Merge pull request #9056 from MicrosoftDocs/main

10/31 OOB publish for 23H2 tweaks

windows/client-management/enroll-a-windows-10-device-automatically-using-group-policy.md

@@ -19,7 +19,7 @@ The enrollment into Intune is triggered by a group policy created on your local
 - The Active Directory joined device must be running a [supported version of Windows](/windows/release-health/supported-versions-windows-client).
 - The enterprise has configured a Mobile Device Management (MDM) service.
 - The on-premises Active Directory must be [integrated with Microsoft Entra ID (via Microsoft Entra Connect)](/azure/architecture/reference-architectures/identity/azure-ad).
-- Service connection point (SCP) configuration. For more information see [configuring the SCP using Microsoft Entra Connect](/azure/active-directory/devices/how-to-hybrid-join). For environments not publishing SCP data to AD, see [Microsoft Entra hybrid join targeted deployment](/azure/active-directory/devices/hybrid-join-control#targeted-deployment-of-microsoft-entra-hybrid-join-on-windows-current-devices).
+- Service connection point (SCP) configuration. For more information, see [configuring the SCP using Microsoft Entra Connect](/azure/active-directory/devices/how-to-hybrid-join). For environments not publishing SCP data to AD, see [Microsoft Entra hybrid join targeted deployment](/azure/active-directory/devices/hybrid-join-control#targeted-deployment-of-microsoft-entra-hybrid-join-on-windows-current-devices).
 - The device shouldn't already be enrolled in Intune using the classic agents (devices managed using agents fail enrollment with `error 0x80180026`).
 - The minimum Windows Server version requirement is based on the Microsoft Entra hybrid join requirement. For more information, see [How to plan your Microsoft Entra hybrid join implementation](/azure/active-directory/devices/hybrid-azuread-join-plan).
 
@@ -36,7 +36,7 @@ The autoenrollment relies on the presence of an MDM service and the Microsoft En
 > [!NOTE]
 > In Windows 10, version 1709, the enrollment protocol was updated to check whether the device is domain-joined. For details, see [\[MS-MDE2\]: Mobile Device Enrollment Protocol Version 2](/openspecs/windows_protocols/ms-mde2/4d7eadd5-3951-4f1c-8159-c39e07cbe692). For examples, see section 4.3.1 RequestSecurityToken of the MS-MDE2 protocol documentation.
 
-When the autoenrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task uses the existing MDM service configuration from the Microsoft Entra information of the user. If multi-factor authentication is required, the user gets prompted to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
+When the autoenrollment Group Policy is enabled, a task is created in the background that initiates the MDM enrollment. The task uses the existing MDM service configuration from the Microsoft Entra information of the user. If multifactor authentication is required, the user gets prompted to complete the authentication. Once the enrollment is configured, the user can check the status in the Settings page.
 
 - Starting in Windows 10, version 1709, when the same policy is configured in Group Policy and MDM, Group Policy policy takes precedence over MDM.
 - Starting in Windows 10, version 1803, a new setting allows you to change precedence to MDM. For more information, see [Windows Group Policy vs. Intune MDM Policy who wins?](/archive/blogs/cbernier/windows-10-group-policy-vs-intune-mdm-policy-who-wins).
@@ -52,20 +52,13 @@ To configure autoenrollment using a group policy, use the following steps:
 1. Link the GPO.
 1. Filter using Security Groups.
 
-If you don't see the policy, it may be because you don't have the ADMX for Windows 10, version 1803 or later installed. To fix the issue, use the following procedures. The latest MDM.admx is backwards compatible.
+If you don't see the policy, get the latest ADMX for your Windows version. To fix the issue, use the following procedures. The latest MDM.admx is backwards compatible.
 
