diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index e51c5d4efc..bc0cdbfcb3 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -20814,6 +20814,631 @@
       "source_path": "windows/security/information-protection/index.md",
       "redirect_url": "/windows/security/encryption-data-protection",
       "redirect_document_id": false
-    }
+    },
+    {
+      "source_path":  "windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-authentication.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-authentication",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-conditional-access.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-connection-type.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-connection-type",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-guide.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-guide",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-name-resolution.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-office-365-optimization.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-profile-options.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-profile-options",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-routing.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-routing",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/identity-protection/vpn/vpn-security-features.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/vpn/vpn-security-features",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/best-practices-configuring.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/boundary-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-authentication-methods.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/documenting-the-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/encryption-zone.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/exemption-list.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/exemption-list",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/filter-origin-documentation.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/firewall-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/isolated-domain.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-network-access-groups.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-the-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/quarantine.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/quarantine",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/server-isolation-gpos.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide",
+      "redirect_document_id":  false
+  },
+  {
+      "source_path":  "windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md",
+      "redirect_url":  "/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security",
+      "redirect_document_id":  false
+  }
   ]
 }
diff --git a/education/windows/federated-sign-in.md b/education/windows/federated-sign-in.md
index b587dca55d..0d98af99f7 100644
--- a/education/windows/federated-sign-in.md
+++ b/education/windows/federated-sign-in.md
@@ -1,7 +1,7 @@
 ---
 title: Configure federated sign-in for Windows devices
 description: Description of federated sign-in feature for the Education SKUs of Windows 11 and how to configure it via Intune or provisioning packages.
-ms.date: 04/24/2023
+ms.date: 05/01/2023
 ms.topic: how-to
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
@@ -35,36 +35,45 @@ To implement federated sign-in, the following prerequisites must be met:
 
     - For a step-by-step guide on how to configure **Google Workspace** as an identity provider for Azure AD, see [Configure federation between Google Workspace and Azure AD](configure-aad-google-trust.md)
     - For a step-by-step guide on how to configure **Clever** as an identity provider for Azure AD, see [Setup guide for Badges into Windows and Azure AD][EXT-1]
-1. Individual IdP accounts created: each user will require an account defined in the third-party IdP platform
-1. Individual Azure AD accounts created: each user will require a matching account defined in Azure AD. These accounts are commonly created through automated solutions, for example:
+1. Individual IdP accounts created: each user requires an account defined in the third-party IdP platform
+1. Individual Azure AD accounts created: each user requires a matching account defined in Azure AD. These accounts are commonly created through automated solutions, for example:
     - [School Data Sync (SDS)][SDS-1]
     - [Azure AD Connect sync][AZ-3] for environment with on-premises AD DS
     - PowerShell scripts that call the [Microsoft Graph API][GRAPH-1]
     - provisioning tools offered by the IdP
-    
+
     For more information about identity matching, see [Identity matching in Azure AD](#identity-matching-in-azure-ad).
 1. Licenses assigned to the Azure AD user accounts. It's recommended to assign licenses to a dynamic group: when new users are provisioned in Azure AD, the licenses are automatically assigned. For more information, see [Assign licenses to users by group membership in Azure Active Directory][AZ-2]
 1. Enable federated sign-in on the Windows devices
 
-To use federated sign-in, the devices must have Internet access. This feature won't work without it, as the authentication is done over the Internet.
+To use federated sign-in, the devices must have Internet access. This feature doesn't work without it, as the authentication is done over the Internet.
 
 > [!IMPORTANT]
 > WS-Fed is the only supported federated protocol to join a device to Azure AD. If you have a SAML 2.0 IdP, it's recommended to complete the Azure AD join process using one of the following methods:
-> - provisioning packages (PPKG)
+> - Provisioning packages (PPKG)
 > - Windows Autopilot self-deploying mode
 
 [!INCLUDE [federated-sign-in](../../includes/licensing/federated-sign-in.md)]
 
-## System requirements
-
-Federated sign-in is supported on the following Windows editions and versions:
+Federated sign-in for student assigned (1:1) devices is supported on the following Windows editions and versions:
 
 - Windows 11 SE, version 22H2 and later
 - Windows 11 Pro Edu/Education, version 22H2 with [KB5022913][KB-1]
 
+Federated sign-in for shared devices is supported starting in Windows 11 SE/Pro Edu/Education, version 22H2 with [KB5026446][KB-2].
+
 ## Configure federated sign-in
 
-To use web sign-in with a federated identity provider, your devices must be configured with different policies. Follow the instructions below to configure your devices using either Microsoft Intune or a provisioning package (PPKG).
+You can configure federated sign-in for student assigned (1:1) devices or student shared devices:
+
+- When federated sign-in is configured for **student assigned (1:1) devices**, the first user who signs in to the device with a federated identity becomes the *primary user*. The primary user is always displayed in the bottom left corner of the sign-in screen
+- When federated sign-in is configured for **student shared devices**, there's no primary user. The sign-in screen displays, by default, the last user who signed in to the device
+
+The configuration is different for each scenario, and is described in the following sections.
+
+### Configure federated sign-in for student assigned (1:1) devices
+
+To use web sign-in with a federated identity provider, your devices must be configured with different policies. Review the following instructions to configure your devices using either Microsoft Intune or a provisioning package (PPKG).
 
 #### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
 
@@ -74,9 +83,9 @@ To configure federated sign-in using Microsoft Intune, [create a custom profile]
 
 | Setting |
 |--------|
+| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
 | <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/FederatedAuthentication/EnableWebSignInForPrimaryUser`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
 | <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Data type: **String** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
-| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
 | <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Data type: **String** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
 
 :::image type="content" source="images/federated-sign-in-settings-intune.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-intune.png" border="true":::
@@ -90,14 +99,54 @@ To configure federated sign-in using a provisioning package, use the following s
 
 | Setting |
 |--------|
+| <li> Path: **`Education/IsEducationEnvironment`** </li><li>Value: **Enabled**</li>|
 | <li> Path: **`FederatedAuthentication/EnableWebSignInForPrimaryUser`** </li><li>Value: **Enabled**</li>|
 | <li> Path: **`Policies/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
-| <li> Path: **`Policies/Education/IsEducationEnvironment`** </li><li>Value: **Enabled**</li>|
 | <li> Path: **`Policies/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
 
 :::image type="content" source="images/federated-sign-in-settings-ppkg.png" alt-text="Custom policy showing the settings to be configured to enable federated sign-in" lightbox="images/federated-sign-in-settings-ppkg.png" border="true":::
 
-Apply the provisioning package to the devices that require federated sign-in.
+Apply the provisioning package to the single-user devices that require federated sign-in.
+
+> [!IMPORTANT]
+> There was an issue affecting Windows 11, version 22H2 when using provisioning packages during OOBE. The issue was fixed with the KB5020044 update. If you plan to configure federated sign-in with a provisioning package during OOBE, ensure that the devices have the update installed. For more information, see [KB5020044][KB-1].
+
+---
+
+### Configure federated sign-in for student shared devices
+
+To use web sign-in with a federated identity provider, your devices must be configured with different policies. Review the following instructions to configure your shared devices using either Microsoft Intune or a provisioning package (PPKG).
+
+#### [:::image type="icon" source="images/icons/intune.svg"::: **Intune**](#tab/intune)
+
+To configure federated sign-in using Microsoft Intune, [create a custom profile][MEM-1] with the following settings:
+
+[!INCLUDE [intune-custom-settings-1](includes/intune-custom-settings-1.md)]
+
+| Setting |
+|--------|
+| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Education/IsEducationEnvironment`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
+| <li> OMA-URI: **`./Vendor/MSFT/SharedPC/EnableSharedPCModeWithOneDriveSync`** </li><li>Data type: **Boolean** </li><li>Value: **True**</li>|
+| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/EnableWebSignIn`** </li><li>Data type: **Integer** </li><li>Value: **1**</li>|
+| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Data type: **String** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
+| <li> OMA-URI: **`./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Data type: **String** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
+
+[!INCLUDE [intune-custom-settings-2](includes/intune-custom-settings-2.md)]
+[!INCLUDE [intune-custom-settings-info](includes/intune-custom-settings-info.md)]
+
+#### [:::image type="icon" source="images/icons/provisioning-package.svg"::: **PPKG**](#tab/ppkg)
+
+To configure federated sign-in using a provisioning package, use the following settings:
+
+| Setting |
+|--------|
+| <li> Path: **`Education/IsEducationEnvironment`** </li><li>Value: **Enabled**</li>|
+| <li> Path: **`SharedPC/EnableSharedPCModeWithOneDriveSync`** </li><li>Value: **True**</li>|
+| <li> Path: **`Policies/Authentication/EnableWebSignIn`** </li><li>Value: **Enabled**</li>|
+| <li> Path: **`Policies/Authentication/ConfigureWebSignInAllowedUrls`** </li><li>Value: Semicolon separated list of domains, for example: **`samlidp.clever.com;clever.com;mobile-redirector.clever.com`**</li>|
+| <li> Path: **`Policies/Authentication/ConfigureWebCamAccessDomainNames`** </li><li>Value: This setting is optional, and it should be configured if you need to use the webcam during the sign-in process. Specify the list of domains that are allowed to use the webcam during the sign-in process, separated by a semicolon. For example: **`clever.com`**</li>|
+
+Apply the provisioning package to the shared devices that require federated sign-in.
 
 > [!IMPORTANT]
 > There was an issue affecting Windows 11, version 22H2 when using provisioning packages during OOBE. The issue was fixed with the KB5020044 update. If you plan to configure federated sign-in with a provisioning package during OOBE, ensure that the devices have the update installed. For more information, see [KB5020044][KB-1].
@@ -108,20 +157,41 @@ Apply the provisioning package to the devices that require federated sign-in.
 
 Once the devices are configured, a new sign-in experience becomes available.
 
-As the end users enter their username, they'll be redirected to the identity provider sign-in page. Once users are authenticated by the IdP, they'll be signed-in. In the following animation, you can see how the first sign-in process works:
+As users enter their username, they're redirected to the identity provider sign-in page. Once the Idp authenticates the users, they're signed-in. In the following animation, you can observe how the first sign-in process works for a student assigned (1:1) device:
 
-:::image type="content" source="./images/win-11-se-federated-sign-in.gif" alt-text="Windows 11 SE sign-in using federated sign-in through Clever and QR code badge." border="false":::
+:::image type="content" source="./images/win-11-se-federated-sign-in.gif" alt-text="Windows 11 SE sign-in using federated sign-in through Clever and QR code badge, in a student assigned (1:1) device." border="false":::
 
 > [!IMPORTANT]
-> Once the policy is enabled, the first user to sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the federated sign-in flow by pressing <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd> to get back to the standard Windows sign-in screen.
+> For student assigned (1:1) devices, once the policy is enabled, the first user who sign-in to the device will also set the disambiguation page to the identity provider domain on the device. This means that the device will be defaulting to that IdP. The user can exit the federated sign-in flow by pressing <kbd>Ctrl</kbd>+<kbd>Alt</kbd>+<kbd>Delete</kbd> to get back to the standard Windows sign-in screen.
+> The behavior is different for student shared devices, where the disambiguation page is always shown, unless preferred Azure AD tenant name is configured.
 
 ## Important considerations
 
-Federated sign-in doesn't work on devices that have the following settings enabled:
+### Known issues affecting student assigned (1:1) devices
 
-- **EnableSharedPCMode**, which is part of the [SharedPC CSP][WIN-1]
+Federated sign-in for student assigned (1:1) devices doesn't work with the following settings enabled:
+
+- **EnableSharedPCMode** or **EnableSharedPCModeWithOneDriveSync**, which are part of the [SharedPC CSP][WIN-1]
 - **Interactive logon: do not display last signed in**, which is a security policy part of the [Policy CSP][WIN-2]
-- **Take a Test**, since it uses the security policy above
+- **Take a Test** in kiosk mode, since it uses the security policy above
+
+### Known issues affecting student shared devices
+
+The following issues are known to affect student shared devices:
+
+- Non-federated users can't sign-in to the devices, including local accounts
+- **Take a Test** in kiosk mode, since it uses a local guest account to sign in
+
+### Account management
+
+For student shared devices, it's recommended to configure the account management policies to automatically delete the user profiles after a certain period of inactivity or disk levels. For more information, see [Set up a shared or guest Windows device][WIN-3].
+
+### Preferred Azure AD tenant name
+
+To improve the user experience, you can configure the *preferred Azure AD tenant name* feature.\
+When using preferred AAD tenant name, the users bypass the disambiguation page and are redirected to the identity provider sign-in page. This configuration can be especially useful for student shared devices, where the disambiguation page is always shown.
+
+For more information about preferred tenant name, see [Authentication CSP - PreferredAadTenantDomainName][WIN-4].
 
 ### Identity matching in Azure AD
 
@@ -131,7 +201,7 @@ After the token sent by the IdP is validated, Azure AD searches for a matching u
 > [!NOTE]
 > The ImmutableId is a string value that **must be unique** for each user in the tenant, and it shouldn't change over time. For example, the ImmutableId could be the student ID or SIS ID. The ImmutableId value should be based on the federation setup and configuration with your IdP, so confirm with your IdP before setting it.
 
-If the matching object is found, the user is signed-in. If not, the user is presented with an error message. The following picture shows that a user with the ImmutableId *260051* can't be found:
+If the matching object is found, the user is signed-in. Otherwise, the user is presented with an error message. The following picture shows that a user with the ImmutableId *260051* can't be found:
 
 :::image type="content" source="images/federation/user-match-lookup-failure.png" alt-text="Azure AD sign-in error: a user with a matching ImmutableId can't be found in the tenant." lightbox="images/federation/user-match-lookup-failure.png":::
 
@@ -182,6 +252,9 @@ Update-MgUser -UserId alton@example.onmicrosoft.com -UserPrincipalName alton@exa
 [SDS-1]: /schooldatasync
 
 [KB-1]: https://support.microsoft.com/kb/5022913
+[KB-2]: https://support.microsoft.com/kb/5026446
 
 [WIN-1]: /windows/client-management/mdm/sharedpc-csp
-[WIN-2]: /windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin
\ No newline at end of file
+[WIN-2]: /windows/client-management/mdm/policy-csp-localpoliciessecurityoptions#localpoliciessecurityoptions-interactivelogon-donotdisplaylastsignedin
+[WIN-3]: /windows/configuration/set-up-shared-or-guest-pc
+[WIN-4]: /windows/client-management/mdm/policy-csp-authentication#preferredaadtenantdomainname
\ No newline at end of file
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index f4fa075231..3f7964e416 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -72,6 +72,8 @@ In **Windows 10, version 1803** the Configuration node introduces single app kio
 
 In **Windows 10, version 1909**, Microsoft Edge kiosk mode support was added. This allows Microsoft Edge to be the specified kiosk application. For details about configuring Microsoft Edge kiosk mode, see [Configure a Windows 10 kiosk that runs Microsoft Edge](/DeployEdge/microsoft-edge-configure-kiosk-mode). Windows 10, version 1909 also allows for configuration of the breakout sequence. The breakout sequence specifies the keyboard shortcut that returns a kiosk session to the lock screen. The breakout sequence is defined with the format modifiers + keys. An example breakout sequence would look something like `shift+alt+a`, where `shift` and `alt` are the modifiers and `a` is the key.
 
+In **Windows 11, version 22H2 with [KB5026446](https://support.microsoft.com/kb/5026446)**, AssignedAccessConfiguration schema was updated to add StartPins and TaskbarLayout nodes to support pinning apps to the Start Menu and Taskbar respectively.
+
 - For more information about setting up a multi-app kiosk, see [Create a Windows 10 kiosk that runs multiple apps](/windows/configuration/lock-down-windows-10-to-specific-apps).
 - For more information on the schema, see [AssignedAccessConfiguration XSD](#assignedaccessconfiguration-xsd).
 - For examples, see [AssignedAccessConfiguration examples](#assignedaccessconfiguration-examples).
@@ -175,7 +177,7 @@ This node supports Add, Delete, Replace and Get methods. When there's no configu
 
 > [!IMPORTANT]
 >
-> - In Windows 10, version 1803, the Configuration node introduces single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in config xml for Configuration node to configure public-facing single app Kiosk.
+> - In Windows 10, version 1803, the Configuration node introduced single app kiosk profile to replace KioskModeApp CSP node. KioskModeApp node will be deprecated soon, so you should use the single app kiosk profile in configuration xml for Configuration node to configure public-facing single app Kiosk.
 > - Additionally, starting in Windows 10, version 1803, the KioskModeApp node becomes No-Op if Configuration node is configured on the device. Add/Replace/Delete commands on KioskModeApp node always returns SUCCESS to the MDM server if Configuration node is set, but the data of KioskModeApp will not take any effect on the device. Get command on KioskModeApp will return the configured JSON string even it's not effective.
 > - You can't set both KioskModeApp and ShellLauncher at the same time on the device.
 <!-- Device-KioskModeApp-Editable-End -->
@@ -1043,6 +1045,7 @@ By default, the StatusConfiguration node doesn't exist, and it implies this feat
         xmlns:rs5="http://schemas.microsoft.com/AssignedAccess/201810/config"
         xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
         xmlns:v4="http://schemas.microsoft.com/AssignedAccess/2021/config"
+        xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config"
         targetNamespace="http://schemas.microsoft.com/AssignedAccess/2017/config"
         >
 
@@ -1072,7 +1075,9 @@ By default, the StatusConfiguration node doesn't exist, and it implies this feat
                     <xs:element name="AllAppsList" type="allappslist_t" minOccurs="1" maxOccurs="1"/>
                     <xs:element ref="rs5:FileExplorerNamespaceRestrictions" minOccurs="0" maxOccurs="1"/>
                     <xs:element name="StartLayout" type="xs:string" minOccurs="0" maxOccurs="1"/>
+                    <xs:element ref="v5:StartPins" minOccurs="0" maxOccurs="1"/>
                     <xs:element name="Taskbar" type="taskbar_t" minOccurs="1" maxOccurs="1"/>
+                    <xs:element ref="v5:TaskbarLayout" minOccurs="0" maxOccurs="1"/>
                 </xs:sequence>
                 <xs:sequence minOccurs="1" maxOccurs="1">
                     <xs:element name="KioskModeApp" type="kioskmodeapp_t" minOccurs="1" maxOccurs="1">
@@ -1229,7 +1234,7 @@ By default, the StatusConfiguration node doesn't exist, and it implies this feat
     </xs:schema>);
     ```
 
-- Schema for features introduced in Windows 10, version 1909 which added support for Microsoft Edge kiosk mode and breakout key sequence customization.
+- Schema for features introduced in Windows 10, version 1809 which added support for Microsoft Edge kiosk mode and breakout key sequence customization.
 
