Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into recall-optin-9067947

2025-05-29 05:37:22 +00:00 · 2024-06-25 07:52:45 -07:00 · 2024-06-25 07:52:45 -07:00 · c0c0aa527f
commit c0c0aa527f
parent 001c814286 a2469b22b6
90 changed files with 910 additions and 386 deletions
--- a/store-for-business/whats-new-microsoft-store-business-education.md
+++ b/store-for-business/whats-new-microsoft-store-business-education.md
@ -8,18 +8,20 @@ ms.author: cmcatee
 author: cmcatee-MSFT
 manager: scotv
 ms.topic: conceptual
-ms.date: 01/11/2024
+ms.date: 06/21/2024
 ms.reviewer: 
 ---
 # What's new in Microsoft Store for Business and Education
 > [!IMPORTANT]
 >
 > - The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 ## Latest updates for Store for Business and Education
 **June 2024**
 The Microsoft Store for Business and Microsoft Store for Education portals will retire on August 15, 2024. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-intune-integration-with-the-microsoft-store-on-windows/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286). If you are using offline licensing, you can use the [WinGet Download command](/windows/package-manager/winget/download) to continue to access offline apps and license files.
 ## Previous releases and updates
 **January 2024**
 **Removal of private store capability from Microsoft Store for Business and Education**
@ -28,8 +30,6 @@ The private store tab and associated functionality was removed from the Microsof
 We recommend customers use the [Private app repository, Windows Package Manager, and Company Portal app](/windows/application-management/private-app-repository-mdm-company-portal-windows-11) to provide a private app repository within their organization.
 ## Previous releases and updates
 [May 2023](release-history-microsoft-store-business-education.md#may-2023)
 - Tab removed from Microsoft Store apps on Windows 10 PCs.
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: ActiveSync DDF file
 description: View the XML file containing the device description framework (DDF) for the ActiveSync configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@ -1,7 +1,7 @@
 ---
 title: ApplicationControl DDF file
 description: View the XML file containing the device description framework (DDF) for the ApplicationControl configuration service provider.
-ms.date: 01/31/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.18362</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: AppLocker DDF file
 description: View the XML file containing the device description framework (DDF) for the AppLocker configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@ -1,7 +1,7 @@
 ---
 title: AssignedAccess DDF file
 description: View the XML file containing the device description framework (DDF) for the AssignedAccess configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the A
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: BitLocker DDF file
 description: View the XML file containing the device description framework (DDF) for the BitLocker configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the B
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: CertificateStore DDF file
 description: View the XML file containing the device description framework (DDF) for the CertificateStore configuration service provider.
-ms.date: 01/31/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the C
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: ClientCertificateInstall DDF file
 description: View the XML file containing the device description framework (DDF) for the ClientCertificateInstall configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the C
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -1162,7 +1162,7 @@ Valid values are:
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/clouddesktop-csp.md
+++ b/windows/client-management/mdm/clouddesktop-csp.md
@ -1,7 +1,7 @@
 ---
 title: CloudDesktop CSP
 description: Learn more about the CloudDesktop CSP.
-ms.date: 03/05/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -19,12 +19,14 @@ ms.date: 03/05/2024
 The following list shows the CloudDesktop configuration service provider nodes:
 - ./Device/Vendor/MSFT/CloudDesktop
-  - [BootToCloudPCEnhanced](#boottocloudpcenhanced)
+  - [BootToCloudPCEnhanced](#deviceboottocloudpcenhanced)
-  - [EnableBootToCloudSharedPCMode](#enableboottocloudsharedpcmode)
+  - [EnableBootToCloudSharedPCMode](#deviceenableboottocloudsharedpcmode)
 - ./User/Vendor/MSFT/CloudDesktop
  - [EnablePhysicalDeviceAccess](#userenablephysicaldeviceaccess)
 <!-- CloudDesktop-Tree-End -->
 <!-- Device-BootToCloudPCEnhanced-Begin -->
-## BootToCloudPCEnhanced
+## Device/BootToCloudPCEnhanced
 <!-- Device-BootToCloudPCEnhanced-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
@ -76,7 +78,7 @@ This node allows to configure different kinds of Boot to Cloud mode. Boot to clo
 <!-- Device-BootToCloudPCEnhanced-End -->
 <!-- Device-EnableBootToCloudSharedPCMode-Begin -->
-## EnableBootToCloudSharedPCMode
+## Device/EnableBootToCloudSharedPCMode
 > [!NOTE]
 > This policy is deprecated and may be removed in a future release.
@ -129,6 +131,55 @@ Setting this node to "true" configures boot to cloud for Shared PC mode. Boot to
 <!-- Device-EnableBootToCloudSharedPCMode-End -->
 <!-- User-EnablePhysicalDeviceAccess-Begin -->
 ## User/EnablePhysicalDeviceAccess
 <!-- User-EnablePhysicalDeviceAccess-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ❌ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ❌ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- User-EnablePhysicalDeviceAccess-Applicability-End -->
 <!-- User-EnablePhysicalDeviceAccess-OmaUri-Begin -->
 ```User
 ./User/Vendor/MSFT/CloudDesktop/EnablePhysicalDeviceAccess
 ```
 <!-- User-EnablePhysicalDeviceAccess-OmaUri-End -->
 <!-- User-EnablePhysicalDeviceAccess-Description-Begin -->
 <!-- Description-Source-DDF -->
 Configuring this node gives access to the physical devices used to boot to Cloud PCs from the Ctrl+Alt+Del page for specified users. This node supports these options: 0. Not enabled 1. Enabled.
 <!-- User-EnablePhysicalDeviceAccess-Description-End -->
 <!-- User-EnablePhysicalDeviceAccess-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- User-EnablePhysicalDeviceAccess-Editable-End -->
 <!-- User-EnablePhysicalDeviceAccess-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `bool` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | false |
 <!-- User-EnablePhysicalDeviceAccess-DFProperties-End -->
 <!-- User-EnablePhysicalDeviceAccess-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | false (Default) | Access to physical device disabled. |
 | true | Access to physical device enabled. |
 <!-- User-EnablePhysicalDeviceAccess-AllowedValues-End -->
 <!-- User-EnablePhysicalDeviceAccess-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- User-EnablePhysicalDeviceAccess-Examples-End -->
 <!-- User-EnablePhysicalDeviceAccess-End -->
 <!-- CloudDesktop-CspMoreInfo-Begin -->
 <!-- Add any additional information about this CSP here. Anything outside this section will get overwritten. -->
 ## BootToCloudPCEnhanced technical reference
--- a/windows/client-management/mdm/clouddesktop-ddf-file.md
+++ b/windows/client-management/mdm/clouddesktop-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: CloudDesktop DDF file
 description: View the XML file containing the device description framework (DDF) for the CloudDesktop configuration service provider.
-ms.date: 03/05/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -17,6 +17,69 @@ The following XML file contains the device description framework (DDF) for the C
  <VerDTD>1.2</VerDTD>
  <MSFT:Diagnostics>
  </MSFT:Diagnostics>
  <Node>
    <NodeName>CloudDesktop</NodeName>
    <Path>./User/Vendor/MSFT</Path>
    <DFProperties>
      <AccessType>
        <Get />
      </AccessType>
      <Description>The CloudDesktop configuration service provider is used to configure different Cloud PC related scenarios.</Description>
      <DFFormat>
        <node />
      </DFFormat>
      <Occurrence>
        <One />
      </Occurrence>
      <Scope>
        <Permanent />
      </Scope>
      <DFType>
        <MIME />
      </DFType>
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
        <MSFT:CspVersion>2.0</MSFT:CspVersion>
        <MSFT:EditionAllowList>0x4;0x30;0x31;0x7E;0x87;0x88;0x88*;0xA1;0xA2;0xA4;0xA5;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
      <NodeName>EnablePhysicalDeviceAccess</NodeName>
      <DFProperties>
        <AccessType>
          <Add />
          <Delete />
          <Get />
          <Replace />
        </AccessType>
        <DefaultValue>false</DefaultValue>
        <Description>Configuring this node gives access to the physical devices used to boot to Cloud PCs from the Ctrl+Alt+Del page for specified users. This node supports these options: 0. Not enabled 1. Enabled.</Description>
        <DFFormat>
          <bool />
        </DFFormat>
        <Occurrence>
          <One />
        </Occurrence>
        <Scope>
          <Dynamic />
        </Scope>
        <DFTitle>Enable access to physical device</DFTitle>
        <DFType>
          <MIME />
        </DFType>
        <MSFT:AllowedValues ValueType="ENUM">
          <MSFT:Enum>
            <MSFT:Value>false</MSFT:Value>
            <MSFT:ValueDescription>Access to physical device disabled</MSFT:ValueDescription>
          </MSFT:Enum>
          <MSFT:Enum>
            <MSFT:Value>true</MSFT:Value>
            <MSFT:ValueDescription>Access to physical device enabled</MSFT:ValueDescription>
          </MSFT:Enum>
        </MSFT:AllowedValues>
      </DFProperties>
    </Node>
  </Node>
  <Node>
    <NodeName>CloudDesktop</NodeName>
    <Path>./Device/Vendor/MSFT</Path>
--- a/windows/client-management/mdm/declaredconfiguration-ddf-file.md
+++ b/windows/client-management/mdm/declaredconfiguration-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: DeclaredConfiguration DDF file
 description: View the XML file containing the device description framework (DDF) for the DeclaredConfiguration configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
        <MSFT:CspVersion>9.9</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@ -1,7 +1,7 @@
 ---
 title: Defender CSP
 description: Learn more about the Defender CSP.
-ms.date: 05/20/2024
+ms.date: 06/21/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -33,6 +33,9 @@ The following list shows the Defender configuration service provider nodes:
        - [BruteForceProtectionConfiguredState](#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionconfiguredstate)
        - [BruteForceProtectionExclusions](#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionexclusions)
        - [BruteForceProtectionMaxBlockTime](#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionmaxblocktime)
        - [BruteForceProtectionPlugins](#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionplugins)
          - [BruteForceProtectionLocalNetworkBlocking](#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionpluginsbruteforceprotectionlocalnetworkblocking)
          - [BruteForceProtectionSkipLearningPeriod](#configurationbehavioralnetworkblocksbruteforceprotectionbruteforceprotectionpluginsbruteforceprotectionskiplearningperiod)
      - [RemoteEncryptionProtection](#configurationbehavioralnetworkblocksremoteencryptionprotection)
        - [RemoteEncryptionProtectionAggressiveness](#configurationbehavioralnetworkblocksremoteencryptionprotectionremoteencryptionprotectionaggressiveness)
        - [RemoteEncryptionProtectionConfiguredState](#configurationbehavioralnetworkblocksremoteencryptionprotectionremoteencryptionprotectionconfiguredstate)
@ -752,6 +755,142 @@ Set the maximum time an IP address is blocked by Brute-Force Protection. After t
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionMaxBlockTime-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-Begin -->
 ##### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionPlugins
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1607 [10.0.14393] and later |
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-Applicability-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionPlugins
 ```
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-OmaUri-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-Description-Begin -->
 <!-- Description-Source-Not-Found -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-Description-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-Editable-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `node` |
 | Access Type | Get |
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-DFProperties-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-Examples-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-Begin -->
 ###### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionPlugins/BruteForceProtectionLocalNetworkBlocking
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-Applicability-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionPlugins/BruteForceProtectionLocalNetworkBlocking
 ```
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-OmaUri-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-Description-Begin -->
 <!-- Description-Source-DDF -->
 Extend brute-force protection coverage in Microsoft Defender Antivirus to block local network addresses.
