition
 - Windows 10 Professional, Education, Enterprise, Pro Education, or Pro for Workstations editions
+- Windows 10 IoT Enterprise edition
 
 Windows Autopatch service supports Windows client devices on the **General Availability Channel**.
 
+
 > [!IMPORTANT]
 > Windows Autopatch supports registering [Windows 10 and Windows 11 Long-Term Servicing Channel (LTSC)](/windows/whats-new/ltsc/overview) devices that are being currently serviced by the [Windows 10 LTSC](/windows/release-health/release-information) or [Windows 11 LTSC](/windows/release-health/windows11-release-information). The service only supports managing the [Windows quality updates](../operate/windows-autopatch-windows-quality-update-overview.md) workload for devices currently serviced by the LTSC. Windows Update for Business service and Windows Autopatch don't offer Windows feature updates for devices that are part of the LTSC. You must either use [LTSC media](https://www.microsoft.com/evalcenter/evaluate-windows-10-enterprise) or the [Configuration Manager Operating System Deployment capabilities to perform an in-place upgrade](/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager) for Windows devices that are part of the LTSC.
 
diff --git a/windows/security/application-security/application-control/app-control-for-business/appcontrol.md b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md
index 8d6749004f..a778ffc2fb 100644
--- a/windows/security/application-security/application-control/app-control-for-business/appcontrol.md
+++ b/windows/security/application-security/application-control/app-control-for-business/appcontrol.md
@@ -43,15 +43,6 @@ Smart App Control is only available on clean installation of Windows 11 version
 > [!IMPORTANT]
 > Once you turn Smart App Control off, it can't be turned on without resetting or reinstalling Windows.
 
-### Smart App Control Enforced Blocks
-
-Smart App Control enforces the [Microsoft Recommended Driver Block rules](design/microsoft-recommended-driver-block-rules.md) and the [Microsoft Recommended Block Rules](design/applications-that-can-bypass-appcontrol.md), with a few exceptions for compatibility considerations. The following aren't blocked by Smart App Control:
-
-- Infdefaultinstall.exe
-- Microsoft.Build.dll
-- Microsoft.Build.Framework.dll
-- Wslhost.dll
-
 [!INCLUDE [windows-defender-application-control-wdac](../../../../../includes/licensing/windows-defender-application-control-wdac.md)]
 
 ## Related articles
diff --git a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
index 8c81845b7b..68d64ea7fe 100644
--- a/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
+++ b/windows/security/application-security/application-control/user-account-control/settings-and-configuration.md
@@ -96,6 +96,7 @@ The registry keys are found under the key: `HKLM:\SOFTWARE\Microsoft\Windows\Cur
 | Run all administrators in Admin Approval Mode | `EnableLUA` | 0 = Disabled<br>1 (Default) = Enabled |
 | Switch to the secure desktop when prompting for elevation| `PromptOnSecureDesktop` | 0 = Disabled<br>1 (Default) = Enabled |
 | Virtualize file and registry write failures to per-user locations | `EnableVirtualization` | 0 = Disabled<br>1 (Default) = Enabled |
+| Prioritise network logons over cached logons | `InteractiveLogonFirst` | 0 (Default) = Disabled<br>1 = Enabled |
 
 [WIN-1]: /windows/client-management/mdm/policy-csp-localpoliciessecurityoptions
 [MEM-1]: /mem/intune/configuration/custom-settings-windows-10
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index b2eefb6943..b7d4db82be 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -137,6 +137,7 @@
         "application-security/application-control/user-account-control/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2025</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
@@ -172,6 +173,7 @@
         "identity-protection/credential-guard/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2025</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
@@ -179,6 +181,7 @@
         "identity-protection/smart-cards/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2025</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
@@ -186,6 +189,7 @@
         "identity-protection/virtual-smart-cards/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2025</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
@@ -197,6 +201,7 @@
         "operating-system-security/data-protection/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2025</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
@@ -204,6 +209,7 @@
         "operating-system-security/data-protection/**/*.yml": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2025</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
@@ -224,6 +230,7 @@
         "operating-system-security/network-security/windows-firewall/**/*.md": [
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2025</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
           "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
@@ -235,7 +242,6 @@
         "book/*.md": "paoloma",
         "identity-protection/access-control/*.md": "sulahiri",
         "identity-protection/credential-guard/*.md": "zwhittington",
-        "identity-protection/hello-for-business/*.md": "erikdau",
         "identity-protection/smart-cards/*.md": "ardenw",
         "identity-protection/virtual-smart-cards/*.md": "ardenw",
         "operating-system-security/data-protection/personal-data-encryption/*.md": "rhonnegowda",
diff --git a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
index 22b8f3245f..f89ec506b2 100644
--- a/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/hardware-security/enable-virtualization-based-protection-of-code-integrity.md
@@ -13,6 +13,9 @@ appliesto:
 
 # Enable virtualization-based protection of code integrity
 
+> [!WARNING]
+> Some applications and hardware device drivers may be incompatible with memory integrity. This incompatibility can cause devices or software to malfunction and in rare cases may result in a boot failure (blue screen). Such issues may occur after memory integrity has been turned on or during the enablement process itself. If compatibility issues occur, see [Troubleshooting](#troubleshooting) for remediation steps.
+
 **Memory integrity** is a Virtualization-based security (VBS) feature available in Windows. Memory integrity and VBS improve the threat model of Windows and provide stronger protections against malware trying to exploit the Windows kernel. VBS uses the Windows hypervisor to create an isolated virtual environment that becomes the root of trust of the OS that assumes the kernel can be compromised. Memory integrity is a critical component that protects and hardens Windows by running kernel mode code integrity within the isolated virtual environment of VBS. Memory integrity also restricts kernel memory allocations that could be used to compromise the system.
 