 1. Download the administrative templates for the desired version:
 
-   - [Administrative Templates (.admx) for Windows 10 April 2018 Update (1803)](https://www.microsoft.com/download/details.aspx?id=56880)
+   - [Windows 11, version 23H2](https://www.microsoft.com/download/details.aspx?id=105667)
-   - [Administrative Templates (.admx) for Windows 10 October 2018 Update (1809)](https://www.microsoft.com/download/details.aspx?id=57576)
+   - [Windows 11, version 22H2](https://www.microsoft.com/download/details.aspx?id=104593)
-   - [Administrative Templates (.admx) for Windows 10 May 2019 Update (1903)](https://www.microsoft.com/download/details.aspx?id=58495)
+   - [Windows 10, version 22H2](https://www.microsoft.com/download/details.aspx?id=104677)
-   - [Administrative Templates (.admx) for Windows 10 November 2019 Update (1909)](https://www.microsoft.com/download/confirmation.aspx?id=100591)
-   - [Administrative Templates (.admx) for Windows 10 May 2020 Update (2004)](https://www.microsoft.com/download/confirmation.aspx?id=101445)
-   - [Administrative Templates (.admx) for Windows 10 October 2020 Update (20H2)](https://www.microsoft.com/download/details.aspx?id=102157)
-   - [Administrative Templates (.admx) for Windows 10 May 2021 Update (21H1)](https://www.microsoft.com/download/details.aspx?id=103124)
-   - [Administrative Templates (.admx) for Windows 10 November 2021 Update (21H2)-v2.0](https://www.microsoft.com/download/details.aspx?id=104042)
-   - [Administrative Templates (.admx) for Windows 10 October 2022 Update (22H2)](https://www.microsoft.com/download/104677)
-   - [Administrative Templates (.admx) for Windows 11 2022 September Update (22H2)](https://www.microsoft.com/download/details.aspx?id=104593)
 
 1. Install the package on the Domain Controller.
 
@@ -96,9 +89,9 @@ This procedure is only for illustration purposes to show how the new autoenrollm
    >
    > **Device Credential** is only supported for Microsoft Intune enrollment in scenarios with Co-management or [Azure Virtual Desktop multi-session host pools](/mem/intune/fundamentals/azure-virtual-desktop-multi-session) because the Intune subscription is user centric. User credentials are supported for [Azure Virtual Desktop personal host pools](/mem/intune/fundamentals/azure-virtual-desktop).
 
-When a group policy refresh occurs on the client, a task is created and scheduled to run every 5 minutes for the duration of one day. The task is called **Schedule created by enrollment client for automatically enrolling in MDM from Microsoft Entra ID**. To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
+When a group policy refresh occurs on the client, a task is created and scheduled to run every five minutes for one day. The task is called **Schedule created by enrollment client for automatically enrolling in MDM from Microsoft Entra ID**. To see the scheduled task, launch the [Task Scheduler app](#task-scheduler-app).
 
-If two-factor authentication is required, you are prompted to complete the process. Here's an example screenshot.
+If two-factor authentication is required, you're prompted to complete the process. Here's an example screenshot.
 
 :::image type="content" source="images/autoenrollment-2-factor-auth.png" alt-text="Screenshot of Two-factor authentication notification.":::
 
@@ -124,10 +117,10 @@ In **Task Scheduler Library**, open **Microsoft > Windows** , then select **Ente
 
 To see the result of the task, move the scroll bar to see the **Last Run Result**. You can see the logs in the **History** tab.
 
-The message **0x80180026** is a failure message (`MENROLL_E_DEVICE_MANAGEMENT_BLOCKED`). If the device enrollment is blocked, your IT admin might have enabled the **Disable MDM Enrollment** policy.
+The message **0x80180026** is a failure message (`MENROLL_E_DEVICE_MANAGEMENT_BLOCKED`), which can be caused by enabling the **Disable MDM Enrollment** policy.
 
 > [!NOTE]
-> The GPEdit console doesn't reflect the status of policies set by your IT admin on your device. It's only used by the user to set policies.
+> The GPEdit console doesn't reflect the status of policies set by your organization on your device. It's only used by the user to set policies.
 
 ## Related articles
 

windows/deployment/update/eval-infra-tools.md

@@ -11,22 +11,22 @@ ms.localizationpriority: medium
 appliesto: 
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 11</a>
 - ✅ <a href=https://learn.microsoft.com/windows/release-health/supported-versions-windows-client target=_blank>Windows 10</a>
-ms.date: 12/31/2017
+ms.date: 10/31/2023
 ---
 
 # Evaluate infrastructure and tools
 
-Before you deploy an update, it's best to assess your deployment infrastructure (that is, tools such as Configuration Manager, Microsoft Intune, or similar) and current configurations (such as security baselines, administrative templates, and policies that affect updates). Then, set some criteria to define your operational readiness.
+Before you deploy an update, assess your deployment infrastructure. For example, management systems like Configuration Manager, Microsoft Intune, or similar. Also assess current configurations such as security baselines, administrative templates, and policies that affect updates. Then set some criteria to define your operational readiness.
 