     ```xml
     <?xml version="1.0" encoding="utf-8"?>
@@ -1351,6 +1356,101 @@ By default, the StatusConfiguration node doesn't exist, and it implies this feat
 > </AssignedAccessConfiguration>
 > ```
 
+- Example XML configuration for a multi-app kiosk for Windows 11, version 22H2 with [KB5026446](https://support.microsoft.com/kb/5026446).
+
+    > [!NOTE]
+    > This example demonstrates the use of StartPins and TaskbarLayout elements. For more information, see [Set up a multi-app kiosk on Windows 11 devices](/windows/configuration/lock-down-windows-11-to-specific-apps).
+    >
+    > - StartPins element is used to pin apps to the Start menu and uses the [pinnedList JSON](/windows/configuration/customize-start-menu-layout-windows-11#get-the-pinnedlist-json) format.
+    > - TaskbarLayout element is used to pin apps to the taskbar and uses the [TaskbarLayoutModification XML](/windows/configuration/customize-taskbar-windows-11#create-the-xml-file) format.
+
+    ```xml
+    <?xml version="1.0" encoding="utf-8" ?>
+    <AssignedAccessConfiguration xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config"
+        xmlns:v2="http://schemas.microsoft.com/AssignedAccess/201810/config"
+        xmlns:v3="http://schemas.microsoft.com/AssignedAccess/2020/config"
+        xmlns:v5="http://schemas.microsoft.com/AssignedAccess/2022/config">
+        <Profiles>
+            <Profile Id="{5B328104-BD89-4863-AB27-4ED6EE355485}">
+                <AllAppsList>
+                    <AllowedApps>
+                        <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                        <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!BCHost" />
+                        <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!ContentProcess" />
+                        <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!F12" />
+                        <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                        <App AppUserModelId="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!PdfReader" />
+                        <App DesktopAppPath="%SystemRoot%\system32\notepad.exe" />
+                        <App DesktopAppPath="%SystemRoot%\system32\control.exe" />
+                        <App DesktopAppPath="%SystemRoot%\system32\cmd.exe" />
+                        <App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge.exe" />
+                        <App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\msedge_proxy.exe" />
+                        <App AppUserModelId="Microsoft.MicrosoftEdge.Stable_8wekyb3d8bbwe!App" />
+                        <App DesktopAppPath="%ProgramFiles(x86)%\Microsoft\Edge\Application\103.0.1264.62\identity_helper.exe" />
+                    </AllowedApps>
+                </AllAppsList>
+                <v2:FileExplorerNamespaceRestrictions>
+                    <v3:NoRestriction />
+                </v2:FileExplorerNamespaceRestrictions>
+                <StartLayout>
+                    <![CDATA[<LayoutModificationTemplate xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
+                        xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout" Version="1"
+                        xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification">
+                        <LayoutOptions StartTileGroupCellWidth="6" />
+                        <DefaultLayoutOverride>
+                            <StartLayoutCollection>
+                                <defaultlayout:StartLayout GroupCellWidth="6">
+                                    <start:Group Name="Life at a glance">
+                                        <start:Tile Size="2x2" Column="0" Row="0" AppUserModelID="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+                                        <start:Tile Size="4x2" Column="0" Row="4" AppUserModelID="Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge" />
+                                        <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%AppData%\Microsoft\Windows\Start Menu\Programs\Accessories\notepad.lnk" />
+                                        <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%SystemRoot%\system32\cmd.exe" />
+                                        <start:DesktopApplicationTile Size="2x2" Column="2" Row="0" DesktopApplicationLinkPath="%SystemRoot%\system32\control.exe" />
+                                    </start:Group>
+                                </defaultlayout:StartLayout>
+                            </StartLayoutCollection>
+                        </DefaultLayoutOverride>
+                    </LayoutModificationTemplate>]]>
+                </StartLayout>
+                <v5:StartPins>
+                    <![CDATA[{
+                        "pinnedList": [
+                            { "desktopAppId": "MSEdge" },
+                            { "desktopAppId": "Microsoft.Office.WINWORD.EXE.15" },
+                            { "packagedAppId": "Microsoft.WindowsStore_8wekyb3d8bbwe!App" },
+                            { "packagedAppId": "Microsoft.WindowsNotepad_8wekyb3d8bbwe!App" },
+                            { "desktopAppLink": "%APPDATA%\\Microsoft\\Windows\\Start Menu\\Programs\\File Explorer.lnk" },
+                            { "desktopAppLink": "%ALLUSERSPROFILE%\\Microsoft\\Windows\\Start Menu\\Programs\\Microsoft Edge.lnk" }
+                        ]
+                    }]]>
+                </v5:StartPins>
+                <Taskbar ShowTaskbar="true"/>
+                <v5:TaskbarLayout>
+                    <![CDATA[<LayoutModificationTemplate xmlns="http://schemas.microsoft.com/Start/2014/LayoutModification"
+                        xmlns:defaultlayout="http://schemas.microsoft.com/Start/2014/FullDefaultLayout"
+                        xmlns:start="http://schemas.microsoft.com/Start/2014/StartLayout"
+                        xmlns:taskbar="http://schemas.microsoft.com/Start/2014/TaskbarLayout" Version="1">
+                        <CustomTaskbarLayoutCollection PinListPlacement="Replace">
+                            <defaultlayout:TaskbarLayout>
+                                <taskbar:TaskbarPinList>
+                                    <taskbar:DesktopApp DesktopApplicationID="Microsoft.Windows.Explorer" />
+                                    <taskbar:DesktopApp DesktopApplicationLinkPath="%APPDATA%\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk" />
+                                </taskbar:TaskbarPinList>
+                            </defaultlayout:TaskbarLayout>
+                        </CustomTaskbarLayoutCollection>
+                    </LayoutModificationTemplate>]]>
+                </v5:TaskbarLayout>
+            </Profile>
+        </Profiles>
+        <Configs>
+            <Config>
+                <Account>MultiAppKioskUser</Account>
+                <DefaultProfile Id="{5B328104-BD89-4863-AB27-4ED6EE355485}"/>
+            </Config>
+        </Configs>
+    </AssignedAccessConfiguration>
+    ```
+
 - Example XML configuration for a multi-app kiosk for Windows 10.
 
     ```xml
diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index b3887ade44..5a140f98e2 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -66,8 +66,10 @@
       href: setup-digital-signage.md
     - name: Set up a single-app kiosk
       href: kiosk-single-app.md
-    - name: Set up a multi-app kiosk
+    - name: Set up a multi-app kiosk for Windows 10
       href: lock-down-windows-10-to-specific-apps.md
+    - name: Set up a multi-app kiosk for Windows 11
+      href: lock-down-windows-11-to-specific-apps.md
     - name: Kiosk reference information
       items:
         - name: More kiosk methods and reference information
diff --git a/windows/configuration/lock-down-windows-11-to-specific-apps.md b/windows/configuration/lock-down-windows-11-to-specific-apps.md
new file mode 100644
index 0000000000..fbf303f314
--- /dev/null
+++ b/windows/configuration/lock-down-windows-11-to-specific-apps.md
@@ -0,0 +1,383 @@
+---
+title: Set up a multi-app kiosk on Windows 11
+description: Learn how to configure a kiosk device running Windows 11 so that users can only run a few specific apps.
+ms.prod: windows-client
+ms.technology: itpro-configure
+author: lizgt2000
+ms.author: lizlong
+ms.date: 05/12/2023
+manager: aaroncz
+ms.reviewer: sybruckm
+ms.localizationpriority: medium
+ms.topic: how-to
+---
+# Set up a multi-app kiosk on Windows 11 devices
+
+**Applies to**
+
+- Windows 11 Pro, Enterprise, and Education
+
+> [!NOTE]
+> The use of multiple monitors isn't supported for multi-app kiosk mode.
+
+An assigned access multi-app kiosk runs one or more apps from the desktop. People using the kiosk see a customized Start that shows only the apps that are allowed. With this approach, you can configure a locked-down experience for different account types. A multi-app kiosk is appropriate for devices that are shared by multiple people. Here's a guide on how to set up a multi-app kiosk.
+
+> [!WARNING]
+> The assigned access feature is intended for corporate-owned fixed-purpose devices, like kiosks. When the multi-app assigned access configuration is applied on the device, [certain policies](kiosk-policies.md) are enforced system-wide, and will impact other users on the device. Deleting the kiosk configuration will remove the assigned access lockdown profiles associated with the users, but it cannot revert all the enforced policies (such as Start layout). A factory reset is needed to clear all the policies enforced via assigned access.
+
+> [!TIP]
+> Be sure to check the [configuration recommendations](kiosk-prepare.md) before you set up your kiosk.
+
+## Configure a Multi-App Kiosk
+
+See the table below for the different methods to configure a multi-app kiosk in Windows 11.
+
+|Configuration Method|Availability|
+|--------------------|------------|
+|[MDM WMI Bridge Provider](#configure-a-kiosk-using-wmi-bridge) | Available May 2023|
+|Intune|Coming soon|
+|Provisioning Package Using Windows Configuration Designer| Coming soon|
+
+> [!NOTE]
+> For WMI Bridge/PowerShell and Provisioning package methods, you will need to create your own multi-app kiosk XML file as specified below.
+
+## Create the XML file
+
+Let's start by looking at the basic structure of the XML file.
+
+- A configuration xml can define multiple *profiles*. Each profile has a unique **Id** and defines a set of applications that are allowed to run, whether the taskbar is visible, and can include a custom Start layout.
+
+- A configuration xml can have multiple *config* sections. Each config section associates a non-admin user account to a default profile **Id**.
+
+- Multiple config sections can be associated to the same profile.
+
+- A profile has no effect if it's not associated to a config section.
+
+You can start your file by pasting the following XML into an XML editor, and saving the file as *filename*.xml. Each section of this XML is explained in this article. 
+
+> [!NOTE]
+> If you want to write a configuration file to be applied to both Windows 10 and Windows 11 devices, follow the [Windows 10 instructions](lock-down-windows-10-to-specific-apps.md) to add the StartLayout tag to your XML file, just above the StartPins tag. Windows will automatically ignore the sections that don't apply to the version running. 
+
+```xml
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration  
+  xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config">
+    <Profiles>
+        <Profile Id="">
+            <AllAppsList>
+                <AllowedApps/>
+            </AllAppsList>
+            <win11:StartPins/>
+            <Taskbar/>
+        </Profile>
+    </Profiles>
+    <Configs>
+        <Config>
+            <Account/>
+            <DefaultProfile Id=""/>
+        </Config>
+    </Configs>
+</AssignedAccessConfiguration>
+```
+#### Profile
+
+There are two types of profiles that you can specify in the XML:
+
+- **Lockdown profile**: Users assigned a lockdown profile will see the desktop in tablet mode with the specific apps on the Start screen.
+- **Kiosk profile**: Starting with Windows 10 version 1803, this profile replaces the KioskModeApp node of the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). Users assigned a kiosk profile won't see the desktop, but only the kiosk app running in full-screen mode.
+
+A lockdown profile section in the XML has the following entries:
+
+- [**Id**](#id)
+
+- [**AllowedApps**](#allowedapps)
+
+- [**StartPins**](#startpins)
+
+- [**Taskbar**](#taskbar)
+
+A kiosk profile in the XML has the following entries:
+
+- [**Id**](#id)
+
+- [**KioskModeApp**](#kioskmodeapp)
+
+##### Id
+
+The profile **Id** is a GUID attribute to uniquely identify the profile. You can create a GUID using a GUID generator. The GUID just needs to be unique within this XML file.
+
+```xml
+<Profiles>
+  <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">…</Profile>
+</Profiles>
+```
+
+##### AllowedApps
+
+**AllowedApps** is a list of applications that are allowed to run. Apps can be Universal Windows Platform (UWP) apps or Windows desktop applications. Starting with Windows 10 version 1809, you can configure a single app in the **AllowedApps** list to run automatically when the assigned access user account signs in.
+
+- For UWP apps, you need to provide the App User Model ID (AUMID). [Learn how to get the AUMID](./find-the-application-user-model-id-of-an-installed-app.md), or [get the AUMID from the Start Layout XML](#create-the-xml-file).
+- For desktop apps, you need to specify the full path of the executable, which can contain one or more system environment variables in the form of `%variableName%`. For example, `%systemroot%` or `%windir%`.
+- If an app has a dependency on another app, both must be included in the allowed apps list. For example, Internet Explorer 64-bit has a dependency on Internet Explorer 32-bit, so you must allow both `"C:\Program Files\internet explorer\iexplore.exe"` and `"C:\Program Files (x86)\Internet Explorer\iexplore.exe"`.
+- To configure a single app to launch automatically when the user signs in, include `rs5:AutoLaunch="true"` after the AUMID or path. You can also include arguments to be passed to the app. For an example, see [the AllowedApps sample XML](#apps-sample).
+
+When the multi-app kiosk configuration is applied to a device, AppLocker rules will be generated to allow the apps that are listed in the configuration. Here are the predefined assigned access AppLocker rules for **UWP apps**:
+
+1. Default rule is to allow all users to launch the signed package apps.
+2. The package app blocklist is generated at runtime when the assigned access user signs in. Based on the installed/provisioned package apps available for the user account, assigned access generates the blocklist. This list will exclude the default allowed inbox package apps, which are critical for the system to function. It then excludes the allowed packages that enterprises defined in the assigned access configuration. If there are multiple apps within the same package, all these apps will be excluded. This blocklist will be used to prevent the user from accessing the apps that are currently available for the user but not in the allowed list.
+
+  > [!NOTE]
+  > You can't manage AppLocker rules that are generated by the multi-app kiosk configuration in [MMC snap-ins](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994629(v=ws.11)#BKMK_Using_Snapins). Avoid creating AppLocker rules that conflict with AppLocker rules that are generated by the multi-app kiosk configuration.
+  > Multi-app kiosk mode doesn't block the enterprise or the users from installing UWP apps. When a new UWP app is installed during the current assigned access user session, this app will not be in the deny list. When the user signs out and signs in again, the app will be included in the blocklist. If this is an enterprise-deployed line-of-business app and you want to allow it to run, update the assigned access configuration to include it in the allowed app list.
+
+Here are the predefined assigned access AppLocker rules for **desktop apps**:
+
+1. Default rule is to allow all users to launch the desktop programs signed with Microsoft Certificate in order for the system to boot and function. The rule also allows the admin user group to launch all desktop programs.
+2. There's a predefined inbox desktop app blocklist for the assigned access user account, and this blocklist is adjusted based on the desktop app allowlist that you defined in the multi-app configuration.
+3. Enterprise-defined allowed desktop apps are added in the AppLocker allowlist.
+
+The following example allows Photos, Weather, Calculator, Paint, and Notepad apps to run on the device, with Notepad configured to automatically launch and create a file called `123.text` when the user signs in.
+
+<span id="apps-sample" />
+
+```xml
+<AllAppsList>
+        <AllowedApps>
+          <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" />
+          <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" />
+          <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" />
+          <App DesktopAppPath="%windir%\system32\mspaint.exe" />
+          <App DesktopAppPath="C:\Windows\System32\notepad.exe" rs5:AutoLaunch="true" rs5:AutoLaunchArguments="123.txt">
+        </AllowedApps>
+</AllAppsList>
+```
+
+##### StartPins
+
+After you define the list of allowed applications, you can customize the Start layout for your kiosk experience. The easiest way to create a customized Start layout to apply to other Windows client devices is to set up the Start screen on a test device and then export the layout. Once you've decided, you can get the JSON needed for your kiosk configuration by following the steps to [Get the pinnedList JSON](customize-and-export-start-layout.md). If you opt to do this using the PowerShell command, make sure that the system you run the command on has the same file structure as the device on which you will apply the kiosk (the path to the allowed apps must be the same). At the end of this step, you should have a JSON pinnedList that looks something like the below.
+
+Add your pinnedList JSON into the StartPins tag in your XML file.
+
+```xml
+<win11:StartPins>
+        <![CDATA[  
+          { "pinnedList":[
+            {"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"},
+            {"packagedAppId":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App"},
+            {"packagedAppId":"Microsoft.BingWeather_8wekyb3d8bbwe!App"},
+            {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Paint.lnk"},
+            {"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Notepad.lnk"}
+          ] }
+        ]]>
+      </win11:StartPins>
+```
+
+> [!NOTE]
+> If an app isn't installed for the user, but is included in the Start layout XML, the app isn't shown on the Start screen.
+
+##### Taskbar
+
+Define whether you want to have the taskbar present in the kiosk device. For tablet-based or touch-enabled all-in-one kiosks, when you don't attach a keyboard and mouse, you can hide the taskbar as part of the multi-app experience if you want.
+
+The following example exposes the taskbar to the end user:
+
+```xml
+<Taskbar ShowTaskbar="true"/>
+```
+
+The following example hides the taskbar:
+
+```xml
+<Taskbar ShowTaskbar="false"/>
+```
+
+> [!NOTE]
+> This is different from the **Automatically hide the taskbar** option in tablet mode, which shows the taskbar when swiping up from or moving the mouse pointer down to the bottom of the screen. Setting **ShowTaskbar** as **false** will always keep the taskbar hidden.
+
+##### KioskModeApp
+
+**KioskModeApp** is used for a [kiosk profile](#profile) only. Enter the AUMID for a single app. You can only specify one kiosk profile in the XML.
+
+```xml
+<KioskModeApp AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"/>
+```
+
+> [!IMPORTANT]
+> The kiosk profile is designed for public-facing kiosk devices. We recommend that you use a local, non-administrator account. If the device is connected to your company network, using a domain or Azure Active Directory account could potentially compromise confidential information.  
+
+#### Configs
+
+Under **Configs**, define which user account will be associated with the profile. When this user account signs in on the device, the associated assigned access profile will be enforced. This behavior includes the allowed apps, Start layout, taskbar configuration, and other local group policies or mobile device management (MDM) policies set as part of the multi-app experience.
+
+The full multi-app assigned access experience can only work for non-admin users. It's not supported to associate an admin user with the assigned access profile. Making this configuration in the XML file will result in unexpected or unsupported experiences when this admin user signs in.
+
+You can assign:
+
+- [A local standard user account that signs in automatically](#config-for-autologon-account) (Applies to Windows 10, version 1803 only)
+- [An individual account, which can be local, domain, or Azure Active Directory (Azure AD)](#config-for-individual-accounts)
+- [A group account, which can be local, Active Directory (domain), or Azure AD](#config-for-group-accounts) (Applies to Windows 10, version 1803 only).
+
+> [!NOTE]
+> Configs that specify group accounts cannot use a kiosk profile, only a lockdown profile. If a group is configured to a kiosk profile, the CSP will reject the request.
+
+##### Config for AutoLogon Account
+
+When you use `<AutoLogonAccount>` and the configuration is applied to a device, the specified account (managed by Assigned Access) is created on the device as a local standard user account. The specified account is signed in automatically after restart.
+
+The following example shows how to specify an account to sign in automatically.
+
+```xml
+<Configs>
+  <Config>
+    <AutoLogonAccount/>
+    <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+  </Config>
+</Configs>
+```
+
+Starting with Windows 10 version 1809, you can configure the display name that will be shown when the user signs in. The following example shows how to create an AutoLogon Account that shows the name "Hello World".
+
+```xml
+<Configs>
+  <Config>
+    <AutoLogonAccount rs5:DisplayName="Hello World"/>
+    <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+  </Config>
+</Configs>
+```
+
+On domain-joined devices, local user accounts aren't shown on the sign-in screen by default. To show the **AutoLogonAccount** on the sign-in screen, enable the following Group Policy setting: **Computer Configuration > Administrative Templates > System > Logon > Enumerate local users on domain-joined computers**. (The corresponding MDM policy setting is [WindowsLogon/EnumerateLocalUsersOnDomainJoinedComputers in the Policy CSP](/windows/client-management/mdm/policy-csp-windowslogon#windowslogon-enumeratelocalusersondomainjoinedcomputers).)
+
+>[!IMPORTANT]
+>When Exchange Active Sync (EAS) password restrictions are active on the device, the autologon feature does not work. This behavior is by design. For more informations, see [How to turn on automatic logon in Windows](/troubleshoot/windows-server/user-profiles-and-logon/turn-on-automatic-logon).
+
+##### Config for individual accounts
+
+Individual accounts are specified using `<Account>`.
+
+- Local account can be entered as `machinename\account` or `.\account` or just `account`.
+- Domain account should be entered as `domain\account`.
+- Azure AD account must be specified in this format: `AzureAD\{email address}`. **AzureAD** must be provided _as is_, and consider it's a fixed domain name. Then follow with the Azure AD email address. For example, `AzureAD\someone@contoso.onmicrosoft.com`
+
+> [!WARNING]
+> Assigned access can be configured via WMI or CSP to run its applications under a domain user or service account, rather than a local account.  However, use of domain user or service accounts introduces risks that an attacker subverting the assigned access application might gain access to sensitive domain resources that have been inadvertently left accessible to any domain account. We recommend that customers proceed with caution when using domain accounts with assigned access, and consider the domain resources potentially exposed by the decision to do so.
+
+Before applying the multi-app configuration, make sure the specified user account is available on the device, otherwise it will fail.
+
+> [!NOTE]
+> For both domain and Azure AD accounts, it's not required that target account is explicitly added to the device. As long as the device is AD-joined or Azure AD-joined, the account can be discovered in the domain forest or tenant that the device is joined to. For local accounts, it is required that the account exist before you configure the account for assigned access.
+
+```xml
+<Configs>
+  <Config>
+    <Account>MultiAppKioskUser</Account>
+    <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+  </Config>
+</Configs>
+```
+
+##### Config for group accounts
+
+Group accounts are specified using `<UserGroup>`. Nested groups aren't supported. For example, if user A is member of Group 1, Group 1 is member of Group 2, and Group 2 is used in `<Config/>`, user A won't have the kiosk experience.
+
+- Local group: Specify the group type as **LocalGroup** and put the group name in Name attribute. Any Azure AD accounts that are added to the local group won't have the kiosk settings applied.
+
+  ```xml
+  <Config>
+    <UserGroup Type="LocalGroup" Name="mygroup" />
+    <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+  </Config>
+  ```
+
+- Domain group: Both security and distribution groups are supported. Specify the group type as <strong>ActiveDirectoryGroup</strong>. Use the domain name as the prefix in the name attribute.
+
+  ```xml
+  <Config>
+    <UserGroup Type="ActiveDirectoryGroup" Name="mydomain\mygroup" />
+    <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+  </Config>
+  ```
+
+- Azure AD group: Use the group object ID from the Azure portal to uniquely identify the group in the Name attribute. You can find the object ID on the overview page for the group in **Users and groups** > **All groups**. Specify the group type as **AzureActiveDirectoryGroup**. The kiosk device must have internet connectivity when users that belong to the group sign-in.
+
+  ```xml
+  <Config>
+    <UserGroup Type="AzureActiveDirectoryGroup" Name="a8d36e43-4180-4ac5-a627-fb8149bba1ac" />
+    <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+  </Config>
+  ```
+
+  > [!NOTE]
+  > If an Azure AD group is configured with a lockdown profile on a device, a user in the Azure AD group must change their password (after the account has been created with default password on the portal) before they can sign in to this device. If the user uses the default password to sign in to the device, the user will be immediately signed out.
+
+<span id="add-xml" />
+
+## Configure a kiosk using WMI Bridge
+
+Environments that use [Windows Management Instrumentation (WMI)](/windows/win32/wmisdk/wmi-start-page) can use the [MDM Bridge WMI Provider](/windows/win32/dmwmibridgeprov/mdm-bridge-wmi-provider-portal) to configure the MDM_AssignedAccess class.
+
+Here's an example of how to set AssignedAccess configuration:
+
+1. Download the [psexec tool](/sysinternals/downloads/psexec).  
+2. Run `psexec.exe -i -s cmd.exe`.
+3. In the command prompt launched by psexec.exe, enter `powershell.exe` to open PowerShell. 
+4. Run the following script replacing the placeholder "your XML here, with the [XML](#create-the-xml-file) you created above.
+
+```xml
+$nameSpaceName="root\cimv2\mdm\dmmap"
+$className="MDM_AssignedAccess"
+$obj = Get-CimInstance -Namespace $namespaceName -ClassName $className
+Add-Type -AssemblyName System.Web
+$obj.Configuration = [System.Web.HttpUtility]::HtmlEncode(@"
+
+<your XML here>
+    
+"@)
+
+Set-CimInstance -CimInstance $obj
+```
+## Sample Assigned Access XML
+
+Compare the below to your XML file to check for correct formatting. 
+
+```xml
+<?xml version="1.0" encoding="utf-8" ?>
+<AssignedAccessConfiguration  
+  xmlns="http://schemas.microsoft.com/AssignedAccess/2017/config" xmlns:win11="http://schemas.microsoft.com/AssignedAccess/2022/config">
+  <Profiles>
+    <Profile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}">       
+      <AllAppsList>
+        <AllowedApps> 
+          <App AppUserModelId="Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic" /> 
+          <App AppUserModelId="Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo" /> 
+          <App AppUserModelId="Microsoft.Windows.Photos_8wekyb3d8bbwe!App" /> 
+          <App AppUserModelId="Microsoft.BingWeather_8wekyb3d8bbwe!App" /> 
+          <App AppUserModelId="Microsoft.WindowsCalculator_8wekyb3d8bbwe!App" /> 
+          <App DesktopAppPath="%windir%\system32\mspaint.exe" /> 
+          <App DesktopAppPath="C:\Windows\System32\notepad.exe" /> 
+        </AllowedApps> 
+      </AllAppsList> 
+      <win11:StartPins>
+        <![CDATA[  
+          { "pinnedList":[
+            {"packagedAppId":"Microsoft.WindowsCalculator_8wekyb3d8bbwe!App"},
+            {"packagedAppId":"Microsoft.Windows.Photos_8wekyb3d8bbwe!App"},
+            {"packagedAppId":"Microsoft.ZuneMusic_8wekyb3d8bbwe!Microsoft.ZuneMusic"},
+            {"packagedAppId":"Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo"},
+            {"packagedAppId":"Microsoft.BingWeather_8wekyb3d8bbwe!App"},
+            {"desktopAppLink":"%ALLUSERSPROFILE%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Paint.lnk"},
+            {"desktopAppLink":"%APPDATA%\\Microsoft\\Windows\\StartMenu\\Programs\\Accessories\\Notepad.lnk"}
+          ] }
+        ]]>
+      </win11:StartPins>
+      <Taskbar ShowTaskbar="true"/>
+    </Profile> 
+  </Profiles>
+  <Configs>
+    <Config>
+      <Account>MultiAppKioskUser</Account>
+      <DefaultProfile Id="{9A2A490F-10F6-4764-974A-43B19E722C23}"/>
+    </Config>
+  </Configs>
+</AssignedAccessConfiguration>
+```
diff --git a/windows/security/docfx.json b/windows/security/docfx.json
index 7504a93725..d8d58c9943 100644
--- a/windows/security/docfx.json
+++ b/windows/security/docfx.json
@@ -71,11 +71,13 @@
     "fileMetadata": {
       "author":{
         "identity-protection/**/*.md": "paolomatarazzo",
-        "threat-protection/windows-firewall/**/*.md": "aczechowski"
+        "operating-system-security/network-security/**/*.md": "paolomatarazzo",
+        "operating-system-security/network-security/windows-firewall/**/*.md": "ngangulyms"
       },
       "ms.author":{
         "identity-protection/**/*.md": "paoloma",
-        "threat-protection/windows-firewall/*.md": "aaroncz"
+        "operating-system-security/network-security/**/*.md": "paoloma",
+        "operating-system-security/network-security/windows-firewall/*.md": "nganguly"
       },
       "appliesto":{
         "identity-protection/**/*.md": [
@@ -109,14 +111,21 @@
         "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
         "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
         "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
+        ],
+        "operating-system-security/network-security/windows-firewall/**/*.md": [
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2022</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2019</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/windows-server-release-info\" target=\"_blank\">Windows Server 2016</a>"
         ]
       },
       "ms.reviewer":{
         "identity-protection/hello-for-business/*.md": "erikdau",
         "identity-protection/credential-guard/*.md": "zwhittington",
         "identity-protection/access-control/*.md": "sulahiri",
-        "threat-protection/windows-firewall/*.md": "paoloma",
-        "identity-protection/vpn/*.md": "pesmith"
+        "operating-system-security/network-security/windows-firewall/*.md": "paoloma",
+        "operating-system-security/network-security/vpn/*.md": "pesmith"
       },
       "ms.collection":{
         "identity-protection/hello-for-business/*.md": "tier1",
@@ -126,7 +135,7 @@
         "information-protection/tpm/*.md": "tier1",
         "threat-protection/auditing/*.md": "tier3",
         "threat-protection/windows-defender-application-control/*.md": "tier3",
-        "threat-protection/windows-firewall/*.md": "tier3"
+        "operating-system-security/network-security/windows-firewall/*.md": "tier3"
       }
     },
     "template": [],
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 0a5083fd99..08924b2594 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -207,7 +207,7 @@ sections:
     questions:      
       - question: Can I use an external Windows Hello compatible camera when my computer has a built-in Windows Hello compatible camera?
         answer: |
-          Yes. Starting with Windows 10, version 21H1 an external Windows Hello compatible camera can be used if a device already supports an internal Windows Hello camera. When both cameras are present, the external camera is used for face authentication. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103). However, using external Hello cameras and accessories is restricted if ESS is enabled, please see [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security#pluggableperipheral-biometric-sensors).
+          Yes, you can use an external Windows Hello compatible camera if a device has an internal Windows Hello camera. When both cameras are present, the external camera is used for face authentication. For more information, see [IT tools to support Windows 10, version 21H1](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/it-tools-to-support-windows-10-version-21h1/ba-p/2365103). If ESS is enabled, see [Windows Hello Enhanced Sign-in Security](/windows-hardware/design/device-experiences/windows-hello-enhanced-sign-in-security).
       - question: Can I use an external Windows Hello compatible camera or other Windows Hello compatible accessory when my laptop lid is closed or docked?
         answer: |
           Some laptops and tablets with keyboards that close may not use an external Windows Hello compatible camera or other Windows Hello compatible accessory when the computer is docked with the lid closed. The issue has been addressed in Windows 11, version 22H2.
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
index 7db0d09b8c..b3db8ed5ef 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
@@ -1,14 +1,14 @@
 ---
-title: User Account Control 
-description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
+title: User Account Control overview
+description: Learn about User Account Control (UAC) and how it helps preventing malware from damaging a device and helps organizations deploy a better-managed desktop.
 ms.collection: 
   - highpri
   - tier2
-ms.topic: article
-ms.date: 09/24/2011
+ms.topic: conceptual
+ms.date: 05/18/2023
 ---
 