 > [!NOTE]
@@ -20,9 +23,6 @@ appliesto:
 > - Memory integrity is sometimes referred to as *hypervisor-protected code integrity (HVCI)* or *hypervisor enforced code integrity*, and was originally released as part of *Device Guard*. Device Guard is no longer used except to locate memory integrity and VBS settings in Group Policy or the Windows registry.
 > - Memory integrity works better with Intel Kabylake and higher processors with *Mode-Based Execution Control*, and AMD Zen 2 and higher processors with *Guest Mode Execute Trap* capabilities. Older processors rely on an emulation of these features, called *Restricted User Mode*, and will have a bigger impact on performance. When nested virtualization is enabled, memory integrity works better when the VM is version >= 9.3.
 
-> [!WARNING]
-> Some applications and hardware device drivers may be incompatible with memory integrity. This incompatibility can cause devices or software to malfunction and in rare cases may result in a boot failure (blue screen). Such issues may occur after memory integrity has been turned on or during the enablement process itself. If compatibility issues occur, see [Troubleshooting](#troubleshooting) for remediation steps.
-
 ## Memory integrity features
 
 - Protects modification of the Control Flow Guard (CFG) bitmap for kernel mode drivers.
@@ -32,28 +32,28 @@ appliesto:
 
 To enable memory integrity on Windows devices with supporting hardware throughout an enterprise, use any of these options:
 
-- [Windows Security settings](#windows-security)
-- [Microsoft Intune (or another MDM provider)](#enable-memory-integrity-using-intune)
-- [Group Policy](#enable-memory-integrity-using-group-policy)
-- [Microsoft Configuration Manager](https://cloudblogs.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-configuration-manager/)
-- [Registry](#use-registry-keys-to-enable-memory-integrity)
+### [:::image type="icon" source="../images/icons/security-app.svg" border="false"::: **Windows Security**](#tab/security)
 
-### Windows Security
+### Enable memory integrity using Windows Security
 
 **Memory integrity** can be turned on in **Windows Security** settings and found at **Windows Security** > **Device security** > **Core isolation details** > **Memory integrity**. For more information, see [Device protection in Windows Security](https://support.microsoft.com/help/4096339/windows-10-device-protection-in-windows-defender-security-center).
 
 Beginning with Windows 11 22H2, **Windows Security** shows a warning if memory integrity is turned off. The warning indicator also appears on the Windows Security icon in the Windows Taskbar and in the Windows Notification Center. The user can dismiss the warning from within **Windows Security**.
 
+### [:::image type="icon" source="../images/icons/intune.svg" border="false"::: **Intune/CSP**](#tab/intune)
+
 ### Enable memory integrity using Intune
 
 Use the **Virtualization Based Technology** > **Hypervisor Enforced Code Integrity** setting using the [settings catalog](/mem/intune/configuration/settings-catalog) to enable memory integrity. You can also use the HypervisorEnforcedCodeIntegrity node in the [VirtualizationBasedTechnology CSP](/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology).
 
+### [:::image type="icon" source="../images/icons/group-policy.svg" border="false"::: **GPO**](#tab/gpo)
+
 ### Enable memory integrity using Group Policy
 
 1. Use Group Policy Editor (gpedit.msc) to either edit an existing GPO or create a new one.
 1. Navigate to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**.
 1. Double-click **Turn on Virtualization Based Security**.
-1. Select **Enabled** and under **Virtualization Based Protection of Code Integrity**, select **Enabled without UEFI lock**. Only select **Enabled with UEFI lock** if you want to prevent memory integrity from being disabled remotely or by policy update. Once enabled with UEFI lock, you must have access to the UEFI BIOS menu to turn off Secure Boot if you want to turn off memory integrity.
+1. Select **Enabled**. Under **Virtualization Based Protection of Code Integrity**, select **Enabled without UEFI lock**. Only select **Enabled with UEFI lock** if you want to prevent memory integrity from being disabled remotely or by policy update. Once enabled with UEFI lock, you must have access to the UEFI BIOS menu to turn off Secure Boot if you want to turn off memory integrity.
 
    ![Enable memory integrity using Group Policy.](images/enable-hvci-gp.png)
 
@@ -61,7 +61,9 @@ Use the **Virtualization Based Technology** > **Hypervisor Enforced Code Integri
 
 To apply the new policy on a domain-joined computer, either restart or run `gpupdate /force` in an elevated Command Prompt.
 
-### Use registry keys to enable memory integrity
+### [:::image type="icon" source="../images/icons/registry.svg" border="false"::: **Registry**](#tab/reg)
+
+### Enable memory integrity using registry
 
 Set the following registry keys to enable memory integrity. These keys provide similar set of configuration options provided by Group Policy
 
@@ -85,74 +87,78 @@ reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorE
 
 If you want to customize the preceding recommended settings, use the following registry keys.
 
-**To enable VBS only (no memory integrity)**
+- To enable VBS only (no memory integrity):
 
-```cmd
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
-```
+    ```cmd
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "EnableVirtualizationBasedSecurity" /t REG_DWORD /d 1 /f
+    ```
 
-**To enable VBS and require Secure boot only (value 1)**
+- To enable VBS and require Secure boot only (value 1):
 
-```cmd
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
-```
+    ```cmd
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 1 /f
+    ```
 
-**To enable VBS with Secure Boot and DMA protection (value 3)**
+- To enable VBS with Secure Boot and DMA protection (value 3):
 
-```cmd
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 3 /f
-```
+    ```cmd
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "RequirePlatformSecurityFeatures" /t REG_DWORD /d 3 /f
+    ```
 
-**To enable VBS without UEFI lock (value 0)**
+- To enable VBS without UEFI lock (value 0):
 
-```cmd
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f
-```
+    ```cmd
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 0 /f
+    ```
 
-**To enable VBS with UEFI lock (value 1)**
+- To enable VBS with UEFI lock (value 1):
 
-```cmd
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 1 /f
-```
+    ```cmd
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Locked" /t REG_DWORD /d 1 /f
+    ```
 
-**To enable memory integrity**
+- To enable memory integrity:
 
-```cmd
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f
-```
+    ```cmd
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Enabled" /t REG_DWORD /d 1 /f
+    ```
 
-**To enable memory integrity without UEFI lock (value 0)**
+- To enable memory integrity without UEFI lock (value 0):
 
-```cmd
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f
-```
+    ```cmd
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 0 /f
+    ```
 
-**To enable memory integrity with UEFI lock (value 1)**
+- To enable memory integrity with UEFI lock (value 1):
 
-```cmd
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 1 /f
-```
+    ```cmd
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity" /v "Locked" /t REG_DWORD /d 1 /f
+    ```
 
-**To enable VBS (and memory integrity) in mandatory mode**
+- To enable VBS (and memory integrity) in mandatory mode:
 
-```cmd
-reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Mandatory" /t REG_DWORD /d 1 /f
-```
+    ```cmd
+    reg add "HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard" /v "Mandatory" /t REG_DWORD /d 1 /f
+    ```
 
-The **Mandatory** setting prevents the OS loader from continuing to boot in case the Hypervisor, Secure Kernel or one of their dependent modules fails to load.
+    The **Mandatory** setting prevents the OS loader from continuing to boot in case the Hypervisor, Secure Kernel or one of their dependent modules fails to load.
 