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-Description-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-Editable-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-DFProperties-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Brute-force protection won't block local network addresses. |
 | 1 | Brute-force protection will block local network addresses. |
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-AllowedValues-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-Examples-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionLocalNetworkBlocking-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-Begin -->
 ###### Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionPlugins/BruteForceProtectionSkipLearningPeriod
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 1709 [10.0.16299] and later |
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-Applicability-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Defender/Configuration/BehavioralNetworkBlocks/BruteForceProtection/BruteForceProtectionPlugins/BruteForceProtectionSkipLearningPeriod
 ```
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-OmaUri-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-Description-Begin -->
 <!-- Description-Source-DDF -->
 Skip the 2-week initial learning period, so brute-force protection in Microsoft Defender Antivirus can start blocking immediately.
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-Description-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-Editable-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | 0 |
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-DFProperties-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | 0 (Default) | Brute-force protection blocks threats only after completing a 2-week learning period. |
 | 1 | Brute-force protection starts blocking threats immediately. |
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-AllowedValues-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-Examples-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-BruteForceProtection-BruteForceProtectionPlugins-BruteForceProtectionSkipLearningPeriod-End -->
 <!-- Device-Configuration-BehavioralNetworkBlocks-RemoteEncryptionProtection-Begin -->
 #### Configuration/BehavioralNetworkBlocks/RemoteEncryptionProtection
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@ -1,7 +1,7 @@
 ---
 title: Defender DDF file
 description: View the XML file containing the device description framework (DDF) for the Defender configuration service provider.
-ms.date: 05/20/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -3596,6 +3596,104 @@ The following XML file contains the device description framework (DDF) for the D
              </MSFT:AllowedValues>
            </DFProperties>
          </Node>
          <Node>
            <NodeName>BruteForceProtectionPlugins</NodeName>
            <DFProperties>
              <AccessType>
                <Get />
              </AccessType>
              <DFFormat>
                <node />
              </DFFormat>
              <Occurrence>
                <One />
              </Occurrence>
              <Scope>
                <Dynamic />
              </Scope>
              <DFType>
                <DDFName />
              </DFType>
            </DFProperties>
            <Node>
              <NodeName>BruteForceProtectionLocalNetworkBlocking</NodeName>
              <DFProperties>
                <AccessType>
                  <Add />
                  <Delete />
                  <Get />
                  <Replace />
                </AccessType>
                <DefaultValue>0</DefaultValue>
                <Description>Extend brute-force protection coverage in Microsoft Defender Antivirus to block local network addresses.</Description>
                <DFFormat>
                  <int />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Dynamic />
                </Scope>
                <DFType>
                  <MIME />
                </DFType>
                <MSFT:Applicability>
                  <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
                  <MSFT:CspVersion>1.3</MSFT:CspVersion>
                </MSFT:Applicability>
                <MSFT:AllowedValues ValueType="ENUM">
                  <MSFT:Enum>
                    <MSFT:Value>0</MSFT:Value>
                    <MSFT:ValueDescription>Brute-force protection will not block local network addresses</MSFT:ValueDescription>
                  </MSFT:Enum>
                  <MSFT:Enum>
                    <MSFT:Value>1</MSFT:Value>
                    <MSFT:ValueDescription>Brute-force protection will block local network addresses</MSFT:ValueDescription>
                  </MSFT:Enum>
                </MSFT:AllowedValues>
              </DFProperties>
            </Node>
            <Node>
              <NodeName>BruteForceProtectionSkipLearningPeriod</NodeName>
              <DFProperties>
                <AccessType>
                  <Add />
                  <Delete />
                  <Get />
                  <Replace />
                </AccessType>
                <DefaultValue>0</DefaultValue>
                <Description>Skip the 2-week initial learning period, so brute-force protection in Microsoft Defender Antivirus can start blocking immediately.</Description>
                <DFFormat>
                  <int />
                </DFFormat>
                <Occurrence>
                  <One />
                </Occurrence>
                <Scope>
                  <Dynamic />
                </Scope>
                <DFType>
                  <MIME />
                </DFType>
                <MSFT:Applicability>
                  <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
                  <MSFT:CspVersion>1.3</MSFT:CspVersion>
                </MSFT:Applicability>
                <MSFT:AllowedValues ValueType="ENUM">
                  <MSFT:Enum>
                    <MSFT:Value>0</MSFT:Value>
                    <MSFT:ValueDescription>Brute-force protection blocks threats only after completing a 2-week learning period</MSFT:ValueDescription>
                  </MSFT:Enum>
                  <MSFT:Enum>
                    <MSFT:Value>1</MSFT:Value>
                    <MSFT:ValueDescription>Brute-force protection starts blocking threats immediately</MSFT:ValueDescription>
                  </MSFT:Enum>
                </MSFT:AllowedValues>
              </DFProperties>
            </Node>
          </Node>
          <Node>
            <NodeName>BruteForceProtectionExclusions</NodeName>
            <DFProperties>
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: DevDetail DDF file
 description: View the XML file containing the device description framework (DDF) for the DevDetail configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@ -1,7 +1,7 @@
 ---
 title: DeviceManageability DDF file
 description: View the XML file containing the device description framework (DDF) for the DeviceManageability configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/devicepreparation-ddf-file.md
+++ b/windows/client-management/mdm/devicepreparation-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: DevicePreparation DDF file
 description: View the XML file containing the device description framework (DDF) for the DevicePreparation configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@ -1,7 +1,7 @@
 ---
 title: DeviceStatus DDF file
 description: View the XML file containing the device description framework (DDF) for the DeviceStatus configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: DevInfo DDF file
 description: View the XML file containing the device description framework (DDF) for the DevInfo configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -41,7 +41,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@ -1,7 +1,7 @@
 ---
 title: DiagnosticLog DDF file
 description: View the XML file containing the device description framework (DDF) for the DiagnosticLog configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.2</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: DMAcc DDF file
 description: View the XML file containing the device description framework (DDF) for the DMAcc configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: DMClient DDF file
 description: View the XML file containing the device description framework (DDF) for the DMClient configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -477,7 +477,7 @@ The following XML file contains the device description framework (DDF) for the D
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: EMAIL2 DDF file
 description: View the XML file containing the device description framework (DDF) for the EMAIL2 configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the E
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
      <MSFT:Deprecated />
    </DFProperties>
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: EnterpriseDesktopAppManagement DDF file
 description: View the XML file containing the device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
-ms.date: 05/20/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the E
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -401,7 +401,7 @@ The following XML file contains the device description framework (DDF) for the E
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@ -1,7 +1,7 @@
 ---
 title: EnterpriseModernAppManagement DDF file
 description: View the XML file containing the device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the E
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -2587,7 +2587,7 @@ The following XML file contains the device description framework (DDF) for the E
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: eUICCs DDF file
 description: View the XML file containing the device description framework (DDF) for the eUICCs configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -43,7 +43,7 @@ The following XML file contains the device description framework (DDF) for the e
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@ -1,7 +1,7 @@
 ---
 title: Firewall CSP
 description: Learn more about the Firewall CSP.
-ms.date: 01/18/2024
+ms.date: 06/21/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 01/18/2024
 <!-- Firewall-Begin -->
 # Firewall CSP
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Firewall-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device. Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.
@ -3465,7 +3463,7 @@ This value represents the order of rule enforcement. A lower priority rule is ev
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Profiles-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Profiles-Applicability-End -->
 <!-- Device-MdmStore-HyperVFirewallRules-{FirewallRuleName}-Profiles-OmaUri-Begin -->
@ -3805,7 +3803,7 @@ VM Creator ID that these settings apply to. Valid format is a GUID.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-AllowHostPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-AllowHostPolicyMerge-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-AllowHostPolicyMerge-OmaUri-Begin -->
@ -3954,7 +3952,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-OmaUri-Begin -->
@ -3992,7 +3990,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-AllowLocalPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-AllowLocalPolicyMerge-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-AllowLocalPolicyMerge-OmaUri-Begin -->
@ -4042,7 +4040,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultInboundAction-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultInboundAction-OmaUri-Begin -->
@ -4092,7 +4090,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultOutboundAction-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-DefaultOutboundAction-OmaUri-Begin -->
@ -4142,7 +4140,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-EnableFirewall-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-DomainProfile-EnableFirewall-OmaUri-Begin -->
@ -4289,7 +4287,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-OmaUri-Begin -->
@ -4327,7 +4325,7 @@ This value is an on/off switch for loopback traffic. This determines if this VM
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-AllowLocalPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-AllowLocalPolicyMerge-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-AllowLocalPolicyMerge-OmaUri-Begin -->
@ -4377,7 +4375,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultInboundAction-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultInboundAction-OmaUri-Begin -->
@ -4427,7 +4425,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultOutboundAction-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-DefaultOutboundAction-OmaUri-Begin -->
@ -4477,7 +4475,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-EnableFirewall-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PrivateProfile-EnableFirewall-OmaUri-Begin -->
@ -4526,7 +4524,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-OmaUri-Begin -->
@ -4564,7 +4562,7 @@ This value is an on/off switch for the Hyper-V Firewall enforcement.
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-AllowLocalPolicyMerge-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-AllowLocalPolicyMerge-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-AllowLocalPolicyMerge-OmaUri-Begin -->
@ -4614,7 +4612,7 @@ This value is used as an on/off switch. If this value is false, Hyper-V Firewall
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultInboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultInboundAction-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultInboundAction-OmaUri-Begin -->
@ -4664,7 +4662,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultOutboundAction-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultOutboundAction-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-DefaultOutboundAction-OmaUri-Begin -->
@ -4714,7 +4712,7 @@ This value is the action that the Hyper-V Firewall does by default (and evaluate
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.2352] and later <br> ✅ Windows Insider Preview [10.0.25398] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25398] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2352] and later |
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-Applicability-End -->
 <!-- Device-MdmStore-HyperVVMSettings-{VMCreatorId}-PublicProfile-EnableFirewall-OmaUri-Begin -->
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: Firewall DDF file
 description: View the XML file containing the device description framework (DDF) for the Firewall configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the F
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@ -1,7 +1,7 @@
 ---
 title: HealthAttestation DDF file
 description: View the XML file containing the device description framework (DDF) for the HealthAttestation configuration service provider.
-ms.date: 01/31/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the H
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/language-pack-management-ddf-file.md
+++ b/windows/client-management/mdm/language-pack-management-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: LanguagePackManagement DDF file
 description: View the XML file containing the device description framework (DDF) for the LanguagePackManagement configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the L
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>99.9.9999</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/laps-csp.md
+++ b/windows/client-management/mdm/laps-csp.md
@ -1,7 +1,7 @@
 ---
 title: LAPS CSP
 description: Learn more about the LAPS CSP.
-ms.date: 05/20/2024
+ms.date: 06/21/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -55,7 +55,7 @@ The following list shows the LAPS configuration service provider nodes:
 <!-- Device-Actions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Actions-Applicability-End -->
 <!-- Device-Actions-OmaUri-Begin -->
@ -94,7 +94,7 @@ Defines the parent interior node for all action-related settings in the LAPS CSP
 <!-- Device-Actions-ResetPassword-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Actions-ResetPassword-Applicability-End -->
 <!-- Device-Actions-ResetPassword-OmaUri-Begin -->
@ -134,7 +134,7 @@ This action invokes an immediate reset of the local administrator account passwo
 <!-- Device-Actions-ResetPasswordStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Actions-ResetPasswordStatus-Applicability-End -->
 <!-- Device-Actions-ResetPasswordStatus-OmaUri-Begin -->
@ -179,7 +179,7 @@ The value returned is an HRESULT code:
 <!-- Device-Policies-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-Applicability-End -->
 <!-- Device-Policies-OmaUri-Begin -->
@ -219,7 +219,7 @@ Root node for LAPS policies.
 <!-- Device-Policies-ADEncryptedPasswordHistorySize-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-ADEncryptedPasswordHistorySize-Applicability-End -->
 <!-- Device-Policies-ADEncryptedPasswordHistorySize-OmaUri-Begin -->
@ -269,7 +269,7 @@ This setting has a maximum allowed value of 12 passwords.