-# User Account Control
+# User Account Control overview
 
 User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
 
@@ -24,14 +24,13 @@ When an app needs to run with more than standard user rights, UAC allows users t
 
 Admin Approval Mode in UAC helps prevent malware from silently installing without an administrator's knowledge. It also helps protect from inadvertent system-wide changes. Lastly, it can be used to enforce a higher level of compliance where administrators must actively consent or provide credentials for each administrative process.
 
+## Next steps
 
-## In this section
+Learn more about UAC and how to configure it for your organization.
 
 | Topic | Description |
 | - | - |
 | [How User Account Control works](how-user-account-control-works.md) | User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware. |
 | [User Account Control security policy settings](user-account-control-security-policy-settings.md) | You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy. |
 | [User Account Control Group Policy and registry key settings](user-account-control-group-policy-and-registry-key-settings.md) | Here's a list of UAC  Group Policy and registry key settings that your organization can use to manage UAC. |
-
-
-
+ 
\ No newline at end of file
diff --git a/windows/security/identity-protection/vpn/images/vpn-app-rules.png b/windows/security/identity-protection/vpn/images/vpn-app-rules.png
deleted file mode 100644
index edc4a24209..0000000000
Binary files a/windows/security/identity-protection/vpn/images/vpn-app-rules.png and /dev/null differ
diff --git a/windows/security/identity-protection/vpn/images/vpn-app-trigger.PNG b/windows/security/identity-protection/vpn/images/vpn-app-trigger.PNG
deleted file mode 100644
index aebd913df5..0000000000
Binary files a/windows/security/identity-protection/vpn/images/vpn-app-trigger.PNG and /dev/null differ
diff --git a/windows/security/identity-protection/vpn/images/vpn-connection-intune.png b/windows/security/identity-protection/vpn/images/vpn-connection-intune.png
deleted file mode 100644
index 8098b3445e..0000000000
Binary files a/windows/security/identity-protection/vpn/images/vpn-connection-intune.png and /dev/null differ
diff --git a/windows/security/identity-protection/vpn/images/vpn-eap-xml.png b/windows/security/identity-protection/vpn/images/vpn-eap-xml.png
deleted file mode 100644
index 9a90401c88..0000000000
Binary files a/windows/security/identity-protection/vpn/images/vpn-eap-xml.png and /dev/null differ
diff --git a/windows/security/identity-protection/vpn/images/vpn-name-intune.png b/windows/security/identity-protection/vpn/images/vpn-name-intune.png
deleted file mode 100644
index a7b3bfe3b4..0000000000
Binary files a/windows/security/identity-protection/vpn/images/vpn-name-intune.png and /dev/null differ
diff --git a/windows/security/identity-protection/vpn/images/vpn-split-route.png b/windows/security/identity-protection/vpn/images/vpn-split-route.png
deleted file mode 100644
index 12c3fe64d6..0000000000
Binary files a/windows/security/identity-protection/vpn/images/vpn-split-route.png and /dev/null differ
diff --git a/windows/security/identity-protection/vpn/images/vpn-split.png b/windows/security/identity-protection/vpn/images/vpn-split.png
deleted file mode 100644
index b4143ab1e5..0000000000
Binary files a/windows/security/identity-protection/vpn/images/vpn-split.png and /dev/null differ
diff --git a/windows/security/identity-protection/vpn/images/vpn-traffic-rules.png b/windows/security/identity-protection/vpn/images/vpn-traffic-rules.png
deleted file mode 100644
index fa7b526e80..0000000000
Binary files a/windows/security/identity-protection/vpn/images/vpn-traffic-rules.png and /dev/null differ
diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md
deleted file mode 100644
index 925b124da9..0000000000
--- a/windows/security/identity-protection/vpn/vpn-routing.md
+++ /dev/null
@@ -1,59 +0,0 @@
----
-ms.date: 09/23/2021
-title: VPN routing decisions
-description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
-ms.topic: conceptual
----
-# VPN routing decisions
-
-Network routes are required for the stack to understand which interface to use for outbound traffic. One of the most important decision points for VPN configuration is whether you want to send all the data through VPN (*force tunnel*) or only some data through the VPN (*split tunnel*). This decision impacts the configuration and the capacity planning, as well as security expectations from the connection. 
-
-## Split tunnel configuration
-
-In a split tunnel configuration, routes can be specified to go over VPN and all other traffic will go over the physical interface. 
-
-Routes can be configured using the VPNv2/*ProfileName*/RouteList setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
- 
-For each route item in the list, the following can be specified: 
-
-- **Address**: VPNv2/*ProfileName*/RouteList/*routeRowId*/Address
-- **Prefix size**: VPNv2/*ProfileName*/RouteList/*routeRowId*/Prefix
-- **Exclusion route**: VPNv2/*ProfileName*/RouteList/*routeRowId*/ExclusionRoute
-   
-   Windows VPN platform now supports the ability to specify exclusion routes that specifically should not go over the physical interface. 
-
-Routes can also be added at connect time through the server for UWP VPN apps.  
-
-## Force tunnel configuration
-
-In a force tunnel configuration, all traffic will go over VPN. This is the default configuration and takes effect if no routes are specified. 
-
-The only implication of this setting is the manipulation of routing entries. In the case of a force tunnel, VPN V4 and V6 default routes (for example. 0.0.0.0/0) are added to the routing table with a lower metric than ones for other interfaces. This sends traffic through the VPN as long as there isn't a specific route on the physical interface itself. 
-
-For built-in VPN, this decision is controlled using the MDM setting **VPNv2/ProfileName/NativeProfile/RoutingPolicyType**.
-
-For a UWP VPN plug-in, this property is directly controlled by the app. If the VPN plug-in indicates the default route for IPv4 and IPv6 as the only two Inclusion routes, the VPN platform marks the connection as Force Tunneled. 
-
-## Configure routing
-
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration. 
-
-When you configure a VPN profile in Microsoft Intune, you select a checkbox to enable split tunnel configuration.
-
-![split tunnel.](images/vpn-split.png)
-
-Next, in **Corporate Boundaries**, you add the routes that should use the VPN connection.   
-  
-![add route for split tunnel.](images/vpn-split-route.png)
-
-
-## Related topics
-
-- [VPN technical guide](vpn-guide.md)
-- [VPN connection types](vpn-connection-type.md)
-- [VPN authentication options](vpn-authentication.md)
-- [VPN and conditional access](vpn-conditional-access.md)
-- [VPN name resolution](vpn-name-resolution.md)
-- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
-- [VPN security features](vpn-security-features.md)
-- [VPN profile options](vpn-profile-options.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
deleted file mode 100644
index c4d9da3ec4..0000000000
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ /dev/null
@@ -1,84 +0,0 @@
----
-title: VPN security features
-description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters.
-ms.date: 07/21/2022
-ms.topic: conceptual
----
-
-# VPN security features
-
-## Hyper-V based containers and VPN
-
-Windows supports different kinds of Hyper-V based containers. This support includes, but isn't limited to, Microsoft Defender Application Guard and Windows Sandbox. When you use 3rd party VPN solutions, these Hyper-V based containers may not be able to seamlessly connect to the internet. Additional configurational changes might be needed to resolve connectivity issues.
-
-For example, for more information on a workaround for Cisco AnyConnect VPN, see [Cisco AnyConnect Secure Mobility Client Administrator Guide: Connectivity issues with VM-based subsystems](https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/troubleshoot-anyconnect.html#Cisco_Task_in_List_GUI.dita_3a9a8101-f034-4e9b-b24a-486ee47b5e9f).
-
-## Windows Information Protection (WIP) integration with VPN
-
-Windows Information Protection provides capabilities allowing the separation and protection of enterprise data against disclosure across both company and personally owned devices, without requiring additional changes to the environments or the apps themselves. Additionally, when used with Rights Management Services (RMS), WIP can help to protect enterprise data locally.
-
-The **EdpModeId** node in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) allows a Windows 10 or Windows 11 VPN client to integrate with WIP, extending its functionality to remote devices. Use case scenarios for WIP include:
-
-- Core functionality: File encryption and file access blocking
-- UX policy enforcement: Restricting copy/paste, drag/drop, and sharing operations
-- WIP network policy enforcement: Protecting intranet resources over the corporate network and VPN
-- Network policy enforcement: Protecting SMB and Internet cloud resources over the corporate network and VPN
-
-The value of the **EdpModeId** is an Enterprise ID. The networking stack will look for this ID in the app token to determine whether VPN should be triggered for that particular app.
-
-Additionally, when connecting with WIP, the admin does not have to specify AppTriggerList and TrafficFilterList rules separately in this profile (unless more advanced configuration is needed) because the WIP policies and App lists automatically take effect.
-
-[Learn more about Windows Information Protection](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip)
-
-
-## Traffic Filters
-
-Traffic Filters give enterprises the ability to decide what traffic is allowed into the corporate network based on policy. Network admins can use Traffic Filters to effectively add interface specific firewall rules on the VPN Interface. There are two types of Traffic Filter rules:
-
-- App-based rules. With app-based rules, a list of applications can be marked to allow only traffic originating from these apps to go over the VPN interface.
-- Traffic-based rules. Traffic-based rules are 5-tuple policies (ports, addresses, protocol) that can be specified to allow only traffic matching these rules to go over the VPN interface.
-
-There can be many sets of rules which are linked by OR. Within each set, there can be app-based rules and traffic-based rules; all the properties within the set will be linked by AND. In addition, these rules can be applied at a per-app level or a per-device level.
-
-For example, an admin could define rules that specify:
-
-- The Contoso HR App must be allowed to go through the VPN and only access port 4545.
-- The Contoso finance apps are allowed to go over the VPN and only access the Remote IP ranges of 10.10.0.40 - 10.10.0.201 on port 5889.
-- All other apps on the device should be able to access only ports 80 or 443.
-
-## Configure traffic filters
-
-See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
-
-The following image shows the interface to configure traffic rules in a VPN Profile configuration policy, using Microsoft Intune.
-
-![Add a traffic rule.](images/vpn-traffic-rules.png)
-
-
-## LockDown VPN
-
-A VPN profile configured with LockDown secures the device to only allow network traffic over the VPN interface. It has the following features:
-
-- The system attempts to keep the VPN connected at all times.
-- The user cannot disconnect the VPN connection.
-- The user cannot delete or modify the VPN profile.
-- The VPN LockDown profile uses forced tunnel connection.
-- If the VPN connection is not available, outbound network traffic is blocked.
-- Only one VPN LockDown profile is allowed on a device.
-
-> [!NOTE]
-> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
-
-Deploy this feature with caution, as the resultant connection will not be able to send or receive any network traffic without the VPN being connected.
-
-
-## Related topics
-
-- [VPN technical guide](vpn-guide.md)
-- [VPN connection types](vpn-connection-type.md)
-- [VPN routing decisions](vpn-routing.md)
-- [VPN authentication options](vpn-authentication.md)
-- [VPN and conditional access](vpn-conditional-access.md)
-- [VPN name resolution](vpn-name-resolution.md)
-- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
-- [VPN profile options](vpn-profile-options.md)
diff --git a/windows/security/operating-system-security/network-security/toc.yml b/windows/security/operating-system-security/network-security/toc.yml
index af372280a4..c62a6aaad4 100644
--- a/windows/security/operating-system-security/network-security/toc.yml
+++ b/windows/security/operating-system-security/network-security/toc.yml
@@ -1,40 +1,17 @@
 items:
-- name: Transport layer security (TLS)
-  href: /windows-server/security/tls/tls-ssl-schannel-ssp-overview
-- name: WiFi Security
-  href: https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09
-- name: Windows Firewall
-  href: ../../threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
-- name: Virtual Private Network (VPN)
-  href: ../../identity-protection/vpn/vpn-guide.md
-  items:
-  - name: VPN connection types
-    href: ../../identity-protection/vpn/vpn-connection-type.md
-  - name: VPN routing decisions
-    href: ../../identity-protection/vpn/vpn-routing.md
-  - name: VPN authentication options
-    href: ../../identity-protection/vpn/vpn-authentication.md
-  - name: VPN and conditional access
-    href: ../../identity-protection/vpn/vpn-conditional-access.md
-  - name: VPN name resolution
-    href: ../../identity-protection/vpn/vpn-name-resolution.md
-  - name: VPN auto-triggered profile options
-    href: ../../identity-protection/vpn/vpn-auto-trigger-profile.md
-  - name: VPN security features
-    href: ../../identity-protection/vpn/vpn-security-features.md
-  - name: VPN profile options
-    href: ../../identity-protection/vpn/vpn-profile-options.md
-  - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
-    href: ../../identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
-  - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
-    href: ../../identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
-  - name: Optimizing Office 365 traffic with the Windows VPN client
-    href: ../../identity-protection/vpn/vpn-office-365-optimization.md
-- name: Always On VPN
-  href: /windows-server/remote/remote-access/vpn/always-on-vpn/
-- name: Direct Access
-  href: /windows-server/remote/remote-access/directaccess/directaccess
-- name: Server Message Block (SMB) file service
-  href: /windows-server/storage/file-server/file-server-smb-overview
-- name: Server Message Block Direct (SMB Direct)
-  href: /windows-server/storage/file-server/smb-direct
\ No newline at end of file
+  - name: Transport layer security (TLS) 🔗
+    href: /windows-server/security/tls/tls-ssl-schannel-ssp-overview
+  - name: WiFi Security
+    href: https://support.microsoft.com/windows/faster-and-more-secure-wi-fi-in-windows-26177a28-38ed-1a8e-7eca-66f24dc63f09
+  - name: Windows Firewall 🔗
+    href: windows-firewall/windows-firewall-with-advanced-security.md
+  - name: Virtual Private Network (VPN)
+    href: vpn/toc.yml
+  - name: Always On VPN 🔗
+    href: /windows-server/remote/remote-access/vpn/always-on-vpn/
+  - name: Direct Access 🔗
+    href: /windows-server/remote/remote-access/directaccess/directaccess
+  - name: Server Message Block (SMB) file service 🔗
+    href: /windows-server/storage/file-server/file-server-smb-overview
+  - name: Server Message Block Direct (SMB Direct) 🔗
+    href: /windows-server/storage/file-server/smb-direct
\ No newline at end of file
diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
similarity index 100%
rename from windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
rename to windows/security/operating-system-security/network-security/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
similarity index 100%
rename from windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
rename to windows/security/operating-system-security/network-security/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
diff --git a/windows/security/operating-system-security/network-security/vpn/images/vpn-app-trigger.PNG b/windows/security/operating-system-security/network-security/vpn/images/vpn-app-trigger.PNG
new file mode 100644
index 0000000000..16a6bcbbfc
Binary files /dev/null and b/windows/security/operating-system-security/network-security/vpn/images/vpn-app-trigger.PNG differ
diff --git a/windows/security/operating-system-security/network-security/vpn/images/vpn-connection-intune.png b/windows/security/operating-system-security/network-security/vpn/images/vpn-connection-intune.png
new file mode 100644
index 0000000000..f3ab76439d
Binary files /dev/null and b/windows/security/operating-system-security/network-security/vpn/images/vpn-connection-intune.png differ
diff --git a/windows/security/identity-protection/vpn/images/vpn-connection.png b/windows/security/operating-system-security/network-security/vpn/images/vpn-connection.png
similarity index 100%
rename from windows/security/identity-protection/vpn/images/vpn-connection.png
rename to windows/security/operating-system-security/network-security/vpn/images/vpn-connection.png
diff --git a/windows/security/identity-protection/vpn/images/vpn-custom-xml-intune.png b/windows/security/operating-system-security/network-security/vpn/images/vpn-custom-xml-intune.png
similarity index 100%
rename from windows/security/identity-protection/vpn/images/vpn-custom-xml-intune.png
rename to windows/security/operating-system-security/network-security/vpn/images/vpn-custom-xml-intune.png
diff --git a/windows/security/identity-protection/vpn/images/vpn-device-compliance.png b/windows/security/operating-system-security/network-security/vpn/images/vpn-device-compliance.png
similarity index 100%
rename from windows/security/identity-protection/vpn/images/vpn-device-compliance.png
rename to windows/security/operating-system-security/network-security/vpn/images/vpn-device-compliance.png
diff --git a/windows/security/operating-system-security/network-security/vpn/images/vpn-eap-xml.png b/windows/security/operating-system-security/network-security/vpn/images/vpn-eap-xml.png
new file mode 100644
index 0000000000..fd277c80a8
Binary files /dev/null and b/windows/security/operating-system-security/network-security/vpn/images/vpn-eap-xml.png differ
diff --git a/windows/security/operating-system-security/network-security/vpn/images/vpn-name-intune.png b/windows/security/operating-system-security/network-security/vpn/images/vpn-name-intune.png
new file mode 100644
index 0000000000..df0922e2b6
Binary files /dev/null and b/windows/security/operating-system-security/network-security/vpn/images/vpn-name-intune.png differ
diff --git a/windows/security/operating-system-security/network-security/vpn/images/vpn-split.png b/windows/security/operating-system-security/network-security/vpn/images/vpn-split.png
new file mode 100644
index 0000000000..882757f1b4
Binary files /dev/null and b/windows/security/operating-system-security/network-security/vpn/images/vpn-split.png differ
diff --git a/windows/security/operating-system-security/network-security/vpn/images/vpn-traffic-rules.png b/windows/security/operating-system-security/network-security/vpn/images/vpn-traffic-rules.png
new file mode 100644
index 0000000000..a1cbcd3226
Binary files /dev/null and b/windows/security/operating-system-security/network-security/vpn/images/vpn-traffic-rules.png differ
diff --git a/windows/security/operating-system-security/network-security/vpn/toc.yml b/windows/security/operating-system-security/network-security/vpn/toc.yml
new file mode 100644
index 0000000000..d160764ee0
--- /dev/null
+++ b/windows/security/operating-system-security/network-security/vpn/toc.yml
@@ -0,0 +1,25 @@
+items:
+  - name: Overview
+    href: vpn-guide.md
+  - name: VPN connection types
+    href: vpn-connection-type.md
+  - name: VPN routing decisions
+    href: vpn-routing.md
+  - name: VPN authentication options
+    href: vpn-authentication.md
+  - name: VPN and conditional access
+    href: vpn-conditional-access.md
+  - name: VPN name resolution
+    href: vpn-name-resolution.md
+  - name: VPN auto-triggered profile options
+    href: vpn-auto-trigger-profile.md
+  - name: VPN security features
+    href: vpn-security-features.md
+  - name: VPN profile options
+    href: vpn-profile-options.md
+  - name: How to configure Diffie Hellman protocol over IKEv2 VPN connections
+    href: how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+  - name: How to use single sign-on (SSO) over VPN and Wi-Fi connections
+    href: how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+  - name: Optimizing Office 365 traffic with the Windows VPN client
+    href: vpn-office-365-optimization.md
\ No newline at end of file
diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
similarity index 97%
rename from windows/security/identity-protection/vpn/vpn-authentication.md
rename to windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
index 3d893fc9fc..1fc65b4198 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-authentication.md
@@ -74,7 +74,7 @@ For a UWP VPN plug-in, the app vendor controls the authentication method to be u
 See [EAP configuration](/windows/client-management/mdm/eap-configuration) for EAP XML configuration. 
 