-> [!IMPORTANT]
-> Special care should be used before enabling this mode, since, in case of any failure of the virtualization modules, the system will refuse to boot.
+    > [!IMPORTANT]
+    > Special care should be used before enabling this mode, since, in case of any failure of the virtualization modules, the system will refuse to boot.
 
-**To gray out the memory integrity UI and display the message "This setting is managed by your administrator"**
-```cmd
-reg delete HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /f
-```
+- To gray out the memory integrity UI and display the message `This setting is managed by your administrator`:
 
-**To let memory integrity UI behave normally (Not grayed out)**
-```cmd
-reg add HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /t REG_DWORD /d 2 /f
-```
+    ```cmd
+    reg delete HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /f
+    ```
+
+- To let memory integrity UI behave normally (Not grayed out):
+
+    ```cmd
+    reg add HKLM\SYSTEM\CurrentControlSet\Control\DeviceGuard\Scenarios\HypervisorEnforcedCodeIntegrity /v "WasEnabledBy" /t REG_DWORD /d 2 /f
+    ```
+
+### [:::image type="icon" source="../images/icons/app-control.svg" border="false"::: **App Control**](#tab/appcontrol)
 
 ### Enable memory integrity using App Control for Business
 
@@ -165,6 +171,8 @@ You can use App Control policy to turn on memory integrity using any of the foll
 > [!NOTE]
 > If your App Control policy is set to turn memory integrity on, it will be turned on even if the policy is in audit mode.
 
+---
+
 ### Validate enabled VBS and memory integrity features
 
 #### Use Win32_DeviceGuard WMI class
@@ -180,82 +188,98 @@ Get-CimInstance -ClassName Win32_DeviceGuard -Namespace root\Microsoft\Windows\D
 
 The output of this command provides details of the available hardware-based security features and those features that are currently enabled.
 
-##### AvailableSecurityProperties
+- **InstanceIdentifier**: A string that is unique to a particular device and set by WMI.
 
-This field helps to enumerate and report state on the relevant security properties for VBS and memory integrity.
+- **Version**: This field lists the version of this WMI class. The only valid value now is **1.0**.
 
-| Value | Description                                             |
-|-------|---------------------------------------------------------|
-| **0** | If present, no relevant properties exist on the device. |
-| **1** | If present, hypervisor support is available.            |
-| **2** | If present, Secure Boot is available.                   |
-| **3** | If present, DMA protection is available.                |
-| **4** | If present, Secure Memory Overwrite is available.       |
-| **5** | If present, NX protections are available.               |
-| **6** | If present, SMM mitigations are available.              |
-| **7** | If present, MBEC/GMET is available.                     |
-| **8** | If present, APIC virtualization is available.           |
+- **AvailableSecurityProperties**: This field helps to enumerate and report state on the relevant security properties for VBS and memory integrity.
 
-##### InstanceIdentifier
+    | Value | Description                                             |
+    |-------|---------------------------------------------------------|
+    | **0** | If present, no relevant properties exist on the device. |
+    | **1** | If present, hypervisor support is available.            |
+    | **2** | If present, Secure Boot is available.                   |
+    | **3** | If present, DMA protection is available.                |
+    | **4** | If present, Secure Memory Overwrite is available.       |
+    | **5** | If present, NX protections are available.               |
+    | **6** | If present, SMM mitigations are available.              |
+    | **7** | If present, MBEC/GMET is available.                     |
+    | **8** | If present, APIC virtualization is available.           |
 
-A string that is unique to a particular device and set by WMI.
+- **CodeIntegrityPolicyEnforcementStatus**: This field indicates the code integrity policy enforcement status.
 
-##### RequiredSecurityProperties
+    | Value | Description |
+    |-------|-------------|
+    | **0** | Off         |
+    | **1** | Audit.      |
+    | **2** | Enforced.   |
 
-This field describes the required security properties to enable VBS.
+- **RequiredSecurityProperties**: This field describes the required security properties to enable VBS.
 
-| Value | Description                                    |
-|-------|------------------------------------------------|
-| **0** | Nothing is required.                           |
-| **1** | If present, hypervisor support is needed.      |
-| **2** | If present, Secure Boot is needed.             |
-| **3** | If present, DMA protection is needed.          |
-| **4** | If present, Secure Memory Overwrite is needed. |
-| **5** | If present, NX protections are needed.         |
-| **6** | If present, SMM mitigations are needed.        |
-| **7** | If present, MBEC/GMET is needed.               |
+    | Value | Description                                    |
+    |-------|------------------------------------------------|
+    | **0** | Nothing is required.                           |
+    | **1** | If present, hypervisor support is needed.      |
+    | **2** | If present, Secure Boot is needed.             |
+    | **3** | If present, DMA protection is needed.          |
+    | **4** | If present, Secure Memory Overwrite is needed. |
+    | **5** | If present, NX protections are needed.         |
+    | **6** | If present, SMM mitigations are needed.        |
+    | **7** | If present, MBEC/GMET is needed.               |
 
-##### SecurityServicesConfigured
+- **SecurityServicesConfigured**: This field indicates whether Credential Guard or memory integrity is configured.
 