 ## Infrastructure
 
 Do your deployment tools need updates?
 
-- If you use Configuration Manager, is it on the Current Branch with the latest release installed.? Being on this branch ensures that it supports the next Windows client feature update. Configuration Manager releases are supported for 18 months.
+- If you use Configuration Manager, is it on the current branch with the latest release installed? Being on this branch ensures that it supports the next Windows client feature update. Configuration Manager releases are supported for 18 months.
 - Using a cloud-based management tool like Microsoft Intune reduces support challenges, since no related products need to be updated.
 - If you use a non-Microsoft tool, check with its product support to make sure you're using the current version and that it supports the next Windows client feature update.
 
-Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered while doing so.
+Rely on your experiences and data from previous deployments to help you judge how long infrastructure changes take and identify any problems you've encountered.
 
 ## Device settings
 
@@ -36,35 +36,35 @@ Make sure your security baseline, administrative templates, and policies have th
 
 Keep security baselines current to help ensure that your environment is secure and that new security feature in the coming Windows client update are set properly.
 
-- **Microsoft security baselines**: You should implement security baselines from Microsoft. They are included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them. 
+- **Microsoft security baselines**: You should implement security baselines from Microsoft. They're included in the [Security Compliance Toolkit](https://www.microsoft.com/download/details.aspx?id=55319), along with tools for managing them.
-- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows client you are about to deploy.
+- **Industry- or region-specific baselines**: Your specific industry or region might have particular baselines that you must follow per regulations. Ensure that any new baselines support the version of Windows client you're about to deploy.
 
 ### Configuration updates
 
-There are a number of Windows policies (set by Group Policy, Intune, or other methods) that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. Check these policies to make sure they are set appropriately.
+There are several Windows policies that affect when Windows updates are installed, deferral, end-user experience, and many other aspects. For example, policies set by group policy, Intune, or other methods. Check these policies to make sure they're set appropriately.
 
-- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 22H2](https://www.microsoft.com/download/details.aspx?id=104593).
+- **Windows Administrative templates**: Each Windows client feature update has a supporting Administrative template (.admx) file. Group Policy tools use Administrative template files to populate policy settings in the user interface. The templates are available in the Download Center, for example, this one for [Windows 11, version 23H2](https://www.microsoft.com/download/details.aspx?id=105667).
-- **Policies for update compliance and end-user experience**: A number of settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones. 
 
+- **Policies for update compliance and end-user experience**: Several settings affect when a device installs updates, whether and for how long a user can defer an update, restart behavior after installation, and many other aspects of update behavior. It's especially important to look for existing policies that are out of date or could conflict with new ones.
 
 ## Define operational readiness criteria
 
-When you’ve deployed an update, you’ll need to make sure the update isn’t introducing new operational issues. And you’ll also ensure that if incidents arise, the needed documentation and processes are available. Work with your operations and support team to define acceptable trends and what documents or processes require updating:
+When you deploy an update, you need to make sure the update isn't introducing new operational issues. If incidents arise, make sure the needed documentation and processes are available. Work with your operations and support team to define acceptable trends and what documents or processes require updating:
 
 - **Call trend**: Define what percentage increase in calls relating to Windows client feature updates are acceptable or can be supported.
 - **Incident trend**: Define what percentage of increase in calls asking for support relating to Windows client feature updates are acceptable or can be supported.
 - **Support documentation**: Review supporting documentation that requires an update to support new infrastructure tooling or configuration as part of the Windows client feature update.
-- **Process changes:** Define and update any processes that will change as a result of the Windows 10 feature update.
+- **Process changes:** Define and update any processes that will change as a result of the Windows feature update.
 
-Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get this information so you can gain the right insight. 
+Your operations and support staff can help you determine if the appropriate information is being tracked at the moment. If it isn't, work out how to get this information so you can gain the right insight.
 