 >[!NOTE]
->To configure Windows Hello for Business authentication, follow the steps in [EAP configuration](/windows/client-management/mdm/eap-configuration) to create a smart card certificate. [Learn more about Windows Hello for Business.](../hello-for-business/hello-identity-verification.md)
+>To configure Windows Hello for Business authentication, follow the steps in [EAP configuration](/windows/client-management/mdm/eap-configuration) to create a smart card certificate. [Learn more about Windows Hello for Business.](../../../identity-protection/hello-for-business/hello-identity-verification.md).
 
 The following image shows the field for EAP XML in a Microsoft Intune VPN profile. The EAP XML field only appears when you select a built-in connection type (automatic, IKEv2, L2TP, PPTP).
 
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md b/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md
new file mode 100644
index 0000000000..9af27f73a3
--- /dev/null
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-auto-trigger-profile.md
@@ -0,0 +1,90 @@
+---
+title: VPN auto-triggered profile options
+description: With auto-triggered VPN profile options, Windows can automatically establish a VPN connection based on IT admin-defined rules. Learn about the types of auto-trigger rules that you can create for VPN connections.
+ms.date: 05/24/2023
+ms.topic: conceptual
+---
+
+# VPN auto-triggered profile options
+
+Windows can use different features to auto-trigger VPN, avoiding users to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules:
+
+- Application trigger
+- Name-based trigger
+- Always On
+
+> [!NOTE]
+> Auto-triggered VPN connections won't work if **Folder Redirection** for **AppData** is enabled. Either Folder Redirection for AppData must be disabled, or the auto-triggered VPN profile must be deployed in SYSTEM context, which changes the path to where the *rasphone.pbk* file is stored.
+
+## Application trigger
+
+VPN profiles can be configured to automatically connect on the execution of certain applications:
+
+- You can configure desktop or Universal Windows Platform (UWP) apps to trigger a VPN connection
+- You can configure per-app VPN and specify traffic rules for each app
+
+> [!NOTE]
+> The app identifier for a desktop app is a file path. The app identifier for a UWP app is a package family name.
+>
+> [Find a package family name (PFN) for per-app VPN configuration](/mem/configmgr/protect/deploy-use/find-a-pfn-for-per-app-vpn)
+
+For more information, see [Traffic filters](vpn-security-features.md#traffic-filters).
+
+## Name-based trigger
+
+You can configure a domain name-based rule so that a specific domain name triggers the VPN connection.\ 
+Name-based auto-trigger can be configured using the `VPNv2/<ProfileName>/DomainNameInformationList/dniRowId/AutoTrigger` setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
+
+There are four types of name-based triggers:
+
+- Short name: for example, if *HRweb* is configured as a trigger, and the stack sees a DNS resolution request for *HRweb*, the VPN triggers
+- Fully qualified domain name (FQDN): for example, if *HRweb.corp.contoso.com* is configured as a trigger, and the stack sees a DNS resolution request for *HRweb.corp.contoso.com*, the VPN triggers
+- Suffix: for example, if *.corp.contoso.com* is configured as a trigger, and the stack sees a DNS resolution request with a matching suffix (such as *HRweb.corp.contoso.com*), the VPN triggers. For any short name resolution, VPN triggers, and the DNS servers are queried for the *<ShortName\>.corp.contoso.com*
+- All: if used, all DNS resolution triggers VPN
+
+## Always On
+
+Always On is a Windows feature that enables the active VPN profile to connect automatically on the following triggers:
+
+- User sign-in
+- Network change
+- Device screen on
+
+When the trigger occurs, VPN tries to connect. If an error occurs, or any user input is needed, the user sees a toast notification for more interaction.
+
+When a device has multiple profiles with Always On triggers, the user can specify the active profile in **Settings > Network & Internet > VPN > <VPN profile\>** by selecting the **Let apps automatically use this VPN connection** checkbox. By default, the first MDM-configured profile is marked as **Active**. Devices with multiple users have the same restriction: only one profile, and therefore only one user, is able to use the Always On triggers.
+
+## Preserving user Always On preference
+
+Another Windows feature is to preserve a user's Always On preference. If a user manually unchecks the **Connect automatically** checkbox, Windows remembers the user preference for the profile name by adding the profile name to the registry value *AutoTriggerDisabledProfilesList*.  
+
+If a management tool removes or adds the same profile name back and set **AlwaysOn** to **true**, Windows doesn't check the box if the profile name exists in the following registry value, in order to preserve user preference.
+
+**Key:** `HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RasMan\Config`\
+**Value:** `AutoTriggerDisabledProfilesList`\
+**Type:** `REG_MULTI_SZ`
+
+## Trusted network detection
+
+The **Trusted network detection** feature configures the VPN so that connection isn't triggered when a device is on a trusted network. To configure Trusted network detection, you must provide a list of DNS suffixes. The VPN stack verifies the network name of the physical interface connection profile: if it matches any of the suffixes configured in the list and the network is private or provisioned by MDM, then VPN doesn't trigger.
+
+Trusted network detection can be configured using the `VPNv2/<ProfileName>/TrustedNetworkDetection` setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
+
+## Configure app-triggered VPN
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+The following image shows associating apps to a VPN connection in a VPN Profile configuration policy using Microsoft Intune.
+
+:::image type="content" source="images/vpn-app-trigger.png" alt-text="Creation of VPN profile in Intune: application association options." lightbox="images/vpn-app-trigger.png":::
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN connection types](vpn-connection-type.md)
+- [VPN routing decisions](vpn-routing.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN name resolution](vpn-name-resolution.md)
+- [VPN security features](vpn-security-features.md)
+- [VPN profile options](vpn-profile-options.md)
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md
similarity index 91%
rename from windows/security/identity-protection/vpn/vpn-conditional-access.md
rename to windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md
index a40fc1e98b..3dca76e27e 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-conditional-access.md
@@ -1,7 +1,7 @@
 ---
-title: VPN and conditional access 
-description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps.
-ms.date: 09/23/2021
+title: VPN and conditional access
+description: Learn how to integrate the VPN client with the Conditional Access platform, and how to create access rules for Azure Active Directory (Azure AD) connected apps.
+ms.date: 05/23/2023
 ms.topic: conceptual
 ---
 
@@ -15,30 +15,25 @@ The VPN client is now able to integrate with the cloud-based Conditional Access
 Conditional Access Platform components used for Device Compliance include the following cloud-based services:
 
 - [Conditional Access Framework](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn)
-
 - [Azure AD Connect Health](/azure/active-directory/connect-health/active-directory-aadconnect-health)
-
-- [Windows Health Attestation Service](../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md#device-health-attestation) (optional)
-
+- [Windows Health Attestation Service](../../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md#device-health-attestation) (optional)
 - Azure AD Certificate Authority - It is a requirement that the client certificate used for the cloud-based device compliance solution be issued by an Azure Active Directory-based Certificate Authority (CA). An Azure AD CA is essentially a mini-CA cloud tenant in Azure. The Azure AD CA cannot be configured as part of an on-premises Enterprise CA. 
 See also [Always On VPN deployment for Windows Server and Windows 10](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/always-on-vpn-deploy).
-
 - Azure AD-issued short-lived certificates - When a VPN connection attempt is made, the Azure AD Token Broker on the local device communicates with Azure Active Directory, which then checks for health based on compliance rules. If compliant, Azure AD sends back a short-lived certificate that is used to authenticate the VPN. Note that certificate authentication methods such as EAP-TLS can be used. When the client reconnects and determines that the certificate has expired, the client will again check with Azure AD for health validation before a new certificate is issued.
-
 - [Microsoft Intune device compliance policies](/mem/intune/protect/device-compliance-get-started) - Cloud-based device compliance leverages Microsoft Intune Compliance Policies, which are capable of querying the device state and define compliance rules for the following, among other things.
-
-    - Antivirus status
-    - Auto-update status and update compliance
-    - Password policy compliance
-    - Encryption compliance
-    - Device health attestation state (validated against attestation service after query)
+  - Antivirus status
+  - Auto-update status and update compliance
+  - Password policy compliance
+  - Encryption compliance
+  - Device health attestation state (validated against attestation service after query)
 
 The following client-side components are also required:
+
 - [HealthAttestation Configuration Service Provider (CSP)](/windows/client-management/mdm/healthattestation-csp)
 - [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) DeviceCompliance node settings
 - Trusted Platform Module (TPM)
 
-## VPN device compliance 
+## VPN device compliance
 
 At this time, the Azure AD certificates issued to users do not contain a CRL Distribution Point (CDP) and are not suitable for Key Distribution Centers (KDCs) to issue Kerberos tokens. For users to gain access to on-premises resources such as files on a network share, client authentication certificates must be deployed to the Windows profiles of the users, and their VPNv2 profiles must contain the &lt;SSO&gt; section.
 
@@ -47,7 +42,7 @@ Server-side infrastructure requirements to support VPN device compliance include
 - The VPN server should be configured for certificate authentication.
 - The VPN server should trust the tenant-specific Azure AD CA.
 - For client access using Kerberos/NTLM, a domain-trusted certificate is deployed to the client device and is configured to be used for single sign-on (SSO).
-   
+
 After the server side is set up, VPN admins can add the policy settings for conditional access to the VPN profile using the VPNv2 DeviceCompliance node.
 
 Two client-side configuration service providers are leveraged for VPN device compliance.
@@ -90,14 +85,12 @@ See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/clien
 
 - [Azure Active Directory conditional access](/azure/active-directory/conditional-access/overview)
 - [Getting started with Azure Active Directory Conditional Access](/azure/active-directory/authentication/tutorial-enable-azure-mfa)
-- [Control the health of Windows 10-based devices](../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
-- Control the health of Windows 11-based devices
+- [Control the health of Windows devices](../../../threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 1)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 2)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-2)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 3)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-3)
 - [Tip of the Day: The Conditional Access Framework and Device Compliance for VPN (Part 4)](/archive/blogs/tip_of_the_day/tip-of-the-day-the-conditional-access-framework-and-device-compliance-for-vpn-part-4)
 
-
 ## Related topics
 - [VPN technical guide](vpn-guide.md)
 - [VPN connection types](vpn-connection-type.md)
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md b/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md
new file mode 100644
index 0000000000..686ae5380b
--- /dev/null
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-connection-type.md
@@ -0,0 +1,57 @@
+---
+title: VPN connection types (Windows 10 and Windows 11)
+description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured.
+ms.date: 05/24/2022
+ms.topic: conceptual
+---
+
+# VPN connection types
+
+VPNs are point-to-point connections across a private or public network, like the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called *tunneling protocols*, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization's private network.
+
+There are many options for VPN clients. In Windows, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This article focuses on the Windows VPN platform clients and the features that can be configured.
+
+![VPN connection types.](images/vpn-connection.png)
+
+## Built-in VPN client
+
+Tunneling protocols:
+- [Internet Key Exchange version 2 (IKEv2)](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687731(v=ws.10)): configure the IPsec/IKE tunnel cryptographic properties using the **Cryptography Suite** setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
+- [L2TP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687761(v=ws.10)): L2TP with pre-shared key (PSK) authentication can be configured using the **L2tpPsk** setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
+- [PPTP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687676(v=ws.10))
+- [SSTP](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ff687819(v=ws.10)): SSTP can't be configured using MDM, but it's one of the protocols attempted in the **Automatic** option
+    > [!NOTE]
+    > When a VPN plug-in is used, the adapter will be listed as an SSTP adapter, even though the VPN protocol used is the plug-in's protocol.
+
+- Automatic: the **Automatic** option means that the device tries each of the built-in tunneling protocols until one succeeds. It attempts from most secure to least secure. Configure **Automatic** for the **NativeProtocolType** setting in the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp).
+
+## Universal Windows Platform VPN plug-in
+
+Using the UWP platform, third-party VPN providers can create app-containerized plug-ins using WinRT APIs, eliminating the complexity and problems often associated with writing to system-level drivers.
+
+There are many Universal Windows Platform VPN applications, such as Pulse Secure, Cisco AnyConnect, F5 Access, Sonicwall Mobile Connect, and Check Point Capsule. If you want to use a UWP VPN plug-in, work with your vendor for any custom settings needed to configure your VPN solution.
+
+## Configure connection type
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+The following image shows connection options in a VPN Profile configuration policy using Microsoft Intune:
+
+> [!div class="mx-imgBorder"]
+> ![Available connection types.](images/vpn-connection-intune.png)
+
+In Intune, you can also include custom XML for third-party plug-in profiles:
+
+> [!div class="mx-imgBorder"]
+> ![Custom XML.](images/vpn-custom-xml-intune.png)
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN routing decisions](vpn-routing.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN name resolution](vpn-name-resolution.md)
+- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
+- [VPN security features](vpn-security-features.md)
+- [VPN profile options](vpn-profile-options.md)
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/operating-system-security/network-security/vpn/vpn-guide.md
similarity index 58%
rename from windows/security/identity-protection/vpn/vpn-guide.md
rename to windows/security/operating-system-security/network-security/vpn/vpn-guide.md
index e0cf600ecb..66e09e5a4c 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-guide.md
@@ -1,20 +1,20 @@
 ---
-title: Windows VPN technical guide 
-description: Learn about decisions to make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment.
-ms.date: 02/21/2022
+title: Windows VPN technical guide
+description: Learn how to plan and configure Windows devices for your organization's VPN solution.
+ms.date: 05/24/2023
 ms.topic: conceptual
 ---
 
 # Windows VPN technical guide
 
-This guide will walk you through the decisions you will make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11.
+This guide walks you through the decisions to make for Windows clients in your organization's VPN solution, and how to configure your devices. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune.
 
-To create a Windows 10 VPN device configuration profile see: [Windows 10 and Windows Holographic device settings to add VPN connections using Intune](/mem/intune/configuration/vpn-settings-windows-10).
+To create a Windows VPN device configuration profile see: [Windows device settings to add VPN connections using Intune](/mem/intune/configuration/vpn-settings-windows-10).
 
 > [!NOTE]
 > This guide does not explain server deployment.
 
-[!INCLUDE [virtual-private-network-vpn](../../../../includes/licensing/virtual-private-network-vpn.md)]
+[!INCLUDE [virtual-private-network-vpn](../../../../../includes/licensing/virtual-private-network-vpn.md)]
 
 ## In this guide
 
@@ -29,7 +29,6 @@ To create a Windows 10 VPN device configuration profile see: [Windows 10 and Win
 | [VPN security features](vpn-security-features.md)  | Configure traffic filtering, connect a VPN profile to Windows Information Protection (WIP), and more |
 | [VPN profile options](vpn-profile-options.md)  | Combine settings into single VPN profile using XML |
 
-
 ## Learn more
 
 - [Create VPN profiles to connect to VPN servers in Intune](/mem/intune/configuration/vpn-settings-configure)
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md b/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md
new file mode 100644
index 0000000000..406f11946c
--- /dev/null
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-name-resolution.md
@@ -0,0 +1,71 @@
+---
+title: VPN name resolution
+description: Learn how name resolution works when using a VPN connection.
+ms.date: 05/24/2023
+ms.topic: conceptual
+---
+
+# VPN name resolution
+
+When the VPN client establishes a connection, it receives an IP address and, optionally, the IP address of one or more DNS servers.
+
+The name resolution setting in the VPN profile determines how name resolution works on the system when the VPN connection is established:
+
+1. The network stack looks at the Name Resolution Policy table (NRPT) for any matches, and tries a resolution if a match is found
+1. If no match is found, the DNS suffix on the most preferred interface based on the interface metric is appended to the name (if a short name is used). A DNS query is sent to the preferred interface
+1. If the query times out, the DNS suffix search list is used in order and DNS queries are sent on all interfaces
+
+## Name Resolution Policy table (NRPT)
+
+The NRPT is a table of namespaces that determines the DNS client's behavior when issuing name resolution queries and processing responses. It's the first place that the stack will look after the DNSCache.
+
+There are three types of name matches that can  set up for NRPT:
+
+- Fully qualified domain name (FQDN) that can be used for direct matching to a name
+- Suffix match results in either a comparison of suffixes (for FQDN resolution) or the appending of the suffix (if using short name)
+- Any resolution should attempt to first resolve with the proxy server/DNS server with this entry
+
+NRPT is set using the `VPNv2/<ProfileName>/DomainNameInformationList` node of the [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp). You can use the same node to configure a Web proxy server or DNS.
+
+To learn more about NRPT, see [Introduction to the NRPT](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee649207(v=ws.10)).
+
+## DNS suffix
+
+The DNS suffix setting is used to configure the primary DNS suffix for the VPN interface and the suffix search list after the VPN connection is established.
+
+Primary DNS suffix is set using the `VPNv2/<ProfileName>/DnsSuffix` node.
+
+[Learn more about primaryDNS suffix](/previous-versions/windows/it-pro/windows-2000-server/cc959611(v=technet.10))
+
+## Persistent name resolution rules
+
+You can configure *persistent* name resolution rules. Name resolution for the specified items is done over the VPN.
+
+Persistent name resolution is set using the `VPNv2/<ProfileName>/DomainNameInformationList/<dniRowId>/Persistent` node.
+
+## Configure name resolution
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+The following image shows name resolution options in a VPN Profile configuration policy using Microsoft Intune.
+
+:::image type="content" source="images/vpn-name-intune.png" alt-text="Creation of VPN profile in Intune: DNS options." lightbox="images/vpn-name-intune.png":::
+
+The fields in **Add or edit DNS rule** in the Intune profile correspond to the XML settings shown in the following table.
+
+| Field | XML |
+| --- | --- |
+| **Name** | **VPNv2/*ProfileName*/DomainNameInformationList/*dniRowId*/DomainName**  |
+| **Servers (comma separated)** | **VPNv2/*ProfileName*/DomainNameInformationList/*dniRowId*/DnsServers**  |
+| **Proxy server** |  **VPNv2/*ProfileName*/DomainNameInformationList/*dniRowId*/WebServers**  |
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN connection types](vpn-connection-type.md)
+- [VPN routing decisions](vpn-routing.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
+- [VPN security features](vpn-security-features.md)
+- [VPN profile options](vpn-profile-options.md)
\ No newline at end of file
diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md
similarity index 86%
rename from windows/security/identity-protection/vpn/vpn-office-365-optimization.md
rename to windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md
index 8eb30c7bce..8a1774472f 100644
--- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-office-365-optimization.md
@@ -1,17 +1,17 @@
 ---
-title: Optimizing Office 365 traffic for remote workers with the native Windows VPN client
-description: Learn how to optimize Office 365 traffic for remote workers with the native Windows VPN client
+title: Optimize Microsoft 365 traffic for remote workers with the Windows VPN client
+description: Learn how to optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 ms.topic: article
-ms.date: 09/23/2021
+ms.date: 05/24/2023
 ---
-# Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client
+# Optimize Microsoft 365 traffic for remote workers with the Windows VPN client
 
-This article describes how to configure the recommendations in the article [Optimize Office 365 connectivity for remote users using VPN split tunneling](/office365/enterprise/office-365-vpn-split-tunnel) for the *native Windows 10 and Windows 11 VPN client*. This guidance enables VPN administrators to optimize Office 365 usage while still ensuring that all other traffic goes over the VPN connection and through existing security gateways and tooling.
+This article describes how to configure the recommendations in the article [VPN split tunneling for Microsoft 365](/microsoft-365/enterprise/microsoft-365-vpn-split-tunnel) for the Windows VPN client. This guidance enables VPN administrators to optimize Microsoft 365 usage while ensuring that all other traffic goes over the VPN connection and through existing security gateways or tooling.
 
-This can be achieved for the native/built-in Windows 10 and Windows 11 VPN client using a _Force Tunneling with Exclusions_ approach. This allows you to define IP-based exclusions *even when using force tunneling* in order to "split" certain traffic to use the physical interface while still forcing all other traffic via the VPN interface. Traffic addressed to specifically defined destinations (like those listed in the Office 365 optimize categories) will therefore follow a much more direct and efficient path, without the need to traverse or "hairpin" via the VPN tunnel and back out of the corporate network. For cloud-services like Office 365, this makes a huge difference in performance and usability for remote users.
+The recommendations can be implemented for the built-in Windows VPN client using a *Force Tunneling with Exclusions* approach, defining IP-based exclusions even when using *force tunneling*. Certain traffic can be *split* to use the physical interface, while still forcing all other traffic via the VPN interface. Traffic addressed to defined destinations (like those listed in the Microsoft 365 optimized categories) follows a much more direct and efficient path, without the need to traverse or *hairpin* via the VPN tunnel and back out of the organization's network. For cloud-services like Microsoft 365, this makes a significant difference in performance and usability for remote users.
 
 > [!NOTE]
-> The term _force tunneling with exclusions_ is sometimes confusingly called "split tunnels" by other vendors and in some online documentation. For Windows 10 and Windows 11 VPN, the term _split tunneling_ is defined differently as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration).
+> The term *force tunneling with exclusions* is sometimes confusingly called *split tunnels* by other vendors and in some online documentation. For Windows VPN, the term *split tunneling* is defined differently, as described in the article [VPN routing decisions](./vpn-routing.md#split-tunnel-configuration).
 
 ## Solution Overview
 
@@ -35,9 +35,9 @@ In order to define specific force tunnel exclusions, you then need to add the fo
 </Route>
 ```
 
-Entries defined by the `[IP Addresses or Subnet]` and `[IP Prefix]` references will consequently be added to the routing table as _more specific route entries_ that will use the Internet-connected interface as the default gateway, as opposed to using the VPN interface. You will need to define a unique and separate `<Route></Route>` section for each required exclusion.
+Entries defined by the `[IP Addresses or Subnet]` and `[IP Prefix]` references will consequently be added to the routing table as _more specific route entries_ that will use the Internet-connected interface as the default gateway, as opposed to using the VPN interface. You must define a unique and separate `<Route></Route>` section for each required exclusion.
 
-An example of a correctly formatted Profile XML configuration for force tunnel with exclusions is shown below:
+An example of a correctly formatted Profile XML configuration for force tunnel with exclusions is the following:
 
 ```xml
 <VPNProfile>
@@ -62,11 +62,11 @@ An example of a correctly formatted Profile XML configuration for force tunnel w
 
 ## Solution Deployment
 
-For Office 365, it is therefore necessary to add exclusions for all IP addresses documented within the optimize categories described in [Office 365 URLs and IP address ranges](/office365/enterprise/urls-and-ip-address-ranges) to ensure that they are excluded from VPN force tunneling.
+For Microsoft 365, it's therefore necessary to add exclusions for all IP addresses documented within the optimize categories described in [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) to ensure that they're excluded from VPN force tunneling.
 
 This can be achieved manually by adding the IP addresses defined within the *optimize* category entries to an existing Profile XML (or script) file, or alternatively the following script can be used which dynamically adds the required entries to an existing PowerShell script, or XML file, based upon directly querying the REST-based web service to ensure the correct IP address ranges are always used.
 
-An example of a PowerShell script that can be used to update a force tunnel VPN connection with Office 365 exclusions is provided below.
+An example of a PowerShell script that can be used to update a force tunnel VPN connection with Microsoft 365 exclusions is provided below.
 
 ```powershell
 # Copyright (c) Microsoft Corporation.  All rights reserved.
@@ -79,9 +79,9 @@ An example of a PowerShell script that can be used to update a force tunnel VPN
 
 <#
 .SYNOPSIS
-    Applies or updates recommended Office 365 optimize IP address exclusions to an existing force tunnel Windows 10 and Windows 11 VPN profile
+    Applies or updates recommended Microsoft 365 optimize IP address exclusions to an existing force tunnel Windows 10 and Windows 11 VPN profile
 .DESCRIPTION
-    Connects to the Office 365 worldwide commercial service instance endpoints to obtain the latest published IP address ranges
+    Connects to the Microsoft 365 worldwide commercial service instance endpoints to obtain the latest published IP address ranges
     Compares the optimized IP addresses with those contained in the supplied VPN Profile (PowerShell or XML file)
     Adds or updates IP addresses as necessary and saves the resultant file with "-NEW" appended to the file name
 .PARAMETERS
@@ -170,7 +170,7 @@ if ( $VPNprofilefile -ne "" -and $FileExtension -eq ".ps1")
     }
 }
 
-# Define Office 365 endpoints and service URLs #
+# Define Microsoft 365 endpoints and service URLs #
 $ws = "https://endpoints.office.com"
 $baseServiceUrl = "https://endpoints.office.com"
 
@@ -198,7 +198,7 @@ if ($version[0].latest -gt $lastVersion)
 {
 
     Write-Host
-    Write-Host "A new version of Office 365 worldwide commercial service instance endpoints has been detected!" -ForegroundColor Cyan
+    Write-Host "A new version of Microsoft 365 worldwide commercial service instance endpoints has been detected!" -ForegroundColor Cyan
 
     # Write the new version number to the data file #
     @($clientRequestId, $version[0].latest) | Out-File $datapath
@@ -415,29 +415,13 @@ if ($VPNprofilefile -ne "" -and $FileExtension -eq ".xml")
 }
 ```
 
-## Version Support
-
-This solution is supported with the following versions of Windows:
-
-- Windows 11
-- Windows 10 1903/1909 and newer: Included, no action needed
-- Windows 10 1809: At least [KB4490481](https://support.microsoft.com/help/4490481/windows-10-update-kb4490481)
-- Windows 10 1803: At least [KB4493437](https://support.microsoft.com/help/4493437/windows-10-update-kb4493437)
-- Windows 10 1709 and lower: Exclusion routes are not supported
-
-- Windows 10 Enterprise 2019 LTSC: At least [KB4490481](https://support.microsoft.com/help/4490481/windows-10-update-kb4490481)
-- Windows 10 Enterprise 2016 LTSC: Exclusion routes are not supported
-- Windows 10 Enterprise 2015 LTSC: Exclusion routes are not supported
-
-Microsoft strongly recommends that the latest available Windows 10 cumulative update always be applied.
-
 ## Other Considerations
 
 You should also be able to adapt this approach to include necessary exclusions for other cloud-services that can be defined by known/static IP addresses; exclusions required for [Cisco WebEx](https://help.webex.com/WBX000028782/Network-Requirements-for-Webex-Teams-Services) or [Zoom](https://support.zoom.us/hc/en-us/articles/201362683) are good examples.
 
 ## Examples
 
-An example of a PowerShell script that can be used to create a force tunnel VPN connection with Office 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial PowerShell script:
+An example of a PowerShell script that can be used to create a force tunnel VPN connection with Microsoft 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial PowerShell script:
 
 ```powershell
 # Copyright (c) Microsoft Corporation.  All rights reserved.
@@ -462,7 +446,7 @@ An example of a PowerShell script that can be used to create a force tunnel VPN
 #>
 
 <#-- Define Key VPN Profile Parameters --#>
-$ProfileName = 'Contoso VPN with Office 365 Exclusions'
+$ProfileName = 'Contoso VPN with Microsoft 365 Exclusions'
 $ProfileNameEscaped = $ProfileName -replace ' ', '%20'
 
 <#-- Define VPN ProfileXML --#>
@@ -656,7 +640,7 @@ Write-Host "$Message"
 
 ```
 
-An example of an [Intune-ready XML file](./vpn-profile-options.md#apply-profilexml-using-intune) that can be used to create a force tunnel VPN connection with Office 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial XML file.
+An example of an [Intune-ready XML file](./vpn-profile-options.md#apply-profilexml-using-intune) that can be used to create a force tunnel VPN connection with Microsoft 365 exclusions is provided below, or refer to the guidance in [Create the ProfileXML configuration files](/windows-server/remote/remote-access/vpn/always-on-vpn/deploy/vpn-deploy-client-vpn-connections#create-the-profilexml-configuration-files) to create the initial XML file.
 