-This field indicates whether Credential Guard or memory integrity is configured.
+    | Value | Description                                           |
+    |-------|-------------------------------------------------------|
+    | **0** | No services are configured.                           |
+    | **1** | If present, Credential Guard is configured.           |
+    | **2** | If present, memory integrity is configured.           |
+    | **3** | If present, System Guard Secure Launch is configured. |
+    | **4** | If present, SMM Firmware Measurement is configured.   |
+    | **5** | If present, Kernel-mode Hardware-enforced Stack Protection is configured. |
+    | **6** | If present, Kernel-mode Hardware-enforced Stack Protection is configured in Audit mode. |
+    | **7** | If present, Hypervisor-Enforced Paging Translation is configured. |
 
-| Value | Description                                           |
-|-------|-------------------------------------------------------|
-| **0** | No services are configured.                           |
-| **1** | If present, Credential Guard is configured.           |
-| **2** | If present, memory integrity is configured.           |
-| **3** | If present, System Guard Secure Launch is configured. |
-| **4** | If present, SMM Firmware Measurement is configured.   |
+- **SecurityServicesRunning**: This field indicates whether Credential Guard or memory integrity is running.
 
-##### SecurityServicesRunning
+    | Value | Description                                        |
+    |-------|----------------------------------------------------|
+    | **0** | No services running.                               |
+    | **1** | If present, Credential Guard is running.           |
+    | **2** | If present, memory integrity is running.           |
+    | **3** | If present, System Guard Secure Launch is running. |
+    | **4** | If present, SMM Firmware Measurement is running.   |
+    | **5** | If present, Kernel-mode Hardware-enforced Stack Protection is running. |
+    | **6** | If present, Kernel-mode Hardware-enforced Stack Protection is running in Audit mode. |
+    | **7** | If present, Hypervisor-Enforced Paging Translation is running. |
 
-This field indicates whether Credential Guard or memory integrity is running.
+- **SmmIsolationLevel**: This field indicates the SMM isolation level.
 
-| Value | Description                                        |
-|-------|----------------------------------------------------|
-| **0** | No services running.                               |
-| **1** | If present, Credential Guard is running.           |
-| **2** | If present, memory integrity is running.           |
-| **3** | If present, System Guard Secure Launch is running. |
-| **4** | If present, SMM Firmware Measurement is running.   |
+- **UsermodeCodeIntegrityPolicyEnforcementStatus**: This field indicates the user mode code integrity policy enforcement status.
 
-##### Version
+    | Value | Description |
+    |-------|-------------|
+    | **0** | Off         |
+    | **1** | Audit.      |
+    | **2** | Enforced.   |
 
-This field lists the version of this WMI class. The only valid value now is **1.0**.
+- **VirtualizationBasedSecurityStatus**: This field indicates whether VBS is enabled and running.
 
-##### VirtualizationBasedSecurityStatus
+    | Value | Description                     |
+    |-------|---------------------------------|
+    | **0** | VBS isn't enabled.              |
+    | **1** | VBS is enabled but not running. |
+    | **2** | VBS is enabled and running.     |
 
-This field indicates whether VBS is enabled and running.
+- **VirtualMachineIsolation**: This field indicates whether virtual machine isolation is enabled.
 
-| Value | Description                     |
-|-------|---------------------------------|
-| **0** | VBS isn't enabled.              |
-| **1** | VBS is enabled but not running. |
-| **2** | VBS is enabled and running.     |
+- **VirtualMachineIsolationProperties**: This field indicates the set of virtual machine isolation properties that are available.
 
-##### PSComputerName
-
-This field lists the computer name. All valid values for computer name.
+    | Value | Description                   |
+    |-------|-------------------------------|
+    | **1** | AMD SEV-SNP                   |
+    | **2** | Virtualization-based Security |
+    | **3** | Intel TDX                     |
 
 #### Use msinfo32.exe
 
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index 20731a876a..12fe65bda4 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -6,6 +6,7 @@ ms.topic: overview
 appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2025</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index 70dbff7388..102e723645 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -6,6 +6,7 @@ ms.topic: concept-article
 appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2025</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
@@ -230,27 +231,27 @@ The following table shows the Group Policy and registry settings that are used t
 1. In the details pane, right-click &lt;**gpo\_name**&gt;, and &gt; **Edit**
 1. Ensure that UAC is enabled and that UAC restrictions apply to the default Administrator account by following these steps:
 
-  - Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**
-  - Double-click **User Account Control: Run all administrators in Admin Approval Mode** &gt; **Enabled** &gt; **OK**
-  - Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** &gt; **Enabled** &gt; **OK**
+   - Navigate to the Computer Configuration\\Windows Settings\\Security Settings\\Local Policies\\, and &gt; **Security Options**
+   - Double-click **User Account Control: Run all administrators in Admin Approval Mode** &gt; **Enabled** &gt; **OK**
+   - Double-click **User Account Control: Admin Approval Mode for the Built-in Administrator account** &gt; **Enabled** &gt; **OK**
 
 1. Ensure that the local account restrictions are applied to network interfaces by following these steps:
 
-  - Navigate to *Computer Configuration\Preferences and Windows Settings*, and > **Registry**
-  - Right-click **Registry**, and &gt; **New** &gt; **Registry Item**
-  - In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**
-  - Ensure that the **Hive** box is set to **HKEY_LOCAL_MACHINE**
-  - Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
-  - In the **Value name** area, type `LocalAccountTokenFilterPolicy`
-  - In the **Value type** box, from the drop-down list, select **REG_DWORD** to change the value
-  - In the **Value data** box, ensure that the value is set to **0**
-  - Verify this configuration, and &gt; **OK**
+   - Navigate to *Computer Configuration\Preferences and Windows Settings*, and > **Registry**
+   - Right-click **Registry**, and &gt; **New** &gt; **Registry Item**
+   - In the **New Registry Properties** dialog box, on the **General** tab, change the setting in the **Action** box to **Replace**
+   - Ensure that the **Hive** box is set to **HKEY_LOCAL_MACHINE**
+   - Select (**…**), browse to the following location for **Key Path** &gt; **Select** for: `SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System`
+   - In the **Value name** area, type `LocalAccountTokenFilterPolicy`
+   - In the **Value type** box, from the drop-down list, select **REG_DWORD** to change the value
+   - In the **Value data** box, ensure that the value is set to **0**
+   - Verify this configuration, and &gt; **OK**
 
