Merge branch 'main' into cz-20240205-autopatch

.openpublishing.redirection.windows-configuration.json

@@ -389,6 +389,191 @@
       "source_path": "windows/configuration/windows-diagnostic-data.md",
       "redirect_url": "/windows/privacy/windows-diagnostic-data",
       "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/changes-to-start-policies-in-windows-10.md",
+      "redirect_url": "/windows/configuration/start/customize-windows-10-start-screens-by-using-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/configure-windows-10-taskbar.md",
+      "redirect_url": "/windows/configuration/taskbar/configure-windows-10-taskbar",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/customize-and-export-start-layout.md",
+      "redirect_url": "/windows/configuration/start/customize-and-export-start-layout",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/customize-start-menu-layout-windows-11.md",
+      "redirect_url": "/windows/configuration/start/customize-start-menu-layout-windows-11",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/customize-taskbar-windows-11.md",
+      "redirect_url": "/windows/configuration/taskbar/customize-taskbar-windows-11",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md",
+      "redirect_url": "/windows/configuration/start/customize-windows-10-start-screens-by-using-group-policy",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md",
+      "redirect_url": "/windows/configuration/start/customize-windows-10-start-screens-by-using-mobile-device-management",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md",
+      "redirect_url": "/windows/configuration/start/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/find-the-application-user-model-id-of-an-installed-app.md",
+      "redirect_url": "/windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/guidelines-for-assigned-access-app.md",
+      "redirect_url": "/windows/configuration/kiosk/guidelines-for-assigned-access-app",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-additional-reference.md",
+      "redirect_url": "/windows/configuration/kiosk/kiosk-additional-reference",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-mdm-bridge.md",
+      "redirect_url": "/windows/configuration/kiosk/kiosk-mdm-bridge",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-methods.md",
+      "redirect_url": "/windows/configuration/kiosk/kiosk-methods",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-policies.md",
+      "redirect_url": "/windows/configuration/kiosk/kiosk-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-prepare.md",
+      "redirect_url": "/windows/configuration/kiosk/kiosk-prepare",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-shelllauncher.md",
+      "redirect_url": "/windows/configuration/kiosk/kiosk-shelllauncher",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-single-app.md",
+      "redirect_url": "/windows/configuration/kiosk/kiosk-single-app",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-validate.md",
+      "redirect_url": "/windows/configuration/kiosk/kiosk-validate",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/kiosk-xml.md",
+      "redirect_url": "/windows/configuration/kiosk/kiosk-xml",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/lockdown-features-windows-10.md",
+      "redirect_url": "/windows/configuration/kiosk/lockdown-features-windows-10",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/lock-down-windows-10-applocker.md",
+      "redirect_url": "/windows/configuration/kiosk/lock-down-windows-10-applocker",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/lock-down-windows-10-to-specific-apps.md",
+      "redirect_url": "/windows/configuration/kiosk/lock-down-windows-10-to-specific-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/lock-down-windows-11-to-specific-apps.md",
+      "redirect_url": "/windows/configuration/kiosk/lock-down-windows-11-to-specific-apps",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/manage-tips-and-suggestions.md",
+      "redirect_url": "/windows/configuration/tips/manage-tips-and-suggestions",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/provisioning-apn.md",
+      "redirect_url": "/windows/configuration/cellular/provisioning-apn",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/setup-digital-signage.md",
+      "redirect_url": "/windows/configuration/kiosk/setup-digital-signage",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/set-up-shared-or-guest-pc.md",
+      "redirect_url": "/windows/configuration/shared-pc/set-up-shared-or-guest-pc",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/shared-devices-concepts.md",
+      "redirect_url": "/windows/configuration/shared-pc/shared-devices-concepts",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/shared-pc-technical.md",
+      "redirect_url": "/windows/configuration/shared-pc/shared-pc-technical",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/start-layout-xml-desktop.md",
+      "redirect_url": "/windows/configuration/start/start-layout-xml-desktop",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/start-secondary-tiles.md",
+      "redirect_url": "/windows/configuration/start/start-secondary-tiles",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/stop-employees-from-using-microsoft-store.md",
+      "redirect_url": "/windows/configuration/store/stop-employees-from-using-microsoft-store",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/supported-csp-start-menu-layout-windows.md",
+      "redirect_url": "/windows/configuration/start/supported-csp-start-menu-layout-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/supported-csp-taskbar-windows.md",
+      "redirect_url": "/windows/configuration/taskbar/supported-csp-taskbar-windows",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/windows-10-start-layout-options-and-policies.md",
+      "redirect_url": "/windows/configuration/start/windows-10-start-layout-options-and-policies",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/windows-accessibility-for-ITPros.md",
+      "redirect_url": "/windows/configuration/accessibility",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/configuration/windows-spotlight.md",
+      "redirect_url": "/windows/configuration/lock-screen/windows-spotlight",
+      "redirect_document_id": false
     }
   ]
 }

education/docfx.json

@@ -34,8 +34,8 @@
         "education",
         "tier2"
       ],
-      "ms.prod": "windows-client",
+      "ms.subservice": "itpro-edu",
-      "ms.technology": "itpro-edu",
+      "ms.service": "windows-client",
       "author": "paolomatarazzo",
       "ms.author": "paoloma",
       "manager": "aaroncz",

education/windows/configure-aad-google-trust.md

@@ -26,7 +26,7 @@ To test federation, the following prerequisites must be met:
 1. A Google Workspace environment, with users already created
     > [!IMPORTANT]
     > Users require an email address defined in Google Workspace, which is used to match the users in Microsoft Entra ID.
-    > For more information about identity matching, see [Identity matching in Microsoft Entra ID](federated-sign-in.md#identity-matching-in-azure-ad).
+    > For more information about identity matching, see [Identity matching in Microsoft Entra ID](federated-sign-in.md#identity-matching-in-microsoft-entra-id).
 1. Individual Microsoft Entra accounts already created: each Google Workspace user will require a matching account defined in Microsoft Entra ID. These accounts are commonly created through automated solutions, for example:
     - School Data Sync (SDS)
     - Microsoft Entra Connect Sync for environment with on-premises AD DS

education/windows/federated-sign-in.md

@@ -46,7 +46,7 @@ To enable a federated sign-in experience, the following prerequisites must be me
     - PowerShell scripts that call the [Microsoft Graph API][GRAPH-1]
     - provisioning tools offered by the IdP
 
-    For more information about identity matching, see [Identity matching in Microsoft Entra ID](#identity-matching-in-azure-ad).
+    For more information about identity matching, see [Identity matching in Microsoft Entra ID](#identity-matching-in-microsoft-entra-id).
 1. Licenses assigned to the Microsoft Entra user accounts. It's recommended to assign licenses to a dynamic group: when new users are provisioned in Microsoft Entra ID, the licenses are automatically assigned. For more information, see [Assign licenses to users by group membership in Microsoft Entra ID][AZ-2]
 1. Enable Federated sign-in or Web sign-in on the Windows devices, depending if the devices are shared or assigned to a single student
 
@@ -201,8 +201,6 @@ The following issues are known to affect student shared devices:
 
 For student shared devices, it's recommended to configure the account management policies to automatically delete the user profiles after a certain period of inactivity or disk levels. For more information, see [Set up a shared or guest Windows device][WIN-3].
 
-<a name='preferred-azure-ad-tenant-name'></a>
-
 ### Preferred Microsoft Entra tenant name
 
 To improve the user experience, you can configure the *preferred Microsoft Entra tenant name* feature.\
@@ -210,8 +208,6 @@ When using preferred Microsoft Entra tenant name, the users bypass the disambigu
 
 For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-4].
 
-<a name='identity-matching-in-azure-ad'></a>
-
 ### Identity matching in Microsoft Entra ID
 
 When a Microsoft Entra user is federated, the user's identity from the IdP must match an existing user object in Microsoft Entra ID.

education/windows/index.yml

@@ -6,8 +6,6 @@ brand: windows
 
 metadata:
   ms.topic: hub-page
-  ms.prod: windows-client
-  ms.technology: itpro-edu
   ms.collection:
     - education
     - tier1

education/windows/toc.yml

@@ -47,7 +47,7 @@ items:
       - name: Configure federation between Google Workspace and Microsoft Entra ID
         href: configure-aad-google-trust.md
     - name: Configure Shared PC
-      href: /windows/configuration/set-up-shared-or-guest-pc?context=/education/context/context
+      href: /windows/configuration/shared-pc/set-up-shared-or-guest-pc?context=/education/context/context
     - name: Get and deploy Minecraft Education
       href: get-minecraft-for-education.md
     - name: Use the Set up School PCs app
@@ -65,6 +65,6 @@ items:
     - name: Take a Test technical reference
       href: take-a-test-app-technical.md
     - name: Shared PC technical reference
-      href: /windows/configuration/shared-pc-technical?context=/education/context/context
+      href: /windows/configuration/shared-pc/shared-pc-technical?context=/education/context/context
 
 