 >[!NOTE]
 >This XML is formatted for use with Intune and cannot contain any carriage returns or whitespace.
diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md
similarity index 100%
rename from windows/security/identity-protection/vpn/vpn-profile-options.md
rename to windows/security/operating-system-security/network-security/vpn/vpn-profile-options.md
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-routing.md b/windows/security/operating-system-security/network-security/vpn/vpn-routing.md
new file mode 100644
index 0000000000..6931f683fd
--- /dev/null
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-routing.md
@@ -0,0 +1,55 @@
+---
+ms.date: 05/24/2023
+title: VPN routing decisions
+description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
+ms.topic: conceptual
+---
+# VPN routing decisions
+
+Network routes are required for the stack to understand which interface to use for outbound traffic. One of the most important decision points for VPN configuration is whether you want to send all the data through VPN (*force tunnel*) or only some data through the VPN (*split tunnel*). The decision impacts the configuration, capacity planning, and security expectations from the connection.
+
+## Split tunnel configuration
+
+In a split tunnel configuration, routes can be specified to go over VPN and all other traffic will go over the physical interface.
+
+Routes can be configured using the `VPNv2/<ProfileName>/RouteList` setting in the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
+
+For each route item in the list, you can configure the following options:
+
+- **Address**: `VPNv2/<ProfileName>/RouteList/<routeRowId>/Address`
+- **Prefix size**: `VPNv2/<ProfileName>/RouteList/<routeRowId>/Prefix`
+- **Exclusion route**: V`VPNv2/<ProfileName>/RouteList/<routeRowId>/ExclusionRoute`
+
+With Windows VPN, you can specify exclusion routes that shouldn't go over the physical interface.
+
+Routes can also be added at connect time through the server for UWP VPN apps.  
+
+## Force tunnel configuration
+
+In a force tunnel configuration, all traffic will go over VPN. Force tunnel is the default configuration, and takes effect when no routes are specified.
+
+The only implication of force tunnel is the manipulation of routing entries: VPN V4 and V6 default routes (for example *0.0.0.0/0*) are added to the routing table with a lower metric than ones for other interfaces. This configuration sends traffic through the VPN as long as there isn't a specific route on the physical interface:
+
+- For built-in VPN, the decision is controlled using the MDM setting `VPNv2/ProfileName/NativeProfile/RoutingPolicyType`
+- For a UWP VPN plug-in, the app controls the property. If the VPN plug-in indicates the default route for IPv4 and IPv6 as the only two Inclusion routes, the VPN platform marks the connection as Force Tunneled
+
+## Configure routing
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+When you configure a VPN profile in Microsoft Intune, you can enable split tunnel configuration:
+
+![split tunnel.](images/vpn-split.png)
+
+Once enabled, you can add the routes that should use the VPN connection.
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN connection types](vpn-connection-type.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN name resolution](vpn-name-resolution.md)
+- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
+- [VPN security features](vpn-security-features.md)
+- [VPN profile options](vpn-profile-options.md)
\ No newline at end of file
diff --git a/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md b/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md
new file mode 100644
index 0000000000..4c7d2f87b4
--- /dev/null
+++ b/windows/security/operating-system-security/network-security/vpn/vpn-security-features.md
@@ -0,0 +1,68 @@
+---
+title: VPN security features
+description: Learn about security features for VPN, including LockDown VPN and traffic filters.
+ms.date: 05/24/2023
+ms.topic: conceptual
+---
+
+# VPN security features
+
+## Hyper-V based containers and VPN
+
+Windows supports different kinds of Hyper-V based containers, like Microsoft Defender Application Guard and Windows Sandbox. When you use a third party VPN solution, the Hyper-V based containers may not be able to seamlessly connect to the internet, and configuration changes may be needed to resolve connectivity issues.
+
+For example, read about the workaround for Cisco AnyConnect VPN: [Cisco AnyConnect Secure Mobility Client Administrator Guide: Connectivity issues with VM-based subsystems](https://www.cisco.com/c/en/us/td/docs/security/vpn_client/anyconnect/anyconnect410/administration/guide/b-anyconnect-admin-guide-4-10/troubleshoot-anyconnect.html#Cisco_Task_in_List_GUI.dita_3a9a8101-f034-4e9b-b24a-486ee47b5e9f).
+
+## Traffic Filters
+
+Traffic Filters enables organizations to decide what traffic is allowed into the corporate network based on policy. IT admins can use Traffic Filters to apply interface-specific firewall rules to the VPN Interface.
+
+There are two types of Traffic Filter rules:
+
+- **App-based rules** consist of a list of applications that can be marked to only allow traffic originating from the apps to the VPN interface
+- **Traffic-based rules** consist of 5-tuple policies (ports, addresses, protocol) that can be specified to only allow traffic matching the rules to go through the VPN interface
+
+There can be sets of rules linked by *OR*. Within each set, there can be app-based rules and traffic-based rules.\
+All the properties within the set are linked by *AND*. The rules can be applied at a per-app level or a per-device level.
+
+For example, an IT admin could define rules that specify:
+
+- An *HR App* is allowed to go through the VPN and only access port *4545*
+- The *Finance apps* are allowed to through the VPN and only access the Remote IP ranges of *10.10.0.40 - 10.10.0.201* on port *5889*
+- All other apps on the device can only access ports *80* or *443*
+
+## Configure traffic filters
+
+See [VPN profile options](vpn-profile-options.md) and [VPNv2 CSP](/windows/client-management/mdm/vpnv2-csp) for XML configuration.
+
+The following image shows the interface to configure traffic rules in a VPN Profile configuration policy, using Microsoft Intune.
+
+:::image type="content" source="images/vpn-traffic-rules.png" alt-text="VPN profile creation from Microsoft Intune admin center." lightbox="images/vpn-traffic-rules.png":::
+
+## LockDown VPN
+
+A VPN profile configured with LockDown secures the device to only allow network traffic over the VPN interface. It has the following features:
+
+- The system attempts to always keep the VPN connected
+- The user can't disconnect the VPN connection
+- The user can't delete or modify the VPN profile
+- The VPN LockDown profile uses forced tunnel connection
+- If the VPN connection isn't available, outbound network traffic is blocked
+- Only one VPN LockDown profile is allowed on a device
+
+> [!NOTE]
+> For built-in VPN, LockDown VPN is only available for the Internet Key Exchange version 2 (IKEv2) connection type.
+
+> [!CAUTION]
+> Be careful when deploying LockDown VPN, as the resultant connection won't be able to send or receive any network traffic without the VPN connection being established.
+
+## Related articles
+
+- [VPN technical guide](vpn-guide.md)
+- [VPN connection types](vpn-connection-type.md)
+- [VPN routing decisions](vpn-routing.md)
+- [VPN authentication options](vpn-authentication.md)
+- [VPN and conditional access](vpn-conditional-access.md)
+- [VPN name resolution](vpn-name-resolution.md)
+- [VPN auto-triggered profile options](vpn-auto-trigger-profile.md)
+- [VPN profile options](vpn-profile-options.md)
diff --git a/windows/security/operating-system-security/network-security/windows-firewall/TOC.yml b/windows/security/operating-system-security/network-security/windows-firewall/TOC.yml
new file mode 100644
index 0000000000..6057d602da
--- /dev/null
+++ b/windows/security/operating-system-security/network-security/windows-firewall/TOC.yml
@@ -0,0 +1,252 @@
+items:
+  - name: Overview
+    href: windows-firewall-with-advanced-security.md
+  - name: Plan deployment
+    items: 
+      - name: Design guide
+        href: windows-firewall-with-advanced-security-design-guide.md
+      - name: Design process
+        href: understanding-the-windows-firewall-with-advanced-security-design-process.md
+      - name: Implementation goals
+        items: 
+          - name: Identify implementation goals
+            href: identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+          - name: Protect devices from unwanted network traffic
+            href: protect-devices-from-unwanted-network-traffic.md
+          - name: Restrict access to only trusted devices
+            href: restrict-access-to-only-trusted-devices.md
+          - name: Require encryption
+            href: require-encryption-when-accessing-sensitive-network-resources.md
+          - name: Restrict access
+            href: restrict-access-to-only-specified-users-or-devices.md
+      - name: Implementation designs
+        items: 
+          - name: Mapping goals to a design
+            href: mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+          - name: Basic firewall design
+            href: basic-firewall-policy-design.md
+            items: 
+              - name: Basic firewall design example
+                href: firewall-policy-design-example.md
+          - name: Domain isolation design
+            href: domain-isolation-policy-design.md
+            items: 
+              - name: Domain isolation design example
+                href: domain-isolation-policy-design-example.md
+          - name: Server isolation design
+            href: server-isolation-policy-design.md
+            items: 
+              - name: Server Isolation design example
+                href: server-isolation-policy-design-example.md
+          - name: Certificate-based isolation design
+            href: certificate-based-isolation-policy-design.md
+            items: 
+              - name: Certificate-based Isolation design example
+                href: certificate-based-isolation-policy-design-example.md
+      - name: Design planning
+        items: 
+          - name: Planning your design
+            href: planning-your-windows-firewall-with-advanced-security-design.md
+          - name: Planning settings for a basic firewall policy
+            href: planning-settings-for-a-basic-firewall-policy.md
+          - name: Planning domain isolation zones
+            items: 
+              - name: Domain isolation zones
+                href: planning-domain-isolation-zones.md
+              - name: Exemption list
+                href: exemption-list.md
+              - name: Isolated domain
+                href: isolated-domain.md
+              - name: Boundary zone
+                href: boundary-zone.md
+              - name: Encryption zone
+                href: encryption-zone.md
+          - name: Planning server isolation zones
+            href: planning-server-isolation-zones.md
+          - name: Planning certificate-based authentication
+            href: planning-certificate-based-authentication.md
+            items: 
+              - name: Documenting the Zones
+                href: documenting-the-zones.md
+              - name: Planning group policy deployment for your isolation zones
+                href: planning-group-policy-deployment-for-your-isolation-zones.md
+                items: 
+                  - name: Planning isolation groups for the zones
+                    href: planning-isolation-groups-for-the-zones.md
+                  - name: Planning network access groups
+                    href: planning-network-access-groups.md
+                  - name: Planning the GPOs
+                    href: planning-the-gpos.md
+                    items: 
+                      - name: Firewall GPOs
+                        href: firewall-gpos.md
+                        items: 
+                          - name: GPO_DOMISO_Firewall
+                            href: gpo-domiso-firewall.md
+                      - name: Isolated domain GPOs
+                        href: isolated-domain-gpos.md
+                        items: 
+                          - name: GPO_DOMISO_IsolatedDomain_Clients
+                            href: gpo-domiso-isolateddomain-clients.md
+                          - name: GPO_DOMISO_IsolatedDomain_Servers
+                            href: gpo-domiso-isolateddomain-servers.md
+                      - name: Boundary zone GPOs
+                        href: boundary-zone-gpos.md
+                        items: 
+                          - name: GPO_DOMISO_Boundary
+                            href: gpo-domiso-boundary.md
+                      - name: Encryption zone GPOs
+                        href: encryption-zone-gpos.md
+                        items: 
+                          - name: GPO_DOMISO_Encryption
+                            href: gpo-domiso-encryption.md
+                      - name: Server isolation GPOs
+                        href: server-isolation-gpos.md
+                  - name: Planning GPO deployment
+                    href: planning-gpo-deployment.md
+      - name: Planning to deploy
+        href: planning-to-deploy-windows-firewall-with-advanced-security.md
+  - name: Deployment guide
+    items: 
+      - name: Deployment overview
+        href: windows-firewall-with-advanced-security-deployment-guide.md
+      - name: Implementing your plan
+        href: implementing-your-windows-firewall-with-advanced-security-design-plan.md
+      - name: Basic firewall deployment
+        items: 
+          - name: "Checklist: Implementing a basic firewall policy design"
+            href: checklist-implementing-a-basic-firewall-policy-design.md
+      - name: Domain isolation deployment
+        items: 
+          - name: "Checklist: Implementing a Domain Isolation Policy Design"
+            href: checklist-implementing-a-domain-isolation-policy-design.md
+      - name: Server isolation deployment
+        items: 
+          - name: "Checklist: Implementing a Standalone Server Isolation Policy Design"
+            href: checklist-implementing-a-standalone-server-isolation-policy-design.md
+      - name: Certificate-based authentication
+        items: 
+          - name: "Checklist: Implementing a Certificate-based Isolation Policy Design"
+            href: checklist-implementing-a-certificate-based-isolation-policy-design.md
+  - name: Best practices
+    items: 
+      - name: Configuring the firewall
+        href: best-practices-configuring.md
+      - name: Securing IPsec
+        href: securing-end-to-end-ipsec-connections-by-using-ikev2.md
+      - name: PowerShell
+        href: windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+      - name: Isolating Microsoft Store Apps on Your Network
+        href: isolating-apps-on-your-network.md
+  - name: How-to
+    items: 
+      - name: Add Production devices to the membership group for a zone
+        href: add-production-devices-to-the-membership-group-for-a-zone.md
+      - name: Add test devices to the membership group for a zone
+        href: add-test-devices-to-the-membership-group-for-a-zone.md
+      - name: Assign security group filters to the GPO
+        href: assign-security-group-filters-to-the-gpo.md
+      - name: Change rules from request to require mode
+        href: Change-Rules-From-Request-To-Require-Mode.Md
+      - name: Configure authentication methods
+        href: Configure-authentication-methods.md
+      - name: Configure data protection (Quick Mode) settings
+        href: configure-data-protection-quick-mode-settings.md
+      - name: Configure Group Policy to autoenroll and deploy certificates
+        href: configure-group-policy-to-autoenroll-and-deploy-certificates.md
+      - name: Configure key exchange (main mode) settings
+        href: configure-key-exchange-main-mode-settings.md
+      - name: Configure the rules to require encryption
+        href: configure-the-rules-to-require-encryption.md
+      - name: Configure the Windows Firewall log
+        href: configure-the-windows-firewall-log.md
+      - name: Configure the workstation authentication certificate template
+        href: configure-the-workstation-authentication-certificate-template.md
+      - name: Configure Windows Firewall to suppress notifications when a program is blocked
+        href: configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+      - name: Confirm that certificates are deployed correctly
+        href: confirm-that-certificates-are-deployed-correctly.md
+      - name: Copy a GPO to create a new GPO
+        href: copy-a-gpo-to-create-a-new-gpo.md
+      - name: Create a Group Account in Active Directory
+        href: create-a-group-account-in-active-directory.md
+      - name: Create a Group Policy Object
+        href: create-a-group-policy-object.md
+      - name: Create an authentication exemption list rule
+        href: create-an-authentication-exemption-list-rule.md
+      - name: Create an authentication request rule
+        href: create-an-authentication-request-rule.md
+      - name: Create an inbound ICMP rule
+        href: create-an-inbound-icmp-rule.md
+      - name: Create an inbound port rule
+        href: create-an-inbound-port-rule.md
+      - name: Create an inbound program or service rule
+        href: create-an-inbound-program-or-service-rule.md
+      - name: Create an outbound port rule
+        href: create-an-outbound-port-rule.md
+      - name: Create an outbound program or service rule
+        href: create-an-outbound-program-or-service-rule.md
+      - name: Create inbound rules to support RPC
+        href: create-inbound-rules-to-support-rpc.md
+      - name: Create WMI filters for the GPO
+        href: create-wmi-filters-for-the-gpo.md
+      - name: Create Windows Firewall rules in Intune
+        href: create-windows-firewall-rules-in-intune.md
+      - name: Enable predefined inbound rules
+        href: enable-predefined-inbound-rules.md
+      - name: Enable predefined outbound rules
+        href: enable-predefined-outbound-rules.md
+      - name: Exempt ICMP from authentication
+        href: exempt-icmp-from-authentication.md
+      - name: Link the GPO to the domain
+        href: link-the-gpo-to-the-domain.md
+      - name: Modify GPO filters
+        href: modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+      - name: Open IP security policies
+        href: open-the-group-policy-management-console-to-ip-security-policies.md
+      - name: Open Group Policy
+        href: open-the-group-policy-management-console-to-windows-firewall.md
+      - name: Open Group Policy
+        href: open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+      - name: Open Windows Firewall
+        href: open-windows-firewall-with-advanced-security.md
+      - name: Restrict server access
+        href: restrict-server-access-to-members-of-a-group-only.md
+      - name: Enable Windows Firewall
+        href: turn-on-windows-firewall-and-configure-default-behavior.md
+      - name: Verify Network Traffic
+        href: verify-that-network-traffic-is-authenticated.md
+  - name: References
+    items: 
+      - name: "Checklist: Creating Group Policy objects"
+        href: checklist-creating-group-policy-objects.md
+      - name: "Checklist: Creating inbound firewall rules"
+        href: checklist-creating-inbound-firewall-rules.md
+      - name: "Checklist: Creating outbound firewall rules"
+        href: checklist-creating-outbound-firewall-rules.md
+      - name: "Checklist: Configuring basic firewall settings"
+        href: checklist-configuring-basic-firewall-settings.md
+      - name: "Checklist: Configuring rules for the isolated domain"
+        href: checklist-configuring-rules-for-the-isolated-domain.md
+      - name: "Checklist: Configuring rules for the boundary zone"
+        href: checklist-configuring-rules-for-the-boundary-zone.md
+      - name: "Checklist: Configuring rules for the encryption zone"
+        href: checklist-configuring-rules-for-the-encryption-zone.md
+      - name: "Checklist: Configuring rules for an isolated server zone"
+        href: checklist-configuring-rules-for-an-isolated-server-zone.md
+      - name: "Checklist: Configuring rules for servers in a standalone isolated server zone"
+        href: checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+      - name: "Checklist: Creating rules for clients of a standalone isolated server zone"
+        href: checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+      - name: "Appendix A: Sample GPO template files for settings used in this guide"
+        href: appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+  - name: Troubleshooting
+    items: 
+      - name: Troubleshooting UWP app connectivity issues in Windows Firewall
+        href: troubleshooting-uwp-firewall.md
+      - name: Filter origin audit log improvements
+        href: filter-origin-documentation.md
+      - name: Quarantine behavior
+        href: quarantine.md
+      - name: Firewall settings lost on upgrade
+        href: firewall-settings-lost-on-upgrade.md
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
rename to windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
index 4e6c09ba0f..ffdc421b72 100644
--- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -4,9 +4,6 @@ description: Learn how to add production devices to the membership group for a z
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Add Production Devices to the Membership Group for a Zone
diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
similarity index 90%
rename from windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
rename to windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
index 1006cc0feb..db692b1afa 100644
--- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -4,9 +4,6 @@ description: Learn how to add devices to the group for a zone to test whether yo
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Add Test Devices to the Membership Group for a Zone
diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
rename to windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index 06b7de36b0..09b4dfb941 100644
--- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -4,9 +4,6 @@ description: Use sample template files import an XML file containing customized
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Appendix A: Sample GPO Template Files for Settings Used in this Guide
diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md
similarity index 92%
rename from windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
rename to windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md
index 54036b6480..ece353e83c 100644
--- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/assign-security-group-filters-to-the-gpo.md
@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Assign Security Group Filters to the GPO
diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design.md
similarity index 95%
rename from windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design.md
index 9463ea70dc..5733a89690 100644
--- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/basic-firewall-policy-design.md
@@ -3,9 +3,6 @@ title: Basic Firewall Policy Design
 description: Protect the devices in your organization from unwanted network traffic that gets through the perimeter defenses by using basic firewall policy design.
 ms.prod: windows-client
 ms.topic: conceptual
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md
similarity index 97%
rename from windows/security/threat-protection/windows-firewall/best-practices-configuring.md
rename to windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md
index e090a1ea53..1214df4042 100644
--- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/best-practices-configuring.md
@@ -7,9 +7,6 @@ ms.collection:
   - highpri
   - tier3
 ms.topic: article
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Best practices for configuring Windows Defender Firewall
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos.md
similarity index 87%
rename from windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
rename to windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos.md
index e503c3902f..16684e9cbd 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone-gpos.md
@@ -4,9 +4,6 @@ description: Learn about GPOs to create that must align with the group you creat
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Boundary Zone GPOs
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/boundary-zone.md
rename to windows/security/operating-system-security/network-security/windows-firewall/boundary-zone.md
index 99cc059049..36a61d385c 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/boundary-zone.md
@@ -4,9 +4,6 @@ description: Learn how a boundary zone supports devices that must receive traffi
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Boundary Zone
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
rename to windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example.md
index 8d4181c3e2..64cb140f2e 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design-example.md
@@ -4,9 +4,6 @@ description: This example uses a fictitious company to illustrate certificate-ba
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Certificate-based Isolation Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design.md
similarity index 92%
rename from windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design.md
index e3a176f9e4..1af80586c7 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/certificate-based-isolation-policy-design.md
@@ -4,9 +4,6 @@ description: Explore the methodology behind Certificate-based Isolation Policy D
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Certificate-based isolation policy design
diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode.md
similarity index 88%
rename from windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
rename to windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode.md
index 289cfadde2..12465d4121 100644
--- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/change-rules-from-request-to-require-mode.md
@@ -4,9 +4,6 @@ description: Learn how to convert a rule from request to require mode and apply
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Change Rules from Request to Require Mode
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings.md
similarity index 81%
rename from windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings.md
index 34ae3b3fed..4fb018d543 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-basic-firewall-settings.md
@@ -4,9 +4,6 @@ description: Configure Windows Firewall to set inbound and outbound behavior, di
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Basic Firewall Settings
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
index 4435b94fab..bc3c7307e6 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -4,9 +4,6 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for an Isolated Server Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
index 2f50f8e8ed..3157528b1b 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -4,9 +4,6 @@ description: Checklist Configuring Rules for Servers in a Standalone Isolated Se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
similarity index 89%
rename from windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
index d2f4c93816..e25ea92a07 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
@@ -4,9 +4,6 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for the Boundary Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
similarity index 88%
rename from windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
index f3436e0f22..50823a255b 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
@@ -4,9 +4,6 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for the Encryption Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
index 584fd5f81e..6b3a358d07 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
@@ -4,9 +4,6 @@ description: Use these tasks to configure connection security rules and IPsec se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Configuring Rules for the Isolated Domain
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects.md
index b5105b957e..82e9ed2a65 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-group-policy-objects.md
@@ -4,9 +4,6 @@ description: Learn to deploy firewall settings, IPsec settings, firewall rules,
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Creating Group Policy Objects
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules.md
similarity index 82%
rename from windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules.md
index 41ea5d2b87..38fdcd2fc4 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-inbound-firewall-rules.md
@@ -4,9 +4,6 @@ description: Use these tasks for creating inbound firewall rules in your GPOs fo
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Creating Inbound Firewall Rules
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules.md
similarity index 85%
rename from windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules.md
index cb94ff4ae0..88c2eccca0 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-outbound-firewall-rules.md
@@ -4,9 +4,6 @@ description: Use these tasks for creating outbound firewall rules in your GPOs f
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Creating Outbound Firewall Rules
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
similarity index 90%
rename from windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index b4cbe9843b..ebd45a7ede 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -4,9 +4,6 @@ description: Checklist for when creating rules for clients of a Standalone Isola
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
index 10bae186fc..7432f4448f 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
@@ -4,9 +4,6 @@ description: Follow this parent checklist for implementing a basic firewall poli
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Implementing a Basic Firewall Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
similarity index 88%
rename from windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index c36d43773f..a0fabcc4f5 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -4,9 +4,6 @@ description: Use these references to learn about using certificates as an authen
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Implementing a Certificate-based Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index 5bb405ae8f..dfd0e45e2c 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -4,9 +4,6 @@ description: Use these references to learn about the domain isolation policy des
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Implementing a Domain Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index 43fcf467ce..f015a7e0c1 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -4,9 +4,6 @@ description: Use these tasks to create a server isolation policy design that isn
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Checklist: Implementing a Standalone Server Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
rename to windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods.md
index 10f2d23af6..96a9db2d70 100644
--- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-authentication-methods.md
@@ -4,9 +4,6 @@ description: Learn how to configure authentication methods for devices in an iso
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Authentication Methods
diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
rename to windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings.md
index 09ca7ceb2c..a8f2bc0f33 100644
--- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-data-protection-quick-mode-settings.md
@@ -4,9 +4,6 @@ description: Learn how to configure the data protection settings for connection
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Data Protection (Quick Mode) Settings
diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
similarity index 85%
rename from windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
rename to windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
index f6b72c9e28..f049b2e663 100644
--- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -4,9 +4,6 @@ description: Learn how to configure Group Policy to automatically enroll client
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Group Policy to Autoenroll and Deploy Certificates
diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
rename to windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings.md
index df66d99ecc..02ffc24817 100644
--- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-key-exchange-main-mode-settings.md
@@ -4,9 +4,6 @@ description: Learn how to configure the main mode key exchange settings used to
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Key Exchange (Main Mode) Settings
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
rename to windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption.md
index b5da118733..ce9b0f15ce 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-rules-to-require-encryption.md
@@ -4,9 +4,6 @@ description: Learn how to configure rules to add encryption algorithms and delet
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure the Rules to Require Encryption
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
similarity index 90%
rename from windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
rename to windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
index 86e32c4f6c..2912122082 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-windows-firewall-log.md
@@ -4,9 +4,6 @@ description: Learn how to configure Windows Defender Firewall with Advanced Secu
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure the Windows Defender Firewall with Advanced Security Log
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template.md
similarity index 90%
rename from windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
rename to windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template.md
index 8d6c61b49a..fe9d417849 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-the-workstation-authentication-certificate-template.md
@@ -3,9 +3,6 @@ title: Configure the Workstation Authentication Template
 description: Learn how to configure a workstation authentication certificate template, which is used for device certificates that are enrolled and deployed to workstations.
 ms.prod: windows-client
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.topic: conceptual
 ---
 
diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
similarity index 89%
rename from windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
rename to windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
index 85bc81d634..fe75296fec 100644
--- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -4,9 +4,6 @@ description: Configure Windows Defender Firewall with Advanced Security to suppr
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program Is Blocked
diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
similarity index 83%
rename from windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
rename to windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
index 6bbc94a956..dcca043129 100644
--- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
@@ -4,9 +4,6 @@ description: Learn how to confirm that a Group Policy is being applied as expect
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 01/24/2023
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Confirm That Certificates Are Deployed Correctly
diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
similarity index 89%
rename from windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
rename to windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
index 16e502775b..2493780e6b 100644
--- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
@@ -4,9 +4,6 @@ description: Learn how to make a copy of a GPO by using the Active Directory Use
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Copy a GPO to Create a New GPO
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory.md
similarity index 85%
rename from windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory.md
index 3a5455b08b..e323d44596 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-account-in-active-directory.md
@@ -4,9 +4,6 @@ description: Learn how to create a security group for the computers that are to
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create a Group Account in Active Directory
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md
similarity index 83%
rename from windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md
index 13c39985d6..f5c4d18144 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-a-group-policy-object.md
@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create a Group Policy Object
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule.md
similarity index 92%
rename from windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule.md
index 78727f64cd..76f020233e 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-exemption-list-rule.md
@@ -4,9 +4,6 @@ description: Learn how to create rules that exempt devices that cannot communica
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Authentication Exemption List Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule.md
similarity index 95%
rename from windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule.md
index 455b26bd3b..488578107f 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-an-authentication-request-rule.md
@@ -4,9 +4,6 @@ description: Create a new rule for Windows Defender Firewall with Advanced Secur
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Authentication Request Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule.md
similarity index 90%
rename from windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule.md
index ab1136782f..b62a240cdb 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-icmp-rule.md
@@ -4,9 +4,6 @@ description: Learn how to allow inbound ICMP traffic by using the Group Policy M
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Inbound ICMP Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md
index a229006008..7ccafddaa2 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-port-rule.md
@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Inbound Port Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule.md
index 05cd98a82b..0e3d5bd0c6 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-an-inbound-program-or-service-rule.md
@@ -4,9 +4,6 @@ description: Learn how to allow inbound traffic to a program or service by using
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Inbound Program or Service Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule.md
similarity index 90%
rename from windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule.md
index 30aafada51..a014376a16 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-port-rule.md
@@ -4,9 +4,6 @@ description: Learn to block outbound traffic on a port by using the Group Policy
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Outbound Port Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule.md
similarity index 92%
rename from windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule.md
index 21844afb19..7893448184 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-an-outbound-program-or-service-rule.md
@@ -4,9 +4,6 @@ description: Use the Windows Defender Firewall with Advanced Security node in th
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create an Outbound Program or Service Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc.md
index 0b0e40257f..e153527fbc 100644
--- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-inbound-rules-to-support-rpc.md
@@ -4,9 +4,6 @@ description: Learn how to allow RPC network traffic by using the Group Policy Ma
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create Inbound Rules to Support RPC
diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune.md
index be5cb1ce35..f2316edf7e 100644
--- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-windows-firewall-rules-in-intune.md
@@ -3,9 +3,6 @@ title: Create Windows Firewall rules in Intune
 description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security. Start by creating a profile in Device Configuration in Intune.
 ms.prod: windows-client
 ms.topic: conceptual
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
rename to windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md
index b6eebdff60..08c06d4796 100644
--- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/create-wmi-filters-for-the-gpo.md
@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Create WMI Filters for the GPO
diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
rename to windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
index 2101a8c800..197d05a733 100644
--- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -4,9 +4,6 @@ description: Answer the question in this article to design an effective Windows
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Designing a Windows Defender Firewall with Advanced Security Strategy
diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices.md
similarity index 97%
rename from windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
rename to windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices.md
index 88226072e6..62d1fcb8d8 100644
--- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/determining-the-trusted-state-of-your-devices.md
@@ -4,9 +4,6 @@ description: Learn how to define the trusted state of devices in your enterprise
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Determining the Trusted State of Your Devices
diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones.md
similarity index 84%
rename from windows/security/threat-protection/windows-firewall/documenting-the-zones.md
rename to windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones.md
index ffee0dad21..16cb030c90 100644
--- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/documenting-the-zones.md
@@ -4,9 +4,6 @@ description: Learn how to document the zone placement of devices in your design
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Documenting the Zones
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example.md
similarity index 95%
rename from windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
rename to windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example.md
index cc624fb330..c01ba555ff 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design-example.md
@@ -4,9 +4,6 @@ description: This example uses a fictitious company to illustrate domain isolati
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Domain Isolation Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design.md
similarity index 95%
rename from windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design.md
index 426ddd9ca4..abb10fe004 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/domain-isolation-policy-design.md
@@ -4,9 +4,6 @@ description: Learn how to design a domain isolation policy, based on which devic
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Domain Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules.md
similarity index 86%
rename from windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
rename to windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules.md
index 3f25a361d4..68f91e5710 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-inbound-rules.md
@@ -4,9 +4,6 @@ description: Learn the rules for Windows Defender Firewall with Advanced Securit
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Enable Predefined Inbound Rules
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules.md
similarity index 87%
rename from windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
rename to windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules.md
index 58225950d0..69eaebf470 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/enable-predefined-outbound-rules.md
@@ -4,9 +4,6 @@ description: Learn to deploy predefined firewall rules that block outbound netwo
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/07/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Enable Predefined Outbound Rules
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos.md
similarity index 78%
rename from windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
rename to windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos.md
index 90f48de3cc..eb9e6e58ad 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone-gpos.md
@@ -4,9 +4,6 @@ description: Learn how to add a device to an encryption zone by adding the devic
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Encryption Zone GPOs
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/encryption-zone.md
rename to windows/security/operating-system-security/network-security/windows-firewall/encryption-zone.md
index e97b34c08b..b421043953 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/encryption-zone.md
@@ -4,9 +4,6 @@ description: Learn how to create an encryption zone to contain devices that host
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Encryption Zone
diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication.md
similarity index 77%
rename from windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
rename to windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication.md
index 706b894f73..572b3283f3 100644
--- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/exempt-icmp-from-authentication.md
@@ -4,9 +4,6 @@ description: Learn how to add exemptions for any network traffic that uses the I
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Exempt ICMP from Authentication
diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/operating-system-security/network-security/windows-firewall/exemption-list.md
similarity index 92%
rename from windows/security/threat-protection/windows-firewall/exemption-list.md
rename to windows/security/operating-system-security/network-security/windows-firewall/exemption-list.md
index 0f8eb6931a..cb0b5ee9e1 100644
--- a/windows/security/threat-protection/windows-firewall/exemption-list.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/exemption-list.md
@@ -4,9 +4,6 @@ description: Learn about reasons to add devices to an exemption list in Windows
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Exemption List
diff --git a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
similarity index 89%
rename from windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
rename to windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
index 5b4fbe6b78..ba08eadadb 100644
--- a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/filter-origin-documentation.md
@@ -3,9 +3,6 @@ title: Filter origin audit log improvements
 description: Filter origin documentation audit log improvements
 ms.prod: windows-client
 ms.topic: troubleshooting
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.date: 12/31/2017
 ---
 
@@ -29,19 +26,19 @@ The blocking filters can be categorized under these filter origins:
 
 2. Firewall default block filters
 
-    a.	AppContainer loopback
+    a.    AppContainer loopback
     
-    b.	Boottime default
+    b.    Boottime default
     
-    c.	Quarantine default
+    c.    Quarantine default
     
-    d.	Query user default
+    d.    Query user default
     
-    e.	Stealth
+    e.    Stealth
     
-    f.	Universal Windows Platform (UWP) default
+    f.    Universal Windows Platform (UWP) default
     
-    g.	Windows Service Hardening (WSH) default
+    g.    Windows Service Hardening (WSH) default
 
 The next section describes the improvements made to audits 5157 and 5152, and how the above filter origins are used in these events. These improvements were added in the Windows Server 2022 and Windows 11 releases.
  
@@ -59,8 +56,8 @@ To enable a specific audit event, run the corresponding command in an administra
 
 |**Audit #**|**Enable command**|**Link**|
 |:-----|:-----|:-----|
-|**5157**|`Auditpol /set /category:"System" /SubCategory:"Filtering Platform Connection" /success:enable /failure:enable`|[5157(F): The Windows Filtering Platform has blocked a connection.](../auditing/event-5157.md)|
-|**5152**|`Auditpol /set /category:"System" /SubCategory:"Filtering Platform Packet Drop" /success:enable /failure:enable`|[5152(F): The Windows Filtering Platform blocked a packet.](../auditing/event-5152.md)|
+|**5157**|`Auditpol /set /category:"System" /SubCategory:"Filtering Platform Connection" /success:enable /failure:enable`|[5157(F): The Windows Filtering Platform has blocked a connection.](../../../threat-protection/auditing/event-5157.md)|
+|**5152**|`Auditpol /set /category:"System" /SubCategory:"Filtering Platform Packet Drop" /success:enable /failure:enable`|[5152(F): The Windows Filtering Platform blocked a packet.](../../../threat-protection/auditing/event-5152.md)|
 
 ## Example flow of debugging packet drops with filter origin 
 
@@ -75,13 +72,13 @@ The next sections are divided by `Filter Origin` type, the value is either a rul
 Run the following PowerShell command to generate the rule information using `Filter Origin`. 
 
 ```Powershell
-Get-NetFirewallRule -Name “<Filter Origin>”
+Get-NetFirewallRule -Name "<Filter Origin>"
 Get-NetFirewallRule -Name " {A549B7CF-0542-4B67-93F9-EEBCDD584377} "
 ```
 
 ![Firewall rule.](images/firewallrule.png)
 
-After identifying the rule that caused the drop, the network admin can now modify/disable the rule to allow the traffic they want through command prompt or using the Windows Defender UI. The network admin can find the rule in the UI with the rule’s `DisplayName`.
+After identifying the rule that caused the drop, the network admin can now modify/disable the rule to allow the traffic they want through command prompt or using the Windows Defender UI. The network admin can find the rule in the UI with the rule's `DisplayName`.
 
 >[!NOTE]
 > Firewall rules from Mobile Device Management (MDM) store cannot be searched using the Windows Defender UI. Additionally, the above method will not work when the `Filter Origin` is one of the default block filters, as they do not correspond to any firewall rules.
@@ -161,4 +158,4 @@ For more information on how to debug drops caused by UWP default block filters,
 
 **WSH default**
 
-Network drops from Windows Service Hardening (WSH) default filters indicate that there wasn’t an explicit Windows Service Hardening allow rule to allow network traffic for the protected service. The service owner will need to configure allow rules for the service if the block isn't expected.
+Network drops from Windows Service Hardening (WSH) default filters indicate that there wasn't an explicit Windows Service Hardening allow rule to allow network traffic for the protected service. The service owner will need to configure allow rules for the service if the block isn't expected.
diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos.md
similarity index 69%
rename from windows/security/threat-protection/windows-firewall/firewall-gpos.md
rename to windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos.md
index b85ac908c8..526ffd83a3 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/firewall-gpos.md
@@ -4,9 +4,6 @@ description: In this example, a Group Policy Object is linked to the domain cont
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Firewall GPOs
diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example.md
similarity index 97%
rename from windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
rename to windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example.md
index e7e766356f..f290a9943c 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/firewall-policy-design-example.md
@@ -4,9 +4,6 @@ description: This example features a fictitious company and illustrates firewall
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Basic Firewall Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade.md
similarity index 88%
rename from windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
rename to windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade.md
index 2f28d5f315..0d63234aba 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/firewall-settings-lost-on-upgrade.md
@@ -3,9 +3,6 @@ title: Troubleshooting Windows Firewall settings after a Windows upgrade
 description: Firewall settings lost on upgrade
 ms.prod: windows-client
 ms.topic: troubleshooting
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment.md
index 93d00880a2..b030f3c63a 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-active-directory-deployment.md
@@ -4,9 +4,6 @@ description: Learn about gathering Active Directory information, including domai
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Gathering Information about Your Active Directory Deployment
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
similarity index 97%
rename from windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
index 1dacc51f21..13cb71d95b 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
@@ -4,9 +4,6 @@ description: Learn how to gather info about your network infrastructure so that
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Gathering Information about Your Current Network Infrastructure
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices.md
index 42bcbd0efe..d650107dd8 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gathering-information-about-your-devices.md
@@ -4,9 +4,6 @@ description: Learn what information to gather about the devices in your enterpri
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Gathering Information about Your Devices
diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information.md
similarity index 96%
rename from windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information.md
index fd7fe88935..f57dfc3116 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gathering-other-relevant-information.md
@@ -4,9 +4,6 @@ description: Learn about additional information you may need to gather to deploy
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Gathering Other Relevant Information
diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need.md
similarity index 82%
rename from windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need.md
index e37f04b20f..b82d977445 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gathering-the-information-you-need.md
@@ -4,9 +4,6 @@ description: Collect and analyze information about your network, directory servi
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Gathering the Information You Need
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary.md
similarity index 88%
rename from windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary.md
index 8bedf61b42..741f91081d 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-boundary.md
@@ -4,9 +4,6 @@ description: This example GPO supports devices that aren't part of the isolated
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # GPO\_DOMISO\_Boundary
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption.md
similarity index 90%
rename from windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption.md
index eef623032c..b5d7b1384b 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-encryption.md
@@ -4,9 +4,6 @@ description: This example GPO supports the ability for servers that contain sens
 ms.topic: conceptual
 ms.prod: windows-client
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # GPO\_DOMISO\_Encryption\_WS2008
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall.md
similarity index 89%
rename from windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall.md
index 21f634a8c1..057cf7bdf5 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-firewall.md
@@ -4,9 +4,6 @@ description: Learn about the settings and rules in this example GPO, which is au
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # GPO\_DOMISO\_Firewall
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients.md
index dc9d87190c..1f72fa6064 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-clients.md
@@ -4,9 +4,6 @@ description: Author this GPO by using Windows Defender Firewall with Advanced Se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # GPO\_DOMISO\_IsolatedDomain\_Clients
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers.md
similarity index 85%
rename from windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
rename to windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers.md
index 4e871095c3..2ca05d9120 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/gpo-domiso-isolateddomain-servers.md
@@ -4,9 +4,6 @@ description: Author this GPO by using the Windows Defender Firewall with Advance
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # GPO\_DOMISO\_IsolatedDomain\_Servers
diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
rename to windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index d536d1b930..c36d7effdf 100644
--- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -4,9 +4,6 @@ description: Identifying Your Windows Defender Firewall with Advanced Security (
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Identifying Windows Defender Firewall with Advanced Security implementation goals 
diff --git a/windows/security/threat-protection/windows-firewall/images/corpnet.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/corpnet.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/corpnet.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/corpnet.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/createipsecrule.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/createipsecrule.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/createipsecrule.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/createipsecrule.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/event-audit-5157.png b/windows/security/operating-system-security/network-security/windows-firewall/images/event-audit-5157.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/event-audit-5157.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/event-audit-5157.png
diff --git a/windows/security/threat-protection/windows-firewall/images/event-properties-5157.png b/windows/security/operating-system-security/network-security/windows-firewall/images/event-properties-5157.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/event-properties-5157.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/event-properties-5157.png
diff --git a/windows/security/threat-protection/windows-firewall/images/firewallrule.png b/windows/security/operating-system-security/network-security/windows-firewall/images/firewallrule.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/firewallrule.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/firewallrule.png
diff --git a/windows/security/threat-protection/windows-firewall/images/fw01-profiles.png b/windows/security/operating-system-security/network-security/windows-firewall/images/fw01-profiles.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/fw01-profiles.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/fw01-profiles.png
diff --git a/windows/security/threat-protection/windows-firewall/images/fw02-createrule.png b/windows/security/operating-system-security/network-security/windows-firewall/images/fw02-createrule.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/fw02-createrule.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/fw02-createrule.png
diff --git a/windows/security/threat-protection/windows-firewall/images/fw03-defaults.png b/windows/security/operating-system-security/network-security/windows-firewall/images/fw03-defaults.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/fw03-defaults.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/fw03-defaults.png
diff --git a/windows/security/threat-protection/windows-firewall/images/fw04-userquery.png b/windows/security/operating-system-security/network-security/windows-firewall/images/fw04-userquery.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/fw04-userquery.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/fw04-userquery.png
diff --git a/windows/security/threat-protection/windows-firewall/images/fw05-rulemerge.png b/windows/security/operating-system-security/network-security/windows-firewall/images/fw05-rulemerge.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/fw05-rulemerge.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/fw05-rulemerge.png
diff --git a/windows/security/threat-protection/windows-firewall/images/fw06-block.png b/windows/security/operating-system-security/network-security/windows-firewall/images/fw06-block.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/fw06-block.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/fw06-block.png
diff --git a/windows/security/threat-protection/windows-firewall/images/fw07-legacy.png b/windows/security/operating-system-security/network-security/windows-firewall/images/fw07-legacy.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/fw07-legacy.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/fw07-legacy.png
diff --git a/windows/security/threat-protection/windows-firewall/images/grouppolicy-paste.png b/windows/security/operating-system-security/network-security/windows-firewall/images/grouppolicy-paste.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/grouppolicy-paste.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/grouppolicy-paste.png
diff --git a/windows/security/threat-protection/windows-firewall/images/powershelllogosmall.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/powershelllogosmall.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/powershelllogosmall.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/powershelllogosmall.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/qmcryptoset.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/qmcryptoset.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/qmcryptoset.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/qmcryptoset.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/quarantine-default-block-filter.png b/windows/security/operating-system-security/network-security/windows-firewall/images/quarantine-default-block-filter.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/quarantine-default-block-filter.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/quarantine-default-block-filter.png
diff --git a/windows/security/threat-protection/windows-firewall/images/quarantine-default1.png b/windows/security/operating-system-security/network-security/windows-firewall/images/quarantine-default1.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/quarantine-default1.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/quarantine-default1.png
diff --git a/windows/security/threat-protection/windows-firewall/images/quarantine-interfaceindex1.png b/windows/security/operating-system-security/network-security/windows-firewall/images/quarantine-interfaceindex1.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/quarantine-interfaceindex1.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/quarantine-interfaceindex1.png
diff --git a/windows/security/threat-protection/windows-firewall/images/query-user-default-block-filters.png b/windows/security/operating-system-security/network-security/windows-firewall/images/query-user-default-block-filters.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/query-user-default-block-filters.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/query-user-default-block-filters.png
diff --git a/windows/security/threat-protection/windows-firewall/images/wfas-design2example1.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfas-design2example1.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfas-design2example1.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfas-design2example1.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/wfas-design3example1.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfas-design3example1.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfas-design3example1.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfas-design3example1.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/wfas-designexample1.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfas-designexample1.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfas-designexample1.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfas-designexample1.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/wfas-designflowchart1.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfas-designflowchart1.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfas-designflowchart1.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfas-designflowchart1.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/wfas-domainiso.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfas-domainiso.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfas-domainiso.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfas-domainiso.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/wfas-domainisoencrypt.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfas-domainisoencrypt.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfas-domainisoencrypt.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfas-domainisoencrypt.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/wfas-domainisohighsec.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfas-domainisohighsec.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfas-domainisohighsec.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfas-domainisohighsec.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/wfas-domainnag.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfas-domainnag.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfas-domainnag.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfas-domainnag.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/wfas-implement.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfas-implement.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfas-implement.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfas-implement.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/wfasdomainisoboundary.gif b/windows/security/operating-system-security/network-security/windows-firewall/images/wfasdomainisoboundary.gif
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/wfasdomainisoboundary.gif
rename to windows/security/operating-system-security/network-security/windows-firewall/images/wfasdomainisoboundary.gif
diff --git a/windows/security/threat-protection/windows-firewall/images/windows-firewall-intune.png b/windows/security/operating-system-security/network-security/windows-firewall/images/windows-firewall-intune.png
similarity index 100%
rename from windows/security/threat-protection/windows-firewall/images/windows-firewall-intune.png
rename to windows/security/operating-system-security/network-security/windows-firewall/images/windows-firewall-intune.png
diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
rename to windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index 4b07c98efd..8f0342581b 100644
--- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -4,9 +4,6 @@ description: Implementing Your Windows Defender Firewall with Advanced Security
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Implementing Your Windows Defender Firewall with Advanced Security Design Plan
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos.md
similarity index 80%
rename from windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
rename to windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos.md
index 095a52638a..bc7273b8b5 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain-gpos.md
@@ -4,9 +4,6 @@ description: Learn about GPOs for isolated domains in this example configuration
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Isolated Domain GPOs
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/isolated-domain.md
rename to windows/security/operating-system-security/network-security/windows-firewall/isolated-domain.md
index 9f454d7fe6..9925b88452 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/isolated-domain.md
@@ -4,9 +4,6 @@ description: Learn about the isolated domain, which is the primary zone for trus
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Isolated Domain
diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network.md
similarity index 98%
rename from windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
rename to windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network.md
index 3cac997f23..225ddf3542 100644
--- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/isolating-apps-on-your-network.md
@@ -4,9 +4,6 @@ description: Learn how to customize your firewall configuration to isolate the n
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Isolating Microsoft Store Apps on Your Network
diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain.md
similarity index 85%
rename from windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
rename to windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain.md
index 5c8dbf91b2..ca38900f59 100644
--- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/link-the-gpo-to-the-domain.md
@@ -4,9 +4,6 @@ description: Learn how to link a GPO to the Active Directory container for the t
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Link the GPO to the Domain
diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
similarity index 88%
rename from windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index 6297b07432..438921b4cf 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -4,9 +4,6 @@ description: Mapping your implementation goals to a Windows Firewall with Advanc
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 #  Mapping your implementation goals to a Windows Firewall with Advanced Security design
diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
rename to windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
index 00b6fe735e..90d89139a8 100644
--- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -4,9 +4,6 @@ description: Learn how to modify GPO filters to apply to a different zone or ver
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Modify GPO Filters to Apply to a Different Zone or Version of Windows
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
similarity index 79%
rename from windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
rename to windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
index 15652d765a..a9137e37d3 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -4,9 +4,6 @@ description: Learn how to open the Group Policy Management Console to IP Securit
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Open the Group Policy Management Console to IP Security Policies
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
similarity index 77%
rename from windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
rename to windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index ae11591a0d..874e99e9c0 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Group Policy Management of Windows Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
similarity index 72%
rename from windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
rename to windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index f8d31ca111..9ba7d78ace 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -4,9 +4,6 @@ description: Group Policy Management of Windows Defender Firewall with Advanced
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Group Policy Management of Windows Defender Firewall
diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security.md
similarity index 78%
rename from windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
rename to windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security.md
index 6221b1eb5f..8440460338 100644
--- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/open-windows-firewall-with-advanced-security.md
@@ -4,9 +4,6 @@ description: Learn how to open the Windows Defender Firewall with Advanced Secur
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Open Windows Defender Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication.md
index b1feb1fde9..da42f627c0 100644
--- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-certificate-based-authentication.md
@@ -4,9 +4,6 @@ description: Learn how a device unable to join an Active Directory domain can st
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning Certificate-based Authentication
diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones.md
similarity index 78%
rename from windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones.md
index 137cfae761..70214d68c5 100644
--- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-domain-isolation-zones.md
@@ -4,9 +4,6 @@ description: Learn how to use information you've gathered to make decisions abou
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning Domain Isolation Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment.md
similarity index 97%
rename from windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment.md
index 45d356e7a1..0370e8cb08 100644
--- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-gpo-deployment.md
@@ -4,9 +4,6 @@ description: Learn how to use security group filtering and WMI filtering to prov
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning GPO Deployment
diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
similarity index 80%
rename from windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
index 6646dcc46a..2dc15edfc9 100644
--- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -4,9 +4,6 @@ description: Learn how to plan a group policy deployment for your isolation zone
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning Group Policy Deployment for Your Isolation Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones.md
similarity index 92%
rename from windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones.md
index 6b7d1e3ba4..b58bf3b769 100644
--- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-isolation-groups-for-the-zones.md
@@ -4,9 +4,6 @@ description: Learn about planning isolation groups for the zones in Microsoft Fi
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning Isolation Groups for the Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups.md
similarity index 89%
rename from windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups.md
index a5c8a35afd..436bc55bbd 100644
--- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-network-access-groups.md
@@ -4,9 +4,6 @@ description: Learn how to implement a network access group for users and devices
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning Network Access Groups
diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones.md
similarity index 96%
rename from windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones.md
index 9e9d538505..c729611dac 100644
--- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-server-isolation-zones.md
@@ -4,9 +4,6 @@ description: Learn how to restrict access to a server to approved users by using
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning Server Isolation Zones
diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
index c4023ea054..98e6a224a8 100644
--- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
@@ -4,9 +4,6 @@ description: Learn how to design a basic policy for Windows Defender Firewall wi
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning Settings for a Basic Firewall Policy
diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/planning-the-gpos.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos.md
index e38c591d7b..88716eaf2a 100644
--- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-the-gpos.md
@@ -4,9 +4,6 @@ description: Learn about planning Group Policy Objects for your isolation zones
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning the GPOs
diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
similarity index 92%
rename from windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
index 81438db082..7e7bff476d 100644
--- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -4,9 +4,6 @@ description: Use the design information in this article to plan for the deployme
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning to Deploy Windows Defender Firewall with Advanced Security
diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
similarity index 95%
rename from windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
index 3a2daccfff..e048764374 100644
--- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
@@ -4,9 +4,6 @@ description: After you gather the relevant information, select the design or com
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Planning Your Windows Defender Firewall with Advanced Security Design
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic.md
similarity index 92%
rename from windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
rename to windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index f6810efcdd..ee0412021e 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -4,9 +4,6 @@ description: Learn how running a host-based firewall on every device in your org
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 01/18/2022
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Protect devices from unwanted network traffic 
diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
similarity index 96%
rename from windows/security/threat-protection/windows-firewall/quarantine.md
rename to windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
index 5b7c793f7f..093f4274fb 100644
--- a/windows/security/threat-protection/windows-firewall/quarantine.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/quarantine.md
@@ -4,9 +4,6 @@ description: Quarantine behavior is explained in detail.
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Quarantine behavior
diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
rename to windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
index 891deed5e9..1070cb1a65 100644
--- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
@@ -4,9 +4,6 @@ description: Windows Defender Firewall with Advanced Security allows you to requ
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Require Encryption When Accessing Sensitive Network Resources
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
rename to windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
index f47634d825..28c8049c79 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
@@ -4,9 +4,6 @@ description: Restrict access to devices and users that are members of domain gro
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Restrict Access to Only Specified Users or Computers
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
rename to windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices.md
index 7fb0167a2b..f02e9c5708 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -4,9 +4,6 @@ description: Windows Defender Firewall with Advanced Security enables you to iso
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Restrict access to only trusted devices
diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
similarity index 89%
rename from windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
rename to windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
index 893c956f7f..70a23e653f 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
@@ -4,9 +4,6 @@ description: Create a firewall rule to access isolated servers running Windows S
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Restrict Server Access to Members of a Group Only
diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
similarity index 96%
rename from windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
rename to windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
index 15e463c2e2..43e2f9523d 100644
--- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
@@ -4,9 +4,6 @@ description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Ser
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Securing End-to-End IPsec connections by using IKEv2
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos.md
similarity index 86%
rename from windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
rename to windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos.md
index e571b0e9c1..4cf32d44c0 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-gpos.md
@@ -4,9 +4,6 @@ description: Learn about required GPOs for isolation zones and how many server i
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Server Isolation GPOs
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example.md
similarity index 96%
rename from windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
rename to windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example.md
index f7f5c0b51b..e1129a36b1 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design-example.md
@@ -4,9 +4,6 @@ description: Learn about server isolation policy design in Windows Defender Fire
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Server Isolation Policy Design Example
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
rename to windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design.md
index d995ebcb07..327863f5ac 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/server-isolation-policy-design.md
@@ -4,9 +4,6 @@ description: Learn about server isolation policy design, where you assign server
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Server Isolation Policy Design
diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
similarity index 99%
rename from windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
rename to windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
index 2716e511cc..e120af6116 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/troubleshooting-uwp-firewall.md
@@ -3,9 +3,6 @@ title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
 description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
 ms.prod: windows-client
 ms.topic: troubleshooting
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ms.date: 12/31/2017
 ---
 
diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
similarity index 84%
rename from windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
rename to windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
index 707ca1de6c..91091b431c 100644
--- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -4,9 +4,6 @@ description: Turn on Windows Defender Firewall with Advanced Security and Config
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior
diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
similarity index 82%
rename from windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
rename to windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
index 791b1d8405..e397c3d8a7 100644
--- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -4,9 +4,6 @@ description: Resources for helping you understand the Windows Defender Firewall
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Understanding the Windows Defender Firewall with Advanced Security Design Process
diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated.md
similarity index 94%
rename from windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
rename to windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated.md
index 037794e430..686e2d1efc 100644
--- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/verify-that-network-traffic-is-authenticated.md
@@ -4,9 +4,6 @@ description: Learn how to confirm that network traffic is being protected by IPs
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Verify That Network Traffic Is Authenticated
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
similarity index 99%
rename from windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
rename to windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index ed3d9853cc..6bf60cec66 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -4,9 +4,6 @@ description: Windows Defender Firewall with Advanced Security Administration wit
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Windows Defender Firewall with Advanced Security Administration with Windows PowerShell
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
similarity index 93%
rename from windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
rename to windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index 412ed72d13..7e97506932 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -4,9 +4,6 @@ description: Use this guide to deploy Windows Defender Firewall with Advanced Se
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Windows Defender Firewall with Advanced Security deployment overview
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
similarity index 97%
rename from windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
rename to windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 6253a8110d..02d6c56ae0 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -4,9 +4,6 @@ description: Learn about common goals for using Windows Defender Firewall with A
 ms.prod: windows-client
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Windows Defender Firewall with Advanced Security design guide
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md
similarity index 91%
rename from windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
rename to windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md
index 41bea824be..83418c0d85 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/operating-system-security/network-security/windows-firewall/windows-firewall-with-advanced-security.md
@@ -7,9 +7,6 @@ ms.collection:
   - tier3
 ms.topic: conceptual
 ms.date: 09/08/2021
-appliesto: 
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/windows-server-release-info" target="_blank">Windows Server 2016 and later</a>
 ---
 
 # Windows Defender Firewall with Advanced Security
@@ -23,7 +20,7 @@ Windows Defender Firewall in Windows 8, Windows 7, Windows Vista, Windows Serv
 
 The Windows Defender Firewall with Advanced Security MMC snap-in is more flexible and provides much more functionality than the consumer-friendly Windows Defender Firewall interface found in the Control Panel. Both interfaces interact with the same underlying services, but provide different levels of control over those services. While the Windows Defender Firewall Control Panel program can protect a single device in a home environment, it doesn't provide enough centralized management or security features to help secure more complex network traffic found in a typical business enterprise environment.
 
-[!INCLUDE [windows-firewall](../../../../includes/licensing/windows-firewall.md)]
+[!INCLUDE [windows-firewall](../../../../../includes/licensing/windows-firewall.md)]
 
 ## Feature description
 
diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index a29c0cb634..dba7799e88 100644
--- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -1,6 +1,6 @@
 ---
 title: Control the health of Windows devices
-description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices.
+description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows devices.
 ms.prod: windows-client
 ms.date: 10/13/2017
 ms.localizationpriority: medium
@@ -17,7 +17,7 @@ ms.topic: conceptual
 
 -   Windows 10
 
-This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices.
+This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows devices.
 
 ## Introduction
 
diff --git a/windows/security/threat-protection/windows-firewall/TOC.yml b/windows/security/threat-protection/windows-firewall/TOC.yml
deleted file mode 100644
index ca84e461a5..0000000000
--- a/windows/security/threat-protection/windows-firewall/TOC.yml
+++ /dev/null
@@ -1,254 +0,0 @@
-- name: Windows Firewall with Advanced Security
-  href: windows-firewall-with-advanced-security.md
-  items: 
-    - name: Plan deployment
-      items: 
-        - name: Design guide
-          href: windows-firewall-with-advanced-security-design-guide.md
-        - name: Design process
-          href: understanding-the-windows-firewall-with-advanced-security-design-process.md
-        - name: Implementation goals
-          items: 
-            - name: Identify implementation goals
-              href: identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
-            - name: Protect devices from unwanted network traffic
-              href: protect-devices-from-unwanted-network-traffic.md
-            - name: Restrict access to only trusted devices
-              href: restrict-access-to-only-trusted-devices.md
-            - name: Require encryption
-              href: require-encryption-when-accessing-sensitive-network-resources.md
-            - name: Restrict access
-              href: restrict-access-to-only-specified-users-or-devices.md
-        - name: Implementation designs
-          items: 
-            - name: Mapping goals to a design
-              href: mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
-            - name: Basic firewall design
-              href: basic-firewall-policy-design.md
-              items: 
-                - name: Basic firewall design example
-                  href: firewall-policy-design-example.md
-            - name: Domain isolation design
-              href: domain-isolation-policy-design.md
-              items: 
-                - name: Domain isolation design example
-                  href: domain-isolation-policy-design-example.md
-            - name: Server isolation design
-              href: server-isolation-policy-design.md
-              items: 
-                - name: Server Isolation design example
-                  href: server-isolation-policy-design-example.md
-            - name: Certificate-based isolation design
-              href: certificate-based-isolation-policy-design.md
-              items: 
-                - name: Certificate-based Isolation design example
-                  href: certificate-based-isolation-policy-design-example.md
-        - name: Design planning
-          items: 
-            - name: Planning your design
-              href: planning-your-windows-firewall-with-advanced-security-design.md
-            - name: Planning settings for a basic firewall policy
-              href: planning-settings-for-a-basic-firewall-policy.md
-            - name: Planning domain isolation zones
-              items: 
-                - name: Domain isolation zones
-                  href: planning-domain-isolation-zones.md
-                - name: Exemption list
-                  href: exemption-list.md
-                - name: Isolated domain
-                  href: isolated-domain.md
-                - name: Boundary zone
-                  href: boundary-zone.md
-                - name: Encryption zone
-                  href: encryption-zone.md
-            - name: Planning server isolation zones
-              href: planning-server-isolation-zones.md
-            - name: Planning certificate-based authentication
-              href: planning-certificate-based-authentication.md
-              items: 
-                - name: Documenting the Zones
-                  href: documenting-the-zones.md
-                - name: Planning group policy deployment for your isolation zones
-                  href: planning-group-policy-deployment-for-your-isolation-zones.md
-                  items: 
-                    - name: Planning isolation groups for the zones
-                      href: planning-isolation-groups-for-the-zones.md
-                    - name: Planning network access groups
-                      href: planning-network-access-groups.md
-                    - name: Planning the GPOs
-                      href: planning-the-gpos.md
-                      items: 
-                        - name: Firewall GPOs
-                          href: firewall-gpos.md
-                          items: 
-                            - name: GPO_DOMISO_Firewall
-                              href: gpo-domiso-firewall.md
-                        - name: Isolated domain GPOs
-                          href: isolated-domain-gpos.md
-                          items: 
-                            - name: GPO_DOMISO_IsolatedDomain_Clients
-                              href: gpo-domiso-isolateddomain-clients.md
-                            - name: GPO_DOMISO_IsolatedDomain_Servers
-                              href: gpo-domiso-isolateddomain-servers.md
-                        - name: Boundary zone GPOs
-                          href: boundary-zone-gpos.md
-                          items: 
-                            - name: GPO_DOMISO_Boundary
-                              href: gpo-domiso-boundary.md
-                        - name: Encryption zone GPOs
-                          href: encryption-zone-gpos.md
-                          items: 
-                            - name: GPO_DOMISO_Encryption
-                              href: gpo-domiso-encryption.md
-                        - name: Server isolation GPOs
-                          href: server-isolation-gpos.md
-                    - name: Planning GPO deployment
-                      href: planning-gpo-deployment.md
-        - name: Planning to deploy
-          href: planning-to-deploy-windows-firewall-with-advanced-security.md
-    - name: Deployment guide
-      items: 
-        - name: Deployment overview
-          href: windows-firewall-with-advanced-security-deployment-guide.md
-        - name: Implementing your plan
-          href: implementing-your-windows-firewall-with-advanced-security-design-plan.md
-        - name: Basic firewall deployment
-          items: 
-            - name: "Checklist: Implementing a basic firewall policy design"
-              href: checklist-implementing-a-basic-firewall-policy-design.md
-        - name: Domain isolation deployment
-          items: 
-            - name: "Checklist: Implementing a Domain Isolation Policy Design"
-              href: checklist-implementing-a-domain-isolation-policy-design.md
-        - name: Server isolation deployment
-          items: 
-            - name: "Checklist: Implementing a Standalone Server Isolation Policy Design"
-              href: checklist-implementing-a-standalone-server-isolation-policy-design.md
-        - name: Certificate-based authentication
-          items: 
-            - name: "Checklist: Implementing a Certificate-based Isolation Policy Design"
-              href: checklist-implementing-a-certificate-based-isolation-policy-design.md
-    - name: Best practices
-      items: 
-        - name: Configuring the firewall
-          href: best-practices-configuring.md
-        - name: Securing IPsec
-          href: securing-end-to-end-ipsec-connections-by-using-ikev2.md
-        - name: PowerShell
-          href: windows-firewall-with-advanced-security-administration-with-windows-powershell.md
-        - name: Isolating Microsoft Store Apps on Your Network
-          href: isolating-apps-on-your-network.md
-    - name: How-to
-      items: 
-        - name: Add Production devices to the membership group for a zone
-          href: add-production-devices-to-the-membership-group-for-a-zone.md
-        - name: Add test devices to the membership group for a zone
-          href: add-test-devices-to-the-membership-group-for-a-zone.md
-        - name: Assign security group filters to the GPO
-          href: assign-security-group-filters-to-the-gpo.md
-        - name: Change rules from request to require mode
-          href: Change-Rules-From-Request-To-Require-Mode.Md
-        - name: Configure authentication methods
-          href: Configure-authentication-methods.md
-        - name: Configure data protection (Quick Mode) settings
-          href: configure-data-protection-quick-mode-settings.md
-        - name: Configure Group Policy to autoenroll and deploy certificates
-          href: configure-group-policy-to-autoenroll-and-deploy-certificates.md
-        - name: Configure key exchange (main mode) settings
-          href: configure-key-exchange-main-mode-settings.md
-        - name: Configure the rules to require encryption
-          href: configure-the-rules-to-require-encryption.md
-        - name: Configure the Windows Firewall log
-          href: configure-the-windows-firewall-log.md
-        - name: Configure the workstation authentication certificate template
-          href: configure-the-workstation-authentication-certificate-template.md
-        - name: Configure Windows Firewall to suppress notifications when a program is blocked
-          href: configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
-        - name: Confirm that certificates are deployed correctly
-          href: confirm-that-certificates-are-deployed-correctly.md
-        - name: Copy a GPO to create a new GPO
-          href: copy-a-gpo-to-create-a-new-gpo.md
-        - name: Create a Group Account in Active Directory
-          href: create-a-group-account-in-active-directory.md
-        - name: Create a Group Policy Object
-          href: create-a-group-policy-object.md
-        - name: Create an authentication exemption list rule
-          href: create-an-authentication-exemption-list-rule.md
-        - name: Create an authentication request rule
-          href: create-an-authentication-request-rule.md
-        - name: Create an inbound ICMP rule
-          href: create-an-inbound-icmp-rule.md
-        - name: Create an inbound port rule
-          href: create-an-inbound-port-rule.md
-        - name: Create an inbound program or service rule
-          href: create-an-inbound-program-or-service-rule.md
-        - name: Create an outbound port rule
-          href: create-an-outbound-port-rule.md
-        - name: Create an outbound program or service rule
-          href: create-an-outbound-program-or-service-rule.md
-        - name: Create inbound rules to support RPC
-          href: create-inbound-rules-to-support-rpc.md
-        - name: Create WMI filters for the GPO
-          href: create-wmi-filters-for-the-gpo.md
-        - name: Create Windows Firewall rules in Intune
-          href: create-windows-firewall-rules-in-intune.md
-        - name: Enable predefined inbound rules
-          href: enable-predefined-inbound-rules.md
-        - name: Enable predefined outbound rules
-          href: enable-predefined-outbound-rules.md
-        - name: Exempt ICMP from authentication
-          href: exempt-icmp-from-authentication.md
-        - name: Link the GPO to the domain
-          href: link-the-gpo-to-the-domain.md
-        - name: Modify GPO filters
-          href: modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
-        - name: Open IP security policies
-          href: open-the-group-policy-management-console-to-ip-security-policies.md
-        - name: Open Group Policy
-          href: open-the-group-policy-management-console-to-windows-firewall.md
-        - name: Open Group Policy
-          href: open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
-        - name: Open Windows Firewall
-          href: open-windows-firewall-with-advanced-security.md
-        - name: Restrict server access
-          href: restrict-server-access-to-members-of-a-group-only.md
-        - name: Enable Windows Firewall
-          href: turn-on-windows-firewall-and-configure-default-behavior.md
-        - name: Verify Network Traffic
-          href: verify-that-network-traffic-is-authenticated.md
-    - name: References
-      items: 
-        - name: "Checklist: Creating Group Policy objects"
-          href: checklist-creating-group-policy-objects.md
-        - name: "Checklist: Creating inbound firewall rules"
-          href: checklist-creating-inbound-firewall-rules.md
-        - name: "Checklist: Creating outbound firewall rules"
-          href: checklist-creating-outbound-firewall-rules.md
-        - name: "Checklist: Configuring basic firewall settings"
-          href: checklist-configuring-basic-firewall-settings.md
-        - name: "Checklist: Configuring rules for the isolated domain"
-          href: checklist-configuring-rules-for-the-isolated-domain.md
-        - name: "Checklist: Configuring rules for the boundary zone"
-          href: checklist-configuring-rules-for-the-boundary-zone.md
-        - name: "Checklist: Configuring rules for the encryption zone"
-          href: checklist-configuring-rules-for-the-encryption-zone.md
-        - name: "Checklist: Configuring rules for an isolated server zone"
-          href: checklist-configuring-rules-for-an-isolated-server-zone.md
-        - name: "Checklist: Configuring rules for servers in a standalone isolated server zone"
-          href: checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
-        - name: "Checklist: Creating rules for clients of a standalone isolated server zone"
-          href: checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
-        - name: "Appendix A: Sample GPO template files for settings used in this guide"
-          href: appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
-    - name: Troubleshooting
-      items: 
-        - name: Troubleshooting UWP app connectivity issues in Windows Firewall
-          href: troubleshooting-uwp-firewall.md
-        - name: Filter origin audit log improvements
-          href: filter-origin-documentation.md
-        - name: Quarantine behavior
-          href: quarantine.md
-        - name: Firewall settings lost on upgrade
-          href: firewall-settings-lost-on-upgrade.md
-- name: Windows security
-  href: /windows/security/