 1. Link the GPO to the first **Workstations** organizational unit (OU) by doing the following:
 
-  - Navigate to the `*Forest*\<Domains>\*Domain*\*OU*` path
-  - Right-click the **Workstations > Link an existing GPO**
-  - Select the GPO that you created, and &gt; **OK**
+   - Navigate to the `*Forest*\<Domains>\*Domain*\*OU*` path
+   - Right-click the **Workstations > Link an existing GPO**
+   - Select the GPO that you created, and &gt; **OK**
 
 1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
 1. Create links to all other OUs that contain workstations
@@ -291,9 +292,9 @@ The following table shows the Group Policy settings that are used to deny networ
 1. Select **Add User or Group**, type **Local account and member of Administrators group**, and &gt; **OK**
 1. Link the GPO to the first **Workstations** OU as follows:
 
-  - Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path
-  - Right-click the **Workstations** OU, and &gt; **Link an existing GPO**
-  - Select the GPO that you created, and &gt; **OK**
+   - Navigate to the &lt;*Forest*&gt;\\Domains\\&lt;*Domain*&gt;\\OU path
+   - Right-click the **Workstations** OU, and &gt; **Link an existing GPO**
+   - Select the GPO that you created, and &gt; **OK**
 
 1. Test the functionality of enterprise applications on the workstations in that first OU and resolve any issues caused by the new policy
 1. Create links to all other OUs that contain workstations
diff --git a/windows/security/identity-protection/credential-guard/configure.md b/windows/security/identity-protection/credential-guard/configure.md
index b965f14e38..192b60aca0 100644
--- a/windows/security/identity-protection/credential-guard/configure.md
+++ b/windows/security/identity-protection/credential-guard/configure.md
@@ -11,9 +11,7 @@ This article describes how to configure Credential Guard using Microsoft Intune,
 
 ## Default enablement
 
-[!INCLUDE [windows-server-2025-preview](../../includes/windows-server-2025-preview.md)]
-
-Starting in Windows 11, 22H2 and Windows Server 2025 (preview), Credential Guard is [enabled by default on devices which meet the requirements](index.md#default-enablement).
+Starting in Windows 11, 22H2 and Windows Server 2025, Credential Guard is [enabled by default on devices which meet the requirements](index.md#default-enablement).
 
 System administrators can explicitly [enable](#enable-credential-guard) or [disable](#disable-credential-guard) Credential Guard using one of the methods described in this article. Explicitly configured values overwrite the default enablement state after a reboot.
 
diff --git a/windows/security/identity-protection/credential-guard/considerations-known-issues.md b/windows/security/identity-protection/credential-guard/considerations-known-issues.md
index 71298d9a5b..e4531d1f84 100644
--- a/windows/security/identity-protection/credential-guard/considerations-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/considerations-known-issues.md
@@ -11,13 +11,11 @@ Microsoft recommends that in addition to deploying Credential Guard, organizatio
 
 ## Upgrade considerations
 
-[!INCLUDE [windows-server-2025-preview](../../includes/windows-server-2025-preview.md)]
-
 As Credential Guard evolves and enhances its security features, newer versions of Windows running Credential Guard might affect previously functional scenarios. For instance, Credential Guard could restrict the use of certain credentials or components to thwart malware exploiting vulnerabilities.
 
 It's advisable to thoroughly test operational scenarios within an organization before updating devices that utilize Credential Guard.
 
-Upgrades to Windows 11, version 22H2, and Windows Server 2025 (preview) have Credential Guard [enabled by default](index.md#default-enablement) unless explicitly disabled.
+Upgrades to Windows 11, version 22H2, and Windows Server 2025 have Credential Guard [enabled by default](index.md#default-enablement) unless explicitly disabled.
 
 ## Wi-fi and VPN considerations
 
@@ -120,25 +118,23 @@ Credential Guard blocks certain authentication capabilities. Applications that r
 
 This article describes known issues when Credential Guard is enabled.
 
-### Live migration with Hyper-V breaks when upgrading to Windows Server 2025 (preview)
+### Live migration with Hyper-V breaks when upgrading to Windows Server 2025
 
-[!INCLUDE [windows-server-2025-preview](../../includes/windows-server-2025-preview.md)]
-
-Devices that use CredSSP-based Delegation might no longer be able to use [Live Migration with Hyper-V](/windows-server/virtualization/hyper-v/manage/live-migration-overview) after upgrading to Windows Server 2025 (preview). Applications and services that rely on live migration (such as [SCVMM](/system-center/vmm/overview)) might also be affected. CredSSP-based delegation is the default for Windows Server 2022 and earlier for live migration.
+Devices that use CredSSP-based Delegation might no longer be able to use [Live Migration with Hyper-V](/windows-server/virtualization/hyper-v/manage/live-migration-overview) after upgrading to Windows Server 2025. Applications and services that rely on live migration (such as [SCVMM](/system-center/vmm/overview)) might also be affected. CredSSP-based delegation is the default for Windows Server 2022 and earlier for live migration.
 
 ||Description|
 |-|-|
-|    **Affected devices**|Any server with Credential Guard enabled might encounter this issue. Starting in Windows Server 2025 (preview), [Credential Guard is enabled by default](index.md#default-enablement-on-windows-server) on all domain-joined servers that aren't domain controllers. Default enablement of Credential Guard can be [preemptively blocked](configure.md#default-enablement) before upgrade.|
+|    **Affected devices**|Any server with Credential Guard enabled might encounter this issue. Starting in Windows Server 2025, [Credential Guard is enabled by default](index.md#default-enablement-on-windows-server) on all domain-joined servers that aren't domain controllers. Default enablement of Credential Guard can be [preemptively blocked](configure.md#default-enablement) before upgrade.|
 |    **Cause of the issue**|Live Migration with Hyper-V, and applications and services that rely on it, are affected by the issue if one or both ends of a given connection try to use CredSSP with Credential Guard enabled. With Credential Guard enabled, CredSSP can only utilize supplied credentials, not saved or SSO credentials. <br><br>If the source machine of a Live Migration uses CredSSP for delegation with Credential Guard enabled, the Live Migration fails. In most cases, Credential Guard's enablement state on the destination machine won't impact Live Migration. Live Migration also fails in cluster scenarios (for example, SCVMM), since any device might act as a source machine.|
 |    **Resolution**|Instead of CredSSP Delegation, [Kerberos Constrained Delegation and Resource-Based Kerberos Constrained Delegation](/windows-server/security/kerberos/kerberos-constrained-delegation-overview) are recommended. These forms of delegation provide greater credential protections, in addition to being compatible with Credential Guard. Administrators of Hyper-V can [configure these types of delegation](/windows-server/virtualization/hyper-v/deploy/set-up-hosts-for-live-migration-without-failover-clustering#BKMK_Step1) manually or with the help of automated scripts.|
 
-### Single sign-on for Network services breaks after upgrading to Windows 11, version 22H2 or Windows Server 2025 (preview)
+### Single sign-on for Network services breaks after upgrading to Windows 11, version 22H2 or Windows Server 2025
 
 Devices that use 802.1x wireless or wired network, RDP, or VPN connections that rely on insecure protocols with password-based authentication are unable to use SSO to sign in and are forced to manually reauthenticate in every new Windows session when Credential Guard is running.
 
 ||Description|
 |-|-|
-|    **Affected devices**|Any device with Credential Guard enabled might encounter the issue. Starting in Windows 11, version 22H2, and Windows Server 2025 (preview), eligible devices that didn't disable Credential Guard, have it [enabled by default](index.md#default-enablement). This affects all devices on Enterprise (E3 and E5) and Education licenses, and some Pro licenses, as long as they meet the [minimum hardware requirements](index.md#hardware-and-software-requirements).<br><br>All Windows Pro devices that previously ran Credential Guard on an eligible license and later downgraded to Pro, and which still meet the [minimum hardware requirements](index.md#hardware-and-software-requirements), receive default enablement.|
+|    **Affected devices**|Any device with Credential Guard enabled might encounter the issue. Starting in Windows 11, version 22H2, and Windows Server 2025, eligible devices that didn't disable Credential Guard, have it [enabled by default](index.md#default-enablement). This affects all devices on Enterprise (E3 and E5) and Education licenses, and some Pro licenses, as long as they meet the [minimum hardware requirements](index.md#hardware-and-software-requirements).<br><br>All Windows Pro devices that previously ran Credential Guard on an eligible license and later downgraded to Pro, and which still meet the [minimum hardware requirements](index.md#hardware-and-software-requirements), receive default enablement.|
 |    **Cause of the issue**|Applications and services are affected by the issue when they rely on insecure protocols that use password-based authentication. Such protocols are considered insecure because they can lead to password disclosure on the client or the server, and Credential Guard blocks them. Affected protocols include:<br><br>- Kerberos unconstrained delegation (both SSO and supplied credentials are blocked)<br>- Kerberos when PKINIT uses RSA encryption instead of Diffie-Hellman (both SSO and supplied credentials are blocked)<br>- MS-CHAP (only SSO is blocked)<br>- WDigest (only SSO is blocked)<br>- NTLM v1 (only SSO is blocked) <br><br>**Note**: Since only SSO is blocked for MS-CHAP, WDigest, and NTLM v1, these protocols can still be used by prompting the user to supply credentials.|
 |    **Resolution**|Microsoft recommends moving away from MSCHAPv2-based connections (for example, PEAP-MSCHAPv2 and EAP-MSCHAPv2), to certificate-based authentication (for example, PEAP-TLS or EAP-TLS). Credential Guard doesn't block certificate-based authentication.<br><br>For a more immediate, but less secure fix, [disable Credential Guard](configure.md#disable-credential-guard). Credential Guard doesn't have per-protocol or per-application policies, and it can either be turned on or off. If you disable Credential Guard, you leave stored domain credentials vulnerable to theft.|
 
@@ -148,7 +144,7 @@ Devices that use 802.1x wireless or wired network, RDP, or VPN connections that
 > If Credential Guard is explicitly disabled, the device won't automatically enable Credential Guard after the update.
 
 > [!NOTE]
-> To determine if a Windows Pro device receives default enablement when upgraded to **Windows 11, version 22H2** or **Windows Server 2025 (preview)**, check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`.
+> To determine if a Windows Pro device receives default enablement when upgraded to **Windows 11, version 22H2** or **Windows Server 2025**, check if the registry key `IsolatedCredentialsRootSecret` is present in `Computer\HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0`.
 > If it's present, the device enables Credential Guard after the update.
 >
 > Credential Guard can be disabled after upgrade by following the [disablement instructions](configure.md#disable-credential-guard).
diff --git a/windows/security/identity-protection/credential-guard/index.md b/windows/security/identity-protection/credential-guard/index.md
index fcbe9884bb..386e6883e1 100644
--- a/windows/security/identity-protection/credential-guard/index.md
+++ b/windows/security/identity-protection/credential-guard/index.md
@@ -22,16 +22,14 @@ When enabled, Credential Guard provides the following benefits:
 
 ## Default enablement
 
-[!INCLUDE [windows-server-2025-preview](../../includes/windows-server-2025-preview.md)]
-
-Starting in **Windows 11, 22H2** and **Windows Server 2025 (preview)**, VBS and Credential Guard are enabled by default on devices that meet the requirements.
+Starting in **Windows 11, 22H2** and **Windows Server 2025**, VBS and Credential Guard are enabled by default on devices that meet the requirements.
 
 The default enablement is **without UEFI Lock**, thus allowing administrators to disable Credential Guard remotely if needed.
 
 When Credential Guard is enabled, [VBS](#system-requirements) is automatically enabled too.
 
 > [!NOTE]
-> If Credential Guard is explicitly [disabled](configure.md#disable-credential-guard) *before* a device is updated to Windows 11, version 22H2 / Windows Server 2025 (preview) or later, default enablement does not overwrite the existing settings. That device will continue to have Credential Guard disabled even after updating to a version of Windows that enables Credential Guard by default.
+> If Credential Guard is explicitly [disabled](configure.md#disable-credential-guard) *before* a device is updated to Windows 11, version 22H2 / Windows Server 2025 or later, default enablement does not overwrite the existing settings. That device will continue to have Credential Guard disabled even after updating to a version of Windows that enables Credential Guard by default.
 
 ### Default enablement on Windows
 
@@ -48,7 +46,7 @@ Devices running Windows 11, 22H2 or later have Credential Guard enabled by defau
 
 ### Default enablement on Windows Server
 
-Devices running Windows Server 2025 (preview) or later have Credential Guard enabled by default if they:
+Devices running Windows Server 2025 or later have Credential Guard enabled by default if they:
 
 - Meet the [license requirements](#windows-edition-and-licensing-requirements)
 - Meet the [hardware and software requirements](#system-requirements)
diff --git a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
index c547b535eb..9b2e6325b4 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cloud-kerberos-trust.md
@@ -41,13 +41,13 @@ If you haven't deployed Microsoft Entra Kerberos, follow the instructions in the
 
 When Microsoft Entra Kerberos is enabled in an Active Directory domain, an *AzureADKerberos* computer object is created in the domain. This object:
 
-- Appears as a Read Only Domain Controller (RODC) object, but isn't associated with any physical servers
+- Appears as a read only domain controller (RODC) object, but isn't associated with any physical servers
 - Is only used by Microsoft Entra ID to generate TGTs for the Active Directory domain
 
   > [!NOTE]
   > Similar rules and restrictions used for RODCs apply to the AzureADKerberos computer object. For example, users that are direct or indirect members of priviliged built-in security groups won't be able to use cloud Kerberos trust.
 
-:::image type="content" source="images/azuread-kerberos-object.png" alt-text="Screenshot of the Active Directory Users and Computers console, showing the computer object representing the Microsoft Entra Kerberos server.":::
+:::image type="content" source="images/azuread-kerberos-object.png" alt-text="Screenshot of the Active Directory Users and Computers console, showing the computer object representing the Microsoft Entra Kerberos server." lightbox="images/azuread-kerberos-object.png":::
 
 For more information about how Microsoft Entra Kerberos works with Windows Hello for Business cloud Kerberos trust, see [Windows Hello for Business authentication technical deep dive](../how-it-works-authentication.md#microsoft-entra-hybrid-join-authentication-using-cloud-kerberos-trust).
 
diff --git a/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-cloud-kerberos.md b/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-cloud-kerberos.md
index 58bad86a1c..7975aad95b 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-cloud-kerberos.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-cloud-kerberos.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 12/08/2022
+ms.date: 10/30/2024
 ms.topic: include
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-key.md b/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-key.md
index 41d9b6cdf9..67e1f2fa05 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-key.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/tooltip-trust-key.md
@@ -1,5 +1,5 @@
 ---
-ms.date: 12/08/2022
+ms.date: 10/30/2024
 ms.topic: include
 ---
 
diff --git a/windows/security/identity-protection/hello-for-business/deploy/index.md b/windows/security/identity-protection/hello-for-business/deploy/index.md
index 09c8d47a70..fb262a5ee4 100644
--- a/windows/security/identity-protection/hello-for-business/deploy/index.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/index.md
@@ -1,7 +1,7 @@
 ---
 title: Plan a Windows Hello for Business Deployment
 description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
-ms.date: 05/16/2024
+ms.date: 10/30/2024
 ms.topic: concept-article
 ---
 
@@ -65,7 +65,7 @@ Windows Hello for Business authentication to Microsoft Entra ID always uses the
 
 The trust type determines whether you issue authentication certificates to your users. One trust model isn't more secure than the other.
 
-The deployment of certificates to users and Domain Controllers requires more configuration and infrastructure, which could also be a factor to consider in your decision. More infrastructure needed for certificate-trust deployments includes a certificate registration authority. In a federated environment, you must activate the Device Writeback option in Microsoft Entra Connect.
+The deployment of certificates to users and domain controllers requires more configuration and infrastructure, which could also be a factor to consider in your decision. More infrastructure needed for certificate-trust deployments includes a certificate registration authority. In a federated environment, you must activate the Device Writeback option in Microsoft Entra Connect.
 
 There are three trust types from which you can choose:
 
@@ -264,12 +264,12 @@ All supported Windows versions can be used with Windows Hello for Business. Howe
 
 ### Windows Server requirements
 
-All supported Windows Server versions can be used with Windows Hello for Business as Domain Controller. However, cloud Kerberos trust requires minimum versions:
+Windows Hello for Business can be used to authenticate against all supported Windows Server versions as a domain controller. However, cloud Kerberos trust requires minimum versions:
 