 <!-- Device-Policies-AdministratorAccountName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-AdministratorAccountName-Applicability-End -->
 <!-- Device-Policies-AdministratorAccountName-OmaUri-Begin -->
@ -314,7 +314,7 @@ Note if a custom managed local administrator account name is specified in this s
 <!-- Device-Policies-ADPasswordEncryptionEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-ADPasswordEncryptionEnabled-Applicability-End -->
 <!-- Device-Policies-ADPasswordEncryptionEnabled-OmaUri-Begin -->
@ -376,7 +376,7 @@ If not specified, this setting defaults to True.
 <!-- Device-Policies-ADPasswordEncryptionPrincipal-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-ADPasswordEncryptionPrincipal-Applicability-End -->
 <!-- Device-Policies-ADPasswordEncryptionPrincipal-OmaUri-Begin -->
@ -701,7 +701,7 @@ If not specified, this setting will default to 1.
 <!-- Device-Policies-BackupDirectory-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-BackupDirectory-Applicability-End -->
 <!-- Device-Policies-BackupDirectory-OmaUri-Begin -->
@ -807,7 +807,7 @@ This setting has a maximum allowed value of 10 words.
 <!-- Device-Policies-PasswordAgeDays-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-PasswordAgeDays-Applicability-End -->
 <!-- Device-Policies-PasswordAgeDays-OmaUri-Begin -->
@ -855,7 +855,7 @@ This setting has a maximum allowed value of 365 days.
 <!-- Device-Policies-PasswordComplexity-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-PasswordComplexity-Applicability-End -->
 <!-- Device-Policies-PasswordComplexity-OmaUri-Begin -->
@ -927,7 +927,7 @@ Passphrase list taken from "Deep Dive: EFF's New Wordlists for Random Passphrase
 <!-- Device-Policies-PasswordExpirationProtectionEnabled-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-PasswordExpirationProtectionEnabled-Applicability-End -->
 <!-- Device-Policies-PasswordExpirationProtectionEnabled-OmaUri-Begin -->
@ -983,7 +983,7 @@ If not specified, this setting defaults to True.
 <!-- Device-Policies-PasswordLength-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-PasswordLength-Applicability-End -->
 <!-- Device-Policies-PasswordLength-OmaUri-Begin -->
@ -1031,7 +1031,7 @@ This setting has a maximum allowed value of 64 characters.
 <!-- Device-Policies-PostAuthenticationActions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-PostAuthenticationActions-Applicability-End -->
 <!-- Device-Policies-PostAuthenticationActions-OmaUri-Begin -->
@ -1089,7 +1089,7 @@ If not specified, this setting will default to 3 (Reset the password and logoff
 <!-- Device-Policies-PostAuthenticationResetDelay-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later <br> ✅ Windows Insider Preview [10.0.25145] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.1663] and later <br> ✅ [10.0.25145] and later <br> ✅ Windows 10, version 1809 [10.0.17763.4244] and later <br> ✅ Windows 10, version 2004 [10.0.19041.2784] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.1754] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.1480] and later |
 <!-- Device-Policies-PostAuthenticationResetDelay-Applicability-End -->
 <!-- Device-Policies-PostAuthenticationResetDelay-OmaUri-Begin -->
--- a/windows/client-management/mdm/laps-ddf-file.md
+++ b/windows/client-management/mdm/laps-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: LAPS DDF file
 description: View the XML file containing the device description framework (DDF) for the LAPS configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the L
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.25145, 10.0.22621.1480, 10.0.22000.1754, 10.0.20348.1663, 10.0.19041.2784, 10.0.17763.4244</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/networkproxy-ddf.md
+++ b/windows/client-management/mdm/networkproxy-ddf.md
@ -1,7 +1,7 @@
 ---
 title: NetworkProxy DDF file
 description: View the XML file containing the device description framework (DDF) for the NetworkProxy configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@ -1,7 +1,7 @@
 ---
 title: NetworkQoSPolicy DDF file
 description: View the XML file containing the device description framework (DDF) for the NetworkQoSPolicy configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.19042</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: NodeCache DDF file
 description: View the XML file containing the device description framework (DDF) for the NodeCache configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the N
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.1</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -294,7 +294,7 @@ The following XML file contains the device description framework (DDF) for the N
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@ -1,7 +1,7 @@
 ---
 title: Office DDF file
 description: View the XML file containing the device description framework (DDF) for the Office configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the O
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -211,7 +211,7 @@ The following XML file contains the device description framework (DDF) for the O
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@ -1,7 +1,7 @@
 ---
 title: PassportForWork CSP
 description: Learn more about the PassportForWork CSP.
-ms.date: 04/10/2024
+ms.date: 06/21/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -25,7 +25,6 @@ The following list shows the PassportForWork configuration service provider node
 - ./Device/Vendor/MSFT/PassportForWork
  - [{TenantId}](#devicetenantid)
    - [Policies](#devicetenantidpolicies)
      - [DisablePostLogonCredentialCaching](#devicetenantidpoliciesdisablepostlogoncredentialcaching)
      - [DisablePostLogonProvisioning](#devicetenantidpoliciesdisablepostlogonprovisioning)
      - [EnablePinRecovery](#devicetenantidpoliciesenablepinrecovery)
      - [EnableWindowsHelloProvisioningForSecurityKeys](#devicetenantidpoliciesenablewindowshelloprovisioningforsecuritykeys)
@ -158,62 +157,13 @@ Root node for policies.
 <!-- Device-{TenantId}-Policies-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Begin -->
 #### Device/{TenantId}/Policies/DisablePostLogonCredentialCaching
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Applicability-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/DisablePostLogonCredentialCaching
 ```
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-OmaUri-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Description-Begin -->
 <!-- Description-Source-DDF -->
 Disable caching of the Windows Hello for Business credential after sign-in.
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Description-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Editable-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `bool` |
 | Access Type | Add, Delete, Get, Replace |
 | Default Value  | False |
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-DFProperties-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-AllowedValues-Begin -->
 **Allowed values**:
 | Value | Description |
 |:--|:--|
 | false (Default) | Credential Caching Enabled. |
 | true | Credential Caching Disabled. |
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-AllowedValues-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-Examples-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonCredentialCaching-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Begin -->
 #### Device/{TenantId}/Policies/DisablePostLogonProvisioning
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2402] and later <br> ✅ Windows 10, version 2004 [10.0.19041.4239] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.2899] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3374] and later <br> ✅ Windows Insider Preview |
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Applicability-End -->
 <!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-OmaUri-Begin -->
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@ -1,7 +1,7 @@
 ---
 title: PassportForWork DDF file
 description: View the XML file containing the device description framework (DDF) for the PassportForWork configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/21/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the P
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.2</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -565,7 +565,7 @@ If you do not configure this policy setting, Windows Hello for Business requires
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.2</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -870,7 +870,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret
              <MIME />
            </DFType>
            <MSFT:Applicability>
-              <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+              <MSFT:OsBuildVersion>99.9.99999, 10.0.22621.3374, 10.0.22000.2899, 10.0.20348.2402, 10.0.19041.4239</MSFT:OsBuildVersion>
              <MSFT:CspVersion>1.6</MSFT:CspVersion>
            </MSFT:Applicability>
            <MSFT:AllowedValues ValueType="ENUM">
@ -885,45 +885,6 @@ If you disable or do not configure this policy setting, the PIN recovery secret
            </MSFT:AllowedValues>
          </DFProperties>
        </Node>
        <Node>
          <NodeName>DisablePostLogonCredentialCaching</NodeName>
          <DFProperties>
            <AccessType>
              <Add />
              <Delete />
              <Get />
              <Replace />
            </AccessType>
            <DefaultValue>False</DefaultValue>
            <Description>Disable caching of the Windows Hello for Business credential after sign-in.</Description>
            <DFFormat>
              <bool />
            </DFFormat>
            <Occurrence>
              <ZeroOrOne />
            </Occurrence>
            <Scope>
              <Dynamic />
            </Scope>
            <DFType>
              <MIME />
            </DFType>
            <MSFT:Applicability>
              <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
              <MSFT:CspVersion>1.6</MSFT:CspVersion>
            </MSFT:Applicability>
            <MSFT:AllowedValues ValueType="ENUM">
              <MSFT:Enum>
                <MSFT:Value>false</MSFT:Value>
                <MSFT:ValueDescription>Credential Caching Enabled</MSFT:ValueDescription>
              </MSFT:Enum>
              <MSFT:Enum>
                <MSFT:Value>true</MSFT:Value>
                <MSFT:ValueDescription>Credential Caching Disabled</MSFT:ValueDescription>
              </MSFT:Enum>
            </MSFT:AllowedValues>
          </DFProperties>
        </Node>
        <Node>
          <NodeName>UseCertificateForOnPremAuth</NodeName>
          <DFProperties>
@ -934,7 +895,7 @@ If you disable or do not configure this policy setting, the PIN recovery secret
              <Replace />
            </AccessType>
            <DefaultValue>False</DefaultValue>
-            <Description>Windows Hello for Business can use certificates to authenticate to on-premise resources. 
+            <Description>Windows Hello for Business can use certificates to authenticate to on-premise resources.
 If you enable this policy setting, Windows Hello for Business will wait until the device has received a certificate payload from the mobile device management server before provisioning a PIN.
--- a/windows/client-management/mdm/personaldataencryption-ddf-file.md
+++ b/windows/client-management/mdm/personaldataencryption-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: PDE DDF file
 description: View the XML file containing the device description framework (DDF) for the PDE configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the P
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.22621</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@ -1,7 +1,7 @@
 ---
 title: Personalization CSP
 description: Learn more about the Personalization CSP.
-ms.date: 04/10/2024
+ms.date: 06/21/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,14 +9,12 @@ ms.date: 04/10/2024
 <!-- Personalization-Begin -->
 # Personalization CSP
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Personalization-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The Personalization CSP can set the lock screen, desktop background images and company branding on sign-in screen ([BootToCloud mode](policy-csp-clouddesktop.md#boottocloudmode) only). Setting these policies also prevents the user from changing the image. You can also use the Personalization settings in a provisioning package.
 > [!IMPORTANT]
-> Personalization CSP is supported in Windows Enterprise and Education SKUs. It works in Windows Professional only when SetEduPolicies in [SharedPC CSP](sharedpc-csp.md) is set, or when the device is configured in [Shared PC mode with BootToCloudPCEnhanced policy](clouddesktop-csp.md#boottocloudpcenhanced).
+> Personalization CSP is supported in Windows Enterprise and Education SKUs. It works in Windows Professional only when SetEduPolicies in [SharedPC CSP](sharedpc-csp.md) is set, or when the device is configured in [Shared PC mode with BootToCloudPCEnhanced policy](clouddesktop-csp.md#deviceboottocloudpcenhanced).
 <!-- Personalization-Editable-End -->
 <!-- Personalization-Tree-Begin -->
@ -38,7 +36,7 @@ The following list shows the Personalization configuration service provider node
 <!-- Device-CompanyLogoStatus-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
 <!-- Device-CompanyLogoStatus-Applicability-End -->
 <!-- Device-CompanyLogoStatus-OmaUri-Begin -->
@ -77,7 +75,7 @@ This represents the status of the Company Logo. 1 - Successfully downloaded or c
 <!-- Device-CompanyLogoUrl-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
 <!-- Device-CompanyLogoUrl-Applicability-End -->
 <!-- Device-CompanyLogoUrl-OmaUri-Begin -->
@ -116,7 +114,7 @@ An http or https Url to a jpg, jpeg or png image that needs to be downloaded and
 <!-- Device-CompanyName-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 11, version 22H2 [10.0.22621.3235] and later |
 <!-- Device-CompanyName-Applicability-End -->
 <!-- Device-CompanyName-OmaUri-Begin -->
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@ -1,7 +1,7 @@
 ---
 title: Personalization DDF file
 description: View the XML file containing the device description framework (DDF) for the Personalization configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the P
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -101,7 +101,7 @@ The following XML file contains the device description framework (DDF) for the P
          <Get />
          <Replace />
        </AccessType>
-        <Description>A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.</Description>
+        <Description>A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Lock Screen Image or a file Url to a local image on the file system that needs to be used as the Lock Screen Image.</Description>
        <DFFormat>
          <chr />
        </DFFormat>
@ -148,7 +148,7 @@ The following XML file contains the device description framework (DDF) for the P
          <Get />
          <Replace />
        </AccessType>
-        <Description>A http or https Url to a jpg, jpeg or png image that neeeds to be downloaded and used as the Company Logo or a file Url to a local image on the file system that needs to be used as the Company Logo. This setting is currently available for boot to cloud shared pc mode only.</Description>
+        <Description>A http or https Url to a jpg, jpeg or png image that needs to be downloaded and used as the Company Logo or a file Url to a local image on the file system that needs to be used as the Company Logo. This setting is currently available for boot to cloud shared pc mode only.</Description>
        <DFFormat>
          <chr />
        </DFFormat>
@ -162,7 +162,7 @@ The following XML file contains the device description framework (DDF) for the P
          <MIME />
        </DFType>
        <MSFT:Applicability>
-          <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+          <MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
          <MSFT:CspVersion>2.0</MSFT:CspVersion>
        </MSFT:Applicability>
        <MSFT:AllowedValues ValueType="None">
@ -189,7 +189,7 @@ The following XML file contains the device description framework (DDF) for the P
          <MIME />
        </DFType>
        <MSFT:Applicability>
-          <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+          <MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
          <MSFT:CspVersion>2.0</MSFT:CspVersion>
        </MSFT:Applicability>
      </DFProperties>
@ -217,7 +217,7 @@ The following XML file contains the device description framework (DDF) for the P
          <MIME />
        </DFType>
        <MSFT:Applicability>
-          <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+          <MSFT:OsBuildVersion>10.0.22621.3235</MSFT:OsBuildVersion>
          <MSFT:CspVersion>2.0</MSFT:CspVersion>
        </MSFT:Applicability>
        <MSFT:AllowedValues ValueType="RegEx">
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@ -1,7 +1,7 @@
 ---
 title: ADMX-backed policies in Policy CSP
 description: Learn about the ADMX-backed policies in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -1663,6 +1663,7 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [TS_NoSecurityMenu](policy-csp-admx-terminalserver.md)
 - [TS_START_PROGRAM_2](policy-csp-admx-terminalserver.md)
 - [TS_SERVER_ADVANCED_REMOTEFX_REMOTEAPP](policy-csp-admx-terminalserver.md)
 - [TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME](policy-csp-admx-terminalserver.md)
 - [TS_DX_USE_FULL_HWGPU](policy-csp-admx-terminalserver.md)
 - [TS_SERVER_WDDM_GRAPHICS_DRIVER](policy-csp-admx-terminalserver.md)
 - [TS_TSCC_PERMISSIONS_POLICY](policy-csp-admx-terminalserver.md)
@ -2210,6 +2211,7 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [AllowSaveTargetAsInIEMode](policy-csp-internetexplorer.md)
 - [DisableInternetExplorerApp](policy-csp-internetexplorer.md)
 - [EnableExtendedIEModeHotkeys](policy-csp-internetexplorer.md)
 - [AllowLegacyURLFields](policy-csp-internetexplorer.md)
 - [ResetZoomForDialogInIEMode](policy-csp-internetexplorer.md)
 - [EnableGlobalWindowListInIEMode](policy-csp-internetexplorer.md)
 - [JScriptReplacement](policy-csp-internetexplorer.md)
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@ -1,7 +1,7 @@
 ---
 title: Policies in Policy CSP supported by Group Policy
 description: Learn about the policies in Policy CSP supported by Group Policy.
-ms.date: 05/20/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -805,6 +805,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](policy-csp-update.md)
 - [ConfigureDeadlineNoAutoRebootForQualityUpdates](policy-csp-update.md)
 - [AllowOptionalContent](policy-csp-update.md)
 - [AlwaysAutoRebootAtScheduledTimeMinutes](policy-csp-update.md)
 ## UserRights
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@ -1,7 +1,7 @@
 ---
 title: Policies in Policy CSP supported by Windows 10 Team
 description: Learn about the policies in Policy CSP supported by Windows 10 Team.
-ms.date: 01/18/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -315,6 +315,7 @@ This article lists the policies in Policy CSP that are applicable for the Surfac
 - [AllowOptionalContent](policy-csp-update.md#allowoptionalcontent)
 - [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol)
 - [AllowUpdateService](policy-csp-update.md#allowupdateservice)
 - [AlwaysAutoRebootAtScheduledTimeMinutes](policy-csp-update.md#alwaysautorebootatscheduledtimeminutes)
 - [BranchReadinessLevel](policy-csp-update.md#branchreadinesslevel)
 - [ConfigureFeatureUpdateUninstallPeriod](policy-csp-update.md#configurefeatureupdateuninstallperiod)
 - [DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#deferfeatureupdatesperiodindays)
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@ -1,7 +1,7 @@
 ---
 title: ADMX_TerminalServer Policy CSP
 description: Learn more about the ADMX_TerminalServer Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -4109,6 +4109,56 @@ This policy setting allows the administrator to configure the RemoteFX experienc
 <!-- TS_SERVER_PROFILE-End -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Begin -->
 ## TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows 10, version 2004 [10.0.19041.1202] and later <br> ✅ Windows 10, version 2009 [10.0.19042.1202] and later <br> ✅ Windows 10, version 21H1 [10.0.19043.1202] and later <br> ✅ Windows 11, version 21H2 [10.0.22000] and later |
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Applicability-End -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/ADMX_TerminalServer/TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME
 ```
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-OmaUri-End -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Description-Begin -->
 <!-- Description-Source-Not-Found -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Description-End -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Editable-End -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-DFProperties-End -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
 | Name | Value |
 |:--|:--|
 | Name | TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME |
 | ADMX File Name | TerminalServer.admx |
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-AdmxBacked-End -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-Examples-End -->
 <!-- TS_SERVER_REMOTEAPP_USE_SHELLAPPRUNTIME-End -->
 <!-- TS_SERVER_VISEXP-Begin -->
 ## TS_SERVER_VISEXP
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@ -1,7 +1,7 @@
 ---
 title: DeliveryOptimization Policy CSP
 description: Learn more about the DeliveryOptimization Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -1500,20 +1500,8 @@ The default value 0 (zero) means that Delivery Optimization dynamically adjusts
 <!-- DORestrictPeerSelectionBy-OmaUri-End -->
 <!-- DORestrictPeerSelectionBy-Description-Begin -->
-<!-- Description-Source-ADMX -->
+<!-- Description-Source-DDF-Forced -->
-Set this policy to restrict peer selection via selected option.
+Set this policy to restrict peer selection via selected option. Options available are: 1=Subnet mask, 2 = Local discovery (DNS-SD). These options apply to both Download Mode LAN (1) and Group (2).
 Options available are:
 0 = NAT.
 1 = Subnet mask.
 2 = Local discovery (DNS-SD).
 The default value has changed from 0 (no restriction) to 1 (restrict to the subnet).
 These options apply to both Download Mode LAN (1) and Group (2).
 <!-- DORestrictPeerSelectionBy-Description-End -->
 <!-- DORestrictPeerSelectionBy-Editable-Begin -->
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@ -1,7 +1,7 @@
 ---
 title: InternetExplorer Policy CSP
 description: Learn more about the InternetExplorer Area in Policy CSP.
-ms.date: 05/20/2024
+ms.date: 06/21/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -985,6 +985,60 @@ Note. It's recommended to configure template policy settings in one Group Policy
 <!-- AllowIntranetZoneTemplate-End -->
 <!-- AllowLegacyURLFields-Begin -->
 ## AllowLegacyURLFields
 <!-- AllowLegacyURLFields-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- AllowLegacyURLFields-Applicability-End -->
 <!-- AllowLegacyURLFields-OmaUri-Begin -->
 ```User
 ./User/Vendor/MSFT/Policy/Config/InternetExplorer/AllowLegacyURLFields
 ```
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/InternetExplorer/AllowLegacyURLFields
 ```
 <!-- AllowLegacyURLFields-OmaUri-End -->
 <!-- AllowLegacyURLFields-Description-Begin -->
 <!-- Description-Source-Not-Found -->
 <!-- AllowLegacyURLFields-Description-End -->
 <!-- AllowLegacyURLFields-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AllowLegacyURLFields-Editable-End -->
 <!-- AllowLegacyURLFields-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `chr` (string) |
 | Access Type | Add, Delete, Get, Replace |
 <!-- AllowLegacyURLFields-DFProperties-End -->
 <!-- AllowLegacyURLFields-AdmxBacked-Begin -->
 <!-- ADMX-Not-Found -->
 [!INCLUDE [ADMX-backed policy note](includes/mdm-admx-policy-note.md)]
 **ADMX mapping**:
 | Name | Value |
 |:--|:--|
 | Name | AllowLegacyURLFields |
 | ADMX File Name | inetres.admx |
 <!-- AllowLegacyURLFields-AdmxBacked-End -->
 <!-- AllowLegacyURLFields-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AllowLegacyURLFields-Examples-End -->
 <!-- AllowLegacyURLFields-End -->
 <!-- AllowLocalMachineZoneTemplate-Begin -->
 ## AllowLocalMachineZoneTemplate
@ -7718,7 +7772,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- IntranetZoneLogonOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2792] and later <br> ✅ Windows Insider Preview [10.0.25398.643] |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ [10.0.25398.643] and later <br> ✅ [10.0.25965] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2792] and later |
 <!-- IntranetZoneLogonOptions-Applicability-End -->
 <!-- IntranetZoneLogonOptions-OmaUri-Begin -->
@ -8793,7 +8847,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- LocalMachineZoneLogonOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2792] and later <br> ✅ Windows Insider Preview [10.0.25398.643] |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ [10.0.25398.643] and later <br> ✅ [10.0.25965] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2792] and later |
 <!-- LocalMachineZoneLogonOptions-Applicability-End -->
 <!-- LocalMachineZoneLogonOptions-OmaUri-Begin -->
@ -17364,7 +17418,7 @@ High Safety enables applets to run in their sandbox. Disable Java to prevent any
 <!-- TrustedSitesZoneLogonOptions-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2792] and later <br> ✅ Windows Insider Preview [10.0.25398.643] |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2227] and later <br> ✅ [10.0.25398.643] and later <br> ✅ [10.0.25965] and later <br> ✅ Windows 10, version 2004 [10.0.19041.3758] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.2792] and later |
 <!-- TrustedSitesZoneLogonOptions-Applicability-End -->
 <!-- TrustedSitesZoneLogonOptions-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@ -1,7 +1,7 @@
 ---
 title: Privacy Policy CSP
 description: Learn more about the Privacy Area in Policy CSP.
-ms.date: 01/18/2024
+ms.date: 06/21/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -9,8 +9,6 @@ ms.date: 01/18/2024
 <!-- Privacy-Begin -->
 # Policy CSP - Privacy
 [!INCLUDE [Windows Insider tip](includes/mdm-insider-csp-note.md)]
 <!-- Privacy-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- Privacy-Editable-End -->
@ -2929,7 +2927,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessHumanPresence-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25000] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25000] and later |
 <!-- LetAppsAccessHumanPresence-Applicability-End -->
 <!-- LetAppsAccessHumanPresence-OmaUri-Begin -->
@ -3005,7 +3003,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25000] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25000] and later |
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-Applicability-End -->
 <!-- LetAppsAccessHumanPresence_ForceAllowTheseApps-OmaUri-Begin -->
@ -3070,7 +3068,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25000] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25000] and later |
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-Applicability-End -->
 <!-- LetAppsAccessHumanPresence_ForceDenyTheseApps-OmaUri-Begin -->
@ -3135,7 +3133,7 @@ If an app is open when this Group Policy object is applied on a device, employee
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview [10.0.25000] |
+| ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.25000] and later |
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-Applicability-End -->
 <!-- LetAppsAccessHumanPresence_UserInControlOfTheseApps-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@ -1,7 +1,7 @@
 ---
 title: RemoteDesktopServices Policy CSP
 description: Learn more about the RemoteDesktopServices Area in Policy CSP.
-ms.date: 04/10/2024
+ms.date: 06/21/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -439,7 +439,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitClientToServerClipboardRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2400] and later <br> ✅ [10.0.25398.827] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.2898] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3374] and later <br> ✅ Windows 11, version 23H2 [10.0.22631.3374] and later <br> ✅ Windows Insider Preview |
 <!-- LimitClientToServerClipboardRedirection-Applicability-End -->
 <!-- LimitClientToServerClipboardRedirection-OmaUri-Begin -->
@ -493,7 +493,7 @@ By default, Remote Desktop allows redirection of WebAuthn requests.
 <!-- LimitServerToClientClipboardRedirection-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
-| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
+| ✅ Device <br> ✅ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ [10.0.20348.2400] and later <br> ✅ [10.0.25398.827] and later <br> ✅ Windows 11, version 21H2 [10.0.22000.2898] and later <br> ✅ Windows 11, version 22H2 [10.0.22621.3374] and later <br> ✅ Windows 11, version 23H2 [10.0.22631.3374] and later <br> ✅ Windows Insider Preview |
 <!-- LimitServerToClientClipboardRedirection-Applicability-End -->
 <!-- LimitServerToClientClipboardRedirection-OmaUri-Begin -->
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@ -1,7 +1,7 @@
 ---
 title: Update Policy CSP
 description: Learn more about the Update Area in Policy CSP.
-ms.date: 02/14/2024 
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -18,6 +18,7 @@ ms.date: 02/14/2024
 Update CSP policies are listed below based on the group policy area:
 - [Windows Insider Preview](#windows-insider-preview)
  - [AlwaysAutoRebootAtScheduledTimeMinutes](#alwaysautorebootatscheduledtimeminutes)
  - [ConfigureDeadlineNoAutoRebootForFeatureUpdates](#configuredeadlinenoautorebootforfeatureupdates)
  - [ConfigureDeadlineNoAutoRebootForQualityUpdates](#configuredeadlinenoautorebootforqualityupdates)
 - [Manage updates offered from Windows Update](#manage-updates-offered-from-windows-update)
@ -100,6 +101,68 @@ Update CSP policies are listed below based on the group policy area:
 ## Windows Insider Preview
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Begin -->
 ### AlwaysAutoRebootAtScheduledTimeMinutes
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
 | ✅ Device <br> ❌ User | ✅ Pro <br> ✅ Enterprise <br> ✅ Education <br> ✅ Windows SE <br> ✅ IoT Enterprise / IoT Enterprise LTSC | ✅ Windows Insider Preview |
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Applicability-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-OmaUri-Begin -->
 ```Device
 ./Device/Vendor/MSFT/Policy/Config/Update/AlwaysAutoRebootAtScheduledTimeMinutes
 ```
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-OmaUri-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Description-Begin -->
 <!-- Description-Source-ADMX -->
 - If you enable this policy, a restart timer will always begin immediately after Windows Update installs important updates, instead of first notifying users on the login screen for at least two days.
 The restart timer can be configured to start with any value from 15 to 180 minutes. When the timer runs out, the restart will proceed even if the PC has signed-in users.
 - If you disable or don't configure this policy, Windows Update won't alter its restart behavior.
 If the "No auto-restart with logged-on users for scheduled automatic updates installations" policy is enabled, then this policy has no effect.
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Description-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Editable-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-DFProperties-Begin -->
 **Description framework properties**:
 | Property name | Property value |
 |:--|:--|
 | Format | `int` |
 | Access Type | Add, Delete, Get, Replace |
 | Allowed Values | Range: `[15-180]` |
 | Default Value  | 15 |
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-DFProperties-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-GpMapping-Begin -->
 **Group policy mapping**:
 | Name | Value |
 |:--|:--|
 | Name | AlwaysAutoRebootAtScheduledTime |
 | Friendly Name | Always automatically restart at the scheduled time |
 | Element Name | work (minutes) |
 | Location | Computer Configuration |
 | Path | Windows Components > Windows Update > Manage end user experience |
 | Registry Key Name | Software\Policies\Microsoft\Windows\WindowsUpdate\AU |
 | ADMX File Name | WindowsUpdate.admx |
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-GpMapping-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Examples-Begin -->
 <!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-Examples-End -->
 <!-- AlwaysAutoRebootAtScheduledTimeMinutes-End -->
 <!-- ConfigureDeadlineNoAutoRebootForFeatureUpdates-Begin -->
 ### ConfigureDeadlineNoAutoRebootForFeatureUpdates
--- a/windows/client-management/mdm/policy-csp-windowsai.md
+++ b/windows/client-management/mdm/policy-csp-windowsai.md
@ -1,7 +1,7 @@
 ---
 title: WindowsAI Policy CSP
 description: Learn more about the WindowsAI Area in Policy CSP.
-ms.date: 06/13/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -142,6 +142,9 @@ This policy setting allows you to control whether Windows saves snapshots of the
 <!-- TurnOffWindowsCopilot-Begin -->
 ## TurnOffWindowsCopilot
 > [!NOTE]
 > This policy is deprecated and may be removed in a future release.
 <!-- TurnOffWindowsCopilot-Applicability-Begin -->
 | Scope | Editions | Applicable OS |
 |:--|:--|:--|
--- a/windows/client-management/mdm/printerprovisioning-ddf-file.md
+++ b/windows/client-management/mdm/printerprovisioning-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: PrinterProvisioning DDF file
 description: View the XML file containing the device description framework (DDF) for the PrinterProvisioning configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the P
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.22000, 10.0.19044.1806, 10.0.19043.1806, 10.0.19042.1806</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: Reboot DDF file
 description: View the XML file containing the device description framework (DDF) for the Reboot configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the R
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: RootCATrustedCertificates DDF file
 description: View the XML file containing the device description framework (DDF) for the RootCATrustedCertificates configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the R
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -1067,7 +1067,7 @@ The following XML file contains the device description framework (DDF) for the R
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: SecureAssessment DDF file
 description: View the XML file containing the device description framework (DDF) for the SecureAssessment configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the S
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.15063</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: SharedPC DDF file
 description: View the XML file containing the device description framework (DDF) for the SharedPC configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the S
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.14393</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: SUPL DDF file
 description: View the XML file containing the device description framework (DDF) for the SUPL configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -42,7 +42,7 @@ The following XML file contains the device description framework (DDF) for the S
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10240</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: VPNv2 DDF file
 description: View the XML file containing the device description framework (DDF) for the VPNv2 configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the V
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -3265,7 +3265,7 @@ The following XML file contains the device description framework (DDF) for the V
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: WiFi DDF file
 description: View the XML file containing the device description framework (DDF) for the WiFi configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the W
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -322,7 +322,7 @@ The following XML file contains the device description framework (DDF) for the W
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x88;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: WindowsDefenderApplicationGuard DDF file
 description: View the XML file containing the device description framework (DDF) for the WindowsDefenderApplicationGuard configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the W
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.16299</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.1</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xAF;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: WindowsLicensing DDF file
 description: View the XML file containing the device description framework (DDF) for the WindowsLicensing configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -40,7 +40,7 @@ The following XML file contains the device description framework (DDF) for the W
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.10586</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x87;0x88*;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@ -1,7 +1,7 @@
 ---
 title: WiredNetwork DDF file
 description: View the XML file containing the device description framework (DDF) for the WiredNetwork configuration service provider.
-ms.date: 04/10/2024
+ms.date: 06/19/2024
 ---
 <!-- Auto-Generated CSP Document -->
@ -39,7 +39,7 @@ The following XML file contains the device description framework (DDF) for the W
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
@ -118,7 +118,7 @@ The following XML file contains the device description framework (DDF) for the W
      <MSFT:Applicability>
        <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
        <MSFT:CspVersion>1.0</MSFT:CspVersion>
-        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xBC;0xBF;0xCA;0xCB;0xCD;0xCF;0xD2;</MSFT:EditionAllowList>
+        <MSFT:EditionAllowList>0x4;0x1B;0x30;0x31;0x48;0x54;0x62;0x63;0x64;0x65;0x77;0x79;0x7A;0x7D;0x7E;0x81;0x82;0x8A;0x8B;0xA1;0xA2;0xA4;0xA5;0xAB;0xAC;0xB4;0xBC;0xBD;0xBF;0xCA;0xCB;</MSFT:EditionAllowList>
      </MSFT:Applicability>
    </DFProperties>
    <Node>
--- a/windows/deployment/do/mcc-isp.md
+++ b/windows/deployment/do/mcc-isp.md
@ -20,7 +20,7 @@ appliesto:
 # Microsoft Connected Cache for Internet Service Providers (early preview)
 > [!IMPORTANT]
-> This document is for Microsoft Connected Cache (early preview). Microsoft Connected Cache for ISPs is now in Public Preview - for our early preview customers, we highly encourage you to migrate your cache nodes to our public preview. See [instructions on how to migrate](#migrating-your-mcc-to-public-preview) below.
+> This document is for Microsoft Connected Cache (early preview). Microsoft Connected Cache for ISPs is now in Public Preview - for our early preview customers, we highly encourage you to onboard onto our Public Preview program. For instructions on signing up and onboarding please visit [Operator sign up and service onboarding for Microsoft Connected Cache](mcc-isp-signup.md).
 ## Overview
@ -441,6 +441,13 @@ If the test fails, for more information, see the [common issues](#common-issues)
 ## Common Issues
 ### Microsoft Connected Cache is no longer serving traffic
 If you did not migrate your cache node then your cache node may still be on early preview version.
 Microsoft Connected Cache for Internet Service Providers is now in Public Preview! To get started, visit  [Azure portal](https://www.portal.azure.com) to sign up for Microsoft Connected Cache for Internet Service Providers. Please see [Operator sign up and service onboarding for Microsoft Connected Cache](mcc-isp-signup.md) for more information on the requirements for sign up and onboarding.
 <br>
 <br>
 <br>
 > [!NOTE]
 > This section only lists common issues. For more information on additional issues you may encounter when configuring IoT Edge, see the [IoT Edge troubleshooting guide](/azure/iot-edge/troubleshoot).
@ -551,19 +558,6 @@ If you have an MCC that's already active and running, follow the steps below to
 1. To finish configuring your MCC with BGP routing, continue from Step 10 of [Steps to Install MCC](#steps-to-install-mcc). -->
 ## Migrating your MCC to Public Preview
 > [!NOTE]
 > Please note, if you reboot your server, the version that you are currently on will no longer function, after which you will be required to migrate to the new version.
 We recommend migrating now to the new version to access these benefits and ensure no downtime.
 To migrate, use the following steps:
 1. Navigate to the cache node that you would like to migrate and select **Download Migration Package** using the button at the top of the page.
 1. Follow the instructions under the **Connected Cache Migrate Scripts** section within Azure portal.
   :::image type="content" source="images/mcc-isp-migrate.png" alt-text="A screenshot of Azure portal showing the migration instructions for migrating a cache node from the early preview to the public preview." lightbox="images/mcc-isp-migrate.png":::
 1. Go to https://portal.azure.com and navigate to your resource to check your migrated cache nodes.
 ## Uninstalling MCC
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-adfs.md
@ -1,7 +1,7 @@
 ---
 title: Configure Active Directory Federation Services in a hybrid certificate trust model
 description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business hybrid certificate trust model.
-ms.date: 03/12/2024
+ms.date: 06/23/2024
 ms.topic: tutorial
 ---
@ -52,19 +52,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 1. Restart the AD FS server
 > [!NOTE]
-> For AD FS 2019 in a hybrid certificate trust model, a PRT issue exists. You may encounter this error in the AD FS Admin event logs: *Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'*. To remediate this error:
+> For AD FS 2019 and later in a certificate trust model, a known PRT issue exists. You may encounter this error in AD FS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. For more information about the isse and its resolution, see [Certificate trust provisioning with AD FS broken on windows server 2019](../hello-deployment-issues.md#certificate-trust-provisioning-with-ad-fs-broken-on-windows-server-2019).
 >
 > 1. Launch AD FS management console and browse to **Services > Scope Descriptions**
 > 1. Right click **Scope Descriptions** and select **Add Scope Description**
 > 1. Under name type `ugs` and select **Apply > OK**
 > 1. Launch PowerShell as an administrator
 > 1. Obtain the *ObjectIdentifier* of the application permission with the `ClientRoleIdentifier` parameter equal to `38aa3b87-a06d-4817-b275-7a316988d93b`:
 > ```PowerShell
 > (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier
 > ```
 > 1. Execute the command `Set-AdfsApplicationPermission -TargetIdentifier <ObjectIdentifier from step 5> -AddScope 'ugs'`.
 > 1. Restart the AD FS service
 > 1. On the client: Restart the client. User should be prompted to provision Windows Hello for Business
 ## Section review and next steps
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-enroll.md
@ -1,7 +1,7 @@
 ---
 title: Configure and enroll in Windows Hello for Business in hybrid certificate trust model
 description: Learn how to configure devices and enroll them in Windows Hello for Business in a hybrid certificate trust scenario.
-ms.date: 03/12/2024
+ms.date: 06/23/2024
 ms.topic: tutorial
 ---
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust-pki.md
@ -1,7 +1,7 @@
 ---
-title: Configure and validate the PKI in an hybrid certificate trust model
+title: Configure and validate the PKI in a hybrid certificate trust model
 description: Configure and validate the Public Key Infrastructure when deploying Windows Hello for Business in a hybrid certificate trust model.
-ms.date: 03/12/2024
+ms.date: 06/23/2024
 ms.topic: tutorial
 ---
--- a/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/hybrid-cert-trust.md
@ -1,7 +1,7 @@
 ---
 title: Windows Hello for Business hybrid certificate trust deployment guide
 description: Learn how to deploy Windows Hello for Business in a hybrid certificate trust scenario.
-ms.date: 03/12/2024
+ms.date: 06/23/2024
 ms.topic: tutorial
 ---
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/adfs-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/adfs-mfa.md
@ -1,5 +1,5 @@
 ---
-ms.date: 01/03/2024
+ms.date: 06/23/2024
 ms.topic: include
 ---
@ -8,6 +8,8 @@ ms.topic: include
 Windows Hello for Business requires users perform multifactor authentication (MFA) prior to enroll in the service. On-premises deployments can use, as MFA option:
 - certificates
    > [!NOTE]
    > When using this option, the certificates must be deployed to the users. For example, users can use their smart card or virtual smart card as a certificate authentication option.
 - non-Microsoft authentication providers for AD FS
 - custom authentication provider for AD FS
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/certificate-template-auth.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/certificate-template-auth.md
@ -61,4 +61,4 @@ CertUtil: -dsTemplate command completed successfully."
 ```
 >[!NOTE]
->If you gave your Windows Hello for Business Authentication certificate template a different name, then replace `WHFBAuthentication` in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc). Or, you can view the template name using the `Get-CATemplate` ADCS Administration Windows PowerShell cmdlet on your certification authority.
+>If you gave your Windows Hello for Business Authentication certificate template a different name, then replace `WHFBAuthentication` in the above command with the name of your certificate template. It's important that you use the template name rather than the template display name. You can view the template name on the **General** tab of the certificate template using the Certificate Template management console (certtmpl.msc).
--- a/windows/security/identity-protection/hello-for-business/deploy/includes/certificate-template-enrollment-agent.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/includes/certificate-template-enrollment-agent.md
@ -3,7 +3,7 @@ ms.date: 01/03/2024
 ms.topic: include
 ---
-### Configure an enrollment agent certificate template
+## Configure an enrollment agent certificate template
 A certificate registration authority (CRA) is a trusted authority that validates certificate request. Once it validates the request, it presents the request to the certification authority (CA) for issuance. The CA issues the certificate, returns it to the CRA, which returns the certificate to the requesting user. Windows Hello for Business certificate trust deployments use AD FS as the CRA.
@ -12,7 +12,7 @@ The CRA enrolls for an *enrollment agent certificate*. Once the CRA verifies the
 > [!IMPORTANT]
 > Follow the procedures below based on the AD FS service account used in your environment.
-#### Create an enrollment agent certificate for Group Managed Service Accounts (GMSA)
+### Create an enrollment agent certificate for Group Managed Service Accounts (GMSA)
 Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
@ -32,7 +32,7 @@ Sign in to a CA or management workstations with *Domain Administrator* equivalen
 1. Select **OK** to finalize your changes and create the new template
 1. Close the console
-#### Create an enrollment agent certificate for a standard service account
+### Create an enrollment agent certificate for a standard service account
 Sign in to a CA or management workstations with *Domain Administrator* equivalent credentials.
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-adfs.md
@ -1,7 +1,7 @@
 ---
 title: Configure Active Directory Federation Services in an on-premises certificate trust model
 description: Learn how to configure Active Directory Federation Services (AD FS) to support the Windows Hello for Business on-premises certificate trust model.
-ms.date: 03/12/2024
+ms.date: 06/23/2024
 ms.topic: tutorial
 ---
@ -16,20 +16,7 @@ Windows Hello for Business works exclusively with the Active Directory Federatio
 [!INCLUDE [adfs-deploy](includes/adfs-deploy.md)]
 > [!NOTE]
-> For AD FS 2019 and later in a certificate trust model, a known PRT issue exists. You may encounter this error in AD FS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. To remediate this error:
+> For AD FS 2019 and later in a certificate trust model, a known PRT issue exists. You may encounter this error in AD FS Admin event logs: Received invalid Oauth request. The client 'NAME' is forbidden to access the resource with scope 'ugs'. For more information about the isse and its resolution, see [Certificate trust provisioning with AD FS broken on windows server 2019](../hello-deployment-issues.md#certificate-trust-provisioning-with-ad-fs-broken-on-windows-server-2019).
 >
 > 1. Launch AD FS management console. Browse to ***Services > Scope Descriptions**
 > 1. Right-click **Scope Descriptions** and select **Add Scope Description**
 > 1. Under name type *ugs* and select **Apply > OK**
 > 1. Launch PowerShell as an administrator and execute the following commands:
 >
 >     ```PowerShell
 >     $id = (Get-AdfsApplicationPermission -ServerRoleIdentifiers 'http://schemas.microsoft.com/ws/2009/12/identityserver/selfscope' | ?{ $_.ClientRoleIdentifier -eq '38aa3b87-a06d-4817-b275-7a316988d93b' }).ObjectIdentifier
 >     Set-AdfsApplicationPermission -TargetIdentifier $id -AddScope 'ugs'
 >     ```
 >
 > 1. Restart the AD FS service
 > 1. Restart the client. User should be prompted to provision Windows Hello for Business
 ## Review to validate the AD FS and Active Directory configuration
@ -40,6 +27,21 @@ Windows Hello for Business works exclusively with the Active Directory Federatio
 > - Confirm you added the AD FS service account to the KeyAdmins group
 > - Confirm you enabled the Device Registration service
 [!INCLUDE [enrollment-agent-certificate-template](includes/certificate-template-enrollment-agent.md)]
 ### Publish the certificate template to the CA
 Sign in to the CA or management workstations with **Enterprise Admin** equivalent credentials.
 1. Open the **Certification Authority** management console
 1. Expand the parent node from the navigation pane
 1. Select **Certificate Templates** in the navigation pane
 1. Right-click the **Certificate Templates** node. Select **New > Certificate Template** to issue
 1. In the **Enable Certificates Templates** window, select the *WHFB Enrollment Agent* template you created in the previous step. Select **OK** to publish the selected certificate templates to the certification authority
 1. If you published the *Domain Controller Authentication (Kerberos)* certificate template, then unpublish the certificate templates you included in the superseded templates list
   - To unpublish a certificate template, right-click the certificate template you want to unpublish and select **Delete**. Select **Yes** to confirm the operation
 1. Close the console
 ## Configure the certificate registration authority
 The Windows Hello for Business on-premises certificate-based deployment uses AD FS as the certificate registration authority (CRA). The registration authority is responsible for issuing certificates to users and devices. The registration authority is also responsible for revoking certificates when users or devices are removed from the environment.
@ -55,7 +57,7 @@ Set-AdfsCertificateAuthority -EnrollmentAgent -EnrollmentAgentCertificateTemplat
 >[!NOTE]
 > If you gave your Windows Hello for Business Enrollment Agent and Windows Hello for Business Authentication certificate templates different names, then replace *WHFBEnrollmentAgent* and *WHFBAuthentication* in the above command with the name of your certificate templates. It's important that you use the template name rather than the template display name.  You can view the template name on the **General** tab of the certificate template by using the **Certificate Template** management console (certtmpl.msc). Or, you can view the template name by using the `Get-CATemplate` PowerShell cmdlet on a CA.
-### Enrollment agent certificate enrollment
+### Enrollment agent certificate lifecycle management
 AD FS performs its own certificate lifecycle management. Once the registration authority is configured with the proper certificate template, the AD FS server attempts to enroll the certificate on the first certificate request or when the service first starts.
@ -87,6 +89,7 @@ For detailed information about the certificate, use `Certutil -q -v <certificate
 > [!div class="checklist"]
 > Before you continue with the deployment, validate your deployment progress by reviewing the following items:
 >
 > - Configure an enrollment agent certificate template
 > - Confirm only the AD FS service account has the allow enroll permission for the enrollment agent certificate template
 > - Consider using an HSM to protect the enrollment agent certificate; however, understand the frequency and quantity of signature operations the enrollment agent server makes and understand the impact it has on overall performance
 > - Confirm you properly configured the Windows Hello for Business authentication certificate template
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust-enroll.md
@ -1,5 +1,5 @@
 ---
-ms.date: 03/12/2024
+ms.date: 06/23/2024
 ms.topic: tutorial
 title: Configure Windows Hello for Business Policy settings in an on-premises certificate trust
 description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises certificate trust scenario
@ -73,7 +73,11 @@ After a successful key registration, Windows creates a certificate request using
 The AD FS registration authority verifies the key used in the certificate request matches the key that was previously registered. On a successful match, the AD FS registration authority signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
-The CA validates that the certificate is signed by the registration authority. On successful validation, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current user's certificate store. Once this process completes, the Windows Hello for Business provisioning workflow informs the user that they can use their PIN to sign-in through the Action Center.
+The CA validates that the certificate is signed by the registration authority. On successful validation, it issues a certificate based on the request and returns the certificate to the AD FS registration authority. The registration authority returns the certificate to Windows where it then installs the certificate in the current user's certificate store.
 The following video shows the Windows Hello for Business enrollment steps after signing in with a password, using a custom MFA adapter for AD FS.
 > [!VIDEO https://learn-video.azurefd.net/vod/player?id=771165c0-e37f-4f9d-9e21-4f383cc6590d alt-text="Video showing the Windows Hello for Business enrollment steps after signing in with a password."]
 ### Sequence diagram
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-cert-trust.md
@ -1,13 +1,12 @@
 ---
 title: Windows Hello for Business on-premises certificate trust deployment guide
 description: Learn how to deploy Windows Hello for Business in an on-premises, certificate trust scenario.
