Merge branch 'main' into release-mcc-ent

2025-05-14 14:27:22 +00:00 · 2024-06-26 17:49:52 +00:00 · 2024-06-26 17:49:52 +00:00 · bf54be6650
commit bf54be6650
parent d5ffa7b394 2bb4938ea6
3 changed files with 4 additions and 13 deletions
--- a/education/windows/change-home-to-edu.md
+++ b/education/windows/change-home-to-edu.md
@ -21,12 +21,11 @@ Customers with qualifying subscriptions can upgrade student-owned and institutio
 > [!NOTE]
 > To be qualified for this process, customers must have a Windows Education subscription that includes the student use benefit and must have access to the Volume Licensing Service Center (VLSC) or the Microsoft 365 Admin Center.
-IT admins can upgrade student devices using a multiple activation key (MAK) manually or through Mobile Device Management (MDM). Alternatively, IT admins can set up a portal through [Kivuto OnTheHub](http://onthehub.com) where students can request a *Windows Pro Education* product key. The following table provides the recommended method depending on the scenario.
+IT admins can upgrade student devices using a multiple activation key (MAK) manually or through Mobile Device Management (MDM). The following table provides the recommended method depending on the scenario.
 | Method | Product key source | Device ownership | Best for |
 |-|-|-|-|
 | MDM | VLSC | Personal (student-owned) | IT admin initiated via MDM |
 | Kivuto | Kivuto | Personal (student-owned) | Initiated on device by student, parent, or guardian |
 | Provisioning package | VLSC | Personal (student-owned) or Corporate (institution-owned) | IT admin initiated at first boot |
 These methods apply to devices with *Windows Home* installed; institution-owned devices can be upgraded from *Windows Professional* or *Windows Pro Edu* to *Windows Education* or *Windows Enterprise* using [Windows 10/11 Subscription Activation](/windows/deployment/windows-10-subscription-activation).
@ -44,7 +43,7 @@ Some school institutions want to streamline student onboarding for student-owned
 - [EnterpriseDesktopAppManagement](/windows/client-management/mdm/enterprisemodernappmanagement-csp) - which enables deployment of Windows installer or Win32 applications.
 - [DeliveryOptimization](/windows/client-management/mdm/policy-csp-deliveryoptimization) - which enables configuration of Delivery Optimization.
-A full list of CSPs are available at [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference). For more information about enrolling devices into Microsoft Intune, see [Deployment guide: Enroll Windows devices in Microsoft Intune](/mem/intune/fundamentals/deployment-guide-enrollment-windows).
+A full list of CSPs is available at [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference). For more information about enrolling devices into Microsoft Intune, see [Deployment guide: Enroll Windows devices in Microsoft Intune](/mem/intune/fundamentals/deployment-guide-enrollment-windows).
 ## Requirements for using a MAK to upgrade from Windows Home to Windows Education
@ -80,13 +79,6 @@ For a full list of methods to perform a Windows edition upgrade and more details
 After upgrading from *Windows Home* to *Windows Education* there are some considerations for what happens during downgrade, reset or reinstall of the operating system.
 The following table highlights the differences by upgrade product key type:
 | Product Key Type | Downgrade (in-place) | Reset | Student reinstall |
 |-|-|-|-|
 | VLSC | No | Yes | No |
 | Kivuto OnTheHub | No | Yes | Yes |
 ### Downgrade
 It isn't possible to downgrade to *Windows Home* from *Windows Education* without reinstalling Windows.
@ -99,8 +91,6 @@ If the computer is reset, Windows Education is retained.
 The Education upgrade doesn't apply to reinstalling Windows. Use the original Windows edition when reinstalling Windows. The original product key or [firmware-embedded product key](#what-is-a-firmware-embedded-activation-key) is used to activate Windows.
 If students require a *Windows Pro Education* key that can work on a new install of Windows, they should use [Kivuto OnTheHub](http://onthehub.com) to request a key before graduation.
 For details on product keys and reinstalling Windows, see [Find your Windows product key](https://support.microsoft.com/windows/find-your-windows-product-key-aaa2bf69-7b2b-9f13-f581-a806abf0a886).
 ### Resale
--- a/windows/deployment/update/update-other-microsoft-products.md
+++ b/windows/deployment/update/update-other-microsoft-products.md
@ -53,6 +53,7 @@ The following is a list of other Microsoft products that might be updated:
 - Microsoft StreamInsight
 - Mobile and IoT
 - MSRC
 - .NET (also known as .NET Core)
 - Office 2016 (MSI versions of Office)
 - PlayReady
 - Security intelligence updates for Microsoft Defender Antivirus and other Microsoft antimalware
--- a/windows/security/identity-protection/hello-for-business/faq.yml
+++ b/windows/security/identity-protection/hello-for-business/faq.yml
@ -44,7 +44,7 @@ sections:
          The smart card emulation feature of Windows Hello for Business verifies the PIN and then discards the PIN in exchange for a ticket. The process doesn't receive the PIN, but rather the ticket that grants them private key operations. There isn't a policy setting to adjust the caching.
      - question: Where is Windows Hello biometrics data stored?
        answer: |
-            When you enroll in Windows Hello, a representation of your biometrics, called an enrollment profile, is created more information can be found on [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication). This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server. For more details, see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored).
+            When you enroll in Windows Hello, a representation of your biometrics, called an enrollment profile, is created. The enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server. For more details, see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored) and [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication).
      - question: What is the format used to store Windows Hello biometrics data on the device?
        answer: |
          Windows Hello biometrics data is stored on the device as an encrypted template database. The data from the biometrics sensor (like face camera or fingerprint reader) creates a data representation—or graph—that is then encrypted before it's stored on the device. Each biometrics sensor on the device which is used by Windows Hello (face or fingerprint) will have its own biometric database file where template data is stored. Each biometrics database file is encrypted with unique, randomly generated key that is encrypted to the system using AES encryption producing an SHA256 hash.