-|  | Deployment model | Trust type | Domain Controller OS version |
+|  | Deployment model | Trust type | Domain controller OS version |
 |--|--|--|--|
 | **🔲** | **Cloud-only** | n/a | All supported versions |
-| **🔲** | **Hybrid** | Cloud Kerberos | - Windows Server 2016, with [KB3534307][KB-3] and later<br>- Windows Server 2019, with [KB4534321][KB-4] and later<br>- Windows Server 2022 |
+| **🔲** | **Hybrid** | Cloud Kerberos | - Windows Server 2016, with [KB3534307][KB-3] and later<br>- Windows Server 2019, with [KB4534321][KB-4] and later<br>- Windows Server 2022<br>- Windows Server 2025|
 | **🔲** | **Hybrid** | Key | All supported versions |
 | **🔲** | **Hybrid** | Certificate | All supported versions |
 | **🔲** | **On-premises** | Key | All supported versions |
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index e07f9e5739..494d9a4978 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -6,6 +6,7 @@ ms.date: 03/12/2024
 appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2025</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
diff --git a/windows/security/images/icons/app-control.svg b/windows/security/images/icons/app-control.svg
new file mode 100644
index 0000000000..95b5dd5100
--- /dev/null
+++ b/windows/security/images/icons/app-control.svg
@@ -0,0 +1,19 @@
+<svg width="18" height="18" viewBox="0 0 18 18" xmlns="http://www.w3.org/2000/svg" id="FxSymbol0-02e">
+  <defs>
+    <linearGradient id="paint0_linear" x1="9" y1="17.293" x2="9" y2=".707" gradientUnits="userSpaceOnUse">
+      <stop offset="0" stop-color="#005ba1" />
+      <stop offset=".174" stop-color="#0861a8" />
+      <stop offset=".443" stop-color="#1e71ba" />
+      <stop offset=".772" stop-color="#418bd7" />
+      <stop offset="1" stop-color="#5ea0ef" />
+    </linearGradient>
+  </defs>
+  <path d="M.707 5.683h4.976V.707H1.4a.691.691 0 0 0-.693.693Zm.693 11.61h4.283v-4.976H.707V16.6a.691.691 0 0 0 .693.693Zm-.691-5.8h4.974V6.512H.707ZM12.317.707v4.976h4.976V1.4A.691.691 0 0 0 16.6.707ZM6.512 5.683h4.976V.707H6.512Z" fill="url(#paint0_linear)" />
+  <path d="M6.5 6.529h10.721v10.1a.626.626 0 0 1-.626.626H6.5V6.529Z" fill="#76bc2d" />
+  <rect x="7.266" y="9.861" width="5.403" height="1.407" rx=".398" fill="#365615" />
+  <rect x="12.518" y="9.861" width="3.945" height="1.407" rx=".398" fill="#b4ec36" />
+  <path d="M13.047 9.761v1.469a.334.334 0 0 1-.334.334.333.333 0 0 1-.334-.334V9.761a.334.334 0 0 1 .334-.334.335.335 0 0 1 .334.334Z" class="msportalfx-svg-c01" />
+  <rect x="7.266" y="12.298" width="2.403" height="1.407" rx=".398" fill="#365615" />
+  <path d="M9.779 12.3h6.287a.4.4 0 0 1 .4.4v.612a.4.4 0 0 1-.4.4H9.779V12.3Z" fill="#b4ec36" />
+  <path d="M9.805 12.274v1.469a.334.334 0 0 1-.334.334.334.334 0 0 1-.334-.334v-1.469a.333.333 0 0 1 .334-.334.333.333 0 0 1 .334.334Z" class="msportalfx-svg-c01" />
+</svg>
diff --git a/windows/security/images/icons/security-app.svg b/windows/security/images/icons/security-app.svg
new file mode 100644
index 0000000000..8095201e57
--- /dev/null
+++ b/windows/security/images/icons/security-app.svg
@@ -0,0 +1,24 @@
+<svg width="18" height="18" viewBox="0 0 32 32" fill="none" xmlns="http://www.w3.org/2000/svg">
+<path d="M16 0.667053C18.0667 0.667053 19.8667 1.26705 21.2667 2.26705C23.5333 3.80038 25.1333 4.60039 29.7333 4.66705C30.2666 4.66705 30.7333 5.13372 30.7333 5.66705V12.267C30.7333 13.3337 30.6 14.3337 30.4667 15.3337H16V0.667053Z" fill="url(#paint0_linear_279_15108)"/>
+<path d="M1.59885 15.3337C1.39976 14.3337 1.33337 13.267 1.33337 12.267V5.66705C1.33337 5.13372 1.73156 4.66705 2.32885 4.66705C6.90804 4.60039 8.50081 3.80038 10.7572 2.26705C12.0845 1.26705 13.9427 0.667053 16 0.667053V15.3337H1.59885Z" fill="url(#paint1_linear_279_15108)"/>
+<path d="M16 15.3337V31.2004C15.8 31.2004 15.6666 31.1337 15.4666 31.0671C7.86663 26.6671 2.86664 21.8004 1.59998 15.3337H16Z" fill="url(#paint2_linear_279_15108)"/>
+<path d="M16 31.2004V15.3337H30.4C29.2 21.8004 24.1333 26.6671 16.5333 31.0671C16.3333 31.1337 16.2 31.2004 16 31.2004Z" fill="url(#paint3_linear_279_15108)"/>
+<defs>
+<linearGradient id="paint0_linear_279_15108" x1="27.7337" y1="17.1627" x2="17.1076" y2="1.33579" gradientUnits="userSpaceOnUse">
+<stop stop-color="#0078D4"/>
+<stop offset="1" stop-color="#1493DF"/>
+</linearGradient>
+<linearGradient id="paint1_linear_279_15108" x1="13.7316" y1="16.6376" x2="5.60521" y2="2.62604" gradientUnits="userSpaceOnUse">
+<stop stop-color="#28AFEA"/>
+<stop offset="1" stop-color="#3CCBF4"/>
+</linearGradient>
+<linearGradient id="paint2_linear_279_15108" x1="17.089" y1="30.6523" x2="8.58889" y2="13.8265" gradientUnits="userSpaceOnUse">
+<stop stop-color="#0669BC"/>
+<stop offset="1" stop-color="#0078D4"/>
+</linearGradient>
+<linearGradient id="paint3_linear_279_15108" x1="25.7133" y1="26.9929" x2="19.8912" y2="16.7469" gradientUnits="userSpaceOnUse">
+<stop stop-color="#114A8B"/>
+<stop offset="1" stop-color="#0C59A4"/>
+</linearGradient>
+</defs>
+</svg>
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md b/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
index 15db660036..80b74ed970 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
@@ -4,6 +4,7 @@ description: Learn how to protect cluster shared volumes (CSV) and storage area
 ms.topic: how-to
 ms.date: 06/18/2024
 appliesto:
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2025</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>
diff --git a/windows/security/operating-system-security/data-protection/bitlocker/install-server.md b/windows/security/operating-system-security/data-protection/bitlocker/install-server.md
index a1b63ed90b..1e9c124e9c 100644
--- a/windows/security/operating-system-security/data-protection/bitlocker/install-server.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/install-server.md
@@ -4,6 +4,7 @@ description: Learn how to install BitLocker on Windows Server.
 ms.topic: how-to
 ms.date: 06/18/2024
 appliesto:
+- ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2025</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2016</a>