 ## Tasks
 
 Finally, you can begin to carry out the work needed to ensure your infrastructure and configuration can support the update. To help you keep track, you can classify the work into the following overarching tasks:
 
-- **Review infrastructure requirements**: Go over the details of requirements to support the update, and ensure they’ve all been defined.
+- **Review infrastructure requirements**: Go over the details of requirements to support the update, and ensure they've all been defined.
-- **Validate infrastructure against requirements**: Compare your infrastructure against the requirements that have been identified for the update.
+- **Validate infrastructure against requirements**: Compare your infrastructure against the requirements that you identified for the update.
 - **Define infrastructure update plan**: Detail how your infrastructure must change to support the update.
-- **Review current support volume**: Understand the current support volume to understand how much of an effect the update has when it’s been deployed.
+- **Review current support volume**: Understand the current support volume to understand how much of an effect the update has when you deploy it.
-- **Identify gaps that require attention**: Identify issues that will need to be addressed to successfully deploy the update. For example, will your infrastructure engineer have to research how a new feature that comes with the update might affect the infrastructure?
+- **Identify gaps that require attention**: Identify issues that you'll need to address to successfully deploy the update. For example, will your infrastructure engineer have to research how a new feature that comes with the update might affect the infrastructure?
 - **Define operational update plan**: Detail how your operational services and processes must change to support the update.

windows/hub/index.yml

@@ -24,10 +24,10 @@ highlightedContent:
     url: /windows/whats-new/windows-11-overview
   - title: Windows 11, version 23H2
     itemType: whats-new
-    url: /windows/whats-new/whats-new-windows-11-version-23H2
+    url: /windows/whats-new/whats-new-windows-11-version-23h2
-  - title: Windows 11, version 22H2 group policy settings reference 
+  - title: Windows 11, version 23H2 group policy settings reference
     itemType: download
-    url: https://www.microsoft.com/en-us/download/details.aspx?id=104594
+    url: https://www.microsoft.com/download/details.aspx?id=105668
   - title: Windows release health
     itemType: whats-new
     url: /windows/release-health

windows/security/operating-system-security/device-management/windows-security-configuration-framework/get-support-for-security-baselines.md

@@ -3,66 +3,69 @@ title: Get support for security baselines
 description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related articles.
 ms.localizationpriority: medium
 ms.topic: conceptual
-ms.date: 07/11/2023
+ms.date: 10/31/2023
 ---
 
 # Get Support
 
-**What is the Microsoft Security Compliance Manager (SCM)?**
+## Frequently asked questions
+
+### What is the Microsoft Security Compliance Manager (SCM)?
 
 The Security Compliance Manager (SCM) is now retired and is no longer supported. The reason is that SCM was an incredibly complex and large program that needed to be updated for every Windows release. It has been replaced by the Security Compliance Toolkit (SCT). To provide a better service for our customers, we've moved to SCT with which we can publish baselines through the Microsoft Download Center in a lightweight .zip file that contains GPO Backups, GPO reports, Excel spreadsheets, WMI filters, and scripts to apply the settings to local policy.
 
 More information about this change can be found on the [Microsoft Security Guidance blog](/archive/blogs/secguide/security-compliance-manager-scm-retired-new-tools-and-procedures).
 
-**Where can I get an older version of a Windows baseline?**
+### Where can I get an older version of a Windows baseline?
 
-Any version of Windows baseline before Windows 10 1703 can still be downloaded using SCM. Any future versions of Windows baseline will be available through SCT. See the version matrix in this article to see if your version of Windows baseline is available on SCT.
+Any version of Windows baseline before Windows 10, version 1703, can still be downloaded using SCM. Any future versions of Windows baseline will be available through SCT. See the version matrix in this article to see if your version of Windows baseline is available on SCT.
 
 - [SCM 4.0 Download](/previous-versions/tn-archive/cc936627(v=technet.10))
 - [SCM Frequently Asked Questions (FAQ)](https://social.technet.microsoft.com/wiki/contents/articles/1836.microsoft-security-compliance-manager-scm-frequently-asked-questions-faq.aspx)
 - [SCM Release Notes](https://social.technet.microsoft.com/wiki/contents/articles/1864.microsoft-security-compliance-manager-scm-release-notes.aspx)
 - [SCM baseline download help](https://social.technet.microsoft.com/wiki/contents/articles/1865.microsoft-security-compliance-manager-scm-baseline-download-help.aspx)
 
-**What file formats are supported by the new SCT?**
+### What file formats are supported by the new SCT?
 