windows/configuration/TOC.yml

@@ -1,367 +0,0 @@
-- name: Configure Windows client
-  href: index.yml
-- name: Customize the appearance
-  items:
-    - name: Windows 11
-      items:
-        - name: Start menu
-          items:
-          - name: Customize Start menu layout
-            href: customize-start-menu-layout-windows-11.md
-          - name: Supported Start menu CSPs
-            href: supported-csp-start-menu-layout-windows.md
-        - name: Taskbar
-          items:
-          - name: Customize Taskbar
-            href: customize-taskbar-windows-11.md
-          - name: Supported Taskbar CSPs
-            href: supported-csp-taskbar-windows.md
-    - name: Windows 10 Start and taskbar
-      items:
-        - name: Start layout and taskbar
-          href: windows-10-start-layout-options-and-policies.md
-        - name: Use XML
-          items: 
-          - name: Customize and export Start layout
-            href: customize-and-export-start-layout.md
-          - name: Customize the taskbar
-            href: configure-windows-10-taskbar.md
-          - name: Add image for secondary Microsoft Edge tiles
-            href: start-secondary-tiles.md
-          - name: Start layout XML for Windows 10 desktop editions (reference)
-            href: start-layout-xml-desktop.md
-        - name: Use group policy
-          href: customize-windows-10-start-screens-by-using-group-policy.md
-        - name: Use provisioning packages
-          href: customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
-        - name: Use mobile device management (MDM)
-          href: customize-windows-10-start-screens-by-using-mobile-device-management.md
-        - name: Troubleshoot Start menu errors
-          href: /troubleshoot/windows-client/shell-experience/troubleshoot-start-menu-errors
-        - name: Changes to Start policies in Windows 10
-          href: changes-to-start-policies-in-windows-10.md
-    - name: Accessibility settings
-      items:
-         - name: Accessibility information for IT Pros
-           href: windows-accessibility-for-ITPros.md
-         - name: Configure access to Microsoft Store
-           href: stop-employees-from-using-microsoft-store.md
-         - name: Configure Windows Spotlight on the lock screen
-           href: windows-spotlight.md
-         - name: Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions
-           href: manage-tips-and-suggestions.md
-         - name: Configure cellular settings for tablets and PCs
-           href: provisioning-apn.md
-         - name: Lockdown features from Windows Embedded 8.1 Industry
-           href: lockdown-features-windows-10.md
-
-
-- name: Configure kiosks and digital signs
-  items:
-    - name: Configure kiosks and digital signs on Windows desktop editions
-      href: kiosk-methods.md
-    - name: Prepare a device for kiosk configuration
-      href: kiosk-prepare.md
-    - name: Set up digital signs
-      href: setup-digital-signage.md
-    - name: Set up a single-app kiosk
-      href: kiosk-single-app.md
-    - name: Set up a multi-app kiosk for Windows 10
-      href: lock-down-windows-10-to-specific-apps.md
-    - name: Set up a multi-app kiosk for Windows 11
-      href: lock-down-windows-11-to-specific-apps.md
-    - name: Kiosk reference information
-      items:
-        - name: More kiosk methods and reference information
-          href: kiosk-additional-reference.md
-        - name: Find the Application User Model ID of an installed app
-          href: find-the-application-user-model-id-of-an-installed-app.md
-        - name: Validate your kiosk configuration
-          href: kiosk-validate.md
-        - name: Guidelines for choosing an app for assigned access (kiosk mode)
-          href: guidelines-for-assigned-access-app.md
-        - name: Policies enforced on kiosk devices
-          href: kiosk-policies.md
-        - name: Assigned access XML reference
-          href: kiosk-xml.md
-        - name: Use AppLocker to create a Windows 10 kiosk
-          href: lock-down-windows-10-applocker.md
-        - name: Use Shell Launcher to create a Windows client kiosk
-          href: kiosk-shelllauncher.md
-        - name: Use MDM Bridge WMI Provider to create a Windows client kiosk
-          href: kiosk-mdm-bridge.md
-        - name: Troubleshoot kiosk mode issues
-          href: /troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting
-
-- name: Configure multi-user and guest devices 
-  items:
-    - name: Shared devices concepts
-      href: shared-devices-concepts.md
-    - name: Configure shared devices with Shared PC
-      href: set-up-shared-or-guest-pc.md
-    - name: Shared PC technical reference
-      href: shared-pc-technical.md
-
-- name: Use provisioning packages
-  items:
-    - name: Provisioning packages for Windows client
-      href: provisioning-packages/provisioning-packages.md
-    - name: How provisioning works in Windows client
-      href: provisioning-packages/provisioning-how-it-works.md
-    - name: Introduction to configuration service providers (CSPs)
-      href: provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
-    - name: Install Windows Configuration Designer
-      href: provisioning-packages/provisioning-install-icd.md
-    - name: Create a provisioning package
-      href: provisioning-packages/provisioning-create-package.md
-    - name: Apply a provisioning package
-      href: provisioning-packages/provisioning-apply-package.md
-    - name: Settings changed when you uninstall a provisioning package
-      href: provisioning-packages/provisioning-uninstall-package.md
-    - name: Provision PCs with common settings for initial deployment (desktop wizard)
-      href: provisioning-packages/provision-pcs-for-initial-deployment.md
-    - name: Provision PCs with apps
-      href: provisioning-packages/provision-pcs-with-apps.md
-    - name: Use a script to install a desktop app in provisioning packages
-      href: provisioning-packages/provisioning-script-to-install-app.md
-    - name: Create a provisioning package with multivariant settings
-      href: provisioning-packages/provisioning-multivariant.md
-    - name: PowerShell cmdlets for provisioning Windows client (reference)
-      href: provisioning-packages/provisioning-powershell.md
-    - name: Diagnose provisioning packages
-      href: provisioning-packages/diagnose-provisioning-packages.md
-    - name: Windows Configuration Designer command-line interface (reference)
-      href: provisioning-packages/provisioning-command-line.md
-
-- name: Configure Cortana
-  items:
-    - name: Configure Cortana in Windows 10
-      href: cortana-at-work/cortana-at-work-overview.md
-    - name: Testing scenarios using Cortana n Windows 10, version 2004 and later
-      items:
-        - name: Set up and test Cortana in Windows 10, version 2004 and later
-          href: cortana-at-work/set-up-and-test-cortana-in-windows-10.md
-        - name: Cortana at work testing scenarios
-          href: cortana-at-work/cortana-at-work-testing-scenarios.md
-        - name: Test scenario 1 - Sign into Microsoft Entra ID, enable the wake word, and try a voice query
-          href: cortana-at-work/cortana-at-work-scenario-1.md
-        - name: Test scenario 2 - Run a Bing search with Cortana
-          href: cortana-at-work/cortana-at-work-scenario-2.md
-        - name: Test scenario 3 - Set a reminder
-          href: cortana-at-work/cortana-at-work-scenario-3.md
-        - name: Test scenario 4 - Use Cortana to find free time on your calendar
-          href: cortana-at-work/cortana-at-work-scenario-4.md
-        - name: Test scenario 5 - Find out about a person
-          href: cortana-at-work/cortana-at-work-scenario-5.md
-        - name: Test scenario 6 - Change your language and run a quick search with Cortana
-          href: cortana-at-work/cortana-at-work-scenario-6.md
-    - name: Send feedback about Cortana back to Microsoft
-      href: cortana-at-work/cortana-at-work-feedback.md
-    - name: Testing scenarios using Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
-      items:
-        - name: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
-          href: cortana-at-work/cortana-at-work-o365.md
-        - name: Testing scenarios using Cortana in your business or organization
-          href: cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
-        - name: Test scenario 1 - Sign into Microsoft Entra ID, enable the wake word, and try a voice query
-          href: cortana-at-work/test-scenario-1.md
-        - name: Test scenario 2 - Run a quick search with Cortana at work
-          href: cortana-at-work/test-scenario-2.md
-        - name: Test scenario 3 - Set a reminder for a specific location using Cortana at work
-          href: cortana-at-work/test-scenario-3.md
-        - name: Test scenario 4 - Use Cortana at work to find your upcoming meetings
-          href: cortana-at-work/test-scenario-4.md
-        - name: Test scenario 5 - Use Cortana to send email to a coworker
-          href: cortana-at-work/test-scenario-5.md
-        - name: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
-          href: cortana-at-work/test-scenario-6.md
-        - name: Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
-          href: cortana-at-work/cortana-at-work-scenario-7.md
-
-    - name: Set up and test custom voice commands in Cortana for your organization
-      href: cortana-at-work/cortana-at-work-voice-commands.md
-    - name: Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
-      href: cortana-at-work/cortana-at-work-policy-settings.md
-
-
-- name: Reference
-  items:
-    - name: Windows Configuration Designer reference
-      items:
-        - name: Windows Configuration Designer provisioning settings (reference)
-          href: wcd/wcd.md
-        - name: Changes to settings in Windows Configuration Designer
-          href: wcd/wcd-changes.md
-        - name: AccountManagement
-          href: wcd/wcd-accountmanagement.md
-        - name: Accounts
-          href: wcd/wcd-accounts.md 
-        - name: ADMXIngestion
-          href: wcd/wcd-admxingestion.md 
-        - name: AssignedAccess
-          href: wcd/wcd-assignedaccess.md 
-        - name: Browser
-          href: wcd/wcd-browser.md 
-        - name: CellCore
-          href: wcd/wcd-cellcore.md
-        - name: Cellular
-          href: wcd/wcd-cellular.md     
-        - name: Certificates
-          href: wcd/wcd-certificates.md 
-        - name: CleanPC
-          href: wcd/wcd-cleanpc.md     
-        - name: Connections
-          href: wcd/wcd-connections.md 
-        - name: ConnectivityProfiles
-          href: wcd/wcd-connectivityprofiles.md 
-        - name: CountryAndRegion
-          href: wcd/wcd-countryandregion.md 
-        - name: DesktopBackgroundAndColors
-          href: wcd/wcd-desktopbackgroundandcolors.md     
-        - name: DeveloperSetup
-          href: wcd/wcd-developersetup.md     
-        - name: DeviceFormFactor
-          href: wcd/wcd-deviceformfactor.md  
-        - name: DeviceManagement
-          href: wcd/wcd-devicemanagement.md  
-        - name: DeviceUpdateCenter
-          href: wcd/wcd-deviceupdatecenter.md
-        - name: DMClient
-          href: wcd/wcd-dmclient.md 
-        - name: EditionUpgrade
-          href: wcd/wcd-editionupgrade.md    
-        - name: FirewallConfiguration
-          href: wcd/wcd-firewallconfiguration.md     
-        - name: FirstExperience
-          href: wcd/wcd-firstexperience.md     
-        - name: Folders
-          href: wcd/wcd-folders.md  
-        - name: HotSpot
-          href: wcd/wcd-hotspot.md
-        - name: KioskBrowser
-          href: wcd/wcd-kioskbrowser.md      
-        - name: Licensing
-          href: wcd/wcd-licensing.md 
-        - name: Location
-          href: wcd/wcd-location.md      
-        - name: Maps
-          href: wcd/wcd-maps.md 
-        - name: NetworkProxy
-          href: wcd/wcd-networkproxy.md     
-        - name: NetworkQOSPolicy
-          href: wcd/wcd-networkqospolicy.md 
-        - name: OOBE
-          href: wcd/wcd-oobe.md 
-        - name: Personalization
-          href: wcd/wcd-personalization.md     
-        - name: Policies
-          href: wcd/wcd-policies.md 
-        - name: Privacy
-          href: wcd/wcd-privacy.md  
-        - name: ProvisioningCommands
-          href: wcd/wcd-provisioningcommands.md
-        - name: SharedPC
-          href: wcd/wcd-sharedpc.md 
-        - name: SMISettings
-          href: wcd/wcd-smisettings.md     
-        - name: Start
-          href: wcd/wcd-start.md    
-        - name: StartupApp
-          href: wcd/wcd-startupapp.md     
-        - name: StartupBackgroundTasks
-          href: wcd/wcd-startupbackgroundtasks.md 
-        - name: StorageD3InModernStandby
-          href: wcd/wcd-storaged3inmodernstandby.md
-        - name: SurfaceHubManagement
-          href: wcd/wcd-surfacehubmanagement.md    
-        - name: TabletMode
-          href: wcd/wcd-tabletmode.md  
-        - name: TakeATest
-          href: wcd/wcd-takeatest.md
-        - name: Time
-          href: wcd/wcd-time.md    
-        - name: UnifiedWriteFilter
-          href: wcd/wcd-unifiedwritefilter.md     
-        - name: UniversalAppInstall
-          href: wcd/wcd-universalappinstall.md 
-        - name: UniversalAppUninstall
-          href: wcd/wcd-universalappuninstall.md 
-        - name: UsbErrorsOEMOverride
-          href: wcd/wcd-usberrorsoemoverride.md
-        - name: WeakCharger
-          href: wcd/wcd-weakcharger.md  
-        - name: WindowsHelloForBusiness
-          href: wcd/wcd-windowshelloforbusiness.md
-        - name: WindowsTeamSettings
-          href: wcd/wcd-windowsteamsettings.md     
-        - name: WLAN
-          href: wcd/wcd-wlan.md     
-        - name: Workplace
-          href: wcd/wcd-workplace.md  
-
-    - name: User Experience Virtualization (UE-V)
-      items:
-        - name: User Experience Virtualization (UE-V) for Windows 10
-          href: ue-v/uev-for-windows.md
-        - name: Get started with UE-V
-          items:
-            - name: Get started with UE-V
-              href: ue-v/uev-getting-started.md
-            - name: What's New in UE-V for Windows 10, version 1607
-              href: ue-v/uev-whats-new-in-uev-for-windows.md
-            - name: User Experience Virtualization Release Notes
-              href: ue-v/uev-release-notes-1607.md
-            - name: Upgrade to UE-V for Windows 10
-              href: ue-v/uev-upgrade-uev-from-previous-releases.md
-        - name: Prepare a UE-V Deployment
-          items:
-            - name: Prepare a UE-V Deployment
-              href: ue-v/uev-prepare-for-deployment.md
-            - name: Deploy Required UE-V Features
-              href: ue-v/uev-deploy-required-features.md
-            - name: Deploy UE-V for use with Custom Applications
-              href: ue-v/uev-deploy-uev-for-custom-applications.md
-        - name: Administer UE-V
-          items:
-            - name: UE-V administration guide
-              href: ue-v/uev-administering-uev.md
-            - name: Manage Configurations for UE-V
-              items:
-                - name: Manage Configurations for UE-V
-                  href: ue-v/uev-manage-configurations.md
-                - name: Configuring UE-V with Group Policy Objects
-                  href: ue-v/uev-configuring-uev-with-group-policy-objects.md
-                - name: Configuring UE-V with Microsoft Configuration Manager
-                  href: ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
-                - name: Administering UE-V with Windows PowerShell and WMI
-                  href: ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
-                - name: Managing the UE-V Service and Packages with Windows PowerShell and WMI
-                  href: ue-v/uev-managing-uev-agent-and-packages-with-windows-powershell-and-wmi.md
-                - name: Managing UE-V Settings Location Templates Using Windows PowerShell and WMI
-                  href: ue-v/uev-managing-settings-location-templates-using-windows-powershell-and-wmi.md
-                - name: Working with Custom UE-V Templates and the UE-V Template Generator
-                  href: ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
-                - name: Manage Administrative Backup and Restore in UE-V
-                  href: ue-v/uev-manage-administrative-backup-and-restore.md
-                - name: Changing the Frequency of UE-V Scheduled Tasks
-                  href: ue-v/uev-changing-the-frequency-of-scheduled-tasks.md
-                - name: Migrating UE-V Settings Packages
-                  href: ue-v/uev-migrating-settings-packages.md
-                - name: Using UE-V with Application Virtualization Applications
-                  href: ue-v/uev-using-uev-with-application-virtualization-applications.md
-        - name: Troubleshooting UE-V
-          href: ue-v/uev-troubleshooting.md
-        - name: Technical Reference for UE-V
-          items:
-            - name: Technical Reference for UE-V
-              href: ue-v/uev-technical-reference.md
-            - name: Sync Methods for UE-V
-              href: ue-v/uev-sync-methods.md
-            - name: Sync Trigger Events for UE-V
-              href: ue-v/uev-sync-trigger-events.md
-            - name: Synchronizing Microsoft Office with UE-V
-              href: ue-v/uev-synchronizing-microsoft-office-with-uev.md
-            - name: Application Template Schema Reference for UE-V
-              href: ue-v/uev-application-template-schema-reference.md
-            - name: Security Considerations for UE-V
-              href: ue-v/uev-security-considerations.md

windows/configuration/accessibility/index.md

@@ -1,19 +1,9 @@
 ---
 title: Windows accessibility information for IT Pros
 description: Lists the various accessibility features available in Windows client with links to detailed guidance on how to set them.
-ms.prod: windows-client
+ms.date: 01/25/2024
-ms.technology: itpro-configure
-ms.author: lizlong
-author: lizgt2000
-ms.date: 08/11/2023
-ms.reviewer: 
-manager: aaroncz
-ms.localizationpriority: medium
 ms.topic: conceptual
 ms.collection: tier1
-appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
 ---
 
 <!-- MAXADO-8138357 -->
@@ -25,76 +15,54 @@ Microsoft is dedicated to making its products and services accessible and usable
 
 This article helps you as the IT administrator learn about built-in accessibility features. It also includes recommendations for how to support people in your organization who use these features.
 
-Windows 11, version 22H2, includes improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator. For more information, see [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/) and [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554).<!-- 6294246 -->
+Windows 11, version 22H2, includes improvements for people with disabilities: system-wide live captions, Focus sessions, voice access, and more natural voices for Narrator. For more information, see [New accessibility features coming to Windows 11](https://blogs.windows.com/windowsexperience/2022/05/10/new-accessibility-features-coming-to-windows-11/) and [How inclusion drives innovation in Windows 11](https://blogs.windows.com/windowsexperience/?p=177554).
+<!-- 6294246 -->
 
 ## General recommendations
 
 - **Be aware of Ease of Access settings**. Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows.
-
 - **Don't block settings**. Avoid using group policy or MDM settings that override Ease of Access settings.
-
 - **Encourage choice**. Allow people in your organization to customize their computers based on their needs. That customization might be installing an add-on for their browser, or a non-Microsoft assistive technology.
 
 ## Vision
 
 - [Use Narrator to use devices without a screen](https://support.microsoft.com/windows/complete-guide-to-narrator-e4397a0d-ef4f-b386-d8ae-c172f109bdb1). Narrator describes Windows and apps and enables you to control devices by using a keyboard, controller, or with a range of gestures on touch-supported devices. Now the user is able to download and install 10 more natural languages.
-
 - [Create accessible apps](/windows/apps/develop/accessibility). You can develop accessible apps just like Mail, Groove, and Store that work well with Narrator and other leading screen readers.
-
 - Use keyboard shortcuts. Get the most out of Windows with shortcuts for apps and desktops.
-
   - [Keyboard shortcuts in Windows](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec)
   - [Narrator keyboard commands and touch gestures](https://support.microsoft.com/windows/appendix-b-narrator-keyboard-commands-and-touch-gestures-8bdab3f4-b3e9-4554-7f28-8b15bd37410a)
   - [Windows keyboard shortcuts for accessibility](https://support.microsoft.com/windows/windows-keyboard-shortcuts-for-accessibility-021bcb62-45c8-e4ef-1e4f-41b8c1fc87fd)
-
 - Get closer with [Magnifier](https://support.microsoft.com/windows/use-magnifier-to-make-things-on-the-screen-easier-to-see-414948ba-8b1c-d3bd-8615-0e5e32204198). Magnifier enlarges all or part of your screen and offers various configuration settings.
-
 - [Make Windows easier to see](https://support.microsoft.com/windows/make-windows-easier-to-see-c97c2b0d-cadb-93f0-5fd1-59ccfe19345d).
-
   - Changing the size or color of pointers or adding trails or touch feedback make it easier to follow the mouse.
   - Adjust the size of text, icons, and other screen items to make them easier to see.
   - Many high-contrast themes are available to suit your needs.
-
 - [Have Cortana assist](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
-
 - [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes speech recognition that lets you tell it what to do.
-
 - [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
-
 - [Keep notifications around longer](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1). If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
-
 - [Read in braille](https://support.microsoft.com/windows/chapter-8-using-narrator-with-braille-3e5f065b-1c9d-6eb2-ec6d-1d07c9e94b20). Narrator supports braille displays from more than 35 manufacturers using more than 40 languages and multiple braille variants.
-
 - Starting in Windows 11, version 22H2 with [KB5022913](https://support.microsoft.com/kb/5022913), the compatibility of braille displays has been expanded. Braille displays work seamlessly and reliably across multiple screen readers, improving the end user experience.
 
 ## Hearing
 
 - [Use live captions to better understand audio](https://support.microsoft.com/windows/use-live-captions-to-better-understand-audio-b52da59c-14b8-4031-aeeb-f6a47e6055df). Use Windows 11, version 22H2 or later to better understand any spoken audio with real time captions.
-
 - Starting with Windows 11, version 22H2 with [KB5026446](https://support.microsoft.com/kb/5026446), live captions now supports additional languages.
-
 - [View live transcription in a Teams meeting](https://support.microsoft.com/office/view-live-transcription-in-a-teams-meeting-dc1a8f23-2e20-4684-885e-2152e06a4a8b). During any Teams meeting, view a live transcription so you don't miss what's being said.
-
 - [Use Teams for sign language](https://www.microsoft.com/microsoft-teams/group-chat-software). Teams is available on various platforms and devices, so you don't have to worry about whether your co-workers, friends, and family can communicate with you.
 
 - [Make Windows easier to hear](https://support.microsoft.com/windows/make-windows-easier-to-hear-9c18cfdc-63be-2d47-0f4f-5b00facfd2e1).
-
   - Replace audible alerts with visual alerts.
   - If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.
   - Send all sounds to both left and right channels, which is helpful for those people with partial hearing loss or deafness in one ear.
-
 - [Read spoken words with captioning](https://support.microsoft.com/windows/change-caption-settings-135c465b-8cfd-3bac-9baf-4af74bc0069a). You can customize things like color, size, and background transparency to suit your needs and tastes.
-
 - Use the [Azure Cognitive Services Translator](/azure/cognitive-services/translator/) service to add machine translation to your solutions.
 
 ## Physical
 
 - [Have Cortana assist you](https://support.microsoft.com/topic/what-is-cortana-953e648d-5668-e017-1341-7f26f7d0f825). Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.
-
 - [Dictate text and commands](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571). Windows includes voice recognition that lets you tell it what to do.
-
 - [Use the On-Screen Keyboard (OSK)](https://support.microsoft.com/windows/use-the-on-screen-keyboard-osk-to-type-ecbb5e08-5b4e-d8c8-f794-81dbf896267a). Instead of relying on a physical keyboard, use the OSK to enter data and select keys with a mouse or other pointing device. It also offers word prediction and completion.
-
 - [Make your mouse, keyboard, and other input devices easier to use](https://support.microsoft.com/windows/make-your-mouse-keyboard-and-other-input-devices-easier-to-use-10733da7-fa82-88be-0672-f123d4b3dcfe).
 
   - If you have limited control of your hands, you can personalize your keyboard to do helpful things like ignore repeated keys.
@@ -103,32 +71,24 @@ Windows 11, version 22H2, includes improvements for people with disabilities: sy
 ## Cognition
 
 - [Simplify for focus](https://support.microsoft.com/windows/make-it-easier-to-focus-on-tasks-0d259fd9-e9d0-702c-c027-007f0e78eaf2). Reducing animations and turning off background images and transparency can minimize distractions.
-
 - [Download and use fonts that are easier to read](https://www.microsoft.com/download/details.aspx?id=50721). **Fluent Sitka Small** and **Fluent Calibri** are fonts that address "visual crowding" by adding character and enhance word and line spacing.
-
 - [Microsoft Edge reading view](https://support.microsoft.com/windows/take-your-reading-with-you-b6699255-4436-708e-7b93-4d2e19a15af8). Clears distracting content from web pages so you can stay focused on what you really want to read.
 
 ## Assistive technology devices built into Windows
 
 - [Hear text read aloud with Narrator](https://support.microsoft.com/windows/hear-text-read-aloud-with-narrator-040f16c1-4632-b64e-110a-da4a0ac56917). Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.
-
 - Scripting functionality has been added to Narrator. There is store delivery of Narrator extension scripts which currently include an Outlook script and an Excel script.
-
 - [Use voice recognition](https://support.microsoft.com/windows/use-voice-recognition-in-windows-83ff75bd-63eb-0b6c-18d4-6fae94050571).
 
 <!-- MAXADO-8138354 -->
 - With spellings experience in voice access, you can dictate a complex or non-standard word letter-by-letter and add it to Windows dictionary. The next time you try to dictate the same word, voice access improves its recognition.
 
 - [Save time with keyboard shortcuts](https://support.microsoft.com/windows/keyboard-shortcuts-in-windows-dcc61a57-8ff0-cffe-9796-cb9706c75eec).
-
+- [Use voice access to control your PC and author text with your voice](https://support.microsoft.com/topic/use-voice-access-to-control-your-pc-author-text-with-your-voice-4dcd23ee-f1b9-4fd1-bacc-862ab611f55d).
-- [Use voice access to control your PC and author text with your voice](https://support.microsoft.com/en-us/topic/use-voice-access-to-control-your-pc-author-text-with-your-voice-4dcd23ee-f1b9-4fd1-bacc-862ab611f55d).
 
 ## Other resources
 
 [Windows accessibility](https://www.microsoft.com/Accessibility/windows)
-
 [Designing accessible software](/windows/apps/design/accessibility/designing-inclusive-software)
-
 [Inclusive design](https://www.microsoft.com/design/inclusive)
-
 [Accessibility guide for Microsoft 365 Apps](/deployoffice/accessibility-guide)

windows/configuration/cellular/provisioning-apn.md

@@ -1,63 +1,40 @@
 ---
-title: Configure cellular settings for tablets and PCs (Windows 10)
+title: Configure cellular settings for tablets and PCs
 description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles.
-ms.reviewer: 
+ms.topic: concept-article
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: article
-ms.localizationpriority: medium
 ms.date: 04/13/2018
-ms.technology: itpro-configure
 ---
 
 # Configure cellular settings for tablets and PCs
 
-
-**Applies to**
-
-- Windows 10
-
 >**Looking for consumer information?** See [Cellular settings in Windows 10](https://support.microsoft.com/help/10739/windows-10-cellular-settings)
 
-Enterprises can configure cellular settings for tablets and PC that have built-in cellular modems or plug-in USB modem dongles and apply the settings in a [provisioning package](provisioning-packages/provisioning-packages.md). After the devices are configured, users are automatically connected using the access point name (APN) defined by the enterprise without needing to manually connect.
+Enterprises can configure cellular settings for tablets and PC that have built-in cellular modems or plug-in USB modem dongles and apply the settings in a [provisioning package](../provisioning-packages/provisioning-packages.md). After the devices are configured, users are automatically connected using the access point name (APN) defined by the enterprise without needing to manually connect.
 
 For users who work in different locations, you can configure one APN to connect when the users are at work and a different APN when the users are traveling.
 
-
 ## Prerequisites
 
 - Windows 10, version 1703, desktop editions (Home, Pro, Enterprise, Education)
-
 - Tablet or PC with built-in cellular modem or plug-in USB modem dongle
-
+- [Windows Configuration Designer](../provisioning-packages/provisioning-install-icd.md)
-- [Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md)
-
 - APN (the address that your PC uses to connect to the Internet when using the cellular data connection)
 
-    >[!NOTE]
-    >You can get the APN from your mobile operator.
-    
 ## How to configure cellular settings in a provisioning package
 
-1. In Windows Configuration Designer, [start a new project](provisioning-packages/provisioning-create-package.md) using the **Advanced provisioning** option.
+1. In Windows Configuration Designer, [start a new project](../provisioning-packages/provisioning-create-package.md) using the **Advanced provisioning** option.
-
+1. Enter a name for your project, and then click **Next**.
-2. Enter a name for your project, and then click **Next**.
+1. Select **All Windows desktop editions**, click **Next**, and then click **Finish**.
-
+1. Go to **Runtime settings > Connections > EnterpriseAPN**.
-3. Select **All Windows desktop editions**, click **Next**, and then click **Finish**.
+1. Enter a name for the connection, and then click **Add**.
-
-4. Go to **Runtime settings > Connections > EnterpriseAPN**.
-
-5. Enter a name for the connection, and then click **Add**.
 
 ![Example of APN connection name.](images/apn-add.png)
 
-6. The connection appears in the **Available customizations** pane. Select it to view the settings that you can configure for the connection.
+1. The connection appears in the **Available customizations** pane. Select it to view the settings that you can configure for the connection.
 
 ![settings for new connection.](images/apn-add-details.png)
 
-7. The following table describes the settings available for the connection.
+1. The following table describes the settings available for the connection.
 
     | Setting | Description |
     | --- | --- |
@@ -73,44 +50,38 @@ For users who work in different locations, you can configure one APN to connect
     | Roaming | Select the behavior that you want when the device is roaming. The options are:</br></br>-Disallowed</br>-Allowed (default)</br>-DomesticRoaming</br>-Use OnlyForDomesticRoaming</br>-UseOnlyForNonDomesticRoaming</br>-UseOnlyForRoaming   |
     | UserName | If you select PAP, CHAP, or MSCHAPv2 authentication, enter a user name.  |
 
-8. After you configure the connection settings, [build the provisioning package](provisioning-packages/provisioning-create-package.md#build-package).
+1. After you configure the connection settings, [build the provisioning package](../provisioning-packages/provisioning-create-package.md#build-package).
-
+1. [Apply the package to devices.](../provisioning-packages/provisioning-apply-package.md)
-9. [Apply the package to devices.](provisioning-packages/provisioning-apply-package.md)
-
 
 ## Confirm the settings
 
 After you apply the provisioning package, you can confirm that the settings have been applied.
 
 1. On the configured device, open a command prompt as an administrator.
+1. Run the following command:
 
-2. Run the following command:
+    ```cmd
-
-    ```
     netsh mbn show profiles
     ```
 
-3. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
+1. The command will list the mobile broadband profiles. Using the "Name" for the listed mobile broadband profile, run:
 
-    ```
+    ```cmd
     netsh mbn show profiles name="name"
     ```
 
     This command will list details for that profile, including Access Point Name.
 
-
 Alternatively, you can also use the command:
 
-```
+```cmd
 netsh mbn show interface
 ```
 
 From the results of that command, get the name of the cellular/mobile broadband interface and run:
 
-```
+```cmd
 netsh mbn show connection interface="name"
 ```
 
 The result of that command will show details for the cellular interface, including Access Point Name.
-
-

windows/configuration/changes-to-start-policies-in-windows-10.md

@@ -1,91 +0,0 @@
----
-title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
-description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
-ms.reviewer: 
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: whats-new
-ms.localizationpriority: medium
-ms.date: 08/18/2023
-ms.technology: itpro-configure
----
-
-# Changes to Group Policy settings for Windows 10 Start
-
-**Applies to**:
-
-- Windows 10
-
-Windows 10 has a brand new Start experience. As a result, there are changes to the Group Policy settings that you can use to manage Start. Some policy settings are new or changed, and some old Start policy settings still apply. Other Start policy settings no longer apply and are deprecated.
-
-## Start policy settings supported for Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education
-
-
-These policy settings are available in **Administrative Templates\\Start Menu and Taskbar** under **User Configuration**.
-
-|Policy|Notes|
-|--- |--- |
-|Clear history of recently opened documents on exit|Documents that the user opens are tracked during the session. When the user signs off, the history of opened documents is deleted.|
-|Don't allow pinning items in Jump Lists|Jump Lists are lists of recently opened items, such as files, folders, or websites, organized by the program that you use to open them. This policy prevents users from pinning items to any Jump List.|
-|Don't display or track items in Jump Lists from remote locations|When this policy is applied, only items local on the computer are shown in Jump Lists.|
-|Don't keep history of recently opened documents|Documents that the user opens aren't tracked during the session.|
-|Prevent changes to Taskbar and Start Menu Settings|In Windows 10, this policy disables all of the settings in **Settings** > **Personalization** > **Start** and the options in dialog available via right-click Taskbar > **Properties**|
-|Prevent users from customizing their Start Screen|Use this policy with a [customized Start layout](windows-10-start-layout-options-and-policies.md) to prevent users from changing it|
-|Prevent users from uninstalling applications from Start|In Windows 10, this policy removes the uninstall button in the context menu. It doesn't prevent users from uninstalling the app through other entry points (for example, PowerShell)|
-|Remove All Programs list from the Start menu|In Windows 10, this policy removes the **All apps** button.|
-|Remove and prevent access to the Shut Down, Restart, Sleep, and Hibernate commands|This policy removes the Shut Down, Restart, Sleep, and Hibernate commands from the Start Menu, Start Menu power button, CTRL+ALT+DEL screen, and Alt+F4 Shut Down Windows menu.|
-|Remove common program groups from Start Menu|As in earlier versions of Windows, this policy removes apps specified in the All Users profile from Start|
-|Remove frequent programs list from the Start Menu|In Windows 10, this policy removes the top left **Most used** group of apps.|
-|Remove Logoff on the Start Menu|**Logoff** has been changed to **Sign Out** in the user interface, however the functionality is the same.|
-|Remove pinned programs list from the Start Menu|In Windows 10, this policy removes the bottom left group of apps (by default, only File Explorer and Settings are pinned).|
-|Show "Run as different user" command on Start|This policy enables the **Run as different user** option in the right-click menu for apps.|
-|Start Layout|This policy applies a specific Start layout, and it also prevents users from changing the layout. This policy can be configured in **User Configuration** or **Computer Configuration**.|
-|Force Start to be either full screen size or menu size|This policy applies a specific size for Start.|
-
-## Deprecated Group Policy settings for Start
-
-The Start policy settings listed in the following table don't work on Windows 10. Most of them were deprecated in Windows 8 however a few more were deprecated in Windows 10. Deprecation in this case means that the policy setting won't work on Windows 10. The “Supported on” text for a policy setting won't list Windows 10. The policy settings are still in the Group Policy Management Console and can be used on the operating systems that they apply to.
-
-| Policy                                                                           | When deprecated |
-|----------------------------------------------------------------------------------|-----------------|
-| Go to the desktop instead of Start when signing in                               | Windows 10      |
-| List desktop apps first in the Apps view                                         | Windows 10      |
-| Pin Apps to Start when installed (User or Computer)                              | Windows 10      |
-| Remove Default Programs link from the Start menu.                                | Windows 10      |
-| Remove Documents icon from Start Menu                                            | Windows 10      |
-| Remove programs on Settings menu                                                 | Windows 10      |
-| Remove Run menu from Start Menu                                                  | Windows 10      |
-| Remove the "Undock PC" button from the Start Menu                                | Windows 10      |
-| Search just apps from the Apps view                                              | Windows 10      |
-| Show Start on the display the user is using when they press the Windows logo key | Windows 10      |
-| Show the Apps view automatically when the user goes to Start                     | Windows 10      |
-| Add the Run command to the Start Menu                                            | Windows 8       |
-| Change Start Menu power button                                                   | Windows 8       |
-| Gray unavailable Windows Installer programs Start Menu shortcuts                 | Windows 8       |
-| Remove Downloads link from Start Menu                                            | Windows 8       |
-| Remove Favorites menu from Start Menu                                            | Windows 8       |
-| Remove Games link from Start Menu                                                | Windows 8       |
-| Remove Help menu from Start Menu                                                 | Windows 8       |
-| Remove Homegroup link from Start Menu                                            | Windows 8       |
-| Remove Music icon from Start Menu                                                | Windows 8       |
-| Remove Network icon from Start Menu                                              | Windows 8       |
-| Remove Pictures icon from Start Menu                                             | Windows 8       |
-| Remove Recent Items menu from Start Menu                                         | Windows 8       |
-| Remove Recorded TV link from Start Menu                                          | Windows 8       |
-| Remove user folder link from Start Menu                                          | Windows 8       |
-| Remove Videos link from Start Menu                                               | Windows 8       |
-
- 
-
-## Related topics
-
-- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Add image for secondary tiles](start-secondary-tiles.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with provisioning packages](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md)
-- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)

windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md

@@ -1,140 +0,0 @@
----
-title: Customize Windows 10 Start and taskbar with provisioning packages (Windows 10)
-description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
-ms.reviewer: 
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.author: lizlong
-ms.topic: article
-ms.localizationpriority: medium
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# Customize Windows 10 Start and taskbar with provisioning packages
-
-
-**Applies to**
-
-- Windows 10
-
-> **Looking for consumer information?** [Customize the Start menu](https://go.microsoft.com/fwlink/p/?LinkId=623630)
-
-> [!NOTE]
-> Currently, using provisioning packages to customize the Start menu layout is supported on Windows 10. It's not supported on Windows 11.
-
-In Windows 10 Pro, Windows 10 Enterprise, and Windows 10 Education, version 1703, you can use a provisioning package that you create with Windows Configuration Designer to deploy a customized Start and taskbar layout to users. No reimaging is required, and the Start and taskbar layout can be updated simply by overwriting the .xml file that contains the layout. The provisioning package can be applied to a running device. This enables you to customize Start and taskbar layouts for different departments or organizations, with minimal management overhead.
-
-> [!IMPORTANT]
-> If you use a provisioning package to configure the taskbar, your configuration will be reapplied each time the explorer.exe process restarts. If your configuration pins an app and the user unpins that app, the user's change will be overwritten the next time the configuration is applied. To apply a taskbar configuration and allow users to make changes that will persist, apply your configuration by using Group Policy.
-
-**Before you begin**: [Customize and export Start layout](customize-and-export-start-layout.md) for desktop editions.
-
-## <a href="" id="bkmk-howstartscreencontrolworks"></a>How Start layout control works
-
-
-Three features enable Start and taskbar layout control:
-
--   The **Export-StartLayout** cmdlet in Windows PowerShell exports a description of the current Start layout in .xml file format. 
-
-    > [!NOTE]
-    > To import the layout of Start to a mounted Windows image, use the [Import-StartLayout](/powershell/module/startlayout/import-startlayout) cmdlet.
-
--    [You can modify the Start .xml file](configure-windows-10-taskbar.md) to include  `<CustomTaskbarLayoutCollection>` or create an .xml file just for the taskbar configuration.
-
--   In Windows Configuration Designer, you use the **Policies/Start/StartLayout** setting to provide the contents of the .xml file that defines the Start and taskbar layout.
-
-<span id="escape"/>
-
-## <a href="" id="escape"></a>Prepare the Start layout XML file
-
-The **Export-StartLayout** cmdlet produces an XML file. Because Windows Configuration Designer produces a customizations.xml file that contains the configuration settings, adding the Start layout section to the customizations.xml file directly would result in an XML file embedded in an XML file. Before you add the Start layout section to the customizations.xml file, you must replace the markup characters in your layout.xml with escape characters. 
-
-
-1. Copy the contents of layout.xml into an online tool that escapes characters.
-
-3. During the procedure to create a provisioning package, you will copy the text with the escape characters and paste it in the customizations.xml file for your project.  
-
-## <a href="" id="bkmk-domaingpodeployment"></a>Create a provisioning package that contains a customized Start layout
-
-
-Use the Windows Configuration Designer tool to create a provisioning package. [Learn how to install Windows Configuration Designer.](provisioning-packages/provisioning-install-icd.md)
-
-> [!IMPORTANT]
-> When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
-
-1.  Open Windows Configuration Designer (by default, %systemdrive%\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Imaging and Configuration Designer\\x86\\ICD.exe).
-
-2. Choose **Advanced provisioning**.
-
-3. Name your project, and click **Next**.
-
-4. Choose **All Windows desktop editions** and click **Next**.
-
-5. On **New project**, click **Finish**. The workspace for your package opens.
-
-6. Expand **Runtime settings** &gt; **Policies** &gt; **Start**, and click **StartLayout**.
-
-   > [!TIP]
-   > If **Start** is not listed, check the type of settings you selected in step 4. You must create the project using settings for **All Windows desktop editions**.
-
-7. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you will replace with the contents of the layout.xml file in a later step.
-
-7. Save your project and close Windows Configuration Designer.
-
-7. In File Explorer, open the project's directory. (The default location is C:\Users\\*user name*\Documents\Windows Imaging and Configuration Designer (WICD)\\*project name*) 
-
-7. Open the customizations.xml file in a text editor. The **&lt;Customizations&gt;** section will look like this:
-
-    ![Customizations file with the placeholder text to replace highlighted.](images/customization-start.png)
-
-7. Replace **layout.xml** with the text from the layout.xml file, [with markup characters replaced with escape characters](#escape).
-
-8. Save and close the customizations.xml file.
-
-8. Open Windows Configuration Designer and open your project.
-
-8.  On the **File** menu, select **Save.**
-
-9.  On the **Export** menu, select **Provisioning package**.
-
-10. Change **Owner** to **IT Admin**, which will set the precedence of this provisioning package higher than provisioning packages applied to this device from other sources, and then select **Next.**
-
-11. Optional. In the **Provisioning package security** window, you can choose to encrypt the package and enable package signing.
-
-    -   **Enable package encryption** - If you select this option, an auto-generated password will be shown on the screen.
-
-    -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Browse** and choosing the certificate you want to use to sign the package.
-
-12. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
-
-    Optionally, you can click **Browse** to change the default output location.
-
-13. Click **Next**.
-
-14. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
-
-    If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
-
-15. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
-
-    If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
-
-    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
-    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
-
-16. Copy the provisioning package to the target device.
-
-17. Double-click the ppkg file and allow it to install.
-
-## Related topics
-
-- [Manage Windows 10 Start and taskbar layout](windows-10-start-layout-options-and-policies.md)
-- [Configure Windows 10 taskbar](configure-windows-10-taskbar.md)
-- [Customize and export Start layout](customize-and-export-start-layout.md)
-- [Add image for secondary tiles](start-secondary-tiles.md)
-- [Start layout XML for desktop editions of Windows 10 (reference)](start-layout-xml-desktop.md)
-- [Customize Windows 10 Start and taskbar with Group Policy](customize-windows-10-start-screens-by-using-group-policy.md)
-- [Customize Windows 10 Start and taskbar with mobile device management (MDM)](customize-windows-10-start-screens-by-using-mobile-device-management.md)
-- [Changes to Start policies in Windows 10](changes-to-start-policies-in-windows-10.md)

windows/configuration/docfx.json

@@ -41,9 +41,10 @@
       "zone_pivot_group_filename": "resources/zone-pivot-groups.json",
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-Windows",
-      "ms.technology": "itpro-configure",
+      "ms.subservice": "itpro-configure",
-      "ms.topic": "article",
+      "ms.service": "windows-client",
-      "ms.prod": "windows-client",
+      "ms.author": "paoloma",
+      "author": "paolomatarazzo",
       "manager": "aaroncz",
       "feedback_system": "Standard",
             "feedback_product_url": "https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332",
@@ -71,8 +72,38 @@
     },
     "fileMetadata": {
       "feedback_system": {
-        "ue-v/**/*.*": "None",
+        "ue-v/**/*.*": "None"
-        "cortana-at-work/**/*.*": "None"
+      },
+      "author":{
+        "wcd//**/*.md": "aczechowski",
+        "wcd//**/*.yml": "aczechowski",
+        "ue-v//**/*.md": "aczechowski",
+        "ue-v//**/*.yml": "aczechowski"
+      },
+      "ms.author":{
+        "wcd//**/*.md": "aaroncz",
+        "wcd//**/*.yml": "aaroncz",
+        "ue-v//**/*.md": "aaroncz",
+        "ue-v//**/*.yml": "aaroncz"
+      },
+      "ms.reviewer":{
+        "kiosk//**/*.md": "sybruckm",
+        "start//**/*.md": "ericpapa"
+      },
+      "ms.collection":{
+        "wcd//**/*.md": "must-keep",
+        "ue-v//**/*.md": [
+          "must-keep",
+          "tier3"
+        ]
+      },
+      "appliesto": {
+        "*/**/*.md": [
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+          "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
+        ],
+        "ue-v//**/*.md": "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+        "wcd//**/*.md": ""
       }
     },
     "template": [],
@@ -80,3 +111,4 @@
     "markdownEngineName": "markdig"
   }
 }
+

windows/configuration/images/icons/accessibility.svg

@@ -0,0 +1,3 @@
+<svg width="18" height="18" viewBox="0 0 18 18" fill="none" xmlns="http://www.w3.org/2000/svg">
+  <path d="M6.75001 3.25C6.75001 2.55964 7.30966 2 8.00001 2C8.69037 2 9.25001 2.55964 9.25001 3.25C9.25001 3.94036 8.69037 4.5 8.00001 4.5C7.30966 4.5 6.75001 3.94036 6.75001 3.25ZM8.00001 1C6.75737 1 5.75001 2.00736 5.75001 3.25C5.75001 3.42769 5.77061 3.60057 5.80955 3.76638L4.1981 3.11531C3.38523 2.78689 2.45661 3.17707 2.12226 3.98751C1.78682 4.8006 2.17658 5.72824 2.9921 6.05773L5 6.86897L5 9.25304L3.18661 12.6635C2.77397 13.4396 3.06858 14.4032 3.84463 14.8158C4.62069 15.2285 5.58431 14.9339 5.99695 14.1578L8.00028 10.3901L10.0037 14.158C10.4163 14.934 11.3799 15.2286 12.156 14.816C12.9321 14.4034 13.2267 13.4397 12.814 12.6637L11 9.252V6.86897L13.0079 6.05773C13.8234 5.72824 14.2132 4.80059 13.8777 3.98751C13.5434 3.17707 12.6148 2.78689 11.8019 3.11531L10.1905 3.76636C10.2294 3.60055 10.25 3.42768 10.25 3.25C10.25 2.00736 9.24265 1 8.00001 1ZM3.04668 4.36889C3.17149 4.06635 3.52005 3.91989 3.82349 4.04249L7.25078 5.42721C7.73138 5.62138 8.2686 5.62138 8.74921 5.42721L12.1765 4.04249C12.4799 3.91989 12.8285 4.06635 12.9533 4.36889C13.077 4.66879 12.9341 5.00902 12.6333 5.13055L10.6254 5.94179C10.2474 6.09449 10 6.46133 10 6.86897V9.252C10 9.41571 10.0402 9.57692 10.1171 9.72147L11.9311 13.1332C12.0844 13.4216 11.9749 13.7797 11.6865 13.9331C11.3981 14.0864 11.04 13.9769 10.8866 13.6885L8.88322 9.92064C8.50711 9.21327 7.49344 9.21326 7.11733 9.92064L5.114 13.6883C4.96065 13.9768 4.60252 14.0863 4.31411 13.9329C4.02569 13.7795 3.9162 13.4214 4.06955 13.133L5.88295 9.72251C5.9598 9.57796 6 9.41675 6 9.25304V6.86897C6 6.46133 5.75256 6.09449 5.3746 5.94179L3.3667 5.13055C3.06591 5.00902 2.92295 4.66879 3.04668 4.36889Z" fill="#0078D4" />
+</svg>

windows/configuration/images/icons/windows-os.svg

@@ -0,0 +1,3 @@
+<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 2048 2048" width="18" height="18" >
+  <path d="M0 0h961v961H0V0zm1087 0h961v961h-961V0zM0 1087h961v961H0v-961zm1087 0h961v961h-961v-961z" fill="#0078D4" />
+</svg>

windows/configuration/includes/insider-note.md

@@ -7,7 +7,7 @@ ms.date: 01/11/2024
 
 :::row:::
 :::column span="1":::
-:::image type="content" source="../images/insider.png" alt-text="Logo of Windows Insider." border="false":::
+:::image type="content" source="insider.png" alt-text="Logo of Windows Insider." border="false":::
 :::column-end:::
 :::column span="3":::
 > [!IMPORTANT]

windows/configuration/includes/multi-app-kiosk-support-windows11.md

@@ -1,11 +0,0 @@
----
-author: aczechowski
-ms.author: aaroncz
-ms.date: 09/21/2021
-ms.reviewer: 
-manager: aaroncz
-ms.service: windows-client
-ms.topic: include
----
-
-Currently, multi-app kiosk is only supported on Windows 10. It's not supported on Windows 11.

windows/configuration/index.yml

@@ -1,5 +1,4 @@
 ### YamlMime:Landing
-
 title: Configure Windows client # < 60 chars
 summary: Find out how to apply custom configurations to Windows client devices. # < 160 chars
 
@@ -7,14 +6,12 @@ metadata:
   title: Configure Windows client # Required; page title displayed in search results. Include the brand. < 60 chars.
   description: Find out how to apply custom configurations to Windows client devices. # Required; article description that is displayed in search results. < 160 chars.
   ms.topic: landing-page # Required
-  ms.prod: windows-client
   ms.collection:
     - tier1
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
   ms.date: 12/20/2023
-  localization_priority: medium
 
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
 
@@ -35,7 +32,6 @@ landingContent:
           - text: Accessibility information for IT pros
             url: windows-accessibility-for-itpros.md
 
-
   # Card (optional)
   - title: Configure a Windows kiosk
     linkLists:
@@ -50,7 +46,6 @@ landingContent:
           - text: Manage multi-user and guest devices
             url: shared-devices-concepts.md
 
-
   # Card (optional)
   - title: Use provisioning packages
     linkLists:
@@ -87,6 +82,7 @@ landingContent:
           - text: Configure Cortana in Windows 10
             url: cortana-at-work/cortana-at-work-overview.md
           - text: Custom voice commands in Cortana
+
             url: cortana-at-work/cortana-at-work-voice-commands.md
 
   # Card (optional)

windows/configuration/kiosk-additional-reference.md

@@ -1,36 +0,0 @@
----
-title: More kiosk methods and reference information (Windows 10/11)
-description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.topic: reference
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# More kiosk methods and reference information
-
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-
-## In this section
-
-Topic | Description
---- | ---
-[Find the Application User Model ID of an installed app](find-the-application-user-model-id-of-an-installed-app.md) | This topic explains how to get the AUMID for an app.
-[Validate your kiosk configuration](kiosk-validate.md) | This topic explains what to expect on a multi-app kiosk.
-[Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience.
-[Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk.
-[Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration.
-[Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps.
-[Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) |  Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface.
-[Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
-[Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration.

windows/configuration/kiosk-methods.md

@@ -1,117 +0,0 @@
----
-title: Configure kiosks and digital signs on Windows 10/11 desktop editions
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
-ms.prod: windows-client
-ms.localizationpriority: medium
-author: lizgt2000
-ms.topic: article
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# Configure kiosks and digital signs on Windows desktop editions
-
->[!WARNING]
->Some information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-Some desktop devices in an enterprise serve a special purpose. For example, a PC in the lobby that customers use to see your product catalog. Or, a PC displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
-
-- **A single-app kiosk**: Runs a single Universal Windows Platform (UWP) app in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app launches automatically, and you can configure the kiosk account to sign in automatically as well. If the kiosk app is closed, it will automatically restart. 
-  
-  A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user logs on. This type of single-app kiosk doesn't run above the lock screen. 
-
-  ![Illustration of a full-screen kiosk experience that runs one app on a Windows client device.](images/kiosk-fullscreen.png)
-
-- **A multi-app kiosk**: Runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the tiles for the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. 
-
-  A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that affects **all** non-administrator users on the device. 
-
-  ![Illustration of a kiosk Start screen that runs multiple apps on a Windows client device.](images/kiosk-desktop.png)
-
-Kiosk configurations are based on **Assigned Access**, a feature in Windows client that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user. 
-
-There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
-
-- **Which type of app will your kiosk run?**
-
-    ![icon that represents apps.](images/office-logo.png) 
-
-    Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
-
-- **Which type of kiosk do you need?**
-
-    ![icon that represents a kiosk.](images/kiosk.png)
-
-    If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a [Windows desktop application](#classic). For a kiosk that people can sign in to with their accounts or that runs more than one app, choose [a multi-app kiosk](#desktop).
-
-- **Which edition of Windows client will the kiosk run?**
-
-    ![icon that represents Windows.](images/windows.png)
-
-    All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home.
-
-- **Which type of user account will be the kiosk account?**
-
-    ![icon that represents a user account.](images/user.png)
-
-    The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method.
-
-
->[!IMPORTANT]
->Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
-
-[!INCLUDE [assigned-access-kiosk-mode](../../includes/licensing/assigned-access-kiosk-mode.md)]
-
-## Methods for a single-app kiosk running a UWP app
-
-You can use this method | For this edition | For this kiosk account type 
---- | --- | ---
-[Assigned access in Settings](kiosk-single-app.md#local) | Pro, Ent, Edu | Local standard user
-[Assigned access cmdlets](kiosk-single-app.md#powershell)  | Pro, Ent, Edu | Local standard user
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard)  | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID 
-[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
-[Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-
-<span id="classic" />
-
-## Methods for a single-app kiosk running a Windows desktop application
-
-You can use this method | For this edition | For this kiosk account type 
---- | --- | ---
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID 
-[Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md#mdm) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID
-[Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-
-<span id="desktop" />
-
-## Methods for a multi-app kiosk
-
-You can use this method | For this edition | For this kiosk account type 
---- | --- | ---
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID
-[Microsoft Intune or other MDM](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Microsoft Entra ID
-[MDM WMI Bridge Provider](kiosk-mdm-bridge.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID  
-
-## Summary of kiosk configuration methods
-
-Method | App type | Account type | Single-app kiosk | Multi-app kiosk
---- | --- | --- | :---: | :---:
-[Assigned access in Settings](kiosk-single-app.md#local) | UWP | Local account | ✔️  |
-[Assigned access cmdlets](kiosk-single-app.md#powershell) | UWP | Local account | ✔️ |
-[The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️  |
-[XML in a provisioning package](lock-down-windows-10-to-specific-apps.md)  | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️  | ✔️
-Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md#mdm) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Microsoft Entra ID | ✔️ | ✔️
-[Shell Launcher](kiosk-shelllauncher.md) |Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✔️ | 
-[MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID |  | ✔️
-
-
->[!NOTE]
->For devices running Windows client Enterprise and Education, you can also use [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) or [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps.

windows/configuration/kiosk-policies.md

@@ -1,80 +0,0 @@
----
-title: Policies enforced on kiosk devices (Windows 10/11)
-description: Learn about the policies enforced on a device when you configure it as a kiosk.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.author: lizlong
-ms.topic: article
-ms.technology: itpro-configure
-ms.date: 12/31/2017
----
-
-# Policies enforced on kiosk devices
-
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-
-
-It isn't recommended to set policies enforced in assigned access kiosk mode to different values using other channels, as the kiosk mode has been optimized to provide a locked-down experience.
-
-When the assigned access kiosk configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
-
-
-## Group Policy
-
-The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not.  These users include local users, domain users, and Microsoft Entra users.
-
-| Setting |	Value |
-| --- | --- |
-Remove access to the context menus for the task bar	| Enabled
-Clear history of recently opened documents on exit |	Enabled
-Prevent users from customizing their Start Screen |	Enabled
-Prevent users from uninstalling applications from Start |		Enabled
-Remove Run menu from Start Menu	 |	Enabled
-Disable showing balloon notifications as toast |		Enabled
-Do not allow pinning items in Jump Lists |		Enabled
-Do not allow pinning programs to the Taskbar |		Enabled
-Do not display or track items in Jump Lists from remote locations |		Enabled
-Remove Notifications and Action Center |		Enabled
-Lock all taskbar settings |		Enabled
-Lock the Taskbar	 |	Enabled
-Prevent users from adding or removing toolbars |		Enabled
-Prevent users from resizing the taskbar	 |	Enabled
-Remove frequent programs list from the Start Menu |		Enabled
-Remove Pinned programs from the taskbar	 |	Enabled
-Remove the Security and Maintenance icon	 |	Enabled
-Turn off all balloon notifications |		Enabled
-Turn off feature advertisement balloon notifications	 |	Enabled
-Turn off toast notifications |		Enabled
-Remove Task Manager |		Enabled
-Remove Change Password option in Security Options UI |		Enabled
-Remove Sign Out option in Security Options UI	 |	Enabled
-Remove All Programs list from the Start Menu	 |	Enabled – Remove and disable setting
-Prevent access to drives from My Computer	 |	Enabled - Restrict all drives
-
->[!NOTE]
->When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
-
-
-
-## MDM policy
-
-
-Some of the MDM policies based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (that is, system-wide impact).
-
-Setting	| 	Value	| System-wide
- --- | --- | ---
-[Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana)		| 0 - Not allowed	| 	Yes
-[Start/AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings)	| 	0 - Shortcut is hidden and disables the setting in the Settings app	| 	Yes
-Start/HidePeopleBar		| 1 - True (hide)	| 	No
-[Start/HideChangeAccountSettings](/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings)		| 1 - True (hide) | Yes
-[WindowsInkWorkspace/AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace)	| 	0 - Access to ink workspace is disabled and the feature is turned off	| 	Yes
-[Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout)	| Configuration dependent	| 	No
-[WindowsLogon/DontDisplayNetworkSelectionUI](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui)	| 	<Enabled/>	| 	Yes

windows/configuration/kiosk/find-the-application-user-model-id-of-an-installed-app.md

@@ -1,12 +1,10 @@
 ---
 title: Find the Application User Model ID of an installed app
-ms.reviewer: sybruckm
 description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device.
-author: lizgt2000
-ms.author: lizlong
 ms.topic: article
 ms.date: 12/31/2017
 ---
+
 # Find the Application User Model ID of an installed app
 
 To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device. You can find the AUMID by using Windows PowerShell, File Explorer, or the registry.
@@ -43,10 +41,8 @@ You can add the `-user <username>` or the `-allusers` parameters to the **Get-Ap
 To get the names and AUMIDs for all apps installed for the current user, perform the following steps:
 
 1. Open **Run**, enter **shell:Appsfolder**, and select **OK**.
-
+1. A File Explorer window opens. Press **Alt** > **View** > **Choose details**.
-2. A File Explorer window opens. Press **Alt** > **View** > **Choose details**.
+1. In the **Choose Details** window, select **AppUserModelId**, and then select **OK**. (You might need to change the **View** setting from **Tiles** to **Details**.)
-
-3. In the **Choose Details** window, select **AppUserModelId**, and then select **OK**. (You might need to change the **View** setting from **Tiles** to **Details**.)
 
 ![Image of the Choose Details options.](images/aumid-file-explorer.png)
 
@@ -56,7 +52,9 @@ Querying the registry can only return information about Microsoft Store apps tha
 
 At a command prompt, type the following command:
 
-`reg query HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package /s /f AppUserModelID | find "REG_SZ"`
+```cmd
+reg query HKEY_CURRENT_USER\Software\Classes\ActivatableClasses\Package /s /f AppUserModelID | find "REG_SZ"
+```
 
 ### Example to get AUMIDs of the installed apps for the specified user
 

windows/configuration/kiosk/guidelines-for-assigned-access-app.md

@@ -1,47 +1,31 @@
 ---
 title: Guidelines for choosing an app for assigned access
 description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
-author: lizgt2000
-ms.author: lizlong
 ms.topic: article
-ms.reviewer: sybruckm
-ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
 
 # Guidelines for choosing an app for assigned access (kiosk mode)
 
-
+Use assigned access to restrict users to use only one application, so that the device acts like a kiosk. Administrators can use assigned access to restrict a selected user account to access a single Windows app. You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience.
-**Applies to**
-
-- Windows 10
-- Windows 11
-
-
-You can use assigned access to restrict customers at your business to using only one Windows app so your device acts like a kiosk.  Administrators can use assigned access to restrict a selected user account to access a single Windows app. You can choose almost any Windows app for assigned access; however, some apps may not provide a good user experience.
 
 The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
 
 ## General guidelines
 
 - Windows apps must be provisioned or installed for the assigned access account before they can be selected as the assigned access app. [Learn how to provision and install apps](/windows/client-management/mdm/enterprise-app-management#install_your_apps).
-
 - Updating a Windows app can sometimes change the Application User Model ID (AUMID) of the app. If this change happens, you must update the assigned access settings to launch the updated app, because assigned access uses the AUMID to determine which app to launch.
-
 - Apps that are generated using the [Desktop App Converter (Desktop Bridge)](/windows/uwp/porting/desktop-to-uwp-run-desktop-app-converter) can't be used as kiosk apps.
 
-
-
-
 ## Guidelines for Windows apps that launch other apps
 
-Some Windows apps can launch other apps. Assigned access prevents Windows apps from launching other apps. 
+Some apps can launch other apps. Assigned access prevents Windows apps from launching other apps.
 
 Avoid selecting Windows apps that are designed to launch other apps as part of their core functionality.
 
 ## Guidelines for web browsers
 
-Starting with Windows 10 version 1809+, Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
+Microsoft Edge includes support for kiosk mode. [Learn how to deploy Microsoft Edge kiosk mode.](/microsoft-edge/deploy/microsoft-edge-kiosk-mode-deploy)
 
 In Windows client, you can install the **Kiosk Browser** app from Microsoft to use as your kiosk app. For digital signage scenarios, you can configure **Kiosk Browser** to navigate to a URL and show only that content -- no navigation buttons, no address bar, etc. For kiosk scenarios, you can configure more settings, such as allowed and blocked URLs, navigation buttons, and end session buttons. For example, you could configure your kiosk to show the online catalog for your store, where customers can navigate between departments and items, but aren't allowed to go to a competitor's website.
 
@@ -50,80 +34,78 @@ In Windows client, you can install the **Kiosk Browser** app from Microsoft to u
 >
 >Kiosk Browser can't access intranet websites.
 
-
 **Kiosk Browser** must be downloaded for offline licensing using Microsoft Store For Business. You can deploy **Kiosk Browser** to devices running Windows 10, version 1803 (Pro, Business, Enterprise, and Education) and Windows 11.
 
 1. [Get **Kiosk Browser** in Microsoft Store for Business with offline license type.](/microsoft-store/acquire-apps-microsoft-store-for-business#acquire-apps)
-2. [Deploy **Kiosk Browser** to kiosk devices.](/microsoft-store/distribute-offline-apps)
+1. [Deploy **Kiosk Browser** to kiosk devices.](/microsoft-store/distribute-offline-apps)
-3. Configure policies using settings from the Policy Configuration Service Provider (CSP) for [KioskBrowser](/windows/client-management/mdm/policy-csp-kioskbrowser). These settings can be configured using your MDM service provider, or [in a provisioning package](provisioning-packages/provisioning-create-package.md). In Windows Configuration Designer, the settings are located in **Policies > KioskBrowser** when you select advanced provisioning for Windows desktop editions.
+1. Configure policies using settings from the Policy Configuration Service Provider (CSP) for [KioskBrowser](/windows/client-management/mdm/policy-csp-kioskbrowser). These settings can be configured using your MDM service provider, or [in a provisioning package](../provisioning-packages/provisioning-create-package.md). In Windows Configuration Designer, the settings are located in **Policies > KioskBrowser** when you select advanced provisioning for Windows desktop editions.
 
 >[!NOTE]
 >If you configure the kiosk using a provisioning package, you must apply the provisioning package after the device completes the out-of-box experience (OOBE).
 
 ### Kiosk Browser settings
 
-Kiosk Browser settings | Use this setting to
+| Kiosk Browser settings | Use this setting to |
---- | ---
+|--|--|
-Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. <br><br>For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs.
+| Blocked URL Exceptions | Specify URLs that people can navigate to, even though the URL is in your blocked URL list. You can use wildcards. <br><br>For example, if you want people to be limited to `http://contoso.com` only, you would add `.contoso.com` to blocked URL exception list and then block all other URLs. |
-Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards. <br><br>If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list.
+| Blocked URLs | Specify URLs that people can't navigate to. You can use wildcards. <br><br>If you want to limit people to a specific site, add `https://*` to the blocked URL list, and then specify the site to be allowed in the blocked URL exceptions list. |
-Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL.
+| Default URL | Specify the URL that Kiosk Browser will open with. **Tip!** Make sure your blocked URLs don't include your default URL. |
-Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL.
+| Enable End Session Button | Show a button in Kiosk Browser that people can use to reset the browser. End Session will clear all browsing data and navigate back to the default URL. |
-Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL.
+| Enable Home Button | Show a Home button in Kiosk Browser. Home will return the browser to the default URL. |
-Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser.
+| Enable Navigation Buttons | Show forward and back buttons in Kiosk Browser. |
-Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction.
+| Restart on Idle Time | Specify when Kiosk Browser should restart in a fresh state after an amount of idle time since the last user interaction. |
+
+To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
+
+1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer
+1. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18)
+1. Insert the null character string in between each URL (e.g www.bing.com`&#xF000;`www.contoso.com)
+1. Save the XML file
+1. Open the project again in Windows Configuration Designer
+1. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed
 
-> [!IMPORTANT]
-> To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
-> 
-> 1. Create the provisioning package. When ready to export, close the project in Windows Configuration Designer.
-> 2. Open the customizations.xml file in the project folder (e.g C:\Users\name\Documents\Windows Imaging and Configuration Designer (WICD)\Project_18). 
-> 3. Insert the null character string in between each URL (e.g www.bing.com`&#xF000;`www.contoso.com). 
-> 4. Save the XML file.
-> 5. Open the project again in Windows Configuration Designer.
-> 6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
-> 
-> 
 > [!TIP]
+>
 > To enable the **End Session** button for Kiosk Browser in Intune, you must [create a custom OMA-URI policy](/intune/custom-settings-windows-10) with the following information:
+>
 > - OMA-URI: ./Vendor/MSFT/Policy/Config/KioskBrowser/EnableEndSessionButton
 > - Data type: Integer
 > - Value: 1
 
-
 #### Rules for URLs in Kiosk Browser settings
 
 Kiosk Browser filtering rules are based on the [Chromium Project](https://www.chromium.org/Home).
 
 URLs can include:
+
 - A valid port value from 1 to 65,535.
 - The path to the resource.
 - Query parameters.
 
 More guidelines for URLs:
 
-- If a period precedes the host, the policy filters exact host matches only.
+- If a period precedes the host, the policy filters exact host matches only
-- You can't use user:pass fields.
+- You can't use user:pass fields
-- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence.
+- When both blocked URL and blocked URL exceptions apply with the same path length, the exception takes precedence
-- The policy searches wildcards (*) last.
+- The policy searches wildcards (*) last
-- The optional query is a set of key-value and key-only tokens delimited by '&'.
+- The optional query is a set of key-value and key-only tokens delimited by '&'
-- Key-value tokens are separated by '='.
+- Key-value tokens are separated by '='
-- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching.
+- A query token can optionally end with a '*' to indicate prefix match. Token order is ignored during matching
 
 ### Examples of blocked URLs and exceptions
 
 The following table describes the results for different combinations of blocked URLs and blocked URL exceptions.
 
-Blocked URL rule |  Block URL exception rule | Result
+| Blocked URL rule | Block URL exception rule | Result |
---- | --- | ---
+|--|--|--|
-`*` | `contoso.com`<br>`fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains.
+| `*` | `contoso.com`<br>`fabrikam.com` | All requests are blocked unless it's to contoso.com, fabrikam.com, or any of their subdomains. |
-`contoso.com` | `mail.contoso.com`<br>`.contoso.com`<br>`.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain.
+| `contoso.com` | `mail.contoso.com`<br>`.contoso.com`<br>`.www.contoso.com` | Block all requests to contoso.com, except for the main page and its mail subdomain. |
-`youtube.com` | `youtube.com/watch?v=v1`<br>`youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2).
+| `youtube.com` | `youtube.com/watch?v=v1`<br>`youtube.com/watch?v=v2` | Blocks all access to youtube.com except for the specified videos (v1 and v2). |
 
 The following table gives examples for blocked URLs.
 
-
 | Entry | Result |
-|--------------------------|-------------------------------------------------------------------------------|
+|--|--|
 | `contoso.com` | Blocks all requests to contoso.com, www.contoso.com, and sub.www.contoso.com |
 | `https://*` | Blocks all HTTPS requests to any domain. |
 | `mail.contoso.com` | Blocks requests to mail.contoso.com but not to www.contoso.com or contoso.com |
@@ -132,20 +114,17 @@ The following table gives examples for blocked URLs.
 | `*` | Blocks all requests except for URLs in the Blocked URL Exceptions list. |
 | `*:8080` | Blocks all requests to port 8080. |
 | `contoso.com/stuff` | Blocks all requests to contoso.com/stuff and its subdomains. |
-|      `192.168.1.2`       |                        Blocks requests to 192.168.1.2.                        |
+| `192.168.1.2` | Blocks requests to 192.168.1.1. |
 | `youtube.com/watch?v=V1` | Blocks YouTube video with id V1. |
 
 ### Other browsers
 
-
-
 You can create your own web browser Windows app by using the WebView class. Learn more about developing your own web browser app:
+
 - [Creating your own browser with HTML and JavaScript](https://blogs.windows.com/msedgedev/2015/08/27/creating-your-own-browser-with-html-and-javascript/)
 - [WebView class](/uwp/api/Windows.UI.Xaml.Controls.WebView)
 - [A web browser built with JavaScript as a Windows app](https://github.com/MicrosoftEdge/JSBrowser/tree/v1.0)
 
-
-
 ## Secure your information
 
 Avoid selecting Windows apps that may expose the information you don't want to show in your kiosk, since kiosk usually means anonymous access and locates in a public setting like a shopping mall. For example, an app that has a file picker allows the user to gain access to files and folders on the user's system, avoid selecting these types of apps if they provide unnecessary data access.

windows/configuration/kiosk/kiosk-additional-reference.md

@@ -0,0 +1,22 @@
+---
+title: More kiosk methods and reference information
+description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
+ms.topic: reference
+ms.date: 12/31/2017
+---
+
+# More kiosk methods and reference information
+
+## In this section
+
+| Topic | Description |
+|--|--|
+| [Find the Application User Model ID of an installed app](find-the-application-user-model-id-of-an-installed-app.md) | This topic explains how to get the AUMID for an app. |
+| [Validate your kiosk configuration](kiosk-validate.md) | This topic explains what to expect on a multi-app kiosk. |
+| [Guidelines for choosing an app for assigned access (kiosk mode)](guidelines-for-assigned-access-app.md) | These guidelines will help you choose an appropriate Windows app for your assigned access experience. |
+| [Policies enforced on kiosk devices](kiosk-policies.md) | Learn about the policies enforced on a device when you configure it as a kiosk. |
+| [Assigned access XML reference](kiosk-xml.md) | The XML and XSD for kiosk device configuration. |
+| [Use AppLocker to create a Windows client kiosk](lock-down-windows-10-applocker.md) | Learn how to use AppLocker to configure a Windows client kiosk device running Enterprise or Education so that users can only run a few specific apps. |
+| [Use Shell Launcher to create a Windows client kiosk](kiosk-shelllauncher.md) | Using Shell Launcher, you can configure a kiosk device that runs a Windows application as the user interface. |
+| [Use MDM Bridge WMI Provider to create a Windows client kiosk](kiosk-mdm-bridge.md) | Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class. |
+| [Troubleshoot kiosk mode issues](/troubleshoot/windows-client/shell-experience/kiosk-mode-issues-troubleshooting) | Tips for troubleshooting multi-app kiosk configuration. |

windows/configuration/kiosk/kiosk-mdm-bridge.md

@@ -1,42 +1,30 @@
 ---
-title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
+title: Use MDM Bridge WMI Provider to create a Windows kiosk
 description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
 ms.topic: article
-ms.technology: itpro-configure
+ms.date: 1/26/2024
-ms.date: 12/31/2017
+zone_pivot_groups: windows-versions-11-10
+appliesto:
 ---
 
 # Use MDM Bridge WMI Provider to create a Windows client kiosk
 
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
 Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class. For more information about using a PowerShell script to configure AssignedAccess, see [PowerShell Scripting with WMI Bridge Provider](/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider).
 
 Here's an example to set AssignedAccess configuration:
 
-1. Download the [psexec tool](/sysinternals/downloads/psexec).  
+1. [Download PsTools][PSTools]
-2. Run `psexec.exe -i -s cmd.exe`.
+1. Open an elevated command prompt and run: `psexec.exe -i -s powershell.exe`
-3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell.
+1. In the PowerShell session launched by `psexec.exe`, execute the following script:
 
-Step 4 is different for Windows 10 or Windows 11
+::: zone pivot="windows-10"
 
-4. Execute the following script for Windows 10:
+```PowerShell
-
-```xml
 $nameSpaceName="root\cimv2\mdm\dmmap"
 $className="MDM_AssignedAccess"
 $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
 Add-Type -AssemblyName System.Web
+
 $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
 <?xml version="1.0" encoding="utf-8" ?>
 <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config">
@@ -90,29 +78,32 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
 
 Set-CimInstance -CimInstance $obj
 ```
-4. Execute the following script for Windows 11:
 
- ```xml
+::: zone-end
+
+::: zone pivot="windows-11"
+
+ ```PowerShell
 $nameSpaceName="root\cimv2\mdm\dmmap"
 $className="MDM_AssignedAccess"
 $obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
 Add-Type -AssemblyName System.Web
-$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
 
+$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
 <?xml version="1.0" encoding="utf-8" ?>
 <AssignedAccessConfiguration
-  xmlns=http://schemas.microsoft.com/AssignedAccess/2017/config xmlns:win11=http://schemas.microsoft.com/AssignedAccess/2022/config>
+  xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+  xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config">
   <Profiles>
     <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">
       <AllAppsList>
         <AllowedApps>
-          <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> 
-          <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> 
           <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
           <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
           <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
-          <App DesktopAppPath="%windir%\system32\mspaint.exe" /> 
+          <App DesktopAppPath="C:\Windows\system32\cmd.exe" />
-          <App DesktopAppPath="C:\Windows\System32\notepad.exe" /> 
+          <App DesktopAppPath="%windir%\System32\WindowsPowerShell\v1.0\Powershell.exe" />
+          <App DesktopAppPath="%windir%\explorer.exe" />
         </AllowedApps>
       </AllAppsList>
       <win11:StartPins>
@@ -120,11 +111,10 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
           { "pinnedList":[
             {"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"},
             {"packagedAppId":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App"},
-            {"packagedAppId":"Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic"},
-            {"packagedAppId":"Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo"},
             {"packagedAppId":"Microsoft.BingWeather_8wekyb3d8bbwe!App"},
-            {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Paint.lnk"},
+            {"desktopAppLink":"C:\\Users\\MultiAppKioskUser\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\File Explorer.lnk"},
-            {"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Notepad.lnk"}
+            {"desktopAppLink":"C:\\Users\\MultiAppKioskUser\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\System Tools\\Command Prompt.lnk"},
+            {"desktopAppLink":"C:\\Users\\MultiAppKioskUser\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Windows PowerShell\\Windows PowerShell.lnk"}
           ] }
         ]]>
       </win11:StartPins>
@@ -142,3 +132,12 @@ $obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
 
 Set-CimInstance -CimInstance $obj
 ```
+
+::: zone-end
+
+For more information, see [Using PowerShell scripting with the WMI Bridge Provider][WIN-1].
+
+<!--links-->
+
+[WIN-1]: /windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider
+[PsTools]: https://download.sysinternals.com/files/PSTools.zip

windows/configuration/kiosk/kiosk-methods.md

@@ -0,0 +1,76 @@
+---
+title: Configure kiosks and digital signs on Windows 10/11 desktop editions
+description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
+ms.topic: article
+ms.date: 12/31/2017
+---
+
+# Configure kiosks and digital signs on Windows desktop editions
+
+Organization may want to set up special purpose devices, such as a device in the lobby that customers can use to view product catalogs, or a device displaying visual content as a digital sign. Windows client offers two different locked-down experiences for public or specialized use:
+
+- Single-app kiosk: runs a single Universal Windows Platform (UWP) application in full screen above the lock screen. People using the kiosk can see only that app. When the kiosk account (a local standard user account) signs in, the kiosk app launches automatically. If the kiosk app is closed, it will automatically restart
+- Multi-app kiosk: runs one or more applications from the desktop. People using the kiosk see a customized Start menu that shows only the apps that are allowed to execute. With this approach, you can configure a locked-down experience for different account types
+
+A single-app kiosk is ideal for public use. Using [Shell Launcher](kiosk-shelllauncher.md), you can configure a kiosk device that runs a Windows desktop application as the user interface. The application that you specify replaces the default shell (explorer.exe) that usually runs when a user signs in. This type of single-app kiosk doesn't run above the lock screen.
+
+A multi-app kiosk is appropriate for devices that are shared by multiple people. When you configure a multi-app kiosk, [specific policies are enforced](kiosk-policies.md) that affects **all** non-administrator users on the device.
+
+Kiosk configurations are based on **Assigned Access**, a feature in Windows client that allows an administrator to manage the user's experience by limiting the application entry points exposed to the user.
+
+There are several kiosk configuration methods that you can choose from, depending on your answers to the following questions.
+
+- **Which type of app will your kiosk run?**
+  Your kiosk can run a Universal Windows Platform (UWP) app or a Windows desktop application. For [digital signage](setup-digital-signage.md), select a digital sign player as your kiosk app. [Check out the guidelines for kiosk apps.](guidelines-for-assigned-access-app.md)
+- **Which type of kiosk do you need?**
+  If you want your kiosk to run a single app for anyone to see or use, consider a single-app kiosk that runs either a [Universal Windows Platform (UWP) app](#methods-for-a-single-app-kiosk-running-a-uwp-app) or a Windows desktop application. For a kiosk that people can sign in to with their accounts or that runs more than one app, choose a multi-app kiosk
+- **Which edition of Windows client will the kiosk run?**
+  All of the configuration methods work for Windows client Enterprise and Education; some of the methods work for Windows Pro. Kiosk mode isn't available on Windows Home
+- **Which type of user account will be the kiosk account?**
+  The kiosk account can be a local standard user account, a local administrator account, a domain account, or a Microsoft Entra account, depending on the method that you use to configure the kiosk. If you want people to sign in and authenticate on the device, you should use a multi-app kiosk configuration. The single-app kiosk configuration doesn't require people to sign in to the device, although they can sign in to the kiosk app if you select an app that has a sign-in method
+
+>[!IMPORTANT]
+>Single-app kiosk mode isn't supported over a remote desktop connection. Your kiosk users must sign in on the physical device that is set up as a kiosk.
+
+[!INCLUDE [assigned-access-kiosk-mode](../../../includes/licensing/assigned-access-kiosk-mode.md)]
+
+## Methods for a single-app kiosk running a UWP app
+
+| You can use this method | For this edition | For this kiosk account type |
+|--|--|--|
+| [Assigned access in Settings](kiosk-single-app.md) | Pro, Ent, Edu | Local standard user |
+| [Assigned access cmdlets](kiosk-single-app.md) | Pro, Ent, Edu | Local standard user |
+| [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+| [Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID |
+| [Shell Launcher](kiosk-shelllauncher.md) v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+
+## Methods for a single-app kiosk running a Windows desktop application
+
+| You can use this method | For this edition | For this kiosk account type |
+|--|--|--|
+| [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+| [Microsoft Intune or other mobile device management (MDM)](kiosk-single-app.md) | Pro (version 1709), Ent, Edu | Local standard user, Microsoft Entra ID |
+| [Shell Launcher](kiosk-shelllauncher.md) v1 and v2 | Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+
+## Methods for a multi-app kiosk
+
+| You can use this method | For this edition | For this kiosk account type |
+|--|--|--|
+| [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+| [Microsoft Intune or other MDM](lock-down-windows-10-to-specific-apps.md) | Pro, Ent, Edu | Local standard user, Microsoft Entra ID |
+| [MDM WMI Bridge Provider](kiosk-mdm-bridge.md) | Pro, Ent, Edu | Local standard user, Active Directory, Microsoft Entra ID |
+
+## Summary of kiosk configuration methods
+
+| Method | App type | Account type | Single-app kiosk | Multi-app kiosk |
+|--|--|--|:-:|:-:|
+| [Assigned access in Settings](kiosk-single-app.md) | UWP | Local account | ✅ |
+| [Assigned access cmdlets](kiosk-single-app.md) | UWP | Local account | ✅ |
+| [The kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ |
+| [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ | ✅ |
+| Microsoft Intune or other MDM [for full-screen single-app kiosk](kiosk-single-app.md) or [for multi-app kiosk with desktop](lock-down-windows-10-to-specific-apps.md) | UWP, Windows desktop app | Local standard user, Microsoft Entra ID | ✅ | ✅ |
+| [Shell Launcher](kiosk-shelllauncher.md) | Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID | ✅ |
+| [MDM Bridge WMI Provider](kiosk-mdm-bridge.md) | UWP, Windows desktop app | Local standard user, Active Directory, Microsoft Entra ID |  | ✅ |
+
+>[!NOTE]
+>For devices running Windows client Enterprise and Education, you can also use [Windows Defender Application Control](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control) or [AppLocker](lock-down-windows-10-applocker.md) to lock down a device to specific apps.

windows/configuration/kiosk/kiosk-policies.md

@@ -0,0 +1,98 @@
+---
+title: Policies enforced on kiosk devices
+description: Learn about the policies enforced on a device when you configure it as a kiosk.
+ms.topic: article
+ms.date: 12/31/2017
+---
+
+# Policies enforced on kiosk devices
+
+It isn't recommended to set policies enforced in assigned access kiosk mode to different values using other channels, as the kiosk mode has been optimized to provide a locked-down experience.
+
+When the assigned access kiosk configuration is applied on the device, certain policies are enforced system-wide, and will impact other users on the device.
+
+## Group Policy
+
+The following local policies affect all **non-administrator** users on the system, regardless whether the user is configured as an assigned access user or not.  These users include local users, domain users, and Microsoft Entra users.
+
+| Setting | Value |
+|--|--|
+| Remove access to the context menus for the task bar | Enabled |
+| Clear history of recently opened documents on exit | Enabled |
+| Prevent users from customizing their Start Screen | Enabled |
+| Prevent users from uninstalling applications from Start | Enabled |
+| Remove Run menu from Start Menu | Enabled |
+| Disable showing balloon notifications as toast | Enabled |
+| Do not allow pinning items in Jump Lists | Enabled |
+| Do not allow pinning programs to the Taskbar | Enabled |
+| Do not display or track items in Jump Lists from remote locations | Enabled |
+| Remove Notifications and Action Center | Enabled |
+| Lock all taskbar settings | Enabled |
+| Lock the Taskbar | Enabled |
+| Prevent users from adding or removing toolbars | Enabled |
+| Prevent users from resizing the taskbar | Enabled |
+| Remove frequent programs list from the Start Menu | Enabled |
+| Remove Pinned programs from the taskbar | Enabled |
+| Remove the Security and Maintenance icon | Enabled |
+| Turn off all balloon notifications | Enabled |
+| Turn off feature advertisement balloon notifications | Enabled |
+| Turn off toast notifications | Enabled |
+| Remove Task Manager | Enabled |
+| Remove Change Password option in Security Options UI | Enabled |
+| Remove Sign Out option in Security Options UI | Enabled |
+| Remove All Programs list from the Start Menu | Enabled - Remove and disable setting |
+| Prevent access to drives from My Computer | Enabled - Restrict all drives |
+
+>[!NOTE]
+>When **Prevent access to drives from My Computer** is enabled, users can browse the directory structure in File Explorer, but they cannot open folders and access the contents. Also, they cannot use the **Run** dialog box or the **Map Network Drive** dialog box to view the directories on these drives. The icons representing the specified drives still appear in File Explorer, but if users double-click the icons, a message appears explaining that a setting prevents the action. This setting does not prevent users from using programs to access local and network drives. It does not prevent users from using the Disk Management snap-in to view and change drive characteristics.
+
+## MDM policy
+
+Some of the MDM policies based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider) affect all users on the system (that is, system-wide impact).
+
+| Setting | Value | System-wide |
+|--|--|--|
+| [Experience/AllowCortana](/windows/client-management/mdm/policy-csp-experience#experience-allowcortana) | 0 - Not allowed | Yes |
+| [Start/AllowPinnedFolderSettings](/windows/client-management/mdm/policy-csp-start#start-allowpinnedfoldersettings) | 0 - Shortcut is hidden and disables the setting in the Settings app | Yes |
+| Start/HidePeopleBar | 1 - True (hide) | No |
+| [Start/HideChangeAccountSettings](/windows/client-management/mdm/policy-csp-start#start-hidechangeaccountsettings) | 1 - True (hide) | Yes |
+| [WindowsInkWorkspace/AllowWindowsInkWorkspace](/windows/client-management/mdm/policy-csp-windowsinkworkspace#windowsinkworkspace-allowwindowsinkworkspace) | 0 - Access to ink workspace is disabled and the feature is turned off | Yes |
+| [Start/StartLayout](/windows/client-management/mdm/policy-csp-start#start-startlayout) | Configuration dependent | No |
+| [WindowsLogon/DontDisplayNetworkSelectionUI](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-dontdisplaynetworkselectionui) | <Enabled/> | Yes |
+
+
+<!--
+## Start Menu
+
+Remove access to the context menus for the task bar
+Clear history of recently opened documents on exit
+Prevent users from customizing their Start Screen
+Prevent users from uninstalling applications from Start
+Remove All Programs list from the Start menu
+Remove Run menu from Start Menu
+
+## Desktop
+
+Hide and disable all items on the desktop
+
+## Task bar
+
+Disable showing balloon notificationss as toast
+Do not allow pinning items in Jump Lists
+Do not allow pinning programs to the Taskbar
+Do not display or track items in Jump Lists from remote locations
+Remove Notification Center
+Remove Control Center
+Lock all taskbar settings
+Lock the Taskbar
+Prevent users from adding or removing toolbars
+Prevent users from moving taskbar to another screen dock location
+Prevent users from rearranging toolbars
+Prevent users from resizing the taskbar
+Remove frequent programs list from the Start Menu
+Remove the Security and Maintenance icon
+Turn off all balloon notifications
+Turn off feature advertisement balloon notifications
+Hide the Task View button
+
+-->

windows/configuration/kiosk/kiosk-prepare.md

@@ -1,27 +1,12 @@
 ---
 title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs
 description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
-ms.reviewer: sybruckm
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
 ms.topic: article
-ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
 
 # Prepare a device for kiosk configuration
 
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
-
-
-
 ## Before you begin
 
 - [User account control (UAC)](/windows/security/identity-protection/user-account-control/user-account-control-overview) must be turned on to enable kiosk mode.
@@ -43,16 +28,14 @@ For a more secure kiosk experience, we recommend that you make the following con
 - **Hide update notifications**. Starting with Windows 10 version 1809, you can hide notifications from showing on the devices. To enable this feature, you have the following options:
 
   - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Display options for update notifications`
-
   - **Use an MDM provider**: This feature uses the [Update/UpdateNotificationLevel CSP](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel). In Intune, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
 
   - **Use the registry**:
 
     1. Open Registry Editor (regedit).
-    2. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`.
+    1. Go to `HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate`.
-    3. Create a **New** > **DWORD (32-bit) Value**. Enter `SetUpdateNotificationLevel`, and set its value to `1`.
+    1. Create a **New** > **DWORD (32-bit) Value**. Enter `SetUpdateNotificationLevel`, and set its value to `1`.
-    4. Create a **New** > **DWORD (32-bit) Value**. Enter `UpdateNotificationLevel`. For value, you can enter:
+    1. Create a **New** > **DWORD (32-bit) Value**. Enter `UpdateNotificationLevel`. For value, you can enter:
-
         - `1`: Hides all notifications except restart warnings.
         - `2`: Hides all notifications, including restart warnings.
 
@@ -72,8 +55,8 @@ For a more secure kiosk experience, we recommend that you make the following con
 - **Replace "blue screen" with blank screen for OS errors**. To enable this feature, use the Registry Editor:
 
   1. Open Registry Editor (regedit).
-  2. Go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl`.
+  1. Go to `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\CrashControl`.
-  3. Create a **New** > **DWORD (32-bit) Value**. Enter `DisplayDisabled`, and set its value to `1`.
+  1. Create a **New** > **DWORD (32-bit) Value**. Enter `DisplayDisabled`, and set its value to `1`.
 
 - **Put device in "Tablet mode"**. If you want users to use the touch screen, without using a keyboard or mouse, then turn on tablet mode using the Settings app. If users won't interact with the kiosk, such as for a digital sign, then don't turn on this setting.
 
@@ -83,12 +66,12 @@ For a more secure kiosk experience, we recommend that you make the following con
 
   - Use the **Settings** app:
     1. Open the **Settings** app.
-    2. Go to **System** > **Tablet mode**.
+    1. Go to **System** > **Tablet mode**.
-    3. Configure the settings you want.
+    1. Configure the settings you want.
 
   - Use the **Action Center**:
     1. On your device, swipe in from the left.
-    2. Select **Tablet mode**.
+    1. Select **Tablet mode**.
 
 - **Hide "Ease of access" feature on the sign-in screen**: To enable this feature, you have the following options:
 
@@ -99,9 +82,9 @@ For a more secure kiosk experience, we recommend that you make the following con
 
   - **Use the Settings app**:
     1. Open the **Settings** app.
-    2. Go to **System** > **Power & Sleep** > **Additional power settings** > **Choose what the power button does**.
+    1. Go to **System** > **Power & Sleep** > **Additional power settings** > **Choose what the power button does**.
-    3. Select **Do nothing**.
+    1. Select **Do nothing**.
-    4. **Save changes**.
+    1. **Save changes**.
 
   - **Use Group Policy**: Your options:
 
@@ -140,9 +123,10 @@ For a more secure kiosk experience, we recommend that you make the following con
 - **Disable the camera**: To enable this feature, you have the following options:
 
   - **Use the Settings app**:
+
     1. Open the **Settings** app.
-    2. Go to **Privacy** > **Camera**.
+    1. Go to **Privacy** > **Camera**.
-    3. Select **Allow apps use my camera** > **Off**.
+    1. Select **Allow apps use my camera** > **Off**.
 
   - **Use Group Policy**: `Computer Configuration\Administrative Templates\Windows Components\Camera: Allow use of camera`: Select **Disabled**.
 
@@ -158,8 +142,8 @@ For a more secure kiosk experience, we recommend that you make the following con
   - **Use the Settings app**:
 
     1. Open the **Settings** app.
-    2. Go to **System** > **Notifications & actions**.
+    1. Go to **System** > **Notifications & actions**.
-    3. In **Show notifications on the lock screen**, select **Off**.
+    1. In **Show notifications on the lock screen**, select **Off**.
 
   - **Use Group policy**:
     - `Computer Configuration\Administrative Templates\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
@@ -182,27 +166,16 @@ For a more secure kiosk experience, we recommend that you make the following con
       - `\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
 
 - **Disable removable media**:  To enable this feature, you have the following options:
-
   - **Use Group policy**: `Computer Configuration\Administrative Templates\System\Device Installation\Device Installation Restrictions`. Review the available settings that apply to your situation.
-
     To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
-
   - **Use an MDM provider**: In Intune, you have the following options:
-
     - [General settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#general): See the **Removable storage** setting, and more settings you can manage.
-
     - [Administrative templates](/mem/intune/configuration/administrative-templates-windows): These templates are the administrative templates used in on-premises Group Policy. Configure the following settings:
-
       - `\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`.
-
         To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
-
       When looking at settings, check the supported OS for each setting to make sure it applies.
-
     - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
-
       - `\Administrative Templates\System\Device Installation`: There are several policies you can manage, including restrictions in `\System\Device Installation\Device Installation Restrictions`.
-
         To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
 
 ## Enable logging
@@ -219,27 +192,23 @@ You may also want to set up **automatic logon** for your kiosk device. When your
 > If you are using a Windows client device restriction CSP to set "Preferred Microsoft Entra tenant domain", this will break the "User logon type" auto-login feature of the Kiosk profile.
 
 > [!TIP]
-> If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md#wizard) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML. 
+> If you use the [kiosk wizard in Windows Configuration Designer](kiosk-single-app.md) or [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) to configure your kiosk, you can set an account to sign in automatically in the wizard or XML.
 
-
+How to edit the registry to have an account sign in automatically:
-**How to edit the registry to have an account sign in automatically**
 
 1. Open Registry Editor (regedit.exe).
 
    > [!NOTE]
    > If you are not familiar with Registry Editor, [learn how to modify the Windows registry](/troubleshoot/windows-server/performance/windows-registry-advanced-users).
 
+1. Go to
 
-2. Go to
+   **HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon**
 
-   **HKEY\_LOCAL\_MACHINE\SOFTWARE\\Microsoft\Windows NT\CurrentVersion\Winlogon**
+1. Set the values for the following keys.
-
-3. Set the values for the following keys.
 
    - *AutoAdminLogon*: set value as **1**.
-
    - *DefaultUserName*: set value as the account that you want signed in.
-
    - *DefaultPassword*: set value as the password for the account.
 
      > [!NOTE]
@@ -247,7 +216,7 @@ You may also want to set up **automatic logon** for your kiosk device. When your
 
    - *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, don't add this key.
 
-4. Close Registry Editor. The next time the computer restarts, the account will sign in automatically.
+1. Close Registry Editor. The next time the computer restarts, the account will sign in automatically.
 
 > [!TIP]
 > You can also configure automatic sign-in [using the Autologon tool from Sysinternals](/sysinternals/downloads/autologon).
@@ -271,18 +240,18 @@ The following table describes some features that have interoperability issues we
 
 - **Key sequences blocked by assigned access**: When in assigned access, some key combinations are blocked for assigned access users.
 
-  Alt + F4, Alt + Shift + Tab, Alt + Tab aren't blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
+  <kbd>Alt</kbd> + <kbd>F4</kbd>, <kbd>Alt</kbd> + <kbd>Shift</kbd> + <kbd>Tab</kbd>, <kbd>Alt</kbd> + <kbd>Tab</kbd> aren't blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
 
   Ctrl + Alt + Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in [WEKF_Settings](/windows-hardware/customize/enterprise/wekf-settings).
 
   | Key combination | Blocked behavior for assigned access users |
   | --- | --- |
-  | Alt + Esc | Cycle through items in the reverse order from which they were opened. |
+  | <kbd>Alt</kbd> + <kbd>Esc</kbd> | Cycle through items in the reverse order from which they were opened. |
-  | Ctrl + Alt + Esc | Cycle through items in the reverse order from which they were opened. |
+  | <kbd>Ctrl</kbd> + <kbd>Alt</kbd> + <kbd>Esc</kbd>  | Cycle through items in the reverse order from which they were opened. |
-  | Ctrl + Esc | Open the Start screen. |
+  | <kbd>Ctrl</kbd> + <kbd>Esc</kbd> | Open the Start screen. |
-  | Ctrl + F4 | Close the window. |
+  | <kbd>Ctrl</kbd> + <kbd>F4</kbd> | Close the window. |
-  | Ctrl + Shift + Esc | Open Task Manager. |
+  | <kbd>Ctrl</kbd> + <kbd>Shift</kbd  + <kbd>Esc</kbd>  | Open Task Manager. |
-  | Ctrl + Tab | Switch windows within the application currently open. |
+  | <kbd>Ctrl</kbd> + <kbd>Tab</kbd> | Switch windows within the application currently open. |
   | LaunchApp1 | Open the app that is assigned to this key. |
   | LaunchApp2 | Open the app that is assigned to this key. On many Microsoft keyboards, the app is Calculator. |
   | LaunchMail | Open the default mail client. |
@@ -291,21 +260,13 @@ The following table describes some features that have interoperability issues we
   Keyboard Filter settings apply to other standard accounts.
 
 - **Key sequences blocked by [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter)**: If Keyboard Filter is turned ON, then some key combinations are blocked automatically without you having to explicitly block them. For more information, see the [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter).
-
   [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) is only available on Windows client Enterprise or Education.
-
 - **Power button**: Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user can't turn off the device when it's in assigned access.
-
   For more information on removing the power button or disabling the physical power button, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
-
 - **Unified Write Filter (UWF)**: UWFsettings apply to all users, including users with assigned access.
-
   For more information, see [Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter).
-
 - **WEDL_AssignedAccess class**: You can use this class to configure and manage basic lockdown features for assigned access. It's recommended to you use the Windows PowerShell cmdlets instead.
-
   If you need to use assigned access API, see [WEDL_AssignedAccess](/windows-hardware/customize/enterprise/wedl-assignedaccess).
-
 - **Welcome Screen**: Customizations for the Welcome screen let you personalize not only how the Welcome screen looks, but for how it functions. You can disable the power or language button, or remove all user interface elements. There are many options to make the Welcome screen your own.
 
 For more information, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).

windows/configuration/kiosk/kiosk-shelllauncher.md

@@ -1,28 +1,16 @@
 ---
-title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11)
+title: Use Shell Launcher to create a kiosk experience
-description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
+description: Learn how to configure Shell Launcher to change the default Windows shell when a user signs in to a device.
-ms.reviewer: sybruckm
+ms.topic: how-to
-manager: aaroncz
-ms.author: lizlong
-ms.prod: windows-client
-author: lizgt2000
-ms.localizationpriority: medium
-ms.topic: article
-ms.technology: itpro-configure
 ms.date: 12/31/2017
 ---
 
 # Use Shell Launcher to create a Windows client kiosk
 
-
+Shell Launcher is a Windows feature that executes an application as the user interface, replacing the default Windows Explorer (`explorer.exe`).
-**Applies to**
-- Windows 10 Ent, Edu
-- Windows 11
-
-Using Shell Launcher, you can configure a device that runs an application as the user interface, replacing the default shell (explorer.exe). In **Shell Launcher v1**, available in Windows client, you can only specify a Windows desktop application as the replacement shell. In **Shell Launcher v2**, available in Windows 10 version 1809+ / Windows 11, you can also specify a UWP app as the replacement shell. To use **Shell Launcher v2** in Windows 10 version 1809, you need to install the [KB4551853](https://support.microsoft.com/help/4551853) update. 
 
 >[!NOTE]
->Shell Launcher controls which application the user sees as the shell after sign-in. It does not prevent the user from accessing other desktop applications and system components. 
+>Shell Launcher controls which application the user sees as the shell after sign-in. It doesn't prevent the user from accessing other desktop applications and system components.
 >
 >Methods of controlling access to other desktop applications and system components can be used in addition to using the Shell Launcher. These methods include, but are not limited to:
 >- [Group Policy](https://www.microsoft.com/download/details.aspx?id=25250) - example: Prevent access to registry editing tools
@@ -31,29 +19,24 @@ Using Shell Launcher, you can configure a device that runs an application as the
 
 You can apply a custom shell through Shell Launcher [by using PowerShell](#configure-a-custom-shell-using-powershell). Starting with Windows 10 version 1803+, you can also [use mobile device management (MDM)](#configure-a-custom-shell-in-mdm) to apply a custom shell through Shell Launcher.
 
-
+Shell Launcher replaces `explorer.exe` with `customshellhost.exe`. This executable file can launch a Windows desktop application or a UWP app.
-## Differences between Shell Launcher v1 and Shell Launcher v2
-
-Shell Launcher v1 replaces `explorer.exe`, the default shell, with `eshell.exe` which can launch a Windows desktop application.
-
-Shell Launcher v2 replaces `explorer.exe` with `customshellhost.exe`. This new executable file can launch a Windows desktop application or a UWP app.
 
 In addition to allowing you to use a UWP app for your replacement shell, Shell Launcher v2 offers additional enhancements:
+
 - You can use a custom Windows desktop application that can then launch UWP apps, such as **Settings** and **Touch Keyboard**.
 - From a custom UWP shell, you can launch secondary views and run on multiple monitors.
-- The custom shell app runs in full screen, and can run other apps in full screen on user’s demand.
+- The custom shell app runs in full screen, and can run other apps in full screen on user's demand.
 
 For sample XML configurations for the different app combinations, see [Samples for Shell Launcher v2](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2).
 
 ## Requirements
 
 >[!WARNING]
->- Windows 10 doesn’t support setting a custom shell prior to OOBE. If you do, you won’t be able to deploy the resulting image.
 >
+>- Windows 10 doesn't support setting a custom shell prior to OOBE. If you do, you won't be able to deploy the resulting image.
 >- Shell Launcher doesn't support a custom shell with an application that launches a different process and exits. For example, you cannot specify **write.exe** in Shell Launcher. Shell Launcher launches a custom shell and monitors the process to identify when the custom shell exits. **Write.exe** creates a 32-bit wordpad.exe process and exits. Because Shell Launcher is not aware of the newly created wordpad.exe process, Shell Launcher will take action based on the exit code of **Write.exe**, such as restarting the custom shell.
 
 - A domain, Microsoft Entra ID, or local user account.
-
 - A Windows application that is installed for that account. The app can be your own company application or a common app like Internet Explorer.
 
 [See the technical reference for the shell launcher component.](/windows-hardware/customize/enterprise/shell-launcher)
@@ -65,23 +48,20 @@ To set a custom shell, you first turn on the Shell Launcher feature, and then yo
 **To turn on Shell Launcher in Windows features**
 
 1. Go to Control Panel > **Programs and features** > **Turn Windows features on or off**.
-
+1. Expand **Device Lockdown**.
-2. Expand **Device Lockdown**.
+1. Select **Shell Launcher** and **OK**.
-
-2. Select **Shell Launcher** and **OK**.
 
 Alternatively, you can turn on Shell Launcher using Windows Configuration Designer in a provisioning package, using `SMISettings > ShellLauncher`, or you can use the Deployment Image Servicing and Management (DISM.exe) tool.
 
 **To turn on Shell Launcher using DISM**
 
 1. Open a command prompt as an administrator.
-2.  Enter the following command.
+1. Enter the following command.
 
     ```
     Dism /online /Enable-Feature /all /FeatureName:Client-EmbeddedShellLauncher
     ```
 
-
 ## Configure a custom shell in MDM
 
 You can use XML and a [custom OMA-URI setting](#custom-oma-uri-setting) to configure Shell Launcher in MDM.
@@ -106,7 +86,7 @@ The following XML sample works for **Shell Launcher v1**:
 </ShellLauncherConfiguration>
 ```
 
-For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying the v2 namespace, and use `v2:AppType` to specify the type, as shown in the following example. If `v2:AppType` is not specified, it implies the shell is Win32 app.
+For **Shell Launcher v2**, you can use UWP app type for `Shell` by specifying the v2 namespace, and use `v2:AppType` to specify the type, as shown in the following example. If `v2:AppType` isn't specified, it implies the shell is Win32 app.
 
 ```xml
 <?xml version="1.0" encoding="utf-8"?>
@@ -130,7 +110,7 @@ xmlns:v2="http://schemas.microsoft.com/ShellLauncher/2019/Configuration">
 
 ### Custom OMA-URI setting
 
-In your MDM service, you can create a [custom OMA-URI setting](/intune/custom-settings-windows-10) to configure Shell Launcher v1 or v2. (The [XML](#xml-for-shell-launcher-configuration) that you use for your setting will determine whether you apply Shell Launcher v1 or v2.)
+In your MDM service, you can create a [custom OMA-URI setting](/intune/custom-settings-windows-10) to configure Shell Launcher v1 or v1. (The [XML](#xml-for-shell-launcher-configuration) that you use for your setting determines whether you apply Shell Launcher v1 or v2.)
 
 The OMA-URI path is `./Device/Vendor/MSFT/AssignedAccess/ShellLauncher`.
 
@@ -144,7 +124,7 @@ After you configure the profile containing the custom Shell Launcher setting, se
 
 For scripts for Shell Launcher v2, see [Shell Launcher v2 Bridge WMI sample scripts](https://github.com/Microsoft/Windows-iotcore-samples/blob/develop/Samples/ShellLauncherV2/SampleBridgeWmiScripts/README.md).
 
-For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you will want to change the script for your purposes. Save your script with the extension .ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
+For Shell Launcher v1, modify the following PowerShell script as appropriate. The comments in the sample script explain the purpose of each section and tell you where you'll want to change the script for your purposes. Save your script with the extension.ps1, open Windows PowerShell as administrator, and run the script on the kiosk device.
 
 ```powershell
 # Check if shell launcher license is enabled
@@ -157,29 +137,22 @@ using System.Runtime.InteropServices;
 static class CheckShellLauncherLicense
 {
     const int S_OK = 0;
-
     public static bool IsShellLauncherLicenseEnabled()
     {
         int enabled = 0;
-
         if (NativeMethods.SLGetWindowsInformationDWORD("EmbeddedFeature-ShellLauncher-Enabled", out enabled) != S_OK) {
             enabled = 0;
         }
-        
         return (enabled != 0);
     }
-
     static class NativeMethods
     {
         [DllImport("Slc.dll")]
         internal static extern int SLGetWindowsInformationDWORD([MarshalAs(UnmanagedType.LPWStr)]string valueName, out int value);
     }
-
 }
 "@
-
     $type = Add-Type -TypeDefinition $source -PassThru
-
     return $type[0]::IsShellLauncherLicenseEnabled()
 }
 
@@ -201,11 +174,11 @@ try {
     $ShellLauncherClass = [wmiclass]"\\$COMPUTER\${NAMESPACE}:WESL_UserSetting"
     } catch [Exception] {
     write-host $_.Exception.Message;
+
     write-host "Make sure Shell Launcher feature is enabled"
     exit
     }
 
-
 # This well-known security identifier (SID) corresponds to the BUILTIN\Administrators group.
 
 $Admins_SID = "S-1-5-32-544"
@@ -232,7 +205,6 @@ $restart_device = 1
 $shutdown_device = 2
 
 # Examples. You can change these examples to use the program that you want to use as the shell.
-
 # This example sets the command prompt as the default shell, and restarts the device if the command prompt is closed.
 
 $ShellLauncherClass.SetDefaultShell("cmd.exe", $restart_device)
@@ -259,39 +231,36 @@ Get-WmiObject -namespace $NAMESPACE -computer $COMPUTER -class WESL_UserSetting
 # Enable Shell Launcher
 
 $ShellLauncherClass.SetEnabled($TRUE)
-
 $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
-
 "`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
 
 # Remove the new custom shells.
 
 $ShellLauncherClass.RemoveCustomShell($Admins_SID)
-
 $ShellLauncherClass.RemoveCustomShell($Cashier_SID)
 
 # Disable Shell Launcher
 
 $ShellLauncherClass.SetEnabled($FALSE)
-
 $IsShellLauncherEnabled = $ShellLauncherClass.IsEnabled()
-
 "`nEnabled is set to " + $IsShellLauncherEnabled.Enabled
 ```
 
 ## default action, custom action, exit code
-Shell launcher defines 4 actions to handle app exits, you can customize shell launcher and use these actions based on different exit code.
 
-Value|Description
+Shell launcher defines four actions to handle app exits, you can customize shell launcher and use these actions based on different exit code.
---- | ---
-0|Restart the shell
-1|Restart the device
-2|Shut down the device
-3|Do nothing
 
-These action can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
+| Value | Description |
+|--|--|
+| 0 | Restart the shell |
+| 1 | Restart the device |
+| 2 | Shut down the device |
+| 3 | Do nothing |
+
+These actions can be used as default action, or can be mapped to a specific exit code. Refer to [Shell Launcher](/windows-hardware/customize/enterprise/wesl-usersettingsetcustomshell) to see how these codes with Shell Launcher WMI.
+
+To configure these actions with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most four custom actions mapping to four exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommended to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
 
-To configure these action with Shell Launcher CSP, use below syntax in the shell launcher configuration xml. You can specify at most 4 custom actions mapping to 4 exit codes, and one default action for all other exit codes. When app exits and if the exit code is not found in the custom action mapping, or there is no default action defined, it will be no-op, i.e. nothing happens. So it's recommended to at least define DefaultAction. [Get XML examples for different Shell Launcher v2 configurations.](https://github.com/Microsoft/Windows-iotcore-samples/tree/develop/Samples/ShellLauncherV2)
 ``` xml
 <ReturnCodeActions>
     <ReturnCodeAction ReturnCode="0" Action="RestartShell"/>

windows/configuration/kiosk/kiosk-single-app.md

@@ -1,9 +1,6 @@
 ---
 title: Set up a single-app kiosk on Windows
 description: A single-use device is easy to set up in Windows Pro, Enterprise, and Education editions.
-ms.reviewer: sybruckm
-ms.author: lizlong
-author: lizgt2000
 ms.topic: article
 ms.collection:
  - tier1
@@ -11,13 +8,7 @@ ms.date: 07/12/2023
 ---
 <!--8107263-->
 
-# Set up a single-app kiosk on Windows 10/11
+# Set up a single-app kiosk
-
-
-**Applies to**
-
-- Windows 10 Pro, Enterprise, and Education
-- Windows 11
 
 A single-app kiosk uses the Assigned Access feature to run a single app above the lock screen. When the kiosk account signs in, the app is launched automatically. The person using the kiosk cannot do anything on the device outside of the kiosk app.
 
@@ -30,28 +21,28 @@ A single-app kiosk uses the Assigned Access feature to run a single app above th
 
 You have several options for configuring your single-app kiosk.
 
-- [Locally, in Settings](#local):  The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account. 
+- Locally, in Settings:  The **Set up a kiosk** (previously named **Set up assigned access**) option in **Settings** is a quick and easy method to set up a single device as a kiosk for a local standard user account.
 
   This option supports:
 
   - Windows 10 Pro, Enterprise, and Education
   - Windows 11
 
-- [PowerShell](#powershell): You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.
+- PowerShell: You can use Windows PowerShell cmdlets to set up a single-app kiosk. First, you need to [create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) on the device and install the kiosk app for that account.
 
   This option supports:
 
   - Windows 10 Pro, Enterprise, and Education
   - Windows 11
 
-- [The kiosk wizard in Windows Configuration Designer](#wizard): Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.
+- The kiosk wizard in Windows Configuration Designer: Windows Configuration Designer is a tool that produces a *provisioning package*. A provisioning package includes configuration settings that can be applied to one or more devices during the first-run experience (OOBE), or after OOBE is done (runtime). Using the kiosk wizard, you can also create the kiosk user account, install the kiosk app, and configure more useful settings.
 
   This option supports:
 
   - Windows 10 Pro version 1709+, Enterprise, and Education
   - Windows 11
 
-- [Microsoft Intune or other mobile device management (MDM) provider](#mdm): For devices managed by your organization, you can use MDM to set up a kiosk configuration.
+- Microsoft Intune or other mobile device management (MDM) provider: For devices managed by your organization, you can use MDM to set up a kiosk configuration.
 
   This option supports:
 
@@ -60,23 +51,24 @@ You have several options for configuring your single-app kiosk.
 
 > [!TIP]
 > You can also configure a kiosk account and app for single-app kiosk within [XML in a provisioning package](lock-down-windows-10-to-specific-apps.md) by using a [kiosk profile](lock-down-windows-10-to-specific-apps.md#profile).
+
 >
 > Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
 
-
-<span id="local"/>
-
 ## Set up a kiosk in local Settings
 
->App type: 
+App type:
-> - UWP
+
->
+- UWP
->OS:
+
-> - Windows 10 Pro, Ent, Edu
+OS:
-> - Windows 11
+
->
+- Windows 10 Pro, Ent, Edu
->Account type:
+- Windows 11
-> - Local standard user
+
+Account type:
+
+- Local standard user
 
 You can use **Settings** to quickly configure one or a few devices as a kiosk.
 
@@ -92,60 +84,54 @@ When your kiosk is a local device that isn't managed by Active Directory or Micr
 
 When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows client, you create the kiosk user account at the same time. To set up assigned access in PC settings:
 
-1.  Open the **Settings** app > **Accounts**. Select **Other users** or **Family and other users**.
+Open the **Settings** app > **Accounts**. Select **Other users** or **Family and other users**.
 
-2.  Select **Set up a kiosk > Assigned access**, and then select **Get started**.
+1. Select **Set up a kiosk > Assigned access**, and then select **Get started**.
 
-3.  Enter a name for the new account. 
+1. Enter a name for the new account.
 
     >[!NOTE]
     >If there are any local standard user accounts on the device already, the **Create an account** page will offer the option to **Choose an existing account**.
 
-4.  Choose the app that will run when the kiosk account signs in. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). If you select **Microsoft Edge** as the kiosk app, you configure the following options:
+1. Choose the app that will run when the kiosk account signs in. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md). If you select **Microsoft Edge** as the kiosk app, you configure the following options:
 
     - Whether Microsoft Edge should display your website full-screen (digital sign) or with some browser controls available (public browser)
     - Which URL should be displayed when the kiosk accounts signs in
     - When Microsoft Edge should restart after a period of inactivity (if you select to run as a public browser)
 
-5.  Select **Close**.
+1. Select **Close**.
 
 To remove assigned access, select the account tile on the **Set up a kiosk** page, and then select **Remove kiosk**.
 
-
 ### Windows 10 version 1803 and earlier
 
 When you set up a kiosk (also known as *assigned access*) in **Settings** for Windows 10 version 1803 and earlier, you must select an existing local standard user account. [Learn how to create a local standard user account.](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10)
 
 ![The Set up assigned access page in Settings.](images/kiosk-settings.png)
 
-**To set up assigned access in PC settings**
+To set up assigned access in PC settings:
 
 1. Go to **Start** > **Settings** > **Accounts** > **Other people**.
-
+1. Select **Set up assigned access**.
-2.  Select **Set up assigned access**.
+1. Choose an account.
-
+1. Choose an app. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md).
-3.  Choose an account.
+1. Close **Settings** - your choices are saved automatically, and will be applied the next time that user account signs in.
-
-4.  Choose an app. Only apps that can run above the lock screen will be available in the list of apps to choose from. For more information, see [Guidelines for choosing an app for assigned access](guidelines-for-assigned-access-app.md).
-
-5.  Close **Settings** – your choices are saved automatically, and will be applied the next time that user account signs in.
-
 To remove assigned access, choose **Turn off assigned access and sign out of the selected account**.
 
-<span id="powershell"/>
-
 ## Set up a kiosk using Windows PowerShell
 
+App type:
 
->App type: 
+- UWP
-> - UWP
+
->
+OS:
->OS: 
+
-> - Windows 10 Pro, Ent, Edu
+- Windows 10 Pro, Ent, Edu
-> - Windows 11
+- Windows 11
->
+
->Account type: 
+Account type:
-> - Local standard user
+
+- Local standard user
 
 ![PowerShell windows displaying Set-AssignedAccess cmdlet.](images/set-assignedaccess.png)
 
@@ -154,11 +140,11 @@ You can use any of the following PowerShell cmdlets to set up assigned access on
 Before you run the cmdlet:
 
 1. Sign in as administrator.
-2. [Create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) for Assigned Access.
+1. [Create the user account](https://support.microsoft.com/help/4026923/windows-create-a-local-user-or-administrator-account-in-windows-10) for Assigned Access.
-3. Sign in as the Assigned Access user account.
+1. Sign in as the Assigned Access user account.
-4. Install the Universal Windows app that follows the assigned access/above the lock guidelines.
+1. Install the Universal Windows app that follows the assigned access/above the lock guidelines.
-5. Sign out as the Assigned Access user account.
+1. Sign out as the Assigned Access user account.
-6. Sign in as administrator.
+1. Sign in as administrator.
 
 To open PowerShell on Windows client, search for PowerShell, and find **Windows PowerShell Desktop app** in the results. Run PowerShell as administrator.
 
@@ -180,32 +166,32 @@ To remove assigned access, using PowerShell, run the following cmdlet:
 Clear-AssignedAccess
 ```
 
-<span id="wizard" />
-
 ## Set up a kiosk using the kiosk wizard in Windows Configuration Designer
 
->App type:
+App type:
-> - UWP 
+
-> - Windows desktop application
+- UWP
->
+- Windows desktop application
->OS:
+
-> - Windows 10 Pro version 1709+ for UWP only
+OS:
-> - Windows 10 Ent, Edu for UWP and Windows desktop applications
+
-> - Windows 11
+- Windows 10 Pro version 1709+ for UWP only
->
+- Windows 10 Ent, Edu for UWP and Windows desktop applications
->Account type:
+- Windows 11
-> - Local standard user
+
-> - Active Directory 
+Account type:
+
+- Local standard user
+- Active Directory
 
 ![Kiosk wizard option in Windows Configuration Designer.](images/kiosk-wizard.png)
 
-
 >[!IMPORTANT]
 >When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon).
 
 When you use the **Provision kiosk devices** wizard in Windows Configuration Designer, you can configure the kiosk to run either a Universal Windows app or a Windows desktop application.
 
-[Install Windows Configuration Designer](provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and select **Next**, configure the following settings:
+[Install Windows Configuration Designer](../provisioning-packages/provisioning-install-icd.md), then open Windows Configuration Designer and select **Provision kiosk devices**. After you name your project, and select **Next**, configure the following settings:
 
 1. Enable device setup:
 
@@ -218,7 +204,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
     - **Configure devices for shared use**: This setting optimizes Windows client for shared use scenarios, and isn't necessary for a kiosk scenario. Set this value to **No**, which may be the default.
     - **Remove pre-installed software**: Optional. Select **Yes** if you want to remove preinstalled software.
 
-2. Set up the network:
+1. Set up the network:
 
     :::image type="content" source="images/set-up-network-details.png" alt-text="In Windows Configuration Designer, turn on wireless connectivity, enter the network SSID, and network type.":::
 
@@ -228,7 +214,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
     - **Network SSID**: Enter the Service Set Identifier (SSID) of the network.
     - **Network type**: Select **Open** or **WPA2-Personal**. If you select **WPA2-Personal**, enter the password for the wireless network.
 
-3. Enable account management:
+1. Enable account management:
 
     :::image type="content" source="images/account-management-details.png" alt-text="In Windows Configuration Designer, join Active Directory, Microsoft Entra ID, or create a local admin account.":::
 
@@ -244,21 +230,21 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
 
       - **Local administrator**: If you select this option, enter a user name and password. If you create a local account in the provisioning package, you must change the password using the **Settings** app every 42 days. If the password isn't changed during that period, the account might be locked out, and unable to sign in.
 
-4. Add applications:
+1. Add applications:
 
     :::image type="content" source="images/add-applications-details.png" alt-text="In Windows Configuration Designer, add an application that will run in kiosk mode.":::
 
-    To add applications to the devices, select **Add applications**. You can install multiple applications in a provisioning package, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](provisioning-packages/provision-pcs-with-apps.md).
+    To add applications to the devices, select **Add applications**. You can install multiple applications in a provisioning package, including Windows desktop applications (Win32) and Universal Windows Platform (UWP) apps. The settings in this step vary depending on the application you select. For help with the settings, see [Provision PCs with apps](../provisioning-packages/provision-pcs-with-apps.md).
 
     > [!WARNING]
     > If you select the plus button to add an application, you must enter an application for the provisioning package to validate. If you select the plus button by mistake, then:
     >
     > 1. In **Installer Path**, select any executable file.
-    > 2. When the **Cancel** button shows, select it.
+    > 1. When the **Cancel** button shows, select it.
     >
     > These steps let you complete the provisioning package without adding an application.
 
-5. Add certificates:
+1. Add certificates:
 
     :::image type="content" source="images/add-certificates-details.png" alt-text="In Windows Configuration Designer, add a certificate.":::
 
@@ -267,7 +253,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
     - **Certificate name**: Enter a name for the certificate.
     - **Certificate path**: Browse and select the certificate you want to add.
 
-6. Configure the kiosk account, and the kiosk mode app:
+1. Configure the kiosk account, and the kiosk mode app:
 
     :::image type="content" source="images/kiosk-account-details.png" alt-text="In Windows Configuration Designer, the Configure kiosk common settings button is shown when provisioning a kiosk device.":::
 
@@ -279,7 +265,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
       - **Windows desktop application**: Enter the path or filename. If the file path is in the PATH environment variable, then you can use the filename. Otherwise, the full path is required.
       - **Universal Windows app**: Enter the AUMID.
 
-7. Configure kiosk common settings:
+1. Configure kiosk common settings:
 
     :::image type="content" source="images/kiosk-common-details.png" alt-text="In Windows Configuration Designer, set tablet mode, configure the welcome and shutdown screens, and turn off the power timeout settings.":::
 
@@ -289,7 +275,7 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
     - **Customize user experience**
     - **Configure power settings**
 
-8. Finish:
+1. Finish:
 
     :::image type="content" source="images/finish-details.png" alt-text="In Windows Configuration Designer, protect your package with a password.":::
 
@@ -298,27 +284,28 @@ When you use the **Provision kiosk devices** wizard in Windows Configuration Des
     - **Protect your package**: Select **Yes** to password protect your provisioning package. When you apply the provisioning package to a device, you must enter this password.
 
 >[!NOTE]
->If you want to use [the advanced editor in Windows Configuration Designer](provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**
+>If you want to use [the advanced editor in Windows Configuration Designer](../provisioning-packages/provisioning-create-package.md#configure-settings), specify the user account and app (by AUMID) in **Runtime settings** > **AssignedAccess** > **AssignedAccessSettings**
 
 >[!IMPORTANT]
 >When you build a provisioning package, you may include sensitive information in the project files and in the provisioning package (.ppkg) file. Although you have the option to encrypt the .ppkg file, project files are not encrypted. You should store the project files in a secure location and delete the project files when they are no longer needed.
 
-[Learn how to apply a provisioning package.](provisioning-packages/provisioning-apply-package.md)
+[Learn how to apply a provisioning package.](../provisioning-packages/provisioning-apply-package.md)
-
-<span id="mdm" />
 
 ## Set up a kiosk or digital sign using Microsoft Intune or other MDM service
 
->App type: 
+App type:
-> - UWP
+
->
+- UWP
->OS: 
+
-> - Windows 10 Pro version 1709+, Ent, Edu
+OS:
-> - Windows 11
+
->
+- Windows 10 Pro version 1709+, Ent, Edu
->Account type:
+- Windows 11
-> - Local standard user
+
-> - Microsoft Entra ID
+Account type:
+
+- Local standard user
+- Microsoft Entra ID
 
 Microsoft Intune and other MDM services enable kiosk configuration through the [AssignedAccess configuration service provider (CSP)](/windows/client-management/mdm/assignedaccess-csp). Assigned Access has a `KioskModeApp` setting. In the `KioskModeApp` setting, you enter the user account name and the [AUMID](/windows-hardware/customize/enterprise/find-the-application-user-model-id-of-an-installed-app) for the app to run in kiosk mode.
 
@@ -327,8 +314,6 @@ Microsoft Intune and other MDM services enable kiosk configuration through the [
 
 To configure a kiosk in Microsoft Intune, see [Windows client and Windows Holographic for Business device settings to run as a dedicated kiosk using Intune](/intune/kiosk-settings). For other MDM services, see the documentation for your provider.
 
-
-
 ## Sign out of assigned access
 
 To exit the assigned access (kiosk) app, press **Ctrl + Alt + Del**, and then sign in using another account. When you press **Ctrl + Alt + Del** to sign out of assigned access, the kiosk app will exit automatically. If you sign in again as the assigned access account or wait for the sign in screen timeout, the kiosk app relaunches. The assigned access user will remain signed in until an admin account opens **Task Manager** > **Users** and signs out the user account.