-ms.date: 03/12/2024
+ms.date: 06/23/2024
 ms.topic: tutorial
 ---
 # On-premises certificate trust deployment guide
 [!INCLUDE [apply-to-on-premises-cert-trust](includes/apply-to-on-premises-cert-trust.md)]
 [!INCLUDE [requirements](includes/requirements.md)]
@ -48,8 +47,6 @@ Windows Hello for Business must have a Public Key Infrastructure (PKI) when usin
 [!INCLUDE [web-server-certificate-template](includes/certificate-template-web-server.md)]
 [!INCLUDE [enrollment-agent-certificate-template](includes/certificate-template-enrollment-agent.md)]
 [!INCLUDE [auth-certificate-template](includes/certificate-template-auth.md)]
 [!INCLUDE [unpublish-superseded-templates](includes/unpublish-superseded-templates.md)]
@ -64,7 +61,7 @@ Sign in to the CA or management workstations with **Enterprise Admin** equivalen
 1. Expand the parent node from the navigation pane
 1. Select **Certificate Templates** in the navigation pane
 1. Right-click the **Certificate Templates** node. Select **New > Certificate Template** to issue
-1. In the **Enable Certificates Templates** window, select the *Domain Controller Authentication (Kerberos)*, *Internal Web Server*, *WHFB Enrollment Agent* and *WHFB Authentication* templates you created in the previous steps. Select **OK** to publish the selected certificate templates to the certification authority
+1. In the **Enable Certificates Templates** window, select the *Domain Controller Authentication (Kerberos)*, *Internal Web Server*, and *WHFB Authentication* templates you created in the previous steps. Select **OK** to publish the selected certificate templates to the certification authority
 1. If you published the *Domain Controller Authentication (Kerberos)* certificate template, then unpublish the certificate templates you included in the superseded templates list
   - To unpublish a certificate template, right-click the certificate template you want to unpublish and select **Delete**. Select **Yes** to confirm the operation
 1. Close the console
@ -85,7 +82,6 @@ Sign in to the CA or management workstations with **Enterprise Admin** equivalen
 > - Configure domain controller and web server certificate templates
 > - Supersede existing domain controller certificates
 > - Unpublish superseded certificate templates
 > - Configure an enrollment agent certificate template
 > - Publish the certificate templates to the CA
 > - Deploy certificates to the domain controllers
 > - Validate the domain controllers configuration
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust-enroll.md
@ -1,5 +1,5 @@
 ---
-ms.date: 03/12/2024
+ms.date: 06/23/2024
 ms.topic: tutorial
 title: Configure Windows Hello for Business Policy settings in an on-premises key trust
 description: Configure Windows Hello for Business Policy settings for Windows Hello for Business in an on-premises key trust scenario
@ -52,6 +52,10 @@ This information is also available using the `dsregcmd.exe /status` command from
 [!INCLUDE [user-experience](includes/user-experience.md)]
 The following video shows the Windows Hello for Business enrollment steps after signing in with a password, using a custom MFA adapter for AD FS.
 > [!VIDEO https://learn-video.azurefd.net/vod/player?id=771165c0-e37f-4f9d-9e21-4f383cc6590d alt-text="Video showing the Windows Hello for Business enrollment steps after signing in with a password."]
 ### Sequence diagram
 To better understand the provisioning flows, review the following sequence diagram:
--- a/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/deploy/on-premises-key-trust.md
@ -1,7 +1,7 @@
 ---
 title: Windows Hello for Business on-premises key trust deployment guide
 description: Learn how to deploy Windows Hello for Business in an on-premises, key trust scenario.
-ms.date: 03/12/2024
+ms.date: 06/24/2024
 ms.topic: tutorial
 ---
@ -57,7 +57,7 @@ Sign in to the CA or management workstations with **Enterprise Admin** equivalen
 1. Expand the parent node from the navigation pane
 1. Select **Certificate Templates** in the navigation pane
 1. Right-click the **Certificate Templates** node. Select **New > Certificate Template** to issue
-1. In the **Enable Certificates Templates** window, select the *Domain Controller Authentication (Kerberos)*, and *Internal Web Server* templates you created in the previous steps. Select **OK** to publish the selected certificate templates to the certification authority
+1. In the **Enable Certificates Templates** window, select the *Domain Controller Authentication (Kerberos)* and *Internal Web Server* templates you created in the previous steps. Select **OK** to publish the selected certificate templates to the certification authority
 1. If you published the *Domain Controller Authentication (Kerberos)* certificate template, then unpublish the certificate templates you included in the superseded templates list
   - To unpublish a certificate template, right-click the certificate template you want to unpublish and select **Delete**. Select **Yes** to confirm the operation
 1. Close the console
--- a/windows/security/identity-protection/hello-for-business/deploy/toc.yml
+++ b/windows/security/identity-protection/hello-for-business/deploy/toc.yml
@ -8,7 +8,7 @@ items:
  - name: Cloud Kerberos trust deployment
    href: hybrid-cloud-kerberos-trust.md
  - name: Key trust deployment
-    items: 
+    items:
    - name: Requirements and validation
      href: hybrid-key-trust.md
      displayName: key trust
@ -19,7 +19,7 @@ items:
      href: ../hello-hybrid-aadj-sso.md
      displayName: key trust
  - name: Certificate trust deployment
-    items: 
+    items:
    - name: Requirements and validation
      href: hybrid-cert-trust.md
      displayName: certificate trust
@ -41,7 +41,7 @@ items:
 - name: On-premises deployments
  items:
  - name: Key trust deployment
-    items: 
+    items:
    - name: Requirements and validation
      href: on-premises-key-trust.md
    - name: Prepare and deploy Active Directory Federation Services (AD FS)
@ -49,10 +49,10 @@ items:
    - name: Configure and enroll in Windows Hello for Business
      href: on-premises-key-trust-enroll.md
  - name: Certificate trust deployment
-    items: 
+    items:
    - name: Requirements and validation
      href: on-premises-cert-trust.md
-    - name: Prepare and Deploy Active Directory Federation Services (AD FS)
+    - name: Prepare and deploy Active Directory Federation Services (AD FS)
      href: on-premises-cert-trust-adfs.md
    - name: Configure and enroll in Windows Hello for Business
      href: on-premises-cert-trust-enroll.md
--- a/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/bcd-settings-and-bitlocker.md
@ -1,8 +1,8 @@
 ---
-title: BCD settings and BitLocker 
+title: BCD settings and BitLocker
 description: Learn how BCD settings are used by BitLocker.
 ms.topic: reference
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 ---
 # Boot Configuration Data settings and BitLocker
--- a/windows/security/operating-system-security/data-protection/bitlocker/configure.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/configure.md
@ -2,7 +2,7 @@
 title: Configure BitLocker
 description: Learn about the available options to configure BitLocker and how to configure them via Configuration Service Providers (CSP) or group policy (GPO).
 ms.topic: how-to
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 ---
 # Configure BitLocker
--- a/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/countermeasures.md
@ -1,8 +1,8 @@
 ---
 title: BitLocker countermeasures
-description: Learn about technologies and features to protect against attacks on the BitLocker encryption key. 
+description: Learn about technologies and features to protect against attacks on the BitLocker encryption key.
 ms.topic: concept-article
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 ---
 # BitLocker countermeasures
--- a/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/csv-san.md
@ -2,7 +2,7 @@
 title: Protect cluster shared volumes and storage area networks with BitLocker
 description: Learn how to protect cluster shared volumes (CSV) and storage area networks (SAN) with BitLocker.
 ms.topic: how-to
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
--- a/windows/security/operating-system-security/data-protection/bitlocker/faq.yml
+++ b/windows/security/operating-system-security/data-protection/bitlocker/faq.yml
@ -3,7 +3,7 @@ metadata:
  title: BitLocker FAQ
  description: Learn more about BitLocker by reviewing the frequently asked questions.
  ms.topic: faq
-  ms.date: 10/30/2023
+  ms.date: 06/18/2024
 title: BitLocker FAQ
 summary: Learn more about BitLocker by reviewing the frequently asked questions.
--- a/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-additional-recovery-information.png
+++ b/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-additional-recovery-information.png
--- a/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-additional.png
+++ b/windows/security/operating-system-security/data-protection/bitlocker/images/preboot-recovery-additional.png
--- a/windows/security/operating-system-security/data-protection/bitlocker/index.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/index.md
@ -2,7 +2,7 @@
 title: BitLocker overview
 description: Learn about BitLocker practical applications and requirements.
 ms.topic: overview
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 ---
 # BitLocker overview
--- a/windows/security/operating-system-security/data-protection/bitlocker/install-server.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/install-server.md
@ -2,7 +2,7 @@
 title: Install BitLocker on Windows Server
 description: Learn how to install BitLocker on Windows Server.
 ms.topic: how-to
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 appliesto:
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2022</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/windows-server-release-info target=_blank>Windows Server 2019</a>
--- a/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/network-unlock.md
@ -1,8 +1,8 @@
 ---
-title: Network Unlock 
+title: Network Unlock
 description: Learn how BitLocker Network Unlock works and how to configure it.
 ms.topic: how-to
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 ---
 # Network Unlock
@ -255,7 +255,7 @@ The subnet policy configuration file must use a `[SUBNETS]` section to identify
 ```ini
 [SUBNETS]
 SUBNET1=10.185.250.0/24 ; a comment about this subrange could be here, after the semicolon
-SUBNET2=10.185.252.200/28 
+SUBNET2=10.185.252.200/28
 SUBNET3= 2001:4898:a:2::/64 ; an IPv6 subnet
 SUBNET4=2001:4898:a:3::/64; in production, the admin would likely give more useful names, like BUILDING9-EXCEPT-RECEP.
 ```
--- a/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/operations-guide.md
@ -2,7 +2,7 @@
 title: BitLocker operations guide
 description: Learn how to use different tools to manage and operate BitLocker.
 ms.topic: how-to
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 ---
 # BitLocker operations guide
@ -239,7 +239,7 @@ Add-BitLockerKeyProtector E: -PasswordProtector -Password $pw
 **Example**: Use PowerShell to enable BitLocker with a TPM protector
 ```powershell
-Enable-BitLocker D: -EncryptionMethod XtsAes256 -UsedSpaceOnly -TpmProtector 
+Enable-BitLocker D: -EncryptionMethod XtsAes256 -UsedSpaceOnly -TpmProtector
 ```
 **Example**: Use PowerShell to enable BitLocker with a TPM+PIN protector, in this case with a PIN set to *123456*:
--- a/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/planning-guide.md
@ -2,7 +2,7 @@
 title: BitLocker planning guide
 description: Learn how to plan for a BitLocker deployment in your organization.
 ms.topic: concept-article
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 ---
 # BitLocker planning guide
--- a/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/preboot-recovery-screen.md
@ -2,14 +2,14 @@
 title: BitLocker preboot recovery screen
 description: Learn about the information displayed in the BitLocker preboot recovery screen, depending on configured policy settings and recovery keys status.
 ms.topic: concept-article
-ms.date: 10/30/2023
+ms.date: 06/19/2024
 ---
 # BitLocker preboot recovery screen
-During BitLocker recovery, the *preboot recovery screen* can display a custom recovery message, a custom recovery URL, and a few hints to help users finding where a key can be retrieved from.
+During BitLocker recovery, the *preboot recovery screen* is a critical touchpoint for users, offering a custom recovery message tailored to the organization's needs, a direct recovery URL for additional support, and strategic hints to assist users in locating their recovery key.
-This article describes the information displayed in the preboot recovery screen depending on configured policy settings and recovery keys status.
+This article delves into the various elements displayed on the preboot recovery screen, detailing how policy settings and the status of recovery keys influence the information presented. Whether it's a personalized message or practical guidance, the preboot recovery screen is designed to streamline the recovery process for users
 ## Default preboot recovery screen
@ -72,10 +72,10 @@ There are rules governing which hint is shown during the recovery (in the order
 :::row:::
  :::column span="2":::
    In this scenario, the recovery password is saved to a file
-    
+
    > [!IMPORTANT]
    > It's not recommend to print recovery keys or saving them to a file. Instead, use Microsoft account, Microsoft Entra ID or Active Directory backup.
-  
+
 :::column-end:::
  :::column span="2":::
  :::image type="content" source="images/preboot-recovery-hint.png" alt-text="Screenshot of the BitLocker recovery screen showing a hint where the BitLocker recovery key was saved." lightbox="images/preboot-recovery-hint.png" border="false":::
@ -92,7 +92,7 @@ There are rules governing which hint is shown during the recovery (in the order
      - saved to Microsoft account
      - not printed
      - not saved to a file
-    
+
    **Result:** the hints for the custom URL and the Microsoft account (**https://aka.ms/myrecoverykey**) are displayed.
  :::column-end:::
  :::column span="2":::
@ -110,7 +110,7 @@ There are rules governing which hint is shown during the recovery (in the order
    - saved to Active Directory
    - not printed
    - not saved to a file
-    
+
    **Result:** only the custom URL is displayed.
  :::column-end:::
  :::column span="2":::
@ -129,7 +129,7 @@ There are rules governing which hint is shown during the recovery (in the order
    - saved to Microsoft Entra ID
    - printed
    - saved to file
-    
+
    **Result:** only the Microsoft account hint (**https://aka.ms/myrecoverykey**) is displayed.
  :::column-end:::
  :::column span="2":::
@ -149,12 +149,12 @@ There are rules governing which hint is shown during the recovery (in the order
    - saved to file
    - creation time: **1PM**
    - key ID: **4290B6C0-B17A-497A-8552-272CC30E80D4**
-    
+
    The recovery password #2 is:
    - not backed up
    - creation time: **3PM**
    - key ID: **045219EC-A53B-41AE-B310-08EC883AAEDD**
-    
+
    **Result:** only the hint for the successfully backed up key is displayed, even if it isn't the most recent key.
  :::column-end:::
  :::column span="2":::
@ -175,15 +175,130 @@ There are rules governing which hint is shown during the recovery (in the order
     - Saved to Microsoft Entra ID
     - creation time: **1PM**
     - key ID: **4290B6C0-B17A-497A-8552-272CC30E80D4**
-    
+
    The recovery password #2 is:
      - Saved to Microsoft Entra ID
      - creation time: **3PM**
      - key ID: **045219EC-A53B-41AE-B310-08EC883AAEDD**
-    
+
    **Result:** the Microsoft Entra ID hint (**https://aka.ms/aadrecoverykey**), which is the most recent key saved, is displayed.
  :::column-end:::
  :::column span="2":::
  :::image type="content" source="images/preboot-recovery-multiple-passwords-multiple-backups.png" alt-text="Screenshot of the BitLocker recovery screen showing the key ID of the most recent key." lightbox="images/preboot-recovery-multiple-passwords-multiple-backups.png" border="false":::
  :::column-end:::
 :::row-end:::
 ## Additional recovery information screen
 Starting in Windows 11, version 24H2, the BitLocker preboot recovery screen enhances the recovery error information. The recovery screen provides more detailed information about the nature of the recovery error, empowering users to better understand and address the issue.
 :::row:::
  :::column span="2":::
    Users have the option to review additional information about the recovery error by pressing the <Kbd>Alt</kbd> key.
  :::column-end:::
  :::column span="2":::
  :::image type="content" source="images/preboot-recovery-additional.png" alt-text="Screenshot of the BitLocker recovery screen highlighting the Alt keyboard button to access the recovery information screen." lightbox="images/preboot-recovery-additional.png" border="false":::
  :::column-end:::
 :::row-end:::
 :::row:::
  :::column span="2":::
    The **Additional recovery information** screen contains an *error category* and a *code*, which you can use to retrieve more details from the next section of this article.
  :::column-end:::
  :::column span="2":::
  :::image type="content" source="images/preboot-recovery-additional-recovery-information.png" alt-text="Screenshot of the BitLocker recovery information screen." lightbox="images/preboot-recovery-additional-recovery-information.png" border="false":::
  :::column-end:::
 :::row-end:::
 The next sections describe the codes for each BitLocker error category. Within each section there's a table with the error message displayed on the recovery screen, and the cause of the error. Some tables include possible resolution.
 The error categories are:
 - [Initiated by user](#initiated-by-user)
 - [Code integrity](#code-integrity)
 - [Device lockout](#device-lockout)
 - [Boot configuration](#boot-configuration)
 - [TPM](#tpm)
 - [Protector](#protector)
 - [Unknown](#unknown)
 ### Initiated by user
 | Error code | Error cause | Resolution|
 |-|-|-|
 |`E_FVE_USER_REQUESTED_RECOVERY`|The user explicitly entered recovery mode from a screen with the option to `ESC` to recovery mode.||
 |`E_FVE_BOOT_DEBUG_ENABLED`|Boot debugging mode is enabled. |Remove the boot debugging option from the boot configuration database.|
 ### Code integrity
 Driver signature enforcement is used to ensure code integrity of the operating system.
 | Error code | Error cause |
 |-|-|
 |`E_FVE_CI_DISABLED`|Driver signature enforcement is disabled.|
 ### Device lockout
 Device lockout threshold functionality allows an administrator to configure Windows sign in with BitLocker protection. After the configured number of failed Windows sign in attempts, the device reboots and can only be recovered by providing a BitLocker recovery method.
 To take advantage of this functionality, you must configure the policy setting **Interactive logon: Machine account lockout threshold** located in **Computer Configuration** > **Windows Settings** > **Security Settings** > **Local Policies** > **Security Options**. Alternatively, use the [Exchange ActiveSync](/Exchange/clients/exchange-activesync/exchange-activesync) **MaxFailedPasswordAttempts** policy setting, or the [DeviceLock Configuration Service Provider (CSP)](/windows/client-management/mdm/policy-csp-devicelock#accountlockoutpolicy).
 | Error code | Error cause | Resolution|
 |-|-|-|
 |`E_FVE_DEVICE_LOCKEDOUT`|Device lockout triggered due to too many incorrect sign in attempts.|A BitLocker recovery method is required to return to the sign in screen.|
 |`E_FVE_DEVICE_LOCKOUT_MISMATCH`|The device lockout counter is out of sync. |A BitLocker recovery method is required to return to the sign in screen.|
 ### Boot configuration
 The *Boot Configuration Database (BCD)* contains critical information for the Windows boot environment.
 | Error code | Error cause | Resolution|
 |-|-|-|
 |`E_FVE_BAD_CODE_ID`<br><br>`E_FVE_BAD_CODE_OPTION`|BitLocker entered recovery mode because a boot application changed.<br>BitLocker tracks the data inside the BCD and BitLocker recovery can occur when this data changes without warning. <br><br>Refer to the recovery screen to find the boot application that changed.|To remediate this issue, restore the BCD configuration. A BitLocker recovery method is required to unlock the device if the BCD configuration can't be restored before booting.|
 For more information, see [Boot Configuration Data settings and BitLocker](bcd-settings-and-bitlocker.md).
 ### TPM
 The Trusted Platform Module (TPM) is cryptographic hardware or firmware used to secure a device. BitLocker creates a *TPM protector* to manage protection of the encryption keys used to encrypt your data.
 At boot, BitLocker attempts to communicate with the TPM to unlock the device and access your data.
 | Error code | Error cause |
 |-|-|
 |`E_FVE_TPM_DISABLED` | A TPM is present but is disabled for use before or during boot.|
 |`E_FVE_TPM_INVALIDATED` | A TPM is present but invalidated.|
 |`E_FVE_BAD_SRK` | The TPM's internal Storage Root Key is corrupted.|
 |`E_FVE_TPM_NOT_DETECTED` | The booting system doesn't have or doesn't detect a TPM.|
 |`E_MATCHING_PCRS_TPM_FAILURE`| The TPM unexpectedly failed when unsealing the encryption key.|
 |`E_FVE_TPM_FAILURE` | Catch-all for other TPM errors.|
 For more information, see [Trusted Platform Module Technology Overview](../../../hardware-security/tpm/trusted-platform-module-overview.md) and [BitLocker and TPM](index.md#bitlocker-and-tpm).
 ### Protector
 #### TPM protectors
 The TPM contains multiple Platform Configuration Registers (PCRs) that can be used in the validation profile of the BitLocker TPM protector. The PCRs are used to validate the integrity of the boot process, that is, that the boot configuration and boot flow hasn't been tampered with.
 BitLocker recovery can be the result of unexpected changes in the PCRs used in the TPM protector validation profile. Changes to PCRs not used in the TPM protector profile don't influence BitLocker.
 | Error code | Error cause |Resolution|
 |-|-|
 |`E_FVE_PCR_MISMATCH`|The device's configuration changed. <br><br>Possible causes include:<br>- A bootable media is inserted. Removing it and restarting your device might fix this problem<br>- A firmware update was applied without updating the TPM protector| A recovery method is required to unlock the device.|
 For more examples, see [BitLocker recovery scenarios](recovery-overview.md#bitlocker-recovery-scenarios).
 #### Special cases for PCR 7
 If the TPM protector uses PCR 7 in the validation profile, BitLocker expects PCR 7 to measure a specific set of events for Secure Boot. These measurements are defined in the UEFI spec. For more information, see [Static Root of Trust Measurements](/previous-versions/windows/hardware/hck/jj923068(v=vs.85)#appendix-a-static-root-of-trust-measurements)
 | Error code | Error cause |Resolution|
 |-|-|-|
 |`E_FVE_SECUREBOOT_DISABLED`|Secure Boot has been disabled. To access the encryption key and unlock your device, BitLocker expects Secure Boot to be on. | Re-enabling Secure Boot and rebooting the system might fix the recovery issue. Otherwise, a recovery method is required to access the device.|
 |`E_FVE_SECUREBOOT_CHANGED`|The Secure Boot configuration unexpectedly changed. The boot configuration measured in PCR 7 changed. <br>This may be either because of:<br>- An additional measurement currently present that wasn't present when BitLocker updated the TPM protector<br>- A missing measurement that was present when BitLocker last updated the TPM protector but now isn't present<br>- An expected event has a different measurement | A recovery method is required to unlock the device.|
 ### Unknown
 | Error code | Error cause | Resolution|
 |-|-|-|
 |`E_FVE_RECOVERY_ERROR_UNKNOWN`| BitLocker entered recovery mode because of an unknown error. | A recovery method is required to unlock the device.|
--- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-overview.md
@ -2,7 +2,7 @@
 title: BitLocker recovery overview
 description: Learn about BitLocker recovery scenarios, recovery options, and how to determine root cause of failed automatic unlocks.
 ms.topic: how-to
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 ---
 # BitLocker recovery overview
--- a/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
+++ b/windows/security/operating-system-security/data-protection/bitlocker/recovery-process.md
@ -2,7 +2,7 @@
 title: BitLocker recovery process
 description: Learn how to obtain BitLocker recovery information for Microsoft Entra joined, Microsoft Entra hybrid joined, and Active Directory joined devices, and how to restore access to a locked drive.
 ms.topic: how-to
-ms.date: 10/30/2023
+ms.date: 06/18/2024
 ---
 # BitLocker recovery process
@ -83,7 +83,7 @@ function Get-EntraBitLockerKeys{
        foreach ($keyId in $keyIds) {
          $recoveryKey = (Get-MgInformationProtectionBitlockerRecoveryKey -BitlockerRecoveryKeyId $keyId -Select "key").key
          Write-Host -ForegroundColor White " Key id: $keyid"
-          Write-Host -ForegroundColor Cyan " BitLocker recovery key: $recoveryKey" 
+          Write-Host -ForegroundColor Cyan " BitLocker recovery key: $recoveryKey"
        }
        } else {
        Write-Host -ForegroundColor Red "No BitLocker recovery keys found for device $DeviceName"