-The toolkit supports formats created by the Windows GPO backup feature (.pol, .inf, and .csv). Policy Analyzer saves its data in XML files with a `.PolicyRules` file extension. LGPO also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. For more information, see the LGPO documentation. Keep in mind that SCMs' .cab files are no longer supported.
+The toolkit supports formats created by the Windows GPO backup feature (`.pol`, `.inf`, and `.csv`). Policy Analyzer saves its data in XML files with a `.PolicyRules` file extension. LGPO also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. For more information, see the LGPO documentation. Keep in mind that SCMs' `.cab` files are no longer supported.
 
-**Does SCT support Desired State Configuration (DSC) file format?**
+### Does SCT support Desired State Configuration (DSC) file format?
 
 No. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration.
 
-**Does SCT support the creation of Microsoft Configuration Manager DCM packs?**
+### Does SCT support the creation of Microsoft Configuration Manager DCM packs?
 
-No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616). A tool that supports conversion of GPO Backups to DSC format can be found [here](https://github.com/Microsoft/BaselineManagement).
+No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616). For a tool that supports conversion of GPO Backups to DSC format, see [BaselineManagement](https://github.com/Microsoft/BaselineManagement).
 
-**Does SCT support the creation of Security Content Automation Protocol (SCAP)-format policies?**
+### Does SCT support the creation of Security Content Automation Protocol (SCAP)-format policies?
 
 No. SCM supported only SCAP 1.0, which wasn't updated as SCAP evolved. The new toolkit likewise doesn't include SCAP support.
 
-## Version Matrix
+## Version matrix
 
-**Client Versions**:
+### Client versions
 
-| Name | Build | Baseline Release Date | Security Tools |
+| Name | Build | Baseline release date | Security tools |
 |--|--|--|--|
+| Windows 11 | [23H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-23h2-security-baseline/ba-p/3967618) <br> | October 2023<br> | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 | Windows 11 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520) <br> | September 2022<br> | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 | Windows 10 | [22H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724) <br> [21H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-windows-10-version-21h2/ba-p/3042703) <br> [20H2](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-and-windows-server/ba-p/1999393) <br> [1809](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) <br> [1607](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) <br>[1507](/archive/blogs/secguide/security-baseline-for-windows-10-v1507-build-10240-th1-ltsb-update) | October 2022<br>December 2021<br>December 2020<br>October 2018<br>October 2016 <br>January 2016 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 
-**Server Versions**:
+### Server versions
 
-| Name                   | Build                                                                                                                                                       | Baseline Release Date | Security Tools                                                      |
+| Name | Build | Baseline Release Date | Security Tools |
-|------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------|---------------------------------------------------------------------|
+|--|--|--|--|
-| Windows Server 2022    | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-server-2022-security-baseline/ba-p/2724685)                          | September 2021        | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows Server 2022 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-server-2022-security-baseline/ba-p/2724685) | September 2021 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Windows Server 2019    | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) | November 2018         | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows Server 2019 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-final-for-windows-10-v1809-and-windows-server/ba-p/701082) | November 2018 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Windows Server 2016    | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)                                      | October 2016          | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows Server 2016 | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) | October 2016 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Windows Server 2012 R2 | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016)                                      | August 2014           | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Windows Server 2012 R2 | [SecGuide](/archive/blogs/secguide/security-baseline-for-windows-10-v1607-anniversary-edition-and-windows-server-2016) | August 2014 | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 
-**Microsoft Products**:
+### Microsoft products
 
-| Name                                            | Details                                                                                                                                                    | Security Tools                                                      |
+| Name | Details | Security Tools |
-|-------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------|---------------------------------------------------------------------|
+|--|--|--|
 | Microsoft 365 Apps for enterprise, version 2206 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-365-apps-for-enterprise-v2206/ba-p/3502714) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
-| Microsoft Edge, version 107                     | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v98/ba-p/3165443)                      | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
+| Microsoft Edge, version 107 | [SecGuide](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-v98/ba-p/3165443) | [SCT 1.0](https://www.microsoft.com/download/details.aspx?id=55319) |
 
 ## Related articles
 

windows/security/operating-system-security/device-management/windows-security-configuration-framework/security-compliance-toolkit-10.md

@@ -1,12 +1,12 @@
 ---
 title: Microsoft Security Compliance Toolkit Guide
-description: This article describes how to use Security Compliance Toolkit in your organization
+description: This article describes how to use Security Compliance Toolkit in your organization.
 ms.localizationpriority: medium
 ms.collection:
   - highpri
   - tier3
 ms.topic: conceptual
-ms.date: 07/11/2023
+ms.date: 10/31/2023
 ---
 
 # Microsoft Security Compliance Toolkit - How to use
@@ -20,6 +20,7 @@ The SCT enables administrators to effectively manage their enterprise's Group Po
 The Security Compliance Toolkit consists of:
 
 - Windows 11 security baseline
+  - Windows 11, version 23H2
   - Windows 11, version 22H2
   - Windows 11, version 21H2
 - Windows 10 security baselines
@@ -38,7 +39,7 @@ The Security Compliance Toolkit consists of:
   - Office 2016
   - Microsoft 365 Apps for Enterprise Version 2206
 - Microsoft Edge security baseline
-  - Edge version 114
+  - Microsoft Edge version 114
 - Tools
   - Policy Analyzer
   - Local Group Policy Object (LGPO)
@@ -68,12 +69,12 @@ Documentation for the LGPO tool can be found on the [Microsoft Security Guidance
 
 ## What is the Set Object Security tool?
 
-`SetObjectSecurity.exe` enables you to set the security descriptor for just about any type of Windows securable object, such as files, directories, registry keys, event logs, services, and SMB shares. For file system and registry objects, you can choose whether to apply inheritance rules. You can also choose to output the security descriptor in a .reg file compatible representation of the security descriptor for a REG_BINARY registry value.
+`SetObjectSecurity.exe` enables you to set the security descriptor for just about any type of Windows securable object, such as files, directories, registry keys, event logs, services, and SMB shares. For file system and registry objects, you can choose whether to apply inheritance rules. You can also choose to output the security descriptor in a `.reg` file compatible representation of the security descriptor for a REG_BINARY registry value.
 
 Documentation for the Set Object Security tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
 
 ## What is the GPO to Policy Rules tool?
 
-Automate the conversion of GPO backups to Policy Analyzer .PolicyRules files and skip the GUI. GPO2PolicyRules is a command-line tool that is included with the Policy Analyzer download.
+Automate the conversion of GPO backups to Policy Analyzer `.PolicyRules` files and skip the GUI. GPO2PolicyRules is a command-line tool that is included with the Policy Analyzer download.
 
 Documentation for the GPO to PolicyRules tool can be found on the [Microsoft Security Baselines blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).

windows/whats-new/TOC.yml

@@ -12,11 +12,11 @@
     - name: Prepare for Windows 11
       href: windows-11-prepare.md
     - name: Windows 11 enterprise feature control
-      href: temporary-enterprise-feature-control.md      
+      href: temporary-enterprise-feature-control.md
-    - name: What's new in Windows 11, version 22H2
-      href: whats-new-windows-11-version-22h2.md
     - name: What's new in Windows 11, version 23H2
       href: whats-new-windows-11-version-23h2.md
+    - name: What's new in Windows 11, version 22H2
+      href: whats-new-windows-11-version-22h2.md
 - name: Windows 10
   expanded: true
   items:
@@ -38,6 +38,6 @@
     - name: Deprecated Windows features
       href: deprecated-features.md
     - name: Resources for deprecated features
-      href: deprecated-features-resources.md       
+      href: deprecated-features-resources.md
     - name: Removed Windows features
       href: removed-features.md

windows/whats-new/index.yml

@@ -15,7 +15,7 @@ metadata:
   author: aczechowski
   ms.author: aaroncz
   manager: aaroncz
-  ms.date: 11/14/2022
+  ms.date: 10/31/2023
   localization_priority: medium
 
 landingContent:
@@ -39,10 +39,10 @@ landingContent:
     linkLists:
       - linkListType: whats-new
         links:
-          - text: What's new in Windows 11, version 22H2
-            url: whats-new-windows-11-version-22h2.md
           - text: What's new in Windows 11, version 23H2
             url: whats-new-windows-11-version-23h2.md
+          - text: What's new in Windows 11, version 22H2
+            url: whats-new-windows-11-version-22h2.md
 
   - title: Windows 10
     linkLists: