Merge branch 'main' of https://github.com/MicrosoftDocs/windows-docs-pr into do-wufbr-7715481

.openpublishing.redirection.json

@@ -20650,11 +20650,6 @@
       "redirect_url": "/windows/security",
       "redirect_document_id": false
     },
-    {
-      "source_path": "windows/security/threat-protection/mbsa-removal-and-guidance.md",
-      "redirect_url": "/windows/security",
-      "redirect_document_id": false
-    },
     {
       "source_path": "windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md",
       "redirect_url": "/windows/security",
@@ -20730,10 +20725,25 @@
       "redirect_url": "/windows/deployment/s-mode",
       "redirect_document_id": false
     },
+    {
+      "source_path": "windows/security/threat-protection/windows-defender-application-control/use-device-guard-signing-portal-in-microsoft-store-for-business.md",
+      "redirect_url": "https://aka.ms/AzureCodeSigning",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/quality-updates.md",
+      "redirect_url": "/windows/deployment/update/release-cycle",
+      "redirect_document_id": false
+    },    
     {
       "source_path": "windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md",
       "redirect_url": "/windows/deployment/windows-autopatch/overview/windows-autopatch-privacy",
       "redirect_document_id": true
+    },
+    {
+      "source_path": "store-for-business/sign-up-microsoft-store-for-business.md",
+      "redirect_url": "/microsoft-store",
+      "redirect_document_id": false
     }
   ]
 }

education/docfx.json

@@ -67,6 +67,15 @@
         "v-stsavell"
       ]
     },
+    "fileMetadata": {
+      "appliesto":{
+        "windows/**/*.md": [
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 11 SE</a>",
+        "✅ <a href=\"https://learn.microsoft.com/windows/release-health/supported-versions-windows-client\" target=\"_blank\">Windows 10</a>"
+        ]
+      }
+    },
     "externalReference": [],
     "template": "op.html",
     "dest": "education",

education/includes/education-content-updates.md

@@ -2,6 +2,21 @@
 
 
 
+## Week of March 20, 2023
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 3/21/2023 | [Windows 11 SE Overview](/education/windows/windows-11-se-overview) | modified |
+| 3/22/2023 | [Configure Stickers for Windows 11 SE](/education/windows/edu-stickers) | modified |
+| 3/22/2023 | [Configure Take a Test in kiosk mode](/education/windows/edu-take-a-test-kiosk-mode) | modified |
+| 3/22/2023 | [Configure federated sign-in for Windows devices](/education/windows/federated-sign-in) | modified |
+| 3/22/2023 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
+| 3/22/2023 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+| 3/22/2023 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
+| 3/22/2023 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified |
+
+
 ## Week of March 06, 2023
 
 

education/windows/autopilot-reset.md

@@ -15,7 +15,7 @@ ms.collection:
 
 IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
 
-To enable Autopilot Reset in Windows 10, version 1709 (Fall Creators Update), you must:
+To enable Autopilot Reset you must:
 
 1. [Enable the policy for the feature](#enable-autopilot-reset)
 2. [Trigger a reset for each device](#trigger-autopilot-reset)

education/windows/change-home-to-edu.md

@@ -10,8 +10,6 @@ manager: jeffbu
 ms.collection:
   - tier3
   - education
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Upgrade Windows Home to Windows Education on student-owned devices

education/windows/configure-aad-google-trust.md

@@ -1,8 +1,9 @@
 ---
 title: Configure federation between Google Workspace and Azure AD
 description: Configuration of a federated trust between Google Workspace and Azure AD, with Google Workspace acting as an identity provider (IdP) for Azure AD.
-ms.date: 02/24/2023
+ms.date: 04/04/2023
 ms.topic: how-to
+appliesto:
 ---
 
 # Configure federation between Google Workspace and Azure AD
@@ -71,51 +72,56 @@ The configuration of Azure AD consists of changing the authentication method for
 Using the **IdP metadata** XML file downloaded from Google Workspace, modify the *$DomainName* variable of the following script to match your environment, and then run it in an elevated PowerShell session. When prompted to authenticate to Azure AD, use the credentials of an account with the *Global Administrator* role.
 
 ```powershell
-Install-Module -Name MSOnline
+Install-Module Microsoft.Graph
-Import-Module MSOnline
+Import-Module Microsoft.Graph
 
-$DomainName = "<your domain name>"
+$domainId = "<your domain name>"
 
 $xml = [Xml](Get-Content GoogleIDPMetadata.xml)
 
 $cert = -join $xml.EntityDescriptor.IDPSSODescriptor.KeyDescriptor.KeyInfo.X509Data.X509Certificate.Split()
 $issuerUri = $xml.EntityDescriptor.entityID
-$logOnUri = $xml.EntityDescriptor.IDPSSODescriptor.SingleSignOnService | ? { $_.Binding.Contains('Redirect') } | % { $_.Location }
+$signinUri = $xml.EntityDescriptor.IDPSSODescriptor.SingleSignOnService | ? { $_.Binding.Contains('Redirect') } | % { $_.Location }
-$LogOffUri = "https://accounts.google.com/logout"
+$signoutUri = "https://accounts.google.com/logout"
-$brand = "Google Workspace Identity"
+$displayName = "Google Workspace Identity"
-Connect-MsolService
+Connect-MGGraph -Scopes "Domain.ReadWrite.All", "Directory.AccessAsUser.All"
-$DomainAuthParams = @{
+
-    DomainName = $DomainName
+$domainAuthParams = @{
-    Authentication = "Federated"
+  DomainId = $domainId
   IssuerUri = $issuerUri
-    FederationBrandName = $brand
+  DisplayName = $displayName
-    ActiveLogOnUri = $logOnUri
+  ActiveSignInUri = $signinUri
-    PassiveLogOnUri = $logOnUri
+  PassiveSignInUri = $signinUri
-    LogOffUri = $LogOffUri
+  SignOutUri = $signoutUri
   SigningCertificate = $cert
-    PreferredAuthenticationProtocol = "SAMLP"
+  PreferredAuthenticationProtocol = "saml"
+  federatedIdpMfaBehavior = "acceptIfMfaDoneByFederatedIdp"
 }
-Set-MsolDomainAuthentication @DomainAuthParams
+
+New-MgDomainFederationConfiguration @domainAuthParams
 ```
 
 To verify that the configuration is correct, you can use the following PowerShell command:
 
 ```powershell
-Get-MsolDomainFederationSettings -DomainName $DomainName
+Get-MgDomainFederationConfiguration -DomainId $domainId |fl
 ```
 
 ```output
-ActiveLogOnUri                         : https://accounts.google.com/o/saml2/idp?<GUID>
+ActiveSignInUri                       : https://accounts.google.com/o/saml2/idp?idpid=<GUID>
-DefaultInteractiveAuthenticationMethod : 
+DisplayName                           : Google Workspace Identity
-FederationBrandName                    : Google Workspace Identity
+FederatedIdpMfaBehavior               : acceptIfMfaDoneByFederatedIdp
+Id                                    : 3f600dce-ab37-4798-9341-ffd34b147f70
+IsSignedAuthenticationRequestRequired :
 IssuerUri                             : https://accounts.google.com/o/saml2?idpid=<GUID>
-LogOffUri                              : https://accounts.google.com/logout
 MetadataExchangeUri                   :
 NextSigningCertificate                :
-OpenIdConnectDiscoveryEndpoint         : 
+PassiveSignInUri                      : https://accounts.google.com/o/saml2/idp?idpid=<GUID>
-PassiveLogOnUri                        : https://accounts.google.com/o/saml2/idp?idpid=<GUID>
+PreferredAuthenticationProtocol       : saml
+PromptLoginBehavior                   :
+SignOutUri                            : https://accounts.google.com/logout
 SigningCertificate                    : <BASE64 encoded certificate>
-SupportsMfa                            : 
+AdditionalProperties                  : {}
 ```
 
 ## Verify federated authentication between Google Workspace and Azure AD

education/windows/edu-take-a-test-kiosk-mode.md

@@ -3,8 +3,6 @@ title: Configure Take a Test in kiosk mode
 description: Learn how to configure Windows to execute the Take a Test app in kiosk mode, using Intune and provisioning packages.
 ms.date: 09/30/2022
 ms.topic: how-to
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Configure Take a Test in kiosk mode

education/windows/edu-themes.md

@@ -5,6 +5,7 @@ ms.date: 09/15/2022
 ms.topic: how-to
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
 ---
 
 # Configure education themes for Windows 11

education/windows/federated-sign-in.md

@@ -1,10 +1,11 @@
 ---
 title: Configure federated sign-in for Windows devices
 description: Description of federated sign-in feature for the Education SKUs of Windows 11 and how to configure it via Intune or provisioning packages.
-ms.date: 03/15/2023
+ms.date: 04/04/2023
 ms.topic: how-to
 appliesto:
   - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11</a>
+  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 11 SE</a>
 ms.collection:
   - highpri
   - tier1

education/windows/get-minecraft-for-education.md

@@ -3,8 +3,6 @@ title: Get and deploy Minecraft Education
 description: Learn how to obtain and distribute Minecraft Education to Windows devices.
 ms.topic: how-to
 ms.date: 02/23/2023
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ms.collection:
   - highpri
   - education
@@ -44,9 +42,9 @@ When you sign up for a Minecraft Education trial, or purchase a subscription, Mi
 
 To purchase direct licenses:
 
-1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **How to Buy** in the top navigation bar
+1. Go to [https://education.minecraft.net/licensing](https://education.minecraft.net/licensing)
-1. Scroll down and select **Buy Now** under **Direct Purchase**
+1. Under **Direct Purchase**, select **Buy Now**
-1. In the *purchase* page, sign in with an account that has *Billing Admin* privileges in your organization
+1. Sign in to the Admin Center purchase page with an account that has *Billing Admin* privileges in your organization
 1. If necessary, fill in any requested organization or payment information
 1. Select the quantity of licenses you'd like to purchase and select **Place Order**
 1. After you've purchased licenses, you'll need to [assign Minecraft Education licenses to your users](#assign-minecraft-education-licenses)

education/windows/includes/intune-custom-settings-1.md

@@ -1,6 +1,4 @@
 ---
-author: paolomatarazzo
-ms.author: paoloma
 ms.date: 02/22/2022
 ms.topic: include
 ---

education/windows/includes/intune-custom-settings-2.md

@@ -1,6 +1,4 @@
 ---
-author: paolomatarazzo
-ms.author: paoloma
 ms.date: 11/08/2022
 ms.topic: include
 ---

education/windows/includes/intune-custom-settings-info.md

@@ -1,6 +1,4 @@
 ---
-author: paolomatarazzo
-ms.author: paoloma
 ms.date: 11/08/2022
 ms.topic: include
 ---

education/windows/set-up-school-pcs-whats-new.md

@@ -3,8 +3,6 @@ title: What's new in the Windows Set up School PCs app
 description: Find out about app updates and new features in Set up School PCs.
 ms.topic: whats-new
 ms.date: 08/10/2022
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---  
 
 # What's new in Set up School PCs

education/windows/take-a-test-app-technical.md

@@ -1,10 +1,8 @@
 ---
 title: Take a Test app technical reference
 description: List of policies and settings applied by the Take a Test app.
-ms.date: 09/30/2022
+ms.date: 03/31/2023
 ms.topic: reference
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Take a Test app technical reference

education/windows/take-tests-in-windows.md

@@ -1,10 +1,8 @@
 ---
 title: Take tests and assessments in Windows
 description: Learn about the built-in Take a Test app for Windows and how to use it.
-ms.date: 09/30/2022
+ms.date: 03/31/2023
 ms.topic: conceptual
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Take tests and assessments in Windows

education/windows/tutorial-school-deployment/configure-device-apps.md

@@ -3,8 +3,6 @@ title: Configure applications with Microsoft Intune
 description: Learn how to configure applications with Microsoft Intune in preparation for device deployment.
 ms.date: 08/31/2022
 ms.topic: tutorial
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Configure applications with Microsoft Intune

education/windows/tutorial-school-deployment/configure-device-settings.md

@@ -3,8 +3,6 @@ title: Configure and secure devices with Microsoft Intune
 description: Learn how to configure policies with Microsoft Intune in preparation for device deployment.
 ms.date: 08/31/2022
 ms.topic: tutorial
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Configure and secure devices with Microsoft Intune

education/windows/tutorial-school-deployment/configure-devices-overview.md

@@ -3,8 +3,6 @@ title: Configure devices with Microsoft Intune
 description: Learn how to configure policies and applications in preparation for device deployment.
 ms.date: 08/31/2022
 ms.topic: tutorial
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Configure settings and applications with Microsoft Intune

education/windows/tutorial-school-deployment/enroll-aadj.md

@@ -3,8 +3,6 @@ title: Enrollment in Intune with standard out-of-box experience (OOBE)
 description: Learn how to join devices to Azure AD from OOBE and automatically get them enrolled in Intune.
 ms.date: 08/31/2022
 ms.topic: tutorial
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 # Automatic Intune enrollment via Azure AD join
 

education/windows/tutorial-school-deployment/enroll-autopilot.md

@@ -3,8 +3,6 @@ title: Enrollment in Intune with Windows Autopilot
 description: Learn how to join Azure AD and enroll in Intune using Windows Autopilot.
 ms.date: 08/31/2022
 ms.topic: tutorial
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Windows Autopilot

education/windows/tutorial-school-deployment/enroll-overview.md

@@ -3,8 +3,6 @@ title: Device enrollment overview
 description: Learn about the different options to enroll Windows devices in Microsoft Intune
 ms.date: 08/31/2022
 ms.topic: overview
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Device enrollment overview

education/windows/tutorial-school-deployment/enroll-package.md

@@ -3,8 +3,6 @@ title: Enrollment of Windows devices with provisioning packages
 description: Learn about how to enroll Windows devices with provisioning packages using SUSPCs and Windows Configuration Designer.
 ms.date: 08/31/2022
 ms.topic: tutorial
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Enrollment with provisioning packages

education/windows/tutorial-school-deployment/index.md

@@ -3,8 +3,6 @@ title: Introduction to the tutorial deploy and manage Windows devices in a schoo
 description: Introduction to deployment and management of Windows devices in education environments.
 ms.date: 08/31/2022
 ms.topic: conceptual
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Tutorial: deploy and manage Windows devices in a school

education/windows/tutorial-school-deployment/manage-overview.md

@@ -3,8 +3,6 @@ title: Manage devices with Microsoft Intune
 description: Overview of device management capabilities in Intune for Education, including remote actions, remote assistance and inventory/reporting.
 ms.date: 08/31/2022
 ms.topic: tutorial
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Manage devices with Microsoft Intune

education/windows/tutorial-school-deployment/reset-wipe.md

@@ -3,8 +3,6 @@ title: Reset and wipe Windows devices
 description: Learn about the reset and wipe options for Windows devices using Intune for Education, including scenarios when to delete devices.
 ms.date: 08/31/2022
 ms.topic: tutorial
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Device reset options

education/windows/tutorial-school-deployment/set-up-azure-ad.md

@@ -3,6 +3,7 @@ title: Set up Azure Active Directory
 description: Learn how to create and prepare your Azure AD tenant for an education environment.
 ms.date: 08/31/2022
 ms.topic: tutorial
+appliesto:
 ---
 
 # Set up Azure Active Directory

education/windows/tutorial-school-deployment/set-up-microsoft-intune.md

@@ -3,6 +3,7 @@ title: Set up device management
 description: Learn how to configure the Intune service and set up the environment for education.
 ms.date: 08/31/2022
 ms.topic: tutorial
+appliesto:
 ---
 
 # Set up Microsoft Intune

education/windows/tutorial-school-deployment/troubleshoot-overview.md

@@ -3,8 +3,6 @@ title: Troubleshoot Windows devices
 description: Learn how to troubleshoot Windows devices from Intune and contact Microsoft Support for issues related to Intune and other services.
 ms.date: 08/31/2022
 ms.topic: tutorial
-appliesto:
-  - ✅ <a href="https://learn.microsoft.com/windows/release-health/supported-versions-windows-client" target="_blank">Windows 10 and later</a>
 ---
 
 # Troubleshoot Windows devices

education/windows/windows-11-se-overview.md

@@ -90,19 +90,20 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Bulb Digital Portfolio`                  | 0.0.7.0           | `Store`  | `Bulb`                                    |
 | `CA Secure Browser`                       | 14.0.0            | Win32    | `Cambium Development`                     |
 | `Cisco Umbrella`                          | 3.0.110.0         | Win32    | `Cisco`                                   |
-| `CKAuthenticator`                         | 3.6+              | Win32    | `Content Keeper`                          |
+| `CKAuthenticator`                         | 3.6+              | Win32    | `ContentKeeper`                           |
-| `Class Policy`                            | 114.0.0           | Win32    | `Class Policy`                            |
+| `Class Policy`                            | 116.0.0           | Win32    | `Class Policy`                            |
 | `Classroom.cloud`                         | 1.40.0004         | Win32    | `NetSupport`                              |
 | `CoGat Secure Browser`                    | 11.0.0.19         | Win32    | `Riverside Insights`                      |
 | `ColorVeil`                               | 4.0.0.175         | Win32    | `East-Tec`                                | 
 | `ContentKeeper Cloud`                     | 9.01.45           | Win32    | `ContentKeeper Technologies`              |
 | `Dragon Professional Individual`          | 15.00.100         | Win32    | `Nuance Communications`                   |
-| `DRC INSIGHT Online Assessments`          | 12.0.0.0          | `Store`  | `Data recognition Corporation`            |
+| `DRC INSIGHT Online Assessments`          | 13.0.0.0          | `Store`  | `Data recognition Corporation`            |
 | `Duo from Cisco`                          | 3.0.0             | Win32    | `Cisco`                                   |
 | `e-Speaking Voice and Speech recognition` | 4.4.0.8           | Win32    | `e-speaking`                              |
 | `EasyReader`                              | 10.0.3.481        | Win32    | `Dolphin Computer Access`                 |
 | `Epson iProjection`                       | 3.31              | Win32    | `Epson`                                   |
 | `eTests`                                  | 4.0.25            | Win32    | `CASAS`                                   |
+| `FirstVoices Keyboard`                    | 15.0.270          | Win32    | `SIL International`                       |
 | `FortiClient`                             | 7.2.0.4034+       | Win32    | `Fortinet`                                |
 | `Free NaturalReader`                      | 16.1.2            | Win32    | `Natural Soft`                            |
 | `Ghotit Real Writer & Reader`             | 10.14.2.3         | Win32    | `Ghotit Ltd`                              |
@@ -116,6 +117,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Inspiration 10`                          | 10.11             | Win32    | `TechEdology Ltd`                         |
 | `JAWS for Windows`                        | 2022.2112.24      | Win32    | `Freedom Scientific`                      |
 | `Kite Student Portal`                     | 9.0.0.0           | Win32    | `Dynamic Learning Maps`                   |
+| `Keyman`                                  | 16.0.138          | Win32    | `SIL International`
 | `Kortext`                                 | 2.3.433.0         | `Store`  | `Kortext`                                 |
 | `Kurzweil 3000 Assistive Learning`        | 20.13.0000        | Win32    | `Kurzweil Educational Systems`            |
 | `LanSchool Classic`                       | 9.1.0.46          | Win32    | `Stoneware, Inc.`                         |
@@ -125,7 +127,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Microsoft Connect`                       | 10.0.22000.1      | `Store`  | `Microsoft`                               |
 | `Mozilla Firefox`                         | 105.0.0           | Win32    | `Mozilla`                                 |
 | `NAPLAN`                                  | 2.5.0             | Win32    | `NAP`                                     |
-| `Netref Student`                          | 22.2.0            | Win32    | `NetRef`                                  |
+| `Netref Student`                          | 23.1.0            | Win32    | `NetRef`                                  |
 | `NetSupport Manager`                      | 12.01.0014        | Win32    | `NetSupport`                              |
 | `NetSupport Notify`                       | 5.10.1.215        | Win32    | `NetSupport`                              |
 | `NetSupport School`                       | 14.00.0012        | Win32    | `NetSupport`                              |
@@ -143,11 +145,11 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | `Senso.Cloud`                             | 2021.11.15.0      | Win32    | `Senso.Cloud`                             |
 | `Smoothwall Monitor`                      | 2.9.2             | Win32    | `Smoothwall Ltd`                          |
 | `SuperNova Magnifier & Screen Reader`     | 21.02             | Win32    | `Dolphin Computer Access`                 |
-| `SuperNova Magnifier & Speech`            | 21.02             | Win32    | `Dolphin Computer Access`                 |
+| `SuperNova Magnifier & Speech`            | 21.03             | Win32    | `Dolphin Computer Access`                 |
 |`TX Secure Browser`                        | 15.0.0            | Win32    | `Cambium Development`                     |
 | `VitalSourceBookShelf`                    | 10.2.26.0         | Win32    | `VitalSource Technologies Inc`            |
 | `Winbird`                                 | 19                | Win32    | `Winbird Co., Ltd.`                       |
-| `WordQ`                                   | 5.4.23            | Win32    | `Mathetmots`                              |
+| `WordQ`                                   | 5.4.23            | Win32    | `WordQ`                                   |
 | `Zoom`                                    | 5.12.8 (10232)    | Win32    | `Zoom`                                    |
 | `ZoomText Fusion`                         | 2022.2109.10      | Win32    | `Freedom Scientific`                      |
 | `ZoomText Magnifier/Reader`               | 2022.2109.25      | Win32    | `Freedom Scientific`                      |

includes/ai-disclaimer-generic.md

@@ -0,0 +1,10 @@
+---
+author: aczechowski
+ms.author: aaroncz
+ms.date: 03/31/2023
+ms.topic: include
+ms.prod: windows-client
+---
+
+> [!NOTE]
+> This article was partially created with the help of artificial intelligence. Before publishing, an author reviewed and revised the content as needed. For more information, see [Our principles for using AI-generated content in Microsoft Learn](/azure/principles-for-ai-generated-content).

store-for-business/acquire-apps-microsoft-store-for-business.md

@@ -16,7 +16,7 @@ ms.date: 07/21/2021
 # Acquire apps in Microsoft Store for Business and Education
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

store-for-business/add-profile-to-devices.md

@@ -19,7 +19,7 @@ ms.localizationpriority: medium
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Windows Autopilot simplifies device set up for IT Admins. For an overview of benefits, scenarios, and prerequisites, see [Overview of Windows Autopilot](/windows/deployment/windows-autopilot/windows-10-autopilot).
 

store-for-business/app-inventory-management-microsoft-store-for-business.md

@@ -3,12 +3,12 @@ title: App inventory management for Microsoft Store for Business and Microsoft S
 description: You can manage all apps that you've acquired on your Apps & Software page.
 ms.assetid: 44211937-801B-4B85-8810-9CA055CDB1B2
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.date: 07/21/2021
 ---
@@ -20,7 +20,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can manage all apps that you've acquired on your **Apps & software** page. This page shows all of the content you've acquired, including apps that from Microsoft Store, and line-of-business (LOB) apps that you've accepted into your inventory. After LOB apps are submitted to your organization, you'll see a notification on your **Apps & software** page. On the **New LOB apps** tab, you can accept, or reject the LOB apps. For more information on LOB apps, see [Working with line-of-business apps](working-with-line-of-business-apps.md). The inventory page includes apps acquired by all people in your organization with the Store for Business Admin role. 
 

store-for-business/apps-in-microsoft-store-for-business.md

@@ -3,12 +3,12 @@ title: Apps in Microsoft Store for Business and Education (Windows 10)
 description: Microsoft Store for Business has thousands of apps from many different categories.
 ms.assetid: CC5641DA-3CEA-4950-AD81-1AF1AE876926
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education has thousands of apps from many different categories.
 

store-for-business/assign-apps-to-employees.md

@@ -3,12 +3,12 @@ title: Assign apps to employees (Windows 10)
 description: Administrators can assign online-licensed apps to employees and students in their organization.
 ms.assetid: A0DF4EC2-BE33-41E1-8832-DBB0EBECA31A
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Admins, Purchasers, and Basic Purchasers can assign online-licensed apps to employees or students in their organization.
 

store-for-business/billing-payments-overview.md

@@ -5,19 +5,19 @@ keywords: billing, payment methods, invoices, credit card, debit card
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
 ms.reviewer: 
-manager: dansimp
 ---
 
 # Billing and payments
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Access invoices and managed your payment methods.
 

store-for-business/billing-profile.md

@@ -5,19 +5,19 @@ keywords: billing profile, invoices, charges, managed charges
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: trudyha
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
 ms.reviewer: 
-manager: dansimp
 ---
 
 # Understand billing profiles
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 For commercial customers purchasing software or hardware products from Microsoft using a Microsoft customer agreement, billing profiles let you customize what products are included on your invoice, and how you pay your invoices. 
 

store-for-business/billing-understand-your-invoice-msfb.md

@@ -4,19 +4,19 @@ description: Learn how to read and understand your MCA bill
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: trudyha
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
 ms.reviewer: 
-manager: dansimp
 ---
 
 # Understand your Microsoft Customer Agreement invoice
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 The invoice provides a summary of your charges and provides instructions for payment. It's available for
 download in the Portable Document Format (.pdf) for commercial customers from Microsoft Store for Business [Microsoft Store for Business - Invoice](https://businessstore.microsoft.com/manage/payments-billing/invoices) or can be sent via email. This article applies to invoices generated for a Microsoft Customer Agreement billing account. Check if you have a [Microsoft Customer Agreement](https://businessstore.microsoft.com/manage/organization/agreements).

store-for-business/configure-mdm-provider-microsoft-store-for-business.md

@@ -3,12 +3,12 @@ title: Configure an MDM provider (Windows 10)
 description: For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses.
 ms.assetid: B3A45C8C-A96C-4254-9659-A9B364784673
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 For companies or organizations using mobile device management (MDM) tools, those tools can synchronize with Microsoft Store for Business inventory to manage apps with offline licenses. Store for Business management tool services work with your third-party management tool to manage content.
 

store-for-business/distribute-apps-from-your-private-store.md

@@ -3,12 +3,12 @@ title: Distribute apps using your private store (Windows 10)
 description: The private store is a feature in Microsoft Store for Business and Microsoft Store for Education that organizations receive during the signup process.
 ms.assetid: C4644035-845C-4C84-87F0-D87EA8F5BA19
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 The private store is a feature in Microsoft Store for Business and Education that organizations receive during the signup process. When admins add apps to the private store, all employees in the organization can view and download the apps. Your private store is available as a tab in Microsoft Store app, and is usually named for your company or organization. Only apps with online licenses can be added to the private store.
 

store-for-business/distribute-apps-to-your-employees-microsoft-store-for-business.md

@@ -3,12 +3,12 @@ title: Distribute apps to your employees from the Microsoft Store for Business a
 description: Distribute apps to your employees from Microsoft Store for Business or Microsoft Store for Education. You can assign apps to employees,or let employees install them from your private store.
 ms.assetid: E591497C-6DFA-49C1-8329-4670F2164E9E
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Distribute apps to your employees from Microsoft Store for Business and Microsoft Store for Education. You can assign apps to employees, or let employees install them from your private store.
 

store-for-business/distribute-apps-with-management-tool.md

@@ -3,12 +3,12 @@ title: Distribute apps with a management tool (Windows 10)
 description: You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
 ms.assetid: 006F5FB1-E688-4769-BD9A-CFA6F5829016
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can configure a mobile device management (MDM) tool to synchronize your Microsoft Store for Business or Microsoft Store for Education inventory. Microsoft Store management tool services work with MDM tools to manage content.
 

store-for-business/distribute-offline-apps.md

@@ -3,12 +3,12 @@ title: Distribute offline apps (Windows 10)
 description: Offline licensing is a new licensing option for Windows 10.
 ms.assetid: 6B9F6876-AA66-4EE4-A448-1371511AC95E
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 - Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 > 
 Offline licensing is a new licensing option for Windows 10 with Microsoft Store for Business and Microsoft Store for Education. With offline licenses, organizations can download apps and their licenses to deploy within their network, or on devices that are not connected to the Internet. ISVs or devs can opt-in their apps for offline licensing when they submit them to the Windows Dev Center. Only apps that are opted in to offline licensing will show that they are available for offline licensing in Microsoft Store for Business and Microsoft Store for Education. This model allows organizations to deploy apps when users or devices do not have connectivity to the Store.
 

store-for-business/find-and-acquire-apps-overview.md

@@ -3,12 +3,12 @@ title: Find and acquire apps (Windows 10)
 description: Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
 ms.assetid: 274A5003-5F15-4635-BB8B-953953FD209A
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Use the Microsoft Store for Business and Education to find apps for your organization. You can also work with developers to create line-of-business apps that are only available to your organization.
 

store-for-business/index.md

@@ -20,7 +20,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Welcome to the Microsoft Store for Business and Education! You can use Microsoft Store to find, acquire, distribute, and manage apps for your organization or school.
 

store-for-business/manage-access-to-private-store.md

@@ -3,12 +3,12 @@ title: Manage access to private store (Windows 10)
 description: You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
 ms.assetid: 4E00109C-2782-474D-98C0-02A05BE613A5
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.date: 07/21/2021
 ---
@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can manage access to your private store in Microsoft Store for Business and Microsoft Store for Education.
 

store-for-business/manage-apps-microsoft-store-for-business-overview.md

@@ -3,12 +3,12 @@ title: Manage products and services in Microsoft Store for Business (Windows 10)
 description: Manage apps, software, devices, products and services in Microsoft Store for Business.
 ms.assetid: 2F65D4C3-B02C-41CC-92F0-5D9937228202
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Manage products and services in Microsoft Store for Business and Microsoft Store for Education. This includes apps, software, products, devices, and services available under **Products & services**. 
 

store-for-business/manage-orders-microsoft-store-for-business.md

@@ -4,19 +4,19 @@ description: You can view your order history with Microsoft Store for Business o
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
 ms.reviewer: 
-manager: dansimp
 ---
 
 # Manage app orders in Microsoft Store for Business and Education
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 After you've acquired apps, you can review order information and invoices on **Order history**. On this page, you can view invoices, and request refunds.
 

store-for-business/manage-private-store-settings.md

@@ -3,12 +3,12 @@ title: Manage private store settings (Windows 10)
 description: The private store is a feature in the Microsoft Store for Business and Microsoft Store for Education that organizations receive during the sign up process.
 ms.assetid: 2D501538-0C6E-4408-948A-2BF5B05F7A0C
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.date: 07/21/2021
 ms.localizationpriority: medium
@@ -21,7 +21,7 @@ ms.localizationpriority: medium
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 The private store is a feature in Microsoft Store for Business and Education that organizations receive during the sign up process. When admins add apps to the private store, all people in the organization can view and download the apps. Only online-licensed apps can be distributed from your private store.
 

store-for-business/manage-settings-microsoft-store-for-business.md

@@ -3,12 +3,12 @@ title: Manage settings for Microsoft Store for Business and Microsoft Store for
 description: You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.
 ms.assetid: E3283D77-4DB2-40A9-9479-DDBC33D5A895
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can add users and groups, as well as update some of the settings associated with the Azure Active Directory (AD) tenant.
 

store-for-business/manage-users-and-groups-microsoft-store-for-business.md

@@ -3,12 +3,12 @@ title: Manage user accounts in Microsoft Store for Business and Microsoft Store
 description: Microsoft Store for Business and Microsoft Store for Education manages permissions with a set of roles. Currently, you can assign these roles to individuals in your organization, but not to groups.
 ms.assetid: 5E7FA071-CABD-4ACA-8AAE-F549EFCE922F
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education manages permissions with a set of roles. Currently, you can [assign these roles to individuals in your organization](roles-and-permissions-microsoft-store-for-business.md), but not to groups.
 

store-for-business/microsoft-store-for-business-education-powershell-module.md

@@ -4,13 +4,13 @@ description: Preview version of PowerShell module
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
 ms.reviewer: 
-manager: dansimp
 ---
 
 # Microsoft Store for Business and Education PowerShell module - preview
@@ -19,7 +19,7 @@ manager: dansimp
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education PowerShell module (preview) is now available on [PowerShell Gallery](https://go.microsoft.com/fwlink/?linkid=853459).
 

store-for-business/microsoft-store-for-business-overview.md

@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 - Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

store-for-business/notifications-microsoft-store-business.md

@@ -4,12 +4,12 @@ description: Notifications alert you to issues or outages with Microsoft Store f
 keywords: notifications, alerts
 ms.assetid: 
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -23,7 +23,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Microsoft Store for Education use a set of notifications to alert admins if there is an issue or outage with Microsoft Store. 
 

store-for-business/payment-methods.md

@@ -5,19 +5,19 @@ keywords: payment method, credit card, debit card, add credit card, update payme
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: trudyha
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
 ms.reviewer: 
-manager: dansimp
 ---
 
 # Payment methods
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 You can purchase products and services from Microsoft Store for Business using your credit card. You can enter your credit card information on **Payment methods**, or when you purchase an app. We currently accept these credit cards:
 - VISA

store-for-business/prerequisites-microsoft-store-for-business.md

@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

store-for-business/release-history-microsoft-store-business-education.md

@@ -4,18 +4,18 @@ description: Know the release history of Microsoft Store for Business and Micros
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.date: 07/21/2021
 ms.reviewer: 
-manager: dansimp
 ---
 
 # Microsoft Store for Business and Education release history
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education regularly releases new and improved features. Here's a summary of new or updated features in previous releases.
 

store-for-business/roles-and-permissions-microsoft-store-for-business.md

@@ -22,7 +22,7 @@ ms.date: 07/21/2021
 - Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 > [!IMPORTANT]
 > Starting on April 14th, 2021, only free apps will be available in Microsoft Store for Business and Education. For more information, see [Microsoft Store for Business and Education](index.md).

store-for-business/settings-reference-microsoft-store-for-business.md

@@ -3,12 +3,12 @@ title: Settings reference Microsoft Store for Business and Education (Windows 10
 description: The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.
 ms.assetid: 34F7FA2B-B848-454B-AC00-ECA49D87B678
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -17,7 +17,7 @@ ms.date: 07/21/2021
 # Settings reference: Microsoft Store for Business and Education
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 
 The Microsoft Store for Business and Education has a group of settings that admins use to manage the store.

store-for-business/sign-up-microsoft-store-for-business-overview.md

@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 IT admins can sign up for Microsoft Store for Business and Education, and get started working with apps.
 

store-for-business/troubleshoot-microsoft-store-for-business.md

@@ -3,12 +3,12 @@ title: Troubleshoot Microsoft Store for Business (Windows 10)
 description: Troubleshooting topics for Microsoft Store for Business.
 ms.assetid: 243755A3-9B20-4032-9A77-2207320A242A
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 -   Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Troubleshooting topics for Microsoft Store for Business.
 

store-for-business/update-microsoft-store-for-business-account-settings.md

@@ -5,19 +5,18 @@ keywords: billing accounts, organization info
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
-ms.reviewer: 
-manager: dansimp
 ---
 
 # Update Billing account settings
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 A billing account contains defining information about your organization. 
 

store-for-business/whats-new-microsoft-store-business-education.md

@@ -4,18 +4,18 @@ description: Learn about newest features in Microsoft Store for Business and Mic
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.date: 07/21/2021
 ms.reviewer: 
-manager: dansimp
 ---
 
 # What's new in Microsoft Store for Business and Education
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Microsoft Store for Business and Education regularly releases new and improved features.  
 

store-for-business/working-with-line-of-business-apps.md

@@ -3,12 +3,12 @@ title: Working with line-of-business apps (Windows 10)
 description: Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your organization – they might be internal business apps, or apps specific to your school, business, or industry.
 ms.assetid: 95EB7085-335A-447B-84BA-39C26AEB5AC7
 ms.reviewer: 
-manager: dansimp
 ms.mktglfcycl: manage
 ms.sitesec: library
 ms.pagetype: store
-author: TrudyHa
+ms.author: cmcatee
-ms.author: TrudyHa
+author: cmcatee-MSFT
+manager: scotv
 ms.topic: conceptual
 ms.localizationpriority: medium
 ms.date: 07/21/2021
@@ -21,7 +21,7 @@ ms.date: 07/21/2021
 - Windows 10
 
 > [!IMPORTANT]
-> Microsoft Store for Business and Microsoft Store for Education will be retired in the first quarter of 2023. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. You can continue to use the current capabilities of free apps until that time. For more information about this change, see [Update to Intune integration with the Microsoft Store on Windows](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077) and [FAQ: Supporting Microsoft Store experiences on managed devices](https://techcommunity.microsoft.com/t5/windows-management/faq-supporting-microsoft-store-experiences-on-managed-devices/m-p/3585286).
 
 Your company or school can make line-of-business (LOB) applications available through Microsoft Store for Business or Microsoft Store for Education. These apps are custom to your school or organization – they might be internal apps, or apps specific to your school, business, or industry.
 

windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md

@@ -18,17 +18,17 @@ ms.technology: itpro-apps
 The following are known issues and workarounds for Application Virtualization (App-V) running on Windows 10, version 1607.
  
 ## Windows Installer packages (.msi files) generated by the App-V sequencer (version 5.1 and earlier) fail to install on computers with the in-box App-V client
-There are MSI packages generated by an App-V sequencer from previous versions of App-V (Versions 5.1 and earlier). These packages include a check to validate whether the App-V client is installed on client devices, before allowing the MSI package to be installed. As the App-V client gets installed automatically when you upgrade user devices to Windows 10, version 1607, the pre-requisite check fails and causes the MSI to fail.
+There are MSI packages generated by an App-V sequencer from previous versions of App-V (Versions 5.1 and earlier). These packages include a check to validate whether the App-V client is installed on client devices, before allowing the MSI package to be installed. As the App-V client gets installed automatically when you upgrade user devices to Windows 10, version 1607, the prerequisite check fails and causes the MSI to fail.
 
 **Workaround**:
 
-1. Install the latest App-V sequencer, which you can get from the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607. See [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
+1. Install the latest App-V sequencer, which you can get from the Windows Assessment and Deployment Kit (ADK) for Windows 10, version 1607. See [Download the Windows ADK](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit). For more information, see [Install the App-V Sequencer](appv-install-the-sequencer.md).
 
 2. Ensure that you've installed the **MSI Tools** included in the Windows 10 SDK, available as follows:
 
-    - For the **Visual Studio Community 2015 with Update 3** client, which includes the latest Windows 10 SDK and developer tools, see [Downloads and tools for Windows 10](https://developer.microsoft.com/en-us/windows/downloads).
+    - For the **Visual Studio Community 2015 with Update 3** client, which includes the latest Windows 10 SDK and developer tools, see [Downloads and tools for Windows 10](https://developer.microsoft.com/windows/downloads).
     
-    - For the standalone Windows 10 SDK without other tools, see [Standalone Windows 10 SDK](https://developer.microsoft.com/en-US/windows/downloads/windows-10-sdk).
+    - For the standalone Windows 10 SDK without other tools, see [Standalone Windows SDK](https://developer.microsoft.com/windows/downloads/windows-sdk).
 
 3. Copy msidb.exe from the default path of the Windows SDK installation (**C:\Program Files (x86)\Windows Kits\10**) to a different directory. For example: **C:\MyMsiTools\bin**
 
@@ -36,7 +36,7 @@ There are MSI packages generated by an App-V sequencer from previous versions of
  
     <Windows Kits 10 installation folder>**\Microsoft Application Virtualization\Sequencer\\** 
 
-    By default, this path will be:<br>**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** 
+    By default, this path is:<br>**C:\Program Files (x86)\Windows Kits\10\Microsoft Application Virtualization\Sequencer** 
 
 5. Run the following command:
 
@@ -51,7 +51,7 @@ An error is generated during publishing refresh when synchronizing packages from
 **Workaround**: Upgrade the App-V 5.0 Management server to the App-V Management server for Windows 10 Clients.
 
 ## Custom configurations don't get applied for packages that will be published globally if they're set using the App-V Server
-If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration won't be applied to those machines. The App-V Client will publish packages assigned to a machine account globally. However, it stores custom configuration files per user in each user’s profile. Globally published packages won't have access to this custom configuration.
+If you assign a package to an AD group that contains machine accounts and apply a custom configuration to that group using the App-V Server, the custom configuration won't be applied to those machines. The App-V Client publishes packages assigned to a machine account globally. However, it stores custom configuration files per user in each user’s profile. Globally published packages won't have access to this custom configuration.
 
 **Workaround**: Implement one of the following tasks:
 
@@ -69,23 +69,23 @@ If you uninstall the App-V 5.0 SP1 Server and then install the App-V Server, the
 
 Under HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Uninstall, locate and delete the installation GUID key that contains the DWORD value "DisplayName" with value data "Microsoft Application Virtualization (App-V) Server". This is the only key that should be deleted.
 
-## File type associations added manually are not saved correctly
+## File type associations added manually aren't saved correctly
 
 File type associations added to an application package manually using the Shortcuts and FTAs tab at the end of the application upgrade wizard aren't saved correctly. They won't be available to the App-V Client or to the Sequencer when updating the saved package again.
 
-**Workaround**: To add a file type association, open the package for modification and run the update wizard. During the Installation step, add the new file type association through the operating system. The sequencer will detect the new association in the system registry and add it to the package’s virtual registry, where it will be available to the client.
+**Workaround**: To add a file type association, open the package for modification and run the update wizard. During the Installation step, add the new file type association through the operating system. The sequencer detects the new association in the system registry and adds it to the package’s virtual registry, where it is available to the client.
 
-## When streaming packages in Shared Content Store (SCS) mode to a client that is also managed with AppLocker, additional data is written to the local disk.
+## When streaming packages in Shared Content Store (SCS) mode to a client that is also managed with AppLocker, extra data is written to the local disk.
 
 To decrease the amount of data written to a client’s local disk, you can enable SCS mode on the App-V Client to stream the contents of a package on demand. However, if AppLocker manages an application within the package, some data might be written to the client’s local disk that wouldn't otherwise be written.
 
 **Workaround**: None
 
-## In the Management Console Add Package dialog box, the Browse button is not available when using Chrome or Firefox
+## In the Management Console Add Package dialog box, the Browse button isn't available when using Chrome or Firefox
 
-On the Packages page of the Management Console, if you click **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you're accessing the Management Console using Chrome or Firefox as your browser, you will not be able to browse to the location of the package.
+On the Packages page of the Management Console, if you select **Add or Upgrade** in the lower-right corner, the **Add Package** dialog box appears. If you're accessing the Management Console using Chrome or Firefox as your browser, you won't be able to browse to the location of the package.
 
-**Workaround**: Type or copy and paste the path to the package into the **Add Package** input field. If the Management Console has access to this path, you will be able to add the package. If the package is on a network share, you can browse to the location using File Explorer by doing these steps:
+**Workaround**: Type or copy and paste the path to the package into the **Add Package** input field. If the Management Console has access to this path, you'll be able to add the package. If the package is on a network share, you can browse to the location using File Explorer by doing these steps:
 
 1.  While pressing **Shift**, right-click on the package file
 
@@ -102,10 +102,10 @@ If you install the App-V 5.0 SP1 Management Server, and then try to upgrade to A
 
 where “AppVManagement” is the name of the database.
 
-## Users cannot open a package in a user-published connection group if you add or remove an optional package
+## Users can't open a package in a user-published connection group if you add or remove an optional package
-In environments that are running the RDS Client or that have multiple concurrent users per computer, logged-in users cannot open applications in packages that are in a user-published connection group if an optional package is added to or removed from the connection group.
+In environments that are running the RDS Client or that have multiple concurrent users per computer, logged-in users can't open applications in packages that are in a user-published connection group if an optional package is added to or removed from the connection group.
 
-**Workaround**: Have users log out and then log back in.
+**Workaround**: Have users sign out and then log back in.
 
 ## Error message is erroneously displayed when the connection group is published only to the user
 When you run Repair-AppvClientConnectionGroup, the following error is displayed, even when the connection group is published only to the user: “Internal App-V Integration error: Package not integrated for the user. Ensure that the package is added to the machine and published to the user.”
@@ -114,7 +114,7 @@ When you run Repair-AppvClientConnectionGroup, the following error is displayed,
 
 -   Publish all packages in a connection group.
 
-    The problem arises when the connection group being repaired has packages that are missing or not available to the user (that is, not published globally or to the user). However, the repair will work if all of the connection group’s packages are available, so ensure that all packages are published.
+    The problem arises when the connection group being repaired has packages that are missing or not available to the user (that is, not published globally or to the user). However, the repair works if all of the connection group’s packages are available, so ensure that all packages are published.
 
 -   Repair packages individually using the Repair-AppvClientPackage command rather than the Repair-AppvClientConnectionGroup command.
 
@@ -128,22 +128,22 @@ When you run Repair-AppvClientConnectionGroup, the following error is displayed,
 
 ## Icons not displayed properly in Sequencer
 
-Icons in the Shortcuts and File Type Associations tab are not displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons is not 16x16 or 32x32.
+Icons in the Shortcuts and File Type Associations tab aren't displayed correctly when modifying a package in the App-V Sequencer. This problem occurs when the size of the icons isn't 16x16 or 32x32.
 
 **Workaround**: Only use icons that are 16x16 or 32x32.
 
 ## InsertVersionInfo.sql script no longer required for the Management Database
-The InsertVersionInfo.sql script is not required for versions of the App-V management database later than App-V 5.0 SP3.
+The InsertVersionInfo.sql script isn't required for versions of the App-V management database later than App-V 5.0 SP3.
 
 ## Microsoft Visual Studio 2012 not supported
 App-V doesn't support Visual Studio 2012.
 
 **Workaround**: Use a newer version of Microsoft Visual Studio.
 
-Currently, Visual Studio 2012 doesn't support app virtualization, whether using Microsoft App-V or third party solutions such as VMWare ThinApp. While it is possible you might find that Visual Studio works well enough for your purposes when running within one of these environments, we are unable to address any bugs or issues found when running in a virtualized environment at this time.
+Currently, Visual Studio 2012 doesn't support app virtualization, whether using Microsoft App-V or third party solutions such as VMware ThinApp. While it's possible you might find that Visual Studio works well for your purposes when running within one of these environments, we're unable to address any bugs or issues found when running in a virtualized environment at this time.
 
 ## Application filename restrictions for App-V Sequencer
-The App-V Sequencer cannot sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.
+The App-V Sequencer can't sequence applications with filenames matching "CO_&lt;x&gt;" where x is any numeral. Error 0x8007139F will be generated.
 
 **Workaround**: Use a different filename
 
@@ -152,9 +152,9 @@ For information that can help with troubleshooting App-V for Windows 10, see:
 - [Application Virtualization (App-V): List of Microsoft Support Knowledge Base Articles](https://social.technet.microsoft.com/wiki/contents/articles/14272.app-v-v5-x-list-of-microsoft-support-knowledge-base-articles.aspx)
 - [The Official Microsoft App-V Team Blog](/archive/blogs/appv/)
 - [Technical Reference for App-V](./appv-technical-reference.md)
-- [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv)
+- [App-V TechNet Forum](https://social.technet.microsoft.com/forums/en-us/home?forum=mdopappv) <!-- locale required by target site :( -->
 
 
-<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv).
+<br>For App-V issues, use the [App-V TechNet Forum](https://social.technet.microsoft.com/Forums/en-US/home?forum=mdopappv). <!-- locale required by target site :( -->
 
 <a href="https://github.com/Microsoft/windows-itpro-docs/blob/master/CONTRIBUTING.md" class="button big">Help us to improve</a>

windows/application-management/apps-in-windows-10.md

@@ -71,9 +71,9 @@ There are different types of apps that can run on your Windows client devices. T
 
   Using an MDM provider, you can create shortcuts to your web apps and progressive web apps on devices.
 
-## Android™️ apps
+## Android™️ apps
 
-Starting with Windows 11, users in the [Windows Insider program](https://insider.windows.com/) can use the Microsoft Store to search, download, and install Android™️ apps. This feature uses the Windows Subsystem for Android, and allows users to interact with Android apps, just like others apps installed from the Microsoft Store.
+Starting with Windows 11, users in the [Windows Insider program](https://insider.windows.com/) can use the Microsoft Store to search, download, and install Android™️ apps. This feature uses the Windows Subsystem for Android, and allows users to interact with Android apps, just like others apps installed from the Microsoft Store.
 
 For more information, see:
 
@@ -85,7 +85,7 @@ For more information, see:
 When your apps are ready, you can add or deploy these apps to your Windows devices. This section lists some common options.
 
 > [!NOTE]
-> Microsoft Store for Business and Microsoft Store for Education will be retired on March 31, 2023. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11.
+> The retirement of Microsoft Store for Business and Microsoft Store for Education has been postponed. We will update this notice when a new retirement date is announced. Customers may continue to use the current capabilities for free apps until that time. There will be no support for Microsoft Store for Business and Education for Windows 11.
 >Visit [Evolving the Microsoft Store for Business and Education](https://aka.ms/windows/msfb_evolution) for more information about the new Microsoft Store experience for both Windows 11 and Windows 10, and learn about other options for getting and managing apps.
 
 - **Manually install**: On your devices, users can install apps from the Microsoft Store, from the internet, and from an organization shared drive. These apps, and more, are listed in **Settings** > **Apps** > **Apps and Features**.

windows/application-management/private-app-repository-mdm-company-portal-windows-11.md

@@ -4,7 +4,7 @@ description: Use the Company Portal app in Windows 11 devices to access the priv
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
-ms.date: 09/15/2021
+ms.date: 04/04/2023
 ms.topic: article
 ms.prod: windows-client
 ms.technology: itpro-apps
@@ -59,7 +59,7 @@ To install the Company Portal app, you have some options:
   For more information, see:
   
   - [Endpoint Management at Microsoft](/mem/endpoint-manager-overview)
-  - [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-windows)
+  - [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-microsoft)
   - [What is co-management?](/mem/configmgr/comanage/overview)
   - [Use the Company Portal app on co-managed devices](/mem/configmgr/comanage/company-portal)
 

windows/client-management/mdm/applicationcontrol-csp.md

@@ -947,8 +947,8 @@ The ApplicationControl CSP can also be managed locally from PowerShell or via Co
 
     ```powershell
     $namespace = "root\cimv2\mdm\dmmap"
-        $policyClassName = "MDM_AppControl_Policies"
+    $policyClassName = "MDM_ApplicationControl_Policies01_01"
-        $policyBase64 = …
+    $policyBase64 = "<base64policy>"
     ```
 
 ### Deploying a policy via WMI Bridge

windows/client-management/mdm/bitlocker-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the BitLocker CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -176,7 +176,7 @@ require reinstallation of Windows.
 > [!NOTE]
 > This policy takes effect only if "RequireDeviceEncryption" policy is set to 1.
 
-The expected values for this policy are
+The expected values for this policy are:
 
 1 = This is the default, when the policy is not set. **Warning** prompt and encryption notification is allowed.
 0 = Disables the warning prompt and encryption notification. Starting in Windows 10, next major update,
@@ -317,11 +317,16 @@ Supported Values: 0 - Numeric Recovery Passwords rotation OFF.
 
 <!-- Device-EncryptionMethodByDriveType-Description-Begin -->
 <!-- Description-Source-ADMX -->
-This policy setting allows you to configure the algorithm and cipher strength used by BitLocker Drive Encryption. This policy setting is applied when you turn on BitLocker. Changing the encryption method has no effect if the drive is already encrypted, or if encryption is in progress.
+This policy setting configures whether BitLocker protection is required for a computer to be able to write data to a removable data drive.
 
-- If you enable this policy setting you will be able to configure an encryption algorithm and key cipher strength for fixed data drives, operating system drives, and removable data drives individually. For fixed and operating system drives, we recommend that you use the XTS-AES algorithm. For removable drives, you should use AES-CBC 128-bit or AES-CBC 256-bit if the drive will be used in other devices that are not running Windows 10 (Version 1511).
+- If you enable this policy setting, all removable data drives that are not BitLocker-protected will be mounted as read-only. If the drive is protected by BitLocker, it will be mounted with read and write access.
 
-- If you disable or do not configure this policy setting, BitLocker will use AES with the same bit strength (128-bit or 256-bit) as the "Choose drive encryption method and cipher strength (Windows Vista, Windows Server 2008, Windows 7)" and "Choose drive encryption method and cipher strength" policy settings (in that order), if they are set. If none of the policies are set, BitLocker will use the default encryption method of XTS-AES 128-bit or the encryption method specified by the setup script."
+If the "Deny write access to devices configured in another organization" option is selected, only drives with identification fields matching the computer's identification fields will be given write access. When a removable data drive is accessed it will be checked for valid identification field and allowed identification fields. These fields are defined by the "Provide the unique identifiers for your organization" policy setting.
+
+- If you disable or do not configure this policy setting, all removable data drives on the computer will be mounted with read and write access.
+
+> [!NOTE]
+> This policy setting can be overridden by the policy settings under User Configuration\Administrative Templates\System\Removable Storage Access. If the "Removable Disks: Deny write access" policy setting is enabled this policy setting will be ignored.
 <!-- Device-EncryptionMethodByDriveType-Description-End -->
 
 <!-- Device-EncryptionMethodByDriveType-Editable-Begin -->
@@ -369,11 +374,12 @@ Sample value for this node to enable this policy and set the encryption methods
 
 | Name | Value |
 |:--|:--|
-| Name | EncryptionMethodWithXts_Name |
+| Name | RDVDenyWriteAccess_Name |
-| Friendly Name | Choose drive encryption method and cipher strength (Windows 10 [Version 1511] and later) |
+| Friendly Name | Deny write access to removable drives not protected by BitLocker |
 | Location | Computer Configuration |
-| Path | Windows Components > BitLocker Drive Encryption |
+| Path | Windows Components > BitLocker Drive Encryption > Removable Data Drives |
-| Registry Key Name | SOFTWARE\Policies\Microsoft\FVE |
+| Registry Key Name | System\CurrentControlSet\Policies\Microsoft\FVE |
+| Registry Value Name | RDVDenyWriteAccess |
 | ADMX File Name | VolumeEncryption.admx |
 <!-- Device-EncryptionMethodByDriveType-AdmxBacked-End -->
 
@@ -1578,10 +1584,10 @@ The Windows touch keyboard (such as that used by tablets) isn't available in the
 
 - If this policy is not enabled, the Windows Recovery Environment must be enabled on tablets to support the entry of the BitLocker recovery password. When the Windows Recovery Environment is not enabled and this policy is not enabled, you cannot turn on BitLocker on a device that uses the Windows touch keyboard.
 
-**Note** that if you do not enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include
+**Note** that if you do not enable this policy setting, options in the "Require additional authentication at startup" policy might not be available on such devices. These options include:
-- Configure TPM startup PIN Required/Allowed
+  - Configure TPM startup PIN: Required/Allowed
-- Configure TPM startup key and PIN Required/Allowed
+  - Configure TPM startup key and PIN: Required/Allowed
-- Configure use of passwords for operating system drives.
+  - Configure use of passwords for operating system drives.
 <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Description-End -->
 
 <!-- Device-SystemDrivesEnablePrebootInputProtectorsOnSlates-Editable-Begin -->

windows/client-management/mdm/bitlocker-ddf-file.md

@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/22/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -179,7 +179,7 @@ The following XML file contains the device description framework (DDF) for the B
           <MIME />
         </DFType>
         <MSFT:AllowedValues ValueType="ADMX">
-          <MSFT:AdmxBacked Area="VolumeEncryption~AT~WindowsComponents~FVECategory~FVERDVCategory" Name="EncryptionMethodWithXts_Name" File="VolumeEncryption.admx" />
+          <MSFT:AdmxBacked Area="VolumeEncryption~AT~WindowsComponents~FVECategory~FVERDVCategory" Name="RDVDenyWriteAccess_Name" File="VolumeEncryption.admx" />
         </MSFT:AllowedValues>
       </DFProperties>
     </Node>

windows/client-management/mdm/defender-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the Defender CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -58,6 +58,7 @@ The following list shows the Defender configuration service provider nodes:
     - [EnableFileHashComputation](#configurationenablefilehashcomputation)
     - [EngineUpdatesChannel](#configurationengineupdateschannel)
     - [HideExclusionsFromLocalAdmins](#configurationhideexclusionsfromlocaladmins)
+    - [HideExclusionsFromLocalUsers](#configurationhideexclusionsfromlocalusers)
     - [IntelTDTEnabled](#configurationinteltdtenabled)
     - [MeteredConnectionUpdates](#configurationmeteredconnectionupdates)
     - [PassiveRemediation](#configurationpassiveremediation)
@@ -65,6 +66,7 @@ The following list shows the Defender configuration service provider nodes:
     - [RandomizeScheduleTaskTimes](#configurationrandomizescheduletasktimes)
     - [ScanOnlyIfIdleEnabled](#configurationscanonlyifidleenabled)
     - [SchedulerRandomizationTime](#configurationschedulerrandomizationtime)
+    - [SecuredDevicesConfiguration](#configurationsecureddevicesconfiguration)
     - [SecurityIntelligenceUpdatesChannel](#configurationsecurityintelligenceupdateschannel)
     - [SupportLogLocation](#configurationsupportloglocation)
     - [TamperProtection](#configurationtamperprotection)
@@ -1622,7 +1624,7 @@ Enable this policy to specify when devices receive Microsoft Defender engine upd
 
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy setting controls whether or not exclusions are visible to local admins. For end users (that are not local admins) exclusions are not visible, whether or not this setting is enabled.
+This policy setting controls whether or not exclusions are visible to local admins. To control local users exclusions visibility use HideExclusionsFromLocalUsers. If HideExclusionsFromLocalAdmins is set then HideExclusionsFromLocalUsers will be implicitly set.
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Description-End -->
 
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-Editable-Begin -->
@@ -1656,6 +1658,55 @@ This policy setting controls whether or not exclusions are visible to local admi
 
 <!-- Device-Configuration-HideExclusionsFromLocalAdmins-End -->
 
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-Begin -->
+### Configuration/HideExclusionsFromLocalUsers
+
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-Applicability-End -->
+
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/HideExclusionsFromLocalUsers
+```
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-OmaUri-End -->
+
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-Description-Begin -->
+<!-- Description-Source-DDF -->
+This policy setting controls whether or not exclusions are visible to local users. If HideExclusionsFromLocalAdmins is set then this policy will be implicitly set.
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-Description-End -->
+
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-Editable-End -->
+
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | 0 |
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-DFProperties-End -->
+
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 1 | If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell. |
+| 0 (Default) | If you disable or do not configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell. |
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-AllowedValues-End -->
+
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-Examples-End -->
+
+<!-- Device-Configuration-HideExclusionsFromLocalUsers-End -->
+
 <!-- Device-Configuration-IntelTDTEnabled-Begin -->
 ### Configuration/IntelTDTEnabled
 
@@ -1696,6 +1747,7 @@ This policy setting configures the Intel TDT integration level for Intel TDT-cap
 | Value | Description |
 |:--|:--|
 | 0 (Default) | If you do not configure this setting, the default value will be applied. The default value is controlled by Microsoft security intelligence updates. Microsoft will enable Intel TDT if there is a known threat. |
+| 1 | If you configure this setting to enabled, Intel TDT integration will turn on. |
 | 2 | If you configure this setting to disabled, Intel TDT integration will turn off. |
 <!-- Device-Configuration-IntelTDTEnabled-AllowedValues-End -->
 
@@ -1996,6 +2048,45 @@ This setting allows you to configure the scheduler randomization in hours. The r
 
 <!-- Device-Configuration-SchedulerRandomizationTime-End -->
 
+<!-- Device-Configuration-SecuredDevicesConfiguration-Begin -->
+### Configuration/SecuredDevicesConfiguration
+
+<!-- Device-Configuration-SecuredDevicesConfiguration-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows 10, version 1809 [10.0.17763] and later |
+<!-- Device-Configuration-SecuredDevicesConfiguration-Applicability-End -->
+
+<!-- Device-Configuration-SecuredDevicesConfiguration-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/Defender/Configuration/SecuredDevicesConfiguration
+```
+<!-- Device-Configuration-SecuredDevicesConfiguration-OmaUri-End -->
+
+<!-- Device-Configuration-SecuredDevicesConfiguration-Description-Begin -->
+<!-- Description-Source-DDF -->
+Defines what are the devices primary ids that should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration is not set the default value will be applied, meaning all of the supported devices will be secured.
+<!-- Device-Configuration-SecuredDevicesConfiguration-Description-End -->
+
+<!-- Device-Configuration-SecuredDevicesConfiguration-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-Configuration-SecuredDevicesConfiguration-Editable-End -->
+
+<!-- Device-Configuration-SecuredDevicesConfiguration-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Add, Delete, Get, Replace |
+<!-- Device-Configuration-SecuredDevicesConfiguration-DFProperties-End -->
+
+<!-- Device-Configuration-SecuredDevicesConfiguration-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-Configuration-SecuredDevicesConfiguration-Examples-End -->
+
+<!-- Device-Configuration-SecuredDevicesConfiguration-End -->
+
 <!-- Device-Configuration-SecurityIntelligenceUpdatesChannel-Begin -->
 ### Configuration/SecurityIntelligenceUpdatesChannel
 

windows/client-management/mdm/defender-ddf.md

@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -1852,7 +1852,7 @@ The following XML file contains the device description framework (DDF) for the D
             <Replace />
           </AccessType>
           <DefaultValue>0</DefaultValue>
-          <Description>This policy setting controls whether or not exclusions are visible to local admins.  For end users (that are not local admins) exclusions are not visible, whether or not this setting is enabled.</Description>
+          <Description>This policy setting controls whether or not exclusions are visible to local admins. To control local users exlcusions visibility use HideExclusionsFromLocalUsers. If HideExclusionsFromLocalAdmins is set then HideExclusionsFromLocalUsers will be implicitly set.</Description>
           <DFFormat>
             <int />
           </DFFormat>
@@ -1881,6 +1881,45 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>HideExclusionsFromLocalUsers</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <DefaultValue>0</DefaultValue>
+          <Description>This policy setting controls whether or not exclusions are visible to local users. If HideExclusionsFromLocalAdmins is set then this policy will be implicitly set.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>If you enable this setting, local users will no longer be able to see the exclusion list in Windows Security App or via PowerShell.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>If you disable or do not configure this setting, local users will be able to see exclusions in the Windows Security App and via PowerShell.</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>ThrottleForScheduledScanOnly</NodeName>
         <DFProperties>
@@ -2010,6 +2049,36 @@ The following XML file contains the device description framework (DDF) for the D
           </MSFT:AllowedValues>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>SecuredDevicesConfiguration</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <Description>Defines what are the devices primary ids that should be secured by Defender Device Control. The primary id values should be pipe (|) separated. Example: RemovableMediaDevices|CdRomDevices. If this configuration is not set the default value will be applied, meaning all of the supported devices will be secured.</Description>
+          <DFFormat>
+            <chr />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:Applicability>
+            <MSFT:OsBuildVersion>10.0.17763</MSFT:OsBuildVersion>
+            <MSFT:CspVersion>1.3</MSFT:CspVersion>
+          </MSFT:Applicability>
+          <MSFT:AllowedValues ValueType="None">
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
       <Node>
         <NodeName>DataDuplicationLocalRetentionPeriod</NodeName>
         <DFProperties>
@@ -2197,6 +2266,10 @@ The following XML file contains the device description framework (DDF) for the D
               <MSFT:Value>0</MSFT:Value>
               <MSFT:ValueDescription>If you do not configure this setting, the default value will be applied. The default value is controlled by Microsoft security intelligence updates. Microsoft will enable Intel TDT if there is a known threat.</MSFT:ValueDescription>
             </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>If you configure this setting to enabled, Intel TDT integration will turn on.</MSFT:ValueDescription>
+            </MSFT:Enum>
             <MSFT:Enum>
               <MSFT:Value>2</MSFT:Value>
               <MSFT:ValueDescription>If you configure this setting to disabled, Intel TDT integration will turn off.</MSFT:ValueDescription>

windows/client-management/mdm/devicepreparation-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the DevicePreparation CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -31,6 +31,8 @@ The following list shows the DevicePreparation configuration service provider no
     - [ClassID](#bootstrapperagentclassid)
     - [ExecutionContext](#bootstrapperagentexecutioncontext)
     - [InstallationStatusUri](#bootstrapperagentinstallationstatusuri)
+  - [MDMProvider](#mdmprovider)
+    - [Progress](#mdmproviderprogress)
   - [PageEnabled](#pageenabled)
   - [PageSettings](#pagesettings)
   - [PageStatus](#pagestatus)
@@ -192,6 +194,84 @@ This node holds a URI that can be queried for the status of the Bootstrapper Age
 
 <!-- Device-BootstrapperAgent-InstallationStatusUri-End -->
 
+<!-- Device-MDMProvider-Begin -->
+## MDMProvider
+
+<!-- Device-MDMProvider-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- Device-MDMProvider-Applicability-End -->
+
+<!-- Device-MDMProvider-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/DevicePreparation/MDMProvider
+```
+<!-- Device-MDMProvider-OmaUri-End -->
+
+<!-- Device-MDMProvider-Description-Begin -->
+<!-- Description-Source-DDF -->
+The subnode configures the settings for the MDMProvider.
+<!-- Device-MDMProvider-Description-End -->
+
+<!-- Device-MDMProvider-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-MDMProvider-Editable-End -->
+
+<!-- Device-MDMProvider-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+<!-- Device-MDMProvider-DFProperties-End -->
+
+<!-- Device-MDMProvider-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-MDMProvider-Examples-End -->
+
+<!-- Device-MDMProvider-End -->
+
+<!-- Device-MDMProvider-Progress-Begin -->
+### MDMProvider/Progress
+
+<!-- Device-MDMProvider-Progress-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- Device-MDMProvider-Progress-Applicability-End -->
+
+<!-- Device-MDMProvider-Progress-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/DevicePreparation/MDMProvider/Progress
+```
+<!-- Device-MDMProvider-Progress-OmaUri-End -->
+
+<!-- Device-MDMProvider-Progress-Description-Begin -->
+<!-- Description-Source-DDF -->
+Noode for reporting progress status as opaque data.
+<!-- Device-MDMProvider-Progress-Description-End -->
+
+<!-- Device-MDMProvider-Progress-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-MDMProvider-Progress-Editable-End -->
+
+<!-- Device-MDMProvider-Progress-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get, Replace |
+<!-- Device-MDMProvider-Progress-DFProperties-End -->
+
+<!-- Device-MDMProvider-Progress-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-MDMProvider-Progress-Examples-End -->
+
+<!-- Device-MDMProvider-Progress-End -->
+
 <!-- Device-PageEnabled-Begin -->
 ## PageEnabled
 
@@ -297,7 +377,7 @@ This node configures specific settings for the Device Preparation page.
 
 <!-- Device-PageStatus-Description-Begin -->
 <!-- Description-Source-DDF -->
-This node provides status of the Device Preparation page. Values are an enum: 0 = Disabled; 1 = Enabled; 2 = InProgress; 3 = Succeeded; 4 = Failed.
+This node provides status of the Device Preparation page. Values are an enum: 0 = Disabled; 1 = Enabled; 2 = InProgress; 3 = ExitedOnSuccess; 4 = ExitedOnFailure.
 <!-- Device-PageStatus-Description-End -->
 
 <!-- Device-PageStatus-Editable-Begin -->

windows/client-management/mdm/devicepreparation-ddf-file.md

@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -89,7 +89,7 @@ The following XML file contains the device description framework (DDF) for the D
         <AccessType>
           <Get />
         </AccessType>
-        <Description>This node provides status of the Device Preparation page.  Values are an enum: 0 = Disabled; 1 = Enabled;  2 = InProgress; 3 = Succeeded; 4 = Failed.</Description>
+        <Description>This node provides status of the Device Preparation page.  Values are an enum: 0 = Disabled; 1 = Enabled;  2 = InProgress; 3 = ExitedOnSuccess; 4 = ExitedOnFailure.</Description>
         <DFFormat>
           <int />
         </DFFormat>
@@ -243,6 +243,49 @@ The following XML file contains the device description framework (DDF) for the D
         </DFProperties>
       </Node>
     </Node>
+    <Node>
+      <NodeName>MDMProvider</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <Description>The subnode configures the settings for the MDMProvider.</Description>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <DDFName />
+        </DFType>
+      </DFProperties>
+      <Node>
+        <NodeName>Progress</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+            <Replace />
+          </AccessType>
+          <Description>Noode for reporting progress status as opaque data.</Description>
+          <DFFormat>
+            <chr />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
+    </Node>
   </Node>
 </MgmtTree>
 ```

windows/client-management/mdm/dynamicmanagement-csp.md

@@ -9,9 +9,6 @@ author: vinaypamnani-msft
 ms.date: 06/26/2017
 ms.reviewer:
 manager: aaroncz
-ms.collection:
-  - highpri
-  - tier2
 ---
 
 # DynamicManagement CSP

windows/client-management/mdm/firewall-ddf-file.md

@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/27/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2848,6 +2848,214 @@ The following XML file contains the device description framework (DDF) for the F
             </MSFT:AllowedValues>
             <MSFT:AtomicRequired />
           </DFProperties>
+          <Node>
+            <NodeName>EnableFirewall</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Replace />
+              </AccessType>
+              <DefaultValue>true</DefaultValue>
+              <Description>This value is an on/off switch for the firewall and advanced security enforcement. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="ENUM">
+                <MSFT:Enum>
+                  <MSFT:Value>false</MSFT:Value>
+                  <MSFT:ValueDescription>Disable Firewall</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>true</MSFT:Value>
+                  <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                </MSFT:Enum>
+              </MSFT:AllowedValues>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>DefaultOutboundAction</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Replace />
+              </AccessType>
+              <DefaultValue>0</DefaultValue>
+              <Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="ENUM">
+                <MSFT:Enum>
+                  <MSFT:Value>0</MSFT:Value>
+                  <MSFT:ValueDescription>Allow Outbound By Default</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>1</MSFT:Value>
+                  <MSFT:ValueDescription>Block Outbound By Default</MSFT:ValueDescription>
+                </MSFT:Enum>
+              </MSFT:AllowedValues>
+              <MSFT:DependencyBehavior>
+                <MSFT:DependencyGroup FriendlyId="Enable Firewall">
+                  <MSFT:Dependency Type="DependsOn">
+                    <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall</MSFT:DependencyUri>
+                    <MSFT:DependencyAllowedValue ValueType="ENUM">
+                      <MSFT:Enum>
+                        <MSFT:Value>true</MSFT:Value>
+                        <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                      </MSFT:Enum>
+                    </MSFT:DependencyAllowedValue>
+                  </MSFT:Dependency>
+                </MSFT:DependencyGroup>
+              </MSFT:DependencyBehavior>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>DefaultInboundAction</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Replace />
+              </AccessType>
+              <DefaultValue>1</DefaultValue>
+              <Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block]. This value controls the settings for all profiles. It is recommended to instead use the profile setting value under the profile subtree.</Description>
+              <DFFormat>
+                <int />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="ENUM">
+                <MSFT:Enum>
+                  <MSFT:Value>0</MSFT:Value>
+                  <MSFT:ValueDescription>Allow Inbound By Default</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>1</MSFT:Value>
+                  <MSFT:ValueDescription>Block Inbound By Default</MSFT:ValueDescription>
+                </MSFT:Enum>
+              </MSFT:AllowedValues>
+              <MSFT:DependencyBehavior>
+                <MSFT:DependencyGroup FriendlyId="Enable Firewall">
+                  <MSFT:Dependency Type="DependsOn">
+                    <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall</MSFT:DependencyUri>
+                    <MSFT:DependencyAllowedValue ValueType="ENUM">
+                      <MSFT:Enum>
+                        <MSFT:Value>true</MSFT:Value>
+                        <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                      </MSFT:Enum>
+                    </MSFT:DependencyAllowedValue>
+                  </MSFT:Dependency>
+                </MSFT:DependencyGroup>
+              </MSFT:DependencyBehavior>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>EnableLoopback</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Replace />
+              </AccessType>
+              <DefaultValue>false</DefaultValue>
+              <Description>This value is an on/off switch for loopback traffic. This determines if this VM is able to send/receive loopback traffic to other VMs or the host.</Description>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="ENUM">
+                <MSFT:Enum>
+                  <MSFT:Value>false</MSFT:Value>
+                  <MSFT:ValueDescription>Disable loopback</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>true</MSFT:Value>
+                  <MSFT:ValueDescription>Enable loopback</MSFT:ValueDescription>
+                </MSFT:Enum>
+              </MSFT:AllowedValues>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>AllowHostPolicyMerge</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Replace />
+              </AccessType>
+              <DefaultValue>true</DefaultValue>
+              <Description>This value is used as an on/off switch. If this value is true, applicable host firewall rules and settings will be applied to Hyper-V firewall.</Description>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="ENUM">
+                <MSFT:Enum>
+                  <MSFT:Value>false</MSFT:Value>
+                  <MSFT:ValueDescription>AllowHostPolicyMerge Off</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>true</MSFT:Value>
+                  <MSFT:ValueDescription>AllowHostPolicyMerge On</MSFT:ValueDescription>
+                </MSFT:Enum>
+              </MSFT:AllowedValues>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>DomainProfile</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <DDFName />
+              </DFType>
+            </DFProperties>
             <Node>
               <NodeName>EnableFirewall</NodeName>
               <DFProperties>
@@ -2914,7 +3122,7 @@ The following XML file contains the device description framework (DDF) for the F
                 <MSFT:DependencyBehavior>
                   <MSFT:DependencyGroup FriendlyId="Enable Firewall">
                     <MSFT:Dependency Type="DependsOn">
-                    <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall</MSFT:DependencyUri>
+                      <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/DomainProfile/EnableFirewall</MSFT:DependencyUri>
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
@@ -2960,7 +3168,7 @@ The following XML file contains the device description framework (DDF) for the F
                 <MSFT:DependencyBehavior>
                   <MSFT:DependencyGroup FriendlyId="Enable Firewall">
                     <MSFT:Dependency Type="DependsOn">
-                    <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/EnableFirewall</MSFT:DependencyUri>
+                      <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/DomainProfile/EnableFirewall</MSFT:DependencyUri>
                       <MSFT:DependencyAllowedValue ValueType="ENUM">
                         <MSFT:Enum>
                           <MSFT:Value>true</MSFT:Value>
@@ -2973,13 +3181,13 @@ The following XML file contains the device description framework (DDF) for the F
               </DFProperties>
             </Node>
             <Node>
-            <NodeName>EnableLoopback</NodeName>
+              <NodeName>AllowLocalPolicyMerge</NodeName>
               <DFProperties>
                 <AccessType>
                   <Replace />
                 </AccessType>
-              <DefaultValue>false</DefaultValue>
+                <DefaultValue>true</DefaultValue>
-              <Description>This value is an on/off switch for loopback traffic. This determines if this VM type is able to send/receive loopback traffic.</Description>
+                <Description>This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced.  The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.</Description>
                 <DFFormat>
                   <bool />
                 </DFFormat>
@@ -2995,15 +3203,407 @@ The following XML file contains the device description framework (DDF) for the F
                 <MSFT:AllowedValues ValueType="ENUM">
                   <MSFT:Enum>
                     <MSFT:Value>false</MSFT:Value>
-                  <MSFT:ValueDescription>Disable loopback</MSFT:ValueDescription>
+                    <MSFT:ValueDescription>AllowLocalPolicyMerge Off</MSFT:ValueDescription>
                   </MSFT:Enum>
                   <MSFT:Enum>
                     <MSFT:Value>true</MSFT:Value>
-                  <MSFT:ValueDescription>Enable loopback</MSFT:ValueDescription>
+                    <MSFT:ValueDescription>AllowLocalPolicyMerge On</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                </MSFT:AllowedValues>
+                <MSFT:DependencyBehavior>
+                  <MSFT:DependencyGroup FriendlyId="Enable Firewall">
+                    <MSFT:Dependency Type="DependsOn">
+                      <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/DomainProfile/EnableFirewall</MSFT:DependencyUri>
+                      <MSFT:DependencyAllowedValue ValueType="ENUM">
+                        <MSFT:Enum>
+                          <MSFT:Value>true</MSFT:Value>
+                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                        </MSFT:Enum>
+                      </MSFT:DependencyAllowedValue>
+                    </MSFT:Dependency>
+                  </MSFT:DependencyGroup>
+                </MSFT:DependencyBehavior>
+              </DFProperties>
+            </Node>
+          </Node>
+          <Node>
+            <NodeName>PrivateProfile</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <DDFName />
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>EnableFirewall</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Replace />
+                </AccessType>
+                <DefaultValue>true</DefaultValue>
+                <Description>This value is an on/off switch for the firewall and advanced security enforcement.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME />
+                </DFType>
+                <MSFT:AllowedValues ValueType="ENUM">
+                  <MSFT:Enum>
+                    <MSFT:Value>false</MSFT:Value>
+                    <MSFT:ValueDescription>Disable Firewall</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                  <MSFT:Enum>
+                    <MSFT:Value>true</MSFT:Value>
+                    <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
                   </MSFT:Enum>
                 </MSFT:AllowedValues>
               </DFProperties>
             </Node>
+            <Node>
+              <NodeName>DefaultOutboundAction</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DefaultValue>0</DefaultValue>
+                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME />
+                </DFType>
+                <MSFT:AllowedValues ValueType="ENUM">
+                  <MSFT:Enum>
+                    <MSFT:Value>0</MSFT:Value>
+                    <MSFT:ValueDescription>Allow Outbound By Default</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                  <MSFT:Enum>
+                    <MSFT:Value>1</MSFT:Value>
+                    <MSFT:ValueDescription>Block Outbound By Default</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                </MSFT:AllowedValues>
+                <MSFT:DependencyBehavior>
+                  <MSFT:DependencyGroup FriendlyId="Enable Firewall">
+                    <MSFT:Dependency Type="DependsOn">
+                      <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PrivateProfile/EnableFirewall</MSFT:DependencyUri>
+                      <MSFT:DependencyAllowedValue ValueType="ENUM">
+                        <MSFT:Enum>
+                          <MSFT:Value>true</MSFT:Value>
+                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                        </MSFT:Enum>
+                      </MSFT:DependencyAllowedValue>
+                    </MSFT:Dependency>
+                  </MSFT:DependencyGroup>
+                </MSFT:DependencyBehavior>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>DefaultInboundAction</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DefaultValue>1</DefaultValue>
+                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME />
+                </DFType>
+                <MSFT:AllowedValues ValueType="ENUM">
+                  <MSFT:Enum>
+                    <MSFT:Value>0</MSFT:Value>
+                    <MSFT:ValueDescription>Allow Inbound By Default</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                  <MSFT:Enum>
+                    <MSFT:Value>1</MSFT:Value>
+                    <MSFT:ValueDescription>Block Inbound By Default</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                </MSFT:AllowedValues>
+                <MSFT:DependencyBehavior>
+                  <MSFT:DependencyGroup FriendlyId="Enable Firewall">
+                    <MSFT:Dependency Type="DependsOn">
+                      <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PrivateProfile/EnableFirewall</MSFT:DependencyUri>
+                      <MSFT:DependencyAllowedValue ValueType="ENUM">
+                        <MSFT:Enum>
+                          <MSFT:Value>true</MSFT:Value>
+                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                        </MSFT:Enum>
+                      </MSFT:DependencyAllowedValue>
+                    </MSFT:Dependency>
+                  </MSFT:DependencyGroup>
+                </MSFT:DependencyBehavior>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>AllowLocalPolicyMerge</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Replace />
+                </AccessType>
+                <DefaultValue>true</DefaultValue>
+                <Description>This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced.  The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME />
+                </DFType>
+                <MSFT:AllowedValues ValueType="ENUM">
+                  <MSFT:Enum>
+                    <MSFT:Value>false</MSFT:Value>
+                    <MSFT:ValueDescription>AllowLocalPolicyMerge Off</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                  <MSFT:Enum>
+                    <MSFT:Value>true</MSFT:Value>
+                    <MSFT:ValueDescription>AllowLocalPolicyMerge On</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                </MSFT:AllowedValues>
+                <MSFT:DependencyBehavior>
+                  <MSFT:DependencyGroup FriendlyId="Enable Firewall">
+                    <MSFT:Dependency Type="DependsOn">
+                      <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PrivateProfile/EnableFirewall</MSFT:DependencyUri>
+                      <MSFT:DependencyAllowedValue ValueType="ENUM">
+                        <MSFT:Enum>
+                          <MSFT:Value>true</MSFT:Value>
+                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                        </MSFT:Enum>
+                      </MSFT:DependencyAllowedValue>
+                    </MSFT:Dependency>
+                  </MSFT:DependencyGroup>
+                </MSFT:DependencyBehavior>
+              </DFProperties>
+            </Node>
+          </Node>
+          <Node>
+            <NodeName>PublicProfile</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+              </AccessType>
+              <DFFormat>
+                <node />
+              </DFFormat>
+              <Occurrence>
+                <One />
+              </Occurrence>
+              <Scope>
+                <Permanent />
+              </Scope>
+              <DFType>
+                <DDFName />
+              </DFType>
+            </DFProperties>
+            <Node>
+              <NodeName>EnableFirewall</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Replace />
+                </AccessType>
+                <DefaultValue>true</DefaultValue>
+                <Description>This value is an on/off switch for the firewall and advanced security enforcement.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME />
+                </DFType>
+                <MSFT:AllowedValues ValueType="ENUM">
+                  <MSFT:Enum>
+                    <MSFT:Value>false</MSFT:Value>
+                    <MSFT:ValueDescription>Disable Firewall</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                  <MSFT:Enum>
+                    <MSFT:Value>true</MSFT:Value>
+                    <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                </MSFT:AllowedValues>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>DefaultOutboundAction</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DefaultValue>0</DefaultValue>
+                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on outbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 0 [Allow].</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME />
+                </DFType>
+                <MSFT:AllowedValues ValueType="ENUM">
+                  <MSFT:Enum>
+                    <MSFT:Value>0</MSFT:Value>
+                    <MSFT:ValueDescription>Allow Outbound By Default</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                  <MSFT:Enum>
+                    <MSFT:Value>1</MSFT:Value>
+                    <MSFT:ValueDescription>Block Outbound By Default</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                </MSFT:AllowedValues>
+                <MSFT:DependencyBehavior>
+                  <MSFT:DependencyGroup FriendlyId="Enable Firewall">
+                    <MSFT:Dependency Type="DependsOn">
+                      <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PublicProfile/EnableFirewall</MSFT:DependencyUri>
+                      <MSFT:DependencyAllowedValue ValueType="ENUM">
+                        <MSFT:Enum>
+                          <MSFT:Value>true</MSFT:Value>
+                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                        </MSFT:Enum>
+                      </MSFT:DependencyAllowedValue>
+                    </MSFT:Dependency>
+                  </MSFT:DependencyGroup>
+                </MSFT:DependencyBehavior>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>DefaultInboundAction</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Get />
+                  <Replace />
+                </AccessType>
+                <DefaultValue>1</DefaultValue>
+                <Description>This value is the action that the firewall does by default (and evaluates at the very end) on inbound connections. The allow action is represented by 0x00000000; 0x00000001 represents a block action. Default value is 1 [Block].</Description>
+                <DFFormat>
+                  <int />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME />
+                </DFType>
+                <MSFT:AllowedValues ValueType="ENUM">
+                  <MSFT:Enum>
+                    <MSFT:Value>0</MSFT:Value>
+                    <MSFT:ValueDescription>Allow Inbound By Default</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                  <MSFT:Enum>
+                    <MSFT:Value>1</MSFT:Value>
+                    <MSFT:ValueDescription>Block Inbound By Default</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                </MSFT:AllowedValues>
+                <MSFT:DependencyBehavior>
+                  <MSFT:DependencyGroup FriendlyId="Enable Firewall">
+                    <MSFT:Dependency Type="DependsOn">
+                      <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PublicProfile/EnableFirewall</MSFT:DependencyUri>
+                      <MSFT:DependencyAllowedValue ValueType="ENUM">
+                        <MSFT:Enum>
+                          <MSFT:Value>true</MSFT:Value>
+                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                        </MSFT:Enum>
+                      </MSFT:DependencyAllowedValue>
+                    </MSFT:Dependency>
+                  </MSFT:DependencyGroup>
+                </MSFT:DependencyBehavior>
+              </DFProperties>
+            </Node>
+            <Node>
+              <NodeName>AllowLocalPolicyMerge</NodeName>
+              <DFProperties>
+                <AccessType>
+                  <Replace />
+                </AccessType>
+                <DefaultValue>true</DefaultValue>
+                <Description>This value is used as an on/off switch. If this value is false, firewall rules from the local store are ignored and not enforced.  The merge law for this option is to always use the value of the GroupPolicyRSoPStore. This value is valid for all schema versions.</Description>
+                <DFFormat>
+                  <bool />
+                </DFFormat>
+                <Occurrence>
+                  <One />
+                </Occurrence>
+                <Scope>
+                  <Dynamic />
+                </Scope>
+                <DFType>
+                  <MIME />
+                </DFType>
+                <MSFT:AllowedValues ValueType="ENUM">
+                  <MSFT:Enum>
+                    <MSFT:Value>false</MSFT:Value>
+                    <MSFT:ValueDescription>AllowLocalPolicyMerge Off</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                  <MSFT:Enum>
+                    <MSFT:Value>true</MSFT:Value>
+                    <MSFT:ValueDescription>AllowLocalPolicyMerge On</MSFT:ValueDescription>
+                  </MSFT:Enum>
+                </MSFT:AllowedValues>
+                <MSFT:DependencyBehavior>
+                  <MSFT:DependencyGroup FriendlyId="Enable Firewall">
+                    <MSFT:Dependency Type="DependsOn">
+                      <MSFT:DependencyUri>Vendor/MSFT/Firewall/MdmStore/HyperVVMSettings/[VMCreatorId]/PublicProfile/EnableFirewall</MSFT:DependencyUri>
+                      <MSFT:DependencyAllowedValue ValueType="ENUM">
+                        <MSFT:Enum>
+                          <MSFT:Value>true</MSFT:Value>
+                          <MSFT:ValueDescription>Enable Firewall</MSFT:ValueDescription>
+                        </MSFT:Enum>
+                      </MSFT:DependencyAllowedValue>
+                    </MSFT:Dependency>
+                  </MSFT:DependencyGroup>
+                </MSFT:DependencyBehavior>
+              </DFProperties>
+            </Node>
+          </Node>
         </Node>
       </Node>
       <Node>
@@ -3231,7 +3831,8 @@ ServiceName</Description>
               <DFType>
                 <MIME />
               </DFType>
-              <MSFT:AllowedValues ValueType="None">
+              <MSFT:AllowedValues ValueType="RegEx">
+                <MSFT:Value>^[0-9,-]+$</MSFT:Value>
                 <MSFT:List Delimiter="," />
               </MSFT:AllowedValues>
             </DFProperties>
@@ -3258,7 +3859,8 @@ ServiceName</Description>
               <DFType>
                 <MIME />
               </DFType>
-              <MSFT:AllowedValues ValueType="None">
+              <MSFT:AllowedValues ValueType="RegEx">
+                <MSFT:Value>^[0-9,-]+$</MSFT:Value>
                 <MSFT:List Delimiter="," />
               </MSFT:AllowedValues>
             </DFProperties>
@@ -3396,7 +3998,7 @@ An IPv6 address range in the format of "start address - end address" with no spa
                 <MIME />
               </DFType>
               <MSFT:Applicability>
-                <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+                <MSFT:OsBuildVersion>10.0.22000, 10.0.19044.1706, 10.0.19043.1706, 10.0.19042.1706</MSFT:OsBuildVersion>
                 <MSFT:CspVersion>1.0</MSFT:CspVersion>
               </MSFT:Applicability>
               <MSFT:AllowedValues ValueType="RegEx">
@@ -4022,7 +4624,8 @@ An IPv6 address range in the format of "start address - end address" with no spa
               <DFType>
                 <MIME />
               </DFType>
-              <MSFT:AllowedValues ValueType="None">
+              <MSFT:AllowedValues ValueType="RegEx">
+                <MSFT:Value>^[0-9,-]+$</MSFT:Value>
                 <MSFT:List Delimiter="," />
               </MSFT:AllowedValues>
             </DFProperties>
@@ -4081,7 +4684,8 @@ An IPv6 address range in the format of "start address - end address" with no spa
               <DFType>
                 <MIME />
               </DFType>
-              <MSFT:AllowedValues ValueType="None">
+              <MSFT:AllowedValues ValueType="RegEx">
+                <MSFT:Value>^[0-9,-]+$</MSFT:Value>
                 <MSFT:List Delimiter="," />
               </MSFT:AllowedValues>
             </DFProperties>
@@ -4197,16 +4801,15 @@ If not specified - a new rule is disabled by default.</Description>
             </DFProperties>
           </Node>
           <Node>
-            <NodeName>Name</NodeName>
+            <NodeName>Profiles</NodeName>
             <DFProperties>
               <AccessType>
-                <Add />
-                <Delete />
                 <Get />
                 <Replace />
               </AccessType>
+              <Description>Specifies the profiles to which the rule belongs: Domain, Private, Public.  See FW_PROFILE_TYPE for the bitmasks that are used to identify profile types.  If not specified, the default is All.</Description>
               <DFFormat>
-                <chr />
+                <int />
               </DFFormat>
               <Occurrence>
                 <One />
@@ -4217,6 +4820,192 @@ If not specified - a new rule is disabled by default.</Description>
               <DFType>
                 <MIME />
               </DFType>
+              <MSFT:AllowedValues ValueType="Flag">
+                <MSFT:Enum>
+                  <MSFT:Value>0x1</MSFT:Value>
+                  <MSFT:ValueDescription>FW_PROFILE_TYPE_DOMAIN:  This value represents the profile for networks that are connected to domains.</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>0x2</MSFT:Value>
+                  <MSFT:ValueDescription>FW_PROFILE_TYPE_STANDARD:  This value represents the standard profile for networks. These networks are classified as private by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are behind Network Address Translation (NAT) devices, routers, and other edge devices, and they are in a private location, such as a home or an office. AND FW_PROFILE_TYPE_PRIVATE:  This value represents the profile for private networks, which is represented by the same value as that used for FW_PROFILE_TYPE_STANDARD.</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>0x4</MSFT:Value>
+                  <MSFT:ValueDescription>FW_PROFILE_TYPE_PUBLIC:  This value represents the profile for public networks. These networks are classified as public by the administrators in the server host. The classification happens the first time the host connects to the network. Usually these networks are those at airports, coffee shops, and other public places where the peers in the network or the network administrator are not trusted.</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>0x7FFFFFFF</MSFT:Value>
+                  <MSFT:ValueDescription>FW_PROFILE_TYPE_ALL:  This value represents all these network sets and any future network sets.</MSFT:ValueDescription>
+                </MSFT:Enum>
+              </MSFT:AllowedValues>
+            </DFProperties>
+          </Node>
+        </Node>
+      </Node>
+      <Node>
+        <NodeName>HyperVLoopbackRules</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>A list of rules controlling loopback traffic through the Windows Firewall. This enforcement is only for traffic from one container to another or to the host device. These rules are all allow rules.</Description>
+          <DFFormat>
+            <node />
+          </DFFormat>
+          <Occurrence>
+            <ZeroOrOne />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <DDFName />
+          </DFType>
+        </DFProperties>
+        <Node>
+          <NodeName>
+          </NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <Description>Unique alpha numeric identifier for the rule.  The rule name must not include a forward slash (/).</Description>
+            <DFFormat>
+              <node />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrMore />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFTitle>RuleName</DFTitle>
+            <DFType>
+              <DDFName />
+            </DFType>
+            <MSFT:DynamicNodeNaming>
+              <MSFT:ServerGeneratedUniqueIdentifier />
+            </MSFT:DynamicNodeNaming>
+            <MSFT:AllowedValues ValueType="RegEx">
+              <MSFT:Value>^[^|/]*$</MSFT:Value>
+            </MSFT:AllowedValues>
+            <MSFT:AtomicRequired />
+          </DFProperties>
+          <Node>
+            <NodeName>SourceVMCreatorId</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Add />
+                <Delete />
+                <Get />
+                <Replace />
+              </AccessType>
+              <Description>This field specifies the VM Creator ID of the source of the traffic that this rule applies to. If not specified, this applies to All.</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="RegEx">
+                <MSFT:Value>\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}</MSFT:Value>
+              </MSFT:AllowedValues>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>DestinationVMCreatorId</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Add />
+                <Delete />
+                <Get />
+                <Replace />
+              </AccessType>
+              <Description>This field specifies the VM Creator ID of the destination of traffic that this rule applies to. If not specified, this applies to All.</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="RegEx">
+                <MSFT:Value>\{[0-9A-Fa-f]{8}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{4}\-[0-9A-Fa-f]{12}\}</MSFT:Value>
+              </MSFT:AllowedValues>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>PortRanges</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Add />
+                <Delete />
+                <Get />
+                <Replace />
+              </AccessType>
+              <Description>Comma Separated list of ranges for eg. 100-120,200,300-320.  If not specified the default is All.</Description>
+              <DFFormat>
+                <chr />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="RegEx">
+                <MSFT:Value>^[0-9,-]+$</MSFT:Value>
+                <MSFT:List Delimiter="," />
+              </MSFT:AllowedValues>
+            </DFProperties>
+          </Node>
+          <Node>
+            <NodeName>Enabled</NodeName>
+            <DFProperties>
+              <AccessType>
+                <Get />
+                <Replace />
+              </AccessType>
+              <Description>Indicates whether the rule is enabled or disabled. If the rule must be enabled, this value must be set to true. If not specified - a new rule is disabled by default.</Description>
+              <DFFormat>
+                <bool />
+              </DFFormat>
+              <Occurrence>
+                <ZeroOrOne />
+              </Occurrence>
+              <Scope>
+                <Dynamic />
+              </Scope>
+              <DFType>
+                <MIME />
+              </DFType>
+              <MSFT:AllowedValues ValueType="ENUM">
+                <MSFT:Enum>
+                  <MSFT:Value>0</MSFT:Value>
+                  <MSFT:ValueDescription>Disabled</MSFT:ValueDescription>
+                </MSFT:Enum>
+                <MSFT:Enum>
+                  <MSFT:Value>1</MSFT:Value>
+                  <MSFT:ValueDescription>Enabled</MSFT:ValueDescription>
+                </MSFT:Enum>
+              </MSFT:AllowedValues>
             </DFProperties>
           </Node>
         </Node>
@@ -4240,7 +5029,7 @@ If not specified - a new rule is disabled by default.</Description>
             <DDFName />
           </DFType>
           <MSFT:Applicability>
-            <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+            <MSFT:OsBuildVersion>10.0.22000, 10.0.19044.1706, 10.0.19043.1706, 10.0.19042.1706</MSFT:OsBuildVersion>
             <MSFT:CspVersion>1.0</MSFT:CspVersion>
           </MSFT:Applicability>
         </DFProperties>

windows/client-management/mdm/laps-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the LAPS CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 03/27/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -112,7 +112,7 @@ Use this setting to tell the CSP to immediately generate and store a new passwor
 
 <!-- Device-Actions-ResetPassword-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
-This action invokes an immediate reset of the local administrator account password, ignoring the normal constraints such as PasswordLengthDays, etc
+This action invokes an immediate reset of the local administrator account password, ignoring the normal constraints such as PasswordLengthDays, etc.
 <!-- Device-Actions-ResetPassword-Editable-End -->
 
 <!-- Device-Actions-ResetPassword-DFProperties-Begin -->
@@ -333,7 +333,7 @@ This setting is ignored if the password is currently being stored in Azure.
 
 This setting is only honored when the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
 
-- If this setting is enabled, and the Active Directory domain meets the DFL prerequisite, the password will be encrypted before before being stored in Active Directory.
+- If this setting is enabled, and the Active Directory domain meets the DFL prerequisite, the password will be encrypted before being stored in Active Directory.
 
 - If this setting is disabled, or the Active Directory domain does not meet the DFL prerequisite, the password will be stored as clear-text in Active Directory.
 
@@ -343,7 +343,7 @@ If not specified, this setting defaults to True.
 <!-- Device-Policies-ADPasswordEncryptionEnabled-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 > [!IMPORTANT]
-> This setting is ignored unless BackupDirectory is configured to back up the password to Active Directory, AND the the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
+> This setting is ignored unless BackupDirectory is configured to back up the password to Active Directory, AND the Active Directory domain is at Windows Server 2016 Domain Functional Level or higher.
 <!-- Device-Policies-ADPasswordEncryptionEnabled-Editable-End -->
 
 <!-- Device-Policies-ADPasswordEncryptionEnabled-DFProperties-Begin -->
@@ -642,8 +642,8 @@ If not specified, this setting defaults to True.
 
 | Value | Description |
 |:--|:--|
-| false | Allow configured password expiriration timestamp to exceed maximum password age. |
+| false | Allow configured password expiration timestamp to exceed maximum password age. |
-| true (Default) | Do not allow configured password expiriration timestamp to exceed maximum password age. |
+| true (Default) | Do not allow configured password expiration timestamp to exceed maximum password age. |
 <!-- Device-Policies-PasswordExpirationProtectionEnabled-AllowedValues-End -->
 
 <!-- Device-Policies-PasswordExpirationProtectionEnabled-Examples-Begin -->

windows/client-management/mdm/passportforwork-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the PassportForWork CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -16,6 +16,9 @@ ms.topic: reference
 <!-- PassportForWork-Begin -->
 # PassportForWork CSP
 
+> [!IMPORTANT]
+> This CSP contains preview policies that are under development and only applicable for [Windows Insider Preview builds](/windows-insider/). These policies are subject to change and may have dependencies on other features or services in preview.
+
 <!-- PassportForWork-Editable-Begin -->
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work). It allows you to log in to Windows using your Active Directory or Azure Active Directory account and replace passwords, smartcards, and virtual smart cards.
@@ -30,6 +33,7 @@ The following list shows the PassportForWork configuration service provider node
 - ./Device/Vendor/MSFT/PassportForWork
   - [{TenantId}](#devicetenantid)
     - [Policies](#devicetenantidpolicies)
+      - [DisablePostLogonProvisioning](#devicetenantidpoliciesdisablepostlogonprovisioning)
       - [EnablePinRecovery](#devicetenantidpoliciesenablepinrecovery)
       - [ExcludeSecurityDevices](#devicetenantidpoliciesexcludesecuritydevices)
         - [TPM12](#devicetenantidpoliciesexcludesecuritydevicestpm12)
@@ -160,6 +164,55 @@ Root node for policies.
 
 <!-- Device-{TenantId}-Policies-End -->
 
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Begin -->
+#### Device/{TenantId}/Policies/DisablePostLogonProvisioning
+
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :heavy_check_mark: Device <br> :x: User | :x: Home <br> :heavy_check_mark: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :heavy_check_mark: Windows SE | :heavy_check_mark: Windows Insider Preview |
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Applicability-End -->
+
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-OmaUri-Begin -->
+```Device
+./Device/Vendor/MSFT/PassportForWork/{TenantId}/Policies/DisablePostLogonProvisioning
+```
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-OmaUri-End -->
+
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Description-Begin -->
+<!-- Description-Source-DDF -->
+Do not start Windows Hello provisioning after sign-in.
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Description-End -->
+
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Editable-End -->
+
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | bool |
+| Access Type | Add, Delete, Get, Replace |
+| Default Value  | False |
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-DFProperties-End -->
+
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| false (Default) | Disabled. |
+| true | Enabled. |
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-AllowedValues-End -->
+
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-Examples-End -->
+
+<!-- Device-{TenantId}-Policies-DisablePostLogonProvisioning-End -->
+
 <!-- Device-{TenantId}-Policies-EnablePinRecovery-Begin -->
 #### Device/{TenantId}/Policies/EnablePinRecovery
 
@@ -1187,8 +1240,8 @@ Enhanced Sign-in Security (ESS) isolates both biometric template data and matchi
 
 | Value | Description |
 |:--|:--|
-| 0 | Enhanced sign-in security will be disabled on all systems. If a user already has a secure Windows Hello enrollment, they will lose their enrollment and must reset PIN, and they will have the option to re-enroll in normal face and fingerprint. Peripheral usage will be enabled by disabling Enhanced sign-in security. OS will not attempt to start secure components, even if the secure hardware and software components are present. (not recommended). |
+| 0 | ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of peripheral Windows Hello capable devices will be allowed, subject to current feature limitations. In addition, with this setting, ESS will be enabled on devices with a mixture of biometric devices, such as an ESS capable FPR and a non-ESS capable camera. (not recommended). |
-| 1 (Default) | Enhanced sign-in security will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. For systems with one secure modality (face or fingerprint) and one insecure modality (fingerprint or face), only the secure sensor can be used for sign-in and the insecure sensor(s) will be blocked. This includes peripheral devices, which are unsupported and will be unusable. (default and recommended for highest security). |
+| 1 (Default) | ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of any peripheral biometric device will be blocked and not available for Windows Hello. (default and recommended for highest security). |
 <!-- Device-Biometrics-EnableESSwithSupportedPeripherals-AllowedValues-End -->
 
 <!-- Device-Biometrics-EnableESSwithSupportedPeripherals-GpMapping-Begin -->

windows/client-management/mdm/passportforwork-ddf.md

@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/24/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -814,6 +814,45 @@ If you disable or do not configure this policy setting, the PIN recovery secret
             </MSFT:AllowedValues>
           </DFProperties>
         </Node>
+        <Node>
+          <NodeName>DisablePostLogonProvisioning</NodeName>
+          <DFProperties>
+            <AccessType>
+              <Add />
+              <Delete />
+              <Get />
+              <Replace />
+            </AccessType>
+            <DefaultValue>False</DefaultValue>
+            <Description>Do not start Windows Hello provisioning after sign-in.</Description>
+            <DFFormat>
+              <bool />
+            </DFFormat>
+            <Occurrence>
+              <ZeroOrOne />
+            </Occurrence>
+            <Scope>
+              <Dynamic />
+            </Scope>
+            <DFType>
+              <MIME />
+            </DFType>
+            <MSFT:Applicability>
+              <MSFT:OsBuildVersion>99.9.99999</MSFT:OsBuildVersion>
+              <MSFT:CspVersion>1.6</MSFT:CspVersion>
+            </MSFT:Applicability>
+            <MSFT:AllowedValues ValueType="ENUM">
+              <MSFT:Enum>
+                <MSFT:Value>false</MSFT:Value>
+                <MSFT:ValueDescription>Disabled</MSFT:ValueDescription>
+              </MSFT:Enum>
+              <MSFT:Enum>
+                <MSFT:Value>true</MSFT:Value>
+                <MSFT:ValueDescription>Enabled</MSFT:ValueDescription>
+              </MSFT:Enum>
+            </MSFT:AllowedValues>
+          </DFProperties>
+        </Node>
         <Node>
           <NodeName>UseCertificateForOnPremAuth</NodeName>
           <DFProperties>
@@ -1507,11 +1546,11 @@ Note that enhanced anti-spoofing for Windows Hello face authentication is not re
           <MSFT:AllowedValues ValueType="ENUM">
             <MSFT:Enum>
               <MSFT:Value>0</MSFT:Value>
-              <MSFT:ValueDescription>Enhanced sign-in security will be disabled on all systems. If a user already has a secure Windows Hello enrollment, they will lose their enrollment and must reset PIN, and they will have the option to re-enroll in normal face and fingerprint. Peripheral usage will be enabled by disabling Enhanced sign-in security. OS will not attempt to start secure components, even if the secure hardware and software components are present. (not recommended)</MSFT:ValueDescription>
+              <MSFT:ValueDescription>ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of peripheral Windows Hello capable devices will be allowed, subject to current feature limitations. In addition, with this setting, ESS will be enabled on devices with a mixture of biometric devices, such as an ESS capable FPR and a non-ESS capable camera. (not recommended)</MSFT:ValueDescription>
             </MSFT:Enum>
             <MSFT:Enum>
               <MSFT:Value>1</MSFT:Value>
-              <MSFT:ValueDescription>Enhanced sign-in security will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. For systems with one secure modality (face or fingerprint) and one insecure modality (fingerprint or face), only the secure sensor can be used for sign-in and the insecure sensor(s) will be blocked. This includes peripheral devices, which are unsupported and will be unusable. (default and recommended for highest security)</MSFT:ValueDescription>
+              <MSFT:ValueDescription>ESS will be enabled on systems with capable software and hardware, following the existing default behavior in Windows. Authentication operations of any peripheral biometric device will be blocked and not available for Windows Hello. (default and recommended for highest security)</MSFT:ValueDescription>
             </MSFT:Enum>
           </MSFT:AllowedValues>
           <MSFT:GpMapping GpEnglishName="Enable ESS with Supported Peripherals" GpAreaPath="Passport~AT~WindowsComponents~MSPassportForWorkCategory" />

windows/client-management/mdm/personaldataencryption-csp.md

@@ -4,7 +4,7 @@ description: Learn more about the PDE CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/28/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -26,7 +26,13 @@ The following list shows the PDE configuration service provider nodes:
 
 - ./User/Vendor/MSFT/PDE
   - [EnablePersonalDataEncryption](#enablepersonaldataencryption)
+  - [ProtectFolders](#protectfolders)
+    - [ProtectDesktop](#protectfoldersprotectdesktop)
+    - [ProtectDocuments](#protectfoldersprotectdocuments)
+    - [ProtectPictures](#protectfoldersprotectpictures)
   - [Status](#status)
+    - [FolderProtectionStatus](#statusfolderprotectionstatus)
+    - [FoldersProtected](#statusfoldersprotected)
     - [PersonalDataEncryptionStatus](#statuspersonaldataencryptionstatus)
 <!-- PDE-Tree-End -->
 
@@ -79,6 +85,188 @@ The [UserDataProtectionManager Class](/uwp/api/windows.security.dataprotection.u
 
 <!-- User-EnablePersonalDataEncryption-End -->
 
+<!-- User-ProtectFolders-Begin -->
+## ProtectFolders
+
+<!-- User-ProtectFolders-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :x: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+<!-- User-ProtectFolders-Applicability-End -->
+
+<!-- User-ProtectFolders-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/PDE/ProtectFolders
+```
+<!-- User-ProtectFolders-OmaUri-End -->
+
+<!-- User-ProtectFolders-Description-Begin -->
+<!-- Description-Source-Not-Found -->
+<!-- User-ProtectFolders-Description-End -->
+
+<!-- User-ProtectFolders-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- User-ProtectFolders-Editable-End -->
+
+<!-- User-ProtectFolders-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | node |
+| Access Type | Get |
+<!-- User-ProtectFolders-DFProperties-End -->
+
+<!-- User-ProtectFolders-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- User-ProtectFolders-Examples-End -->
+
+<!-- User-ProtectFolders-End -->
+
+<!-- User-ProtectFolders-ProtectDesktop-Begin -->
+### ProtectFolders/ProtectDesktop
+
+<!-- User-ProtectFolders-ProtectDesktop-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :x: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+<!-- User-ProtectFolders-ProtectDesktop-Applicability-End -->
+
+<!-- User-ProtectFolders-ProtectDesktop-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/PDE/ProtectFolders/ProtectDesktop
+```
+<!-- User-ProtectFolders-ProtectDesktop-OmaUri-End -->
+
+<!-- User-ProtectFolders-ProtectDesktop-Description-Begin -->
+<!-- Description-Source-DDF -->
+Allows the Admin to enable PDE on Desktop folder. Set to '1' to set this policy.
+<!-- User-ProtectFolders-ProtectDesktop-Description-End -->
+
+<!-- User-ProtectFolders-ProtectDesktop-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- User-ProtectFolders-ProtectDesktop-Editable-End -->
+
+<!-- User-ProtectFolders-ProtectDesktop-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+<!-- User-ProtectFolders-ProtectDesktop-DFProperties-End -->
+
+<!-- User-ProtectFolders-ProtectDesktop-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder. |
+| 1 | Enable PDE on the folder. |
+<!-- User-ProtectFolders-ProtectDesktop-AllowedValues-End -->
+
+<!-- User-ProtectFolders-ProtectDesktop-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- User-ProtectFolders-ProtectDesktop-Examples-End -->
+
+<!-- User-ProtectFolders-ProtectDesktop-End -->
+
+<!-- User-ProtectFolders-ProtectDocuments-Begin -->
+### ProtectFolders/ProtectDocuments
+
+<!-- User-ProtectFolders-ProtectDocuments-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :x: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+<!-- User-ProtectFolders-ProtectDocuments-Applicability-End -->
+
+<!-- User-ProtectFolders-ProtectDocuments-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/PDE/ProtectFolders/ProtectDocuments
+```
+<!-- User-ProtectFolders-ProtectDocuments-OmaUri-End -->
+
+<!-- User-ProtectFolders-ProtectDocuments-Description-Begin -->
+<!-- Description-Source-DDF -->
+Allows the Admin to enable PDE on Documents folder. Set to '1' to set this policy.
+<!-- User-ProtectFolders-ProtectDocuments-Description-End -->
+
+<!-- User-ProtectFolders-ProtectDocuments-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- User-ProtectFolders-ProtectDocuments-Editable-End -->
+
+<!-- User-ProtectFolders-ProtectDocuments-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+<!-- User-ProtectFolders-ProtectDocuments-DFProperties-End -->
+
+<!-- User-ProtectFolders-ProtectDocuments-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder. |
+| 1 | Enable PDE on the folder. |
+<!-- User-ProtectFolders-ProtectDocuments-AllowedValues-End -->
+
+<!-- User-ProtectFolders-ProtectDocuments-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- User-ProtectFolders-ProtectDocuments-Examples-End -->
+
+<!-- User-ProtectFolders-ProtectDocuments-End -->
+
+<!-- User-ProtectFolders-ProtectPictures-Begin -->
+### ProtectFolders/ProtectPictures
+
+<!-- User-ProtectFolders-ProtectPictures-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :x: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+<!-- User-ProtectFolders-ProtectPictures-Applicability-End -->
+
+<!-- User-ProtectFolders-ProtectPictures-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/PDE/ProtectFolders/ProtectPictures
+```
+<!-- User-ProtectFolders-ProtectPictures-OmaUri-End -->
+
+<!-- User-ProtectFolders-ProtectPictures-Description-Begin -->
+<!-- Description-Source-DDF -->
+Allows the Admin to enable PDE on Pictures folder. Set to '1' to set this policy.
+<!-- User-ProtectFolders-ProtectPictures-Description-End -->
+
+<!-- User-ProtectFolders-ProtectPictures-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- User-ProtectFolders-ProtectPictures-Editable-End -->
+
+<!-- User-ProtectFolders-ProtectPictures-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Add, Delete, Get, Replace |
+<!-- User-ProtectFolders-ProtectPictures-DFProperties-End -->
+
+<!-- User-ProtectFolders-ProtectPictures-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder. |
+| 1 | Enable PDE on the folder. |
+<!-- User-ProtectFolders-ProtectPictures-AllowedValues-End -->
+
+<!-- User-ProtectFolders-ProtectPictures-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- User-ProtectFolders-ProtectPictures-Examples-End -->
+
+<!-- User-ProtectFolders-ProtectPictures-End -->
+
 <!-- User-Status-Begin -->
 ## Status
 
@@ -121,6 +309,95 @@ Reports the current status of Personal Data Encryption (PDE) for the user.
 
 <!-- User-Status-End -->
 
+<!-- User-Status-FolderProtectionStatus-Begin -->
+### Status/FolderProtectionStatus
+
+<!-- User-Status-FolderProtectionStatus-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :x: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+<!-- User-Status-FolderProtectionStatus-Applicability-End -->
+
+<!-- User-Status-FolderProtectionStatus-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/PDE/Status/FolderProtectionStatus
+```
+<!-- User-Status-FolderProtectionStatus-OmaUri-End -->
+
+<!-- User-Status-FolderProtectionStatus-Description-Begin -->
+<!-- Description-Source-DDF -->
+This node reports folder protection status for a user.
+<!-- User-Status-FolderProtectionStatus-Description-End -->
+
+<!-- User-Status-FolderProtectionStatus-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- User-Status-FolderProtectionStatus-Editable-End -->
+
+<!-- User-Status-FolderProtectionStatus-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | int |
+| Access Type | Get |
+<!-- User-Status-FolderProtectionStatus-DFProperties-End -->
+
+<!-- User-Status-FolderProtectionStatus-AllowedValues-Begin -->
+**Allowed values**:
+
+| Value | Description |
+|:--|:--|
+| 0 | Protection not started. |
+| 1 | Protection is completed with no failures. |
+| 2 | Protection in progress. |
+| 3 | Protection failed. |
+<!-- User-Status-FolderProtectionStatus-AllowedValues-End -->
+
+<!-- User-Status-FolderProtectionStatus-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- User-Status-FolderProtectionStatus-Examples-End -->
+
+<!-- User-Status-FolderProtectionStatus-End -->
+
+<!-- User-Status-FoldersProtected-Begin -->
+### Status/FoldersProtected
+
+<!-- User-Status-FoldersProtected-Applicability-Begin -->
+| Scope | Editions | Applicable OS |
+|:--|:--|:--|
+| :x: Device <br> :heavy_check_mark: User | :x: Home <br> :x: Pro <br> :heavy_check_mark: Enterprise <br> :heavy_check_mark: Education <br> :x: Windows SE | :heavy_check_mark: Windows 11, version 22H2 [10.0.22621] and later |
+<!-- User-Status-FoldersProtected-Applicability-End -->
+
+<!-- User-Status-FoldersProtected-OmaUri-Begin -->
+```User
+./User/Vendor/MSFT/PDE/Status/FoldersProtected
+```
+<!-- User-Status-FoldersProtected-OmaUri-End -->
+
+<!-- User-Status-FoldersProtected-Description-Begin -->
+<!-- Description-Source-DDF -->
+This node reports all folders (full path to each folder) that have been protected.
+<!-- User-Status-FoldersProtected-Description-End -->
+
+<!-- User-Status-FoldersProtected-Editable-Begin -->
+<!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
+<!-- User-Status-FoldersProtected-Editable-End -->
+
+<!-- User-Status-FoldersProtected-DFProperties-Begin -->
+**Description framework properties**:
+
+| Property name | Property value |
+|:--|:--|
+| Format | chr (string) |
+| Access Type | Get |
+<!-- User-Status-FoldersProtected-DFProperties-End -->
+
+<!-- User-Status-FoldersProtected-Examples-Begin -->
+<!-- Add any examples for this policy here. Examples outside this section will get overwritten. -->
+<!-- User-Status-FoldersProtected-Examples-End -->
+
+<!-- User-Status-FoldersProtected-End -->
+
 <!-- User-Status-PersonalDataEncryptionStatus-Begin -->
 ### Status/PersonalDataEncryptionStatus
 

windows/client-management/mdm/personaldataencryption-ddf-file.md

@@ -4,7 +4,7 @@ description: View the XML file containing the device description framework (DDF)
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -83,6 +83,128 @@ The following XML file contains the device description framework (DDF) for the P
         </MSFT:AllowedValues>
       </DFProperties>
     </Node>
+    <Node>
+      <NodeName>ProtectFolders</NodeName>
+      <DFProperties>
+        <AccessType>
+          <Get />
+        </AccessType>
+        <DFFormat>
+          <node />
+        </DFFormat>
+        <Occurrence>
+          <One />
+        </Occurrence>
+        <Scope>
+          <Permanent />
+        </Scope>
+        <DFType>
+          <DDFName />
+        </DFType>
+      </DFProperties>
+      <Node>
+        <NodeName>ProtectDocuments</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <Description>Allows the Admin to enable PDE on Documents folder. Set to '1' to set this policy.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Enable PDE on the folder.</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>ProtectDesktop</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <Description>Allows the Admin to enable PDE on Desktop folder. Set to '1' to set this policy.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Enable PDE on the folder.</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>ProtectPictures</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Add />
+            <Delete />
+            <Get />
+            <Replace />
+          </AccessType>
+          <Description>Allows the Admin to enable PDE on Pictures folder. Set to '1' to set this policy.</Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Dynamic />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Disable PDE on the folder. If the folder is currently protected by PDE, this will result in unprotecting the folder.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Enable PDE on the folder.</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+    </Node>
     <Node>
       <NodeName>Status</NodeName>
       <DFProperties>
@@ -123,6 +245,66 @@ The following XML file contains the device description framework (DDF) for the P
           </DFType>
         </DFProperties>
       </Node>
+      <Node>
+        <NodeName>FolderProtectionStatus</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>This node reports folder protection status for a user. </Description>
+          <DFFormat>
+            <int />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+          <MSFT:AllowedValues ValueType="ENUM">
+            <MSFT:Enum>
+              <MSFT:Value>0</MSFT:Value>
+              <MSFT:ValueDescription>Protection not started.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>1</MSFT:Value>
+              <MSFT:ValueDescription>Protection is completed with no failures.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>2</MSFT:Value>
+              <MSFT:ValueDescription>Protection in progress.</MSFT:ValueDescription>
+            </MSFT:Enum>
+            <MSFT:Enum>
+              <MSFT:Value>3</MSFT:Value>
+              <MSFT:ValueDescription>Protection failed.</MSFT:ValueDescription>
+            </MSFT:Enum>
+          </MSFT:AllowedValues>
+        </DFProperties>
+      </Node>
+      <Node>
+        <NodeName>FoldersProtected</NodeName>
+        <DFProperties>
+          <AccessType>
+            <Get />
+          </AccessType>
+          <Description>This node reports all folders (full path to each folder) that have been protected.</Description>
+          <DFFormat>
+            <chr />
+          </DFFormat>
+          <Occurrence>
+            <One />
+          </Occurrence>
+          <Scope>
+            <Permanent />
+          </Scope>
+          <DFType>
+            <MIME />
+          </DFType>
+        </DFProperties>
+      </Node>
     </Node>
   </Node>
 </MgmtTree>

windows/client-management/mdm/policies-in-policy-csp-admx-backed.md

@@ -4,7 +4,7 @@ description: Learn about the ADMX-backed policies in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/18/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -2303,7 +2303,9 @@ This article lists the ADMX-backed policies in Policy CSP.
 - [EnableSettings](policy-csp-desktopappinstaller.md)
 - [EnableExperimentalFeatures](policy-csp-desktopappinstaller.md)
 - [EnableLocalManifestFiles](policy-csp-desktopappinstaller.md)
+- [EnableBypassCertificatePinningForMicrosoftStore](policy-csp-desktopappinstaller.md)
 - [EnableHashOverride](policy-csp-desktopappinstaller.md)
+- [EnableLocalArchiveMalwareScanOverride](policy-csp-desktopappinstaller.md)
 - [EnableDefaultSource](policy-csp-desktopappinstaller.md)
 - [EnableMicrosoftStoreSource](policy-csp-desktopappinstaller.md)
 - [SourceAutoUpdateInterval](policy-csp-desktopappinstaller.md)

windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md

@@ -4,7 +4,7 @@ description: Learn about the policies in Policy CSP supported by Group Policy.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/03/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -340,6 +340,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [ClearTextPassword](policy-csp-devicelock.md)
 - [PasswordComplexity](policy-csp-devicelock.md)
 - [PasswordHistorySize](policy-csp-devicelock.md)
+- [AccountLockoutThreshold](policy-csp-devicelock.md)
+- [AccountLockoutDuration](policy-csp-devicelock.md)
+- [ResetAccountLockoutCounterAfter](policy-csp-devicelock.md)
+- [AllowAdministratorLockout](policy-csp-devicelock.md)
 
 ## Display
 
@@ -400,6 +404,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [ForceInstantLock](policy-csp-humanpresence.md)
 - [ForceLockTimeout](policy-csp-humanpresence.md)
 - [ForceInstantDim](policy-csp-humanpresence.md)
+- [ForceDisableWakeWhenBatterySaverOn](policy-csp-humanpresence.md)
+- [ForceAllowWakeWhenExternalDisplayConnected](policy-csp-humanpresence.md)
+- [ForceAllowLockWhenExternalDisplayConnected](policy-csp-humanpresence.md)
+- [ForceAllowDimWhenExternalDisplayConnected](policy-csp-humanpresence.md)
 
 ## Kerberos
 
@@ -511,6 +519,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 
 - [DisallowNotificationMirroring](policy-csp-notifications.md)
 - [DisallowTileNotification](policy-csp-notifications.md)
+- [EnableExpandedToastNotifications](policy-csp-notifications.md)
 - [DisallowCloudNotification](policy-csp-notifications.md)
 - [WnsEndpoint](policy-csp-notifications.md)
 
@@ -574,6 +583,10 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [LetAppsAccessGraphicsCaptureWithoutBorder_ForceAllowTheseApps](policy-csp-privacy.md)
 - [LetAppsAccessGraphicsCaptureWithoutBorder_ForceDenyTheseApps](policy-csp-privacy.md)
 - [LetAppsAccessGraphicsCaptureWithoutBorder_UserInControlOfTheseApps](policy-csp-privacy.md)
+- [LetAppsAccessHumanPresence](policy-csp-privacy.md)
+- [LetAppsAccessHumanPresence_ForceAllowTheseApps](policy-csp-privacy.md)
+- [LetAppsAccessHumanPresence_ForceDenyTheseApps](policy-csp-privacy.md)
+- [LetAppsAccessHumanPresence_UserInControlOfTheseApps](policy-csp-privacy.md)
 - [LetAppsAccessLocation](policy-csp-privacy.md)
 - [LetAppsAccessLocation_ForceAllowTheseApps](policy-csp-privacy.md)
 - [LetAppsAccessLocation_ForceDenyTheseApps](policy-csp-privacy.md)
@@ -676,6 +689,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [StartLayout](policy-csp-start.md)
 - [ConfigureStartPins](policy-csp-start.md)
 - [HideRecommendedSection](policy-csp-start.md)
+- [HideRecoPersonalizedSites](policy-csp-start.md)
 - [HideTaskViewButton](policy-csp-start.md)
 - [DisableControlCenter](policy-csp-start.md)
 - [ForceStartSize](policy-csp-start.md)
@@ -686,6 +700,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [StartLayout](policy-csp-start.md)
 - [ConfigureStartPins](policy-csp-start.md)
 - [HideRecommendedSection](policy-csp-start.md)
+- [HideRecoPersonalizedSites](policy-csp-start.md)
 - [SimplifyQuickSettings](policy-csp-start.md)
 - [DisableEditingQuickSettings](policy-csp-start.md)
 - [HideTaskViewButton](policy-csp-start.md)
@@ -869,6 +884,7 @@ This article lists the policies in Policy CSP that have a group policy mapping.
 - [DenyLogOnAsBatchJob](policy-csp-userrights.md)
 - [LogOnAsService](policy-csp-userrights.md)
 - [IncreaseProcessWorkingSet](policy-csp-userrights.md)
+- [DenyServiceLogonRight](policy-csp-userrights.md)
 
 ## VirtualizationBasedTechnology
 

windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md

@@ -1,99 +1,378 @@
 ---
-title: Policies in Policy CSP supported by Microsoft Surface Hub
+title: Policies in Policy CSP supported by Windows 10 Team
-description: Learn about the policies in Policy CSP supported by Microsoft Surface Hub.
+description: Learn about the policies in Policy CSP supported by Windows 10 Team.
-ms.reviewer:
+author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.topic: article
+ms.date: 03/28/2023
+ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
-author: vinaypamnani-msft
+ms.topic: reference
-ms.localizationpriority: medium
-ms.date: 07/22/2020
 ---
 
-# Policies in Policy CSP supported by Microsoft Surface Hub
+<!-- Auto-Generated CSP Document -->
 
-- [ApplicationManagement/AllowAppStoreAutoUpdate](./policy-csp-applicationmanagement.md#allowappstoreautoupdate)
+# Policies in Policy CSP supported by Windows 10 Team
-- [ApplicationManagement/AllowDeveloperUnlock](./policy-csp-applicationmanagement.md#allowdeveloperunlock)
-- [Accounts/AllowMicrosoftAccountConnection](./policy-csp-accounts.md#allowmicrosoftaccountconnection)
-- [Camera/AllowCamera](policy-csp-camera.md#allowcamera)
-- [Cellular/ShowAppCellularAccessUI](policy-csp-cellular.md#showappcellularaccessui)
-- [Cryptography/AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#allowfipsalgorithmpolicy)
-- [Cryptography/TLSCipherSuites](policy-csp-cryptography.md#tlsciphersuites)
-- [Defender/AllowArchiveScanning](policy-csp-defender.md#allowarchivescanning)
-- [Defender/AllowBehaviorMonitoring](policy-csp-defender.md#allowbehaviormonitoring)
-- [Defender/AllowCloudProtection](policy-csp-defender.md#allowcloudprotection)
-- [Defender/AllowEmailScanning](policy-csp-defender.md#allowemailscanning)
-- [Defender/AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#allowfullscanonmappednetworkdrives)
-- [Defender/AllowFullScanRemovableDriveScanning](policy-csp-defender.md#allowfullscanremovabledrivescanning)
-- [Defender/AllowIOAVProtection](policy-csp-defender.md#allowioavprotection)
-- [Defender/AllowOnAccessProtection](policy-csp-defender.md#allowonaccessprotection)
-- [Defender/AllowRealtimeMonitoring](policy-csp-defender.md#allowrealtimemonitoring)
-- [Defender/AllowScanningNetworkFiles](policy-csp-defender.md#allowscanningnetworkfiles)
-- [Defender/AllowScriptScanning](policy-csp-defender.md#allowscriptscanning)
-- [Defender/AllowUserUIAccess](policy-csp-defender.md#allowuseruiaccess)
-- [Defender/AvgCPULoadFactor](policy-csp-defender.md#avgcpuloadfactor)
-- [Defender/DaysToRetainCleanedMalware](policy-csp-defender.md#daystoretaincleanedmalware)
-- [Defender/ExcludedExtensions](policy-csp-defender.md#excludedextensions)
-- [Defender/ExcludedPaths](policy-csp-defender.md#excludedpaths)
-- [Defender/ExcludedProcesses](policy-csp-defender.md#excludedprocesses)
-- [Defender/PUAProtection](policy-csp-defender.md#puaprotection)
-- [Defender/RealTimeScanDirection](policy-csp-defender.md#realtimescandirection)
-- [Defender/ScanParameter](policy-csp-defender.md#scanparameter)
-- [Defender/ScheduleQuickScanTime](policy-csp-defender.md#schedulequickscantime)
-- [Defender/ScheduleScanDay](policy-csp-defender.md#schedulescanday)
-- [Defender/ScheduleScanTime](policy-csp-defender.md#schedulescantime)
-- [Defender/SignatureUpdateInterval](policy-csp-defender.md#signatureupdateinterval)
-- [Defender/SubmitSamplesConsent](policy-csp-defender.md#submitsamplesconsent)
-- [Defender/ThreatSeverityDefaultAction](policy-csp-defender.md#threatseveritydefaultaction)
-- [DeliveryOptimization/DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#doabsolutemaxcachesize)
-- [DeliveryOptimization/DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#doallowvpnpeercaching)
-- [DeliveryOptimization/DODownloadMode](policy-csp-deliveryoptimization.md#dodownloadmode)
-- [DeliveryOptimization/DOGroupId](policy-csp-deliveryoptimization.md#dogroupid)
-- [DeliveryOptimization/DOMaxCacheAge](policy-csp-deliveryoptimization.md#domaxcacheage)
-- [DeliveryOptimization/DOMaxCacheSize](policy-csp-deliveryoptimization.md#domaxcachesize)
-- [DeliveryOptimization/DOMaxDownloadBandwidth](policy-csp-deliveryoptimization.md) (Deprecated)
-- [DeliveryOptimization/DOMaxUploadBandwidth](policy-csp-deliveryoptimization.md) (Deprecated)
-- [DeliveryOptimization/DOMinBackgroundQos](policy-csp-deliveryoptimization.md#dominbackgroundqos)
-- [DeliveryOptimization/DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#domindisksizeallowedtopeer)
-- [DeliveryOptimization/DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#dominfilesizetocache)
-- [DeliveryOptimization/DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#dominramallowedtopeer)
-- [DeliveryOptimization/DOModifyCacheDrive](policy-csp-deliveryoptimization.md#domodifycachedrive)
-- [DeliveryOptimization/DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#domonthlyuploaddatacap)
-- [DeliveryOptimization/DOPercentageMaxDownloadBandwidth](policy-csp-deliveryoptimization.md) (Deprecated)
-- [Desktop/PreventUserRedirectionOfProfileFolders](policy-csp-desktop.md#preventuserredirectionofprofilefolders)
-- [RestrictedGroups/ConfigureGroupMembership](policy-csp-restrictedgroups.md#configuregroupmembership)
-- [System/AllowLocation](policy-csp-system.md#allowlocation)
-- [System/AllowStorageCard](policy-csp-system.md#allowstoragecard)
-- [System/AllowTelemetry](policy-csp-system.md#allowtelemetry)
-- [TextInput/AllowIMELogging](policy-csp-textinput.md#allowimelogging)
-- [TextInput/AllowIMENetworkAccess](policy-csp-textinput.md#allowimenetworkaccess)
-- [TextInput/AllowInputPanel](policy-csp-textinput.md#allowinputpanel)
-- [TextInput/AllowJapaneseIMESurrogatePairCharacters](policy-csp-textinput.md#allowjapaneseimesurrogatepaircharacters)
-- [TextInput/AllowJapaneseIVSCharacters](policy-csp-textinput.md#allowjapaneseivscharacters)
-- [TextInput/AllowJapaneseNonPublishingStandardGlyph](policy-csp-textinput.md#allowjapanesenonpublishingstandardglyph)
-- [TextInput/AllowJapaneseUserDictionary](policy-csp-textinput.md#allowjapaneseuserdictionary)
-- [TextInput/AllowLanguageFeaturesUninstall](policy-csp-textinput.md#allowlanguagefeaturesuninstall)
-- [TextInput/ExcludeJapaneseIMEExceptJIS0208](policy-csp-textinput.md#excludejapaneseimeexceptjis0208)
-- [TextInput/ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#excludejapaneseimeexceptjis0208andeudc)
-- [TextInput/ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#excludejapaneseimeexceptshiftjis)
-- [TimeLanguageSettings/ConfigureTimeZone](policy-csp-timelanguagesettings.md#configuretimezone)
-- [Wifi/AllowInternetSharing](policy-csp-wifi.md#allowinternetsharing)
-- [Wifi/AllowManualWiFiConfiguration](policy-csp-wifi.md#allowmanualwificonfiguration)
-- [Wifi/AllowWiFi](policy-csp-wifi.md#allowwifi)
-- [Wifi/AllowWiFiHotSpotReporting](policy-csp-wifi.md) (Deprecated)
-- [Wifi/WLANScanMode](policy-csp-wifi.md#wlanscanmode)
-- [Wifi/AllowWiFiDirect](policy-csp-wifi.md#allowwifidirect)
-- [WirelessDisplay/AllowMdnsAdvertisement](policy-csp-wirelessdisplay.md#allowmdnsadvertisement)
-- [WirelessDisplay/AllowMdnsDiscovery](policy-csp-wirelessdisplay.md#allowmdnsdiscovery)
-- [WirelessDisplay/AllowProjectionFromPC](policy-csp-wirelessdisplay.md#allowprojectionfrompc)
-- [WirelessDisplay/AllowProjectionFromPCOverInfrastructure](policy-csp-wirelessdisplay.md#allowprojectionfrompcoverinfrastructure)
-- [WirelessDisplay/AllowProjectionToPC](policy-csp-wirelessdisplay.md#allowprojectiontopc)
-- [WirelessDisplay/AllowProjectionToPCOverInfrastructure](policy-csp-wirelessdisplay.md#allowprojectiontopcoverinfrastructure)
-- [WirelessDisplay/AllowUserInputFromWirelessDisplayReceiver](policy-csp-wirelessdisplay.md#allowuserinputfromwirelessdisplayreceiver)
-- [WirelessDisplay/RequirePinForPairing](policy-csp-wirelessdisplay.md#requirepinforpairing)
 
-## Related topics
+This article lists the policies in Policy CSP that are applicable for the Surface Hub operating system, **Windows 10 Team**.
 
-[Policy CSP](policy-configuration-service-provider.md)
+## ApplicationDefaults
+
+- [DefaultAssociationsConfiguration](policy-csp-applicationdefaults.md#defaultassociationsconfiguration)
+
+## ApplicationManagement
+
+- [AllowAppStoreAutoUpdate](policy-csp-applicationmanagement.md#allowappstoreautoupdate)
+- [AllowDeveloperUnlock](policy-csp-applicationmanagement.md#allowdeveloperunlock)
+
+## Bluetooth
+
+- [AllowAdvertising](policy-csp-bluetooth.md#allowadvertising)
+- [AllowDiscoverableMode](policy-csp-bluetooth.md#allowdiscoverablemode)
+- [AllowPrepairing](policy-csp-bluetooth.md#allowprepairing)
+- [AllowPromptedProximalConnections](policy-csp-bluetooth.md#allowpromptedproximalconnections)
+- [LocalDeviceName](policy-csp-bluetooth.md#localdevicename)
+- [ServicesAllowedList](policy-csp-bluetooth.md#servicesallowedlist)
+- [SetMinimumEncryptionKeySize](policy-csp-bluetooth.md#setminimumencryptionkeysize)
+
+## Browser
+
+- [AllowAddressBarDropdown](policy-csp-browser.md#allowaddressbardropdown)
+- [AllowAutofill](policy-csp-browser.md#allowautofill)
+- [AllowBrowser](policy-csp-browser.md#allowbrowser)
+- [AllowCookies](policy-csp-browser.md#allowcookies)
+- [AllowDeveloperTools](policy-csp-browser.md#allowdevelopertools)
+- [AllowDoNotTrack](policy-csp-browser.md#allowdonottrack)
+- [AllowFlashClickToRun](policy-csp-browser.md#allowflashclicktorun)
+- [AllowMicrosoftCompatibilityList](policy-csp-browser.md#allowmicrosoftcompatibilitylist)
+- [AllowPasswordManager](policy-csp-browser.md#allowpasswordmanager)
+- [AllowPopups](policy-csp-browser.md#allowpopups)
+- [AllowSearchSuggestionsinAddressBar](policy-csp-browser.md#allowsearchsuggestionsinaddressbar)
+- [AllowSmartScreen](policy-csp-browser.md#allowsmartscreen)
+- [ClearBrowsingDataOnExit](policy-csp-browser.md#clearbrowsingdataonexit)
+- [ConfigureAdditionalSearchEngines](policy-csp-browser.md#configureadditionalsearchengines)
+- [DisableLockdownOfStartPages](policy-csp-browser.md#disablelockdownofstartpages)
+- [EnterpriseModeSiteList](policy-csp-browser.md#enterprisemodesitelist)
+- [HomePages](policy-csp-browser.md#homepages)
+- [PreventLiveTileDataCollection](policy-csp-browser.md#preventlivetiledatacollection)
+- [PreventSmartScreenPromptOverride](policy-csp-browser.md#preventsmartscreenpromptoverride)
+- [PreventSmartScreenPromptOverrideForFiles](policy-csp-browser.md#preventsmartscreenpromptoverrideforfiles)
+- [PreventUsingLocalHostIPAddressForWebRTC](policy-csp-browser.md#preventusinglocalhostipaddressforwebrtc)
+- [SetDefaultSearchEngine](policy-csp-browser.md#setdefaultsearchengine)
+
+## Camera
+
+- [AllowCamera](policy-csp-camera.md#allowcamera)
+
+## Connectivity
+
+- [AllowBluetooth](policy-csp-connectivity.md#allowbluetooth)
+- [AllowConnectedDevices](policy-csp-connectivity.md#allowconnecteddevices)
+
+## Cryptography
+
+- [AllowFipsAlgorithmPolicy](policy-csp-cryptography.md#allowfipsalgorithmpolicy)
+- [TLSCipherSuites](policy-csp-cryptography.md#tlsciphersuites)
+
+## Defender
+
+- [AllowArchiveScanning](policy-csp-defender.md#allowarchivescanning)
+- [AllowBehaviorMonitoring](policy-csp-defender.md#allowbehaviormonitoring)
+- [AllowCloudProtection](policy-csp-defender.md#allowcloudprotection)
+- [AllowEmailScanning](policy-csp-defender.md#allowemailscanning)
+- [AllowFullScanOnMappedNetworkDrives](policy-csp-defender.md#allowfullscanonmappednetworkdrives)
+- [AllowFullScanRemovableDriveScanning](policy-csp-defender.md#allowfullscanremovabledrivescanning)
+- [AllowIntrusionPreventionSystem](policy-csp-defender.md#allowintrusionpreventionsystem)
+- [AllowIOAVProtection](policy-csp-defender.md#allowioavprotection)
+- [AllowOnAccessProtection](policy-csp-defender.md#allowonaccessprotection)
+- [AllowRealtimeMonitoring](policy-csp-defender.md#allowrealtimemonitoring)
+- [AllowScanningNetworkFiles](policy-csp-defender.md#allowscanningnetworkfiles)
+- [AllowScriptScanning](policy-csp-defender.md#allowscriptscanning)
+- [AttackSurfaceReductionOnlyExclusions](policy-csp-defender.md#attacksurfacereductiononlyexclusions)
+- [AttackSurfaceReductionRules](policy-csp-defender.md#attacksurfacereductionrules)
+- [AvgCPULoadFactor](policy-csp-defender.md#avgcpuloadfactor)
+- [CheckForSignaturesBeforeRunningScan](policy-csp-defender.md#checkforsignaturesbeforerunningscan)
+- [CloudBlockLevel](policy-csp-defender.md#cloudblocklevel)
+- [CloudExtendedTimeout](policy-csp-defender.md#cloudextendedtimeout)
+- [ControlledFolderAccessAllowedApplications](policy-csp-defender.md#controlledfolderaccessallowedapplications)
+- [ControlledFolderAccessProtectedFolders](policy-csp-defender.md#controlledfolderaccessprotectedfolders)
+- [DaysToRetainCleanedMalware](policy-csp-defender.md#daystoretaincleanedmalware)
+- [DisableCatchupFullScan](policy-csp-defender.md#disablecatchupfullscan)
+- [DisableCatchupQuickScan](policy-csp-defender.md#disablecatchupquickscan)
+- [EnableControlledFolderAccess](policy-csp-defender.md#enablecontrolledfolderaccess)
+- [EnableLowCPUPriority](policy-csp-defender.md#enablelowcpupriority)
+- [EnableNetworkProtection](policy-csp-defender.md#enablenetworkprotection)
+- [ExcludedExtensions](policy-csp-defender.md#excludedextensions)
+- [ExcludedPaths](policy-csp-defender.md#excludedpaths)
+- [ExcludedProcesses](policy-csp-defender.md#excludedprocesses)
+- [PUAProtection](policy-csp-defender.md#puaprotection)
+- [RealTimeScanDirection](policy-csp-defender.md#realtimescandirection)
+- [ScanParameter](policy-csp-defender.md#scanparameter)
+- [ScheduleQuickScanTime](policy-csp-defender.md#schedulequickscantime)
+- [ScheduleScanDay](policy-csp-defender.md#schedulescanday)
+- [ScheduleScanTime](policy-csp-defender.md#schedulescantime)
+- [SecurityIntelligenceLocation](policy-csp-defender.md#securityintelligencelocation)
+- [SignatureUpdateFallbackOrder](policy-csp-defender.md#signatureupdatefallbackorder)
+- [SignatureUpdateFileSharesSources](policy-csp-defender.md#signatureupdatefilesharessources)
+- [SignatureUpdateInterval](policy-csp-defender.md#signatureupdateinterval)
+- [SubmitSamplesConsent](policy-csp-defender.md#submitsamplesconsent)
+- [ThreatSeverityDefaultAction](policy-csp-defender.md#threatseveritydefaultaction)
+
+## DeliveryOptimization
+
+- [DOAbsoluteMaxCacheSize](policy-csp-deliveryoptimization.md#doabsolutemaxcachesize)
+- [DOAllowVPNPeerCaching](policy-csp-deliveryoptimization.md#doallowvpnpeercaching)
+- [DOCacheHost](policy-csp-deliveryoptimization.md#docachehost)
+- [DOCacheHostSource](policy-csp-deliveryoptimization.md#docachehostsource)
+- [DODelayBackgroundDownloadFromHttp](policy-csp-deliveryoptimization.md#dodelaybackgrounddownloadfromhttp)
+- [DODelayCacheServerFallbackBackground](policy-csp-deliveryoptimization.md#dodelaycacheserverfallbackbackground)
+- [DODelayCacheServerFallbackForeground](policy-csp-deliveryoptimization.md#dodelaycacheserverfallbackforeground)
+- [DODelayForegroundDownloadFromHttp](policy-csp-deliveryoptimization.md#dodelayforegrounddownloadfromhttp)
+- [DODisallowCacheServerDownloadsOnVPN](policy-csp-deliveryoptimization.md#dodisallowcacheserverdownloadsonvpn)
+- [DODownloadMode](policy-csp-deliveryoptimization.md#dodownloadmode)
+- [DOGroupId](policy-csp-deliveryoptimization.md#dogroupid)
+- [DOGroupIdSource](policy-csp-deliveryoptimization.md#dogroupidsource)
+- [DOMaxBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#domaxbackgrounddownloadbandwidth)
+- [DOMaxCacheAge](policy-csp-deliveryoptimization.md#domaxcacheage)
+- [DOMaxCacheSize](policy-csp-deliveryoptimization.md#domaxcachesize)
+- [DOMaxForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#domaxforegrounddownloadbandwidth)
+- [DOMinBackgroundQos](policy-csp-deliveryoptimization.md#dominbackgroundqos)
+- [DOMinBatteryPercentageAllowedToUpload](policy-csp-deliveryoptimization.md#dominbatterypercentageallowedtoupload)
+- [DOMinDiskSizeAllowedToPeer](policy-csp-deliveryoptimization.md#domindisksizeallowedtopeer)
+- [DOMinFileSizeToCache](policy-csp-deliveryoptimization.md#dominfilesizetocache)
+- [DOMinRAMAllowedToPeer](policy-csp-deliveryoptimization.md#dominramallowedtopeer)
+- [DOModifyCacheDrive](policy-csp-deliveryoptimization.md#domodifycachedrive)
+- [DOMonthlyUploadDataCap](policy-csp-deliveryoptimization.md#domonthlyuploaddatacap)
+- [DOPercentageMaxBackgroundBandwidth](policy-csp-deliveryoptimization.md#dopercentagemaxbackgroundbandwidth)
+- [DOPercentageMaxForegroundBandwidth](policy-csp-deliveryoptimization.md#dopercentagemaxforegroundbandwidth)
+- [DORestrictPeerSelectionBy](policy-csp-deliveryoptimization.md#dorestrictpeerselectionby)
+- [DOSetHoursToLimitBackgroundDownloadBandwidth](policy-csp-deliveryoptimization.md#dosethourstolimitbackgrounddownloadbandwidth)
+- [DOSetHoursToLimitForegroundDownloadBandwidth](policy-csp-deliveryoptimization.md#dosethourstolimitforegrounddownloadbandwidth)
+- [DOVpnKeywords](policy-csp-deliveryoptimization.md#dovpnkeywords)
+
+## ExploitGuard
+
+- [ExploitProtectionSettings](policy-csp-exploitguard.md#exploitprotectionsettings)
+
+## LocalUsersAndGroups
+
+- [Configure](policy-csp-localusersandgroups.md#configure)
+
+## NetworkIsolation
+
+- [EnterpriseCloudResources](policy-csp-networkisolation.md#enterprisecloudresources)
+- [EnterpriseInternalProxyServers](policy-csp-networkisolation.md#enterpriseinternalproxyservers)
+- [EnterpriseIPRange](policy-csp-networkisolation.md#enterpriseiprange)
+- [EnterpriseIPRangesAreAuthoritative](policy-csp-networkisolation.md#enterpriseiprangesareauthoritative)
+- [EnterpriseNetworkDomainNames](policy-csp-networkisolation.md#enterprisenetworkdomainnames)
+- [EnterpriseProxyServers](policy-csp-networkisolation.md#enterpriseproxyservers)
+- [EnterpriseProxyServersAreAuthoritative](policy-csp-networkisolation.md#enterpriseproxyserversareauthoritative)
+- [NeutralResources](policy-csp-networkisolation.md#neutralresources)
+
+## Privacy
+
+- [AllowInputPersonalization](policy-csp-privacy.md#allowinputpersonalization)
+- [DisableAdvertisingId](policy-csp-privacy.md#disableadvertisingid)
+- [LetAppsAccessAccountInfo](policy-csp-privacy.md#letappsaccessaccountinfo)
+- [LetAppsAccessAccountInfo_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccessaccountinfo_forceallowtheseapps)
+- [LetAppsAccessAccountInfo_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessaccountinfo_forcedenytheseapps)
+- [LetAppsAccessAccountInfo_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccessaccountinfo_userincontroloftheseapps)
+- [LetAppsAccessCalendar](policy-csp-privacy.md#letappsaccesscalendar)
+- [LetAppsAccessCalendar_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccesscalendar_forceallowtheseapps)
+- [LetAppsAccessCalendar_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccesscalendar_forcedenytheseapps)
+- [LetAppsAccessCalendar_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccesscalendar_userincontroloftheseapps)
+- [LetAppsAccessCallHistory](policy-csp-privacy.md#letappsaccesscallhistory)
+- [LetAppsAccessCallHistory_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccesscallhistory_forceallowtheseapps)
+- [LetAppsAccessCallHistory_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccesscallhistory_forcedenytheseapps)
+- [LetAppsAccessCallHistory_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccesscallhistory_userincontroloftheseapps)
+- [LetAppsAccessCamera](policy-csp-privacy.md#letappsaccesscamera)
+- [LetAppsAccessCamera_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccesscamera_forceallowtheseapps)
+- [LetAppsAccessCamera_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccesscamera_forcedenytheseapps)
+- [LetAppsAccessCamera_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccesscamera_userincontroloftheseapps)
+- [LetAppsAccessContacts](policy-csp-privacy.md#letappsaccesscontacts)
+- [LetAppsAccessContacts_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccesscontacts_forceallowtheseapps)
+- [LetAppsAccessContacts_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccesscontacts_forcedenytheseapps)
+- [LetAppsAccessContacts_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccesscontacts_userincontroloftheseapps)
+- [LetAppsAccessEmail](policy-csp-privacy.md#letappsaccessemail)
+- [LetAppsAccessEmail_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccessemail_forceallowtheseapps)
+- [LetAppsAccessEmail_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessemail_forcedenytheseapps)
+- [LetAppsAccessEmail_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccessemail_userincontroloftheseapps)
+- [LetAppsAccessLocation](policy-csp-privacy.md#letappsaccesslocation)
+- [LetAppsAccessLocation_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccesslocation_forceallowtheseapps)
+- [LetAppsAccessLocation_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccesslocation_forcedenytheseapps)
+- [LetAppsAccessLocation_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccesslocation_userincontroloftheseapps)
+- [LetAppsAccessMessaging](policy-csp-privacy.md#letappsaccessmessaging)
+- [LetAppsAccessMessaging_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccessmessaging_forceallowtheseapps)
+- [LetAppsAccessMessaging_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessmessaging_forcedenytheseapps)
+- [LetAppsAccessMessaging_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccessmessaging_userincontroloftheseapps)
+- [LetAppsAccessMicrophone](policy-csp-privacy.md#letappsaccessmicrophone)
+- [LetAppsAccessMicrophone_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccessmicrophone_forceallowtheseapps)
+- [LetAppsAccessMicrophone_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessmicrophone_forcedenytheseapps)
+- [LetAppsAccessMicrophone_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccessmicrophone_userincontroloftheseapps)
+- [LetAppsAccessNotifications](policy-csp-privacy.md#letappsaccessnotifications)
+- [LetAppsAccessNotifications_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccessnotifications_forceallowtheseapps)
+- [LetAppsAccessNotifications_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessnotifications_forcedenytheseapps)
+- [LetAppsAccessNotifications_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccessnotifications_userincontroloftheseapps)
+- [LetAppsAccessPhone](policy-csp-privacy.md#letappsaccessphone)
+- [LetAppsAccessPhone_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccessphone_forceallowtheseapps)
+- [LetAppsAccessPhone_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessphone_forcedenytheseapps)
+- [LetAppsAccessPhone_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccessphone_userincontroloftheseapps)
+- [LetAppsAccessRadios](policy-csp-privacy.md#letappsaccessradios)
+- [LetAppsAccessRadios_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccessradios_forceallowtheseapps)
+- [LetAppsAccessRadios_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccessradios_forcedenytheseapps)
+- [LetAppsAccessRadios_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccessradios_userincontroloftheseapps)
+- [LetAppsAccessTasks](policy-csp-privacy.md#letappsaccesstasks)
+- [LetAppsAccessTasks_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccesstasks_forceallowtheseapps)
+- [LetAppsAccessTasks_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccesstasks_forcedenytheseapps)
+- [LetAppsAccessTasks_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccesstasks_userincontroloftheseapps)
+- [LetAppsAccessTrustedDevices](policy-csp-privacy.md#letappsaccesstrusteddevices)
+- [LetAppsAccessTrustedDevices_ForceAllowTheseApps](policy-csp-privacy.md#letappsaccesstrusteddevices_forceallowtheseapps)
+- [LetAppsAccessTrustedDevices_ForceDenyTheseApps](policy-csp-privacy.md#letappsaccesstrusteddevices_forcedenytheseapps)
+- [LetAppsAccessTrustedDevices_UserInControlOfTheseApps](policy-csp-privacy.md#letappsaccesstrusteddevices_userincontroloftheseapps)
+- [LetAppsActivateWithVoice](policy-csp-privacy.md#letappsactivatewithvoice)
+- [LetAppsActivateWithVoiceAboveLock](policy-csp-privacy.md#letappsactivatewithvoiceabovelock)
+- [LetAppsGetDiagnosticInfo](policy-csp-privacy.md#letappsgetdiagnosticinfo)
+- [LetAppsGetDiagnosticInfo_ForceAllowTheseApps](policy-csp-privacy.md#letappsgetdiagnosticinfo_forceallowtheseapps)
+- [LetAppsGetDiagnosticInfo_ForceDenyTheseApps](policy-csp-privacy.md#letappsgetdiagnosticinfo_forcedenytheseapps)
+- [LetAppsGetDiagnosticInfo_UserInControlOfTheseApps](policy-csp-privacy.md#letappsgetdiagnosticinfo_userincontroloftheseapps)
+- [LetAppsRunInBackground](policy-csp-privacy.md#letappsruninbackground)
+- [LetAppsRunInBackground_ForceAllowTheseApps](policy-csp-privacy.md#letappsruninbackground_forceallowtheseapps)
+- [LetAppsRunInBackground_ForceDenyTheseApps](policy-csp-privacy.md#letappsruninbackground_forcedenytheseapps)
+- [LetAppsRunInBackground_UserInControlOfTheseApps](policy-csp-privacy.md#letappsruninbackground_userincontroloftheseapps)
+- [LetAppsSyncWithDevices](policy-csp-privacy.md#letappssyncwithdevices)
+- [LetAppsSyncWithDevices_ForceAllowTheseApps](policy-csp-privacy.md#letappssyncwithdevices_forceallowtheseapps)
+- [LetAppsSyncWithDevices_ForceDenyTheseApps](policy-csp-privacy.md#letappssyncwithdevices_forcedenytheseapps)
+- [LetAppsSyncWithDevices_UserInControlOfTheseApps](policy-csp-privacy.md#letappssyncwithdevices_userincontroloftheseapps)
+
+## RestrictedGroups
+
+- [ConfigureGroupMembership](policy-csp-restrictedgroups.md#configuregroupmembership)
+
+## Security
+
+- [RecoveryEnvironmentAuthentication](policy-csp-security.md#recoveryenvironmentauthentication)
+- [RequireProvisioningPackageSignature](policy-csp-security.md#requireprovisioningpackagesignature)
+- [RequireRetrieveHealthCertificateOnBoot](policy-csp-security.md#requireretrievehealthcertificateonboot)
+
+## Start
+
+- [StartLayout](policy-csp-start.md#startlayout)
+
+## System
+
+- [AllowBuildPreview](policy-csp-system.md#allowbuildpreview)
+- [AllowExperimentation](policy-csp-system.md#allowexperimentation)
+- [AllowFontProviders](policy-csp-system.md#allowfontproviders)
+- [AllowLocation](policy-csp-system.md#allowlocation)
+- [AllowStorageCard](policy-csp-system.md#allowstoragecard)
+- [AllowTelemetry](policy-csp-system.md#allowtelemetry)
+
+## TextInput
+
+- [AllowHardwareKeyboardTextSuggestions](policy-csp-textinput.md#allowhardwarekeyboardtextsuggestions)
+- [AllowIMELogging](policy-csp-textinput.md#allowimelogging)
+- [AllowIMENetworkAccess](policy-csp-textinput.md#allowimenetworkaccess)
+- [AllowInputPanel](policy-csp-textinput.md#allowinputpanel)
+- [AllowJapaneseIMESurrogatePairCharacters](policy-csp-textinput.md#allowjapaneseimesurrogatepaircharacters)
+- [AllowJapaneseIVSCharacters](policy-csp-textinput.md#allowjapaneseivscharacters)
+- [AllowJapaneseNonPublishingStandardGlyph](policy-csp-textinput.md#allowjapanesenonpublishingstandardglyph)
+- [AllowJapaneseUserDictionary](policy-csp-textinput.md#allowjapaneseuserdictionary)
+- [AllowKeyboardTextSuggestions](policy-csp-textinput.md#allowkeyboardtextsuggestions)
+- [AllowLanguageFeaturesUninstall](policy-csp-textinput.md#allowlanguagefeaturesuninstall)
+- [AllowLinguisticDataCollection](policy-csp-textinput.md#allowlinguisticdatacollection)
+- [AllowTextInputSuggestionUpdate](policy-csp-textinput.md#allowtextinputsuggestionupdate)
+- [ConfigureJapaneseIMEVersion](policy-csp-textinput.md#configurejapaneseimeversion)
+- [ConfigureKoreanIMEVersion](policy-csp-textinput.md#configurekoreanimeversion)
+- [ConfigureSimplifiedChineseIMEVersion](policy-csp-textinput.md#configuresimplifiedchineseimeversion)
+- [ConfigureTraditionalChineseIMEVersion](policy-csp-textinput.md#configuretraditionalchineseimeversion)
+- [EnableTouchKeyboardAutoInvokeInDesktopMode](policy-csp-textinput.md#enabletouchkeyboardautoinvokeindesktopmode)
+- [ExcludeJapaneseIMEExceptJIS0208](policy-csp-textinput.md#excludejapaneseimeexceptjis0208)
+- [ExcludeJapaneseIMEExceptJIS0208andEUDC](policy-csp-textinput.md#excludejapaneseimeexceptjis0208andeudc)
+- [ExcludeJapaneseIMEExceptShiftJIS](policy-csp-textinput.md#excludejapaneseimeexceptshiftjis)
+- [ForceTouchKeyboardDockedState](policy-csp-textinput.md#forcetouchkeyboarddockedstate)
+- [TouchKeyboardDictationButtonAvailability](policy-csp-textinput.md#touchkeyboarddictationbuttonavailability)
+- [TouchKeyboardEmojiButtonAvailability](policy-csp-textinput.md#touchkeyboardemojibuttonavailability)
+- [TouchKeyboardFullModeAvailability](policy-csp-textinput.md#touchkeyboardfullmodeavailability)
+- [TouchKeyboardHandwritingModeAvailability](policy-csp-textinput.md#touchkeyboardhandwritingmodeavailability)
+- [TouchKeyboardNarrowModeAvailability](policy-csp-textinput.md#touchkeyboardnarrowmodeavailability)
+- [TouchKeyboardSplitModeAvailability](policy-csp-textinput.md#touchkeyboardsplitmodeavailability)
+- [TouchKeyboardWideModeAvailability](policy-csp-textinput.md#touchkeyboardwidemodeavailability)
+
+## TimeLanguageSettings
+
+- [ConfigureTimeZone](policy-csp-timelanguagesettings.md#configuretimezone)
+
+## Update
+
+- [ActiveHoursEnd](policy-csp-update.md#activehoursend)
+- [ActiveHoursMaxRange](policy-csp-update.md#activehoursmaxrange)
+- [ActiveHoursStart](policy-csp-update.md#activehoursstart)
+- [AllowAutoUpdate](policy-csp-update.md#allowautoupdate)
+- [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](policy-csp-update.md#allowautowindowsupdatedownloadovermeterednetwork)
+- [AllowMUUpdateService](policy-csp-update.md#allowmuupdateservice)
+- [AllowNonMicrosoftSignedUpdate](policy-csp-update.md#allownonmicrosoftsignedupdate)
+- [AllowTemporaryEnterpriseFeatureControl](policy-csp-update.md#allowtemporaryenterprisefeaturecontrol)
+- [AllowUpdateService](policy-csp-update.md#allowupdateservice)
+- [BranchReadinessLevel](policy-csp-update.md#branchreadinesslevel)
+- [ConfigureFeatureUpdateUninstallPeriod](policy-csp-update.md#configurefeatureupdateuninstallperiod)
+- [DeferFeatureUpdatesPeriodInDays](policy-csp-update.md#deferfeatureupdatesperiodindays)
+- [DeferQualityUpdatesPeriodInDays](policy-csp-update.md#deferqualityupdatesperiodindays)
+- [DeferUpdatePeriod](policy-csp-update.md#deferupdateperiod)
+- [DeferUpgradePeriod](policy-csp-update.md#deferupgradeperiod)
+- [DetectionFrequency](policy-csp-update.md#detectionfrequency)
+- [DisableDualScan](policy-csp-update.md#disabledualscan)
+- [DisableWUfBSafeguards](policy-csp-update.md#disablewufbsafeguards)
+- [DoNotEnforceEnterpriseTLSCertPinningForUpdateDetection](policy-csp-update.md#donotenforceenterprisetlscertpinningforupdatedetection)
+- [ExcludeWUDriversInQualityUpdate](policy-csp-update.md#excludewudriversinqualityupdate)
+- [FillEmptyContentUrls](policy-csp-update.md#fillemptycontenturls)
+- [IgnoreMOAppDownloadLimit](policy-csp-update.md#ignoremoappdownloadlimit)
+- [IgnoreMOUpdateDownloadLimit](policy-csp-update.md#ignoremoupdatedownloadlimit)
+- [ManagePreviewBuilds](policy-csp-update.md#managepreviewbuilds)
+- [PauseDeferrals](policy-csp-update.md#pausedeferrals)
+- [PauseFeatureUpdates](policy-csp-update.md#pausefeatureupdates)
+- [PauseFeatureUpdatesStartTime](policy-csp-update.md#pausefeatureupdatesstarttime)
+- [PauseQualityUpdates](policy-csp-update.md#pausequalityupdates)
+- [PauseQualityUpdatesStartTime](policy-csp-update.md#pausequalityupdatesstarttime)
+- [RequireDeferUpgrade](policy-csp-update.md#requiredeferupgrade)
+- [RequireUpdateApproval](policy-csp-update.md#requireupdateapproval)
+- [ScheduledInstallDay](policy-csp-update.md#scheduledinstallday)
+- [ScheduledInstallEveryWeek](policy-csp-update.md#scheduledinstalleveryweek)
+- [ScheduledInstallFirstWeek](policy-csp-update.md#scheduledinstallfirstweek)
+- [ScheduledInstallFourthWeek](policy-csp-update.md#scheduledinstallfourthweek)
+- [ScheduledInstallSecondWeek](policy-csp-update.md#scheduledinstallsecondweek)
+- [ScheduledInstallThirdWeek](policy-csp-update.md#scheduledinstallthirdweek)
+- [ScheduledInstallTime](policy-csp-update.md#scheduledinstalltime)
+- [SetPolicyDrivenUpdateSourceForDriverUpdates](policy-csp-update.md#setpolicydrivenupdatesourcefordriverupdates)
+- [SetPolicyDrivenUpdateSourceForFeatureUpdates](policy-csp-update.md#setpolicydrivenupdatesourceforfeatureupdates)
+- [SetPolicyDrivenUpdateSourceForOtherUpdates](policy-csp-update.md#setpolicydrivenupdatesourceforotherupdates)
+- [SetPolicyDrivenUpdateSourceForQualityUpdates](policy-csp-update.md#setpolicydrivenupdatesourceforqualityupdates)
+- [SetProxyBehaviorForUpdateDetection](policy-csp-update.md#setproxybehaviorforupdatedetection)
+- [UpdateServiceUrl](policy-csp-update.md#updateserviceurl)
+- [UpdateServiceUrlAlternate](policy-csp-update.md#updateserviceurlalternate)
+
+## Wifi
+
+- [AllowInternetSharing](policy-csp-wifi.md#allowinternetsharing)
+- [AllowManualWiFiConfiguration](policy-csp-wifi.md#allowmanualwificonfiguration)
+- [AllowWiFi](policy-csp-wifi.md#allowwifi)
+- [AllowWiFiDirect](policy-csp-wifi.md#allowwifidirect)
+- [WLANScanMode](policy-csp-wifi.md#wlanscanmode)
+
+## WirelessDisplay
+
+- [AllowMdnsAdvertisement](policy-csp-wirelessdisplay.md#allowmdnsadvertisement)
+- [AllowMdnsDiscovery](policy-csp-wirelessdisplay.md#allowmdnsdiscovery)
+- [AllowMovementDetectionOnInfrastructure](policy-csp-wirelessdisplay.md#allowmovementdetectiononinfrastructure)
+- [AllowPCReceiverToBeTCPServer](policy-csp-wirelessdisplay.md#allowpcreceivertobetcpserver)
+- [AllowPCSenderToBeTCPClient](policy-csp-wirelessdisplay.md#allowpcsendertobetcpclient)
+- [AllowProjectionFromPC](policy-csp-wirelessdisplay.md#allowprojectionfrompc)
+- [AllowProjectionFromPCOverInfrastructure](policy-csp-wirelessdisplay.md#allowprojectionfrompcoverinfrastructure)
+- [AllowProjectionToPC](policy-csp-wirelessdisplay.md#allowprojectiontopc)
+- [AllowProjectionToPCOverInfrastructure](policy-csp-wirelessdisplay.md#allowprojectiontopcoverinfrastructure)
+- [AllowUserInputFromWirelessDisplayReceiver](policy-csp-wirelessdisplay.md#allowuserinputfromwirelessdisplayreceiver)
+- [RequirePinForPairing](policy-csp-wirelessdisplay.md#requirepinforpairing)
+
+## Related articles
+
+[Policy configuration service provider](policy-configuration-service-provider.md)

windows/client-management/mdm/policy-csp-abovelock.md

@@ -4,7 +4,7 @@ description: Learn more about the AboveLock Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -40,7 +40,7 @@ ms.topic: reference
 
 <!-- AllowActionCenterNotifications-Description-Begin -->
 <!-- Description-Source-DDF -->
-This policy is deprecated
+This policy is deprecated.
 <!-- AllowActionCenterNotifications-Description-End -->
 
 <!-- AllowActionCenterNotifications-Editable-Begin -->

windows/client-management/mdm/policy-csp-accounts.md

@@ -4,7 +4,7 @@ description: Learn more about the Accounts Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -37,7 +37,7 @@ ms.topic: reference
 
 <!-- AllowAddingNonMicrosoftAccountsManually-Description-Begin -->
 <!-- Description-Source-DDF -->
-Specifies whether user is allowed to add non-MSA email accounts. Most restricted value is 0
+Specifies whether user is allowed to add non-MSA email accounts. Most restricted value is 0.
 
 > [!NOTE]
 > This policy will only block UI/UX-based methods for adding non-Microsoft accounts. Even if this policy is enforced, you can still provision non-MSA accounts using the EMAIL2 CSP.
@@ -138,10 +138,10 @@ Specifies whether the user is allowed to use an MSA account for non-email relate
 
 <!-- AllowMicrosoftAccountSignInAssistant-Description-Begin -->
 <!-- Description-Source-DDF -->
-Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant (wlidsvc) NT service
+Allows IT Admins the ability to disable the Microsoft Account Sign-In Assistant (wlidsvc) NT service.
 
 > [!NOTE]
-> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See Feature updates are not being offered while other updates are
+> If the MSA service is disabled, Windows Update will no longer offer feature updates to devices running Windows 10 1709 or higher. See Feature updates are not being offered while other updates are.
 
 > [!NOTE]
 > If the MSA service is disabled, the Subscription Activation feature will not work properly and your users will not be able to "step-up" from Windows 10 Pro to Windows 10 Enterprise, because the MSA ticket for license authentication cannot be generated. The machine will remain on Windows 10 Pro and no error will be displayed in the Activation Settings app.

windows/client-management/mdm/policy-csp-admx-addremoveprograms.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AddRemovePrograms Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -110,7 +110,7 @@ You can use this setting to direct users to the programs they are most likely to
 <!-- Description-Source-ADMX -->
 Removes the "Add a program from CD-ROM or floppy disk" section from the Add New Programs page. This prevents users from using Add or Remove Programs to install programs from removable media.
 
-- If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users.
+If you disable this setting or do not configure it, the "Add a program from CD-ROM or floppy disk" option is available to all users.
 
 This setting does not prevent users from using other tools and methods to add or remove program components.
 
@@ -173,7 +173,7 @@ This setting does not prevent users from using other tools and methods to add or
 <!-- Description-Source-ADMX -->
 Removes the "Add programs from Microsoft" section from the Add New Programs page. This setting prevents users from using Add or Remove Programs to connect to Windows Update.
 
-- If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users.
+If you disable this setting or do not configure it, "Add programs from Microsoft" is available to all users.
 
 This setting does not prevent users from using other tools and methods to connect to Windows Update.
 
@@ -305,7 +305,7 @@ Removes the Add New Programs button from the Add or Remove Programs bar. As a re
 
 The Add New Programs button lets users install programs published or assigned by a system administrator.
 
-- If you disable this setting or do not configure it, the Add New Programs button is available to all users.
+If you disable this setting or do not configure it, the Add New Programs button is available to all users.
 
 This setting does not prevent users from using other tools and methods to install programs.
 <!-- NoAddPage-Description-End -->
@@ -369,7 +369,7 @@ This setting removes Add or Remove Programs from Control Panel and removes the A
 
 Add or Remove Programs lets users install, uninstall, repair, add, and remove features and components of Windows 2000 Professional and a wide variety of Windows programs. Programs published or assigned to the user appear in Add or Remove Programs.
 
-- If you disable this setting or do not configure it, Add or Remove Programs is available to all users.
+If you disable this setting or do not configure it, Add or Remove Programs is available to all users.
 
 When enabled, this setting takes precedence over the other settings in this folder.
 
@@ -433,7 +433,7 @@ Removes the Set Program Access and Defaults button from the Add or Remove Progra
 
 The Set Program Access and Defaults button lets administrators specify default programs for certain activities, such as Web browsing or sending e-mail, as well as which programs are accessible from the Start menu, desktop, and other locations.
 
-- If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users.
+If you disable this setting or do not configure it, the Set Program Access and Defaults button is available to all users.
 
 This setting does not prevent users from using other tools and methods to change program access or defaults.
 
@@ -497,7 +497,7 @@ Removes the Change or Remove Programs button from the Add or Remove Programs bar
 
 The Change or Remove Programs button lets users uninstall, repair, add, or remove features of installed programs.
 
-- If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users.
+If you disable this setting or do not configure it, the Change or Remove Programs page is available to all users.
 
 This setting does not prevent users from using other tools and methods to delete or uninstall programs.
 <!-- NoRemovePage-Description-End -->
@@ -560,6 +560,7 @@ Prevents users from using Add or Remove Programs to configure installed services
 This setting removes the "Set up services" section of the Add/Remove Windows Components page. The "Set up services" section lists system services that have not been configured and offers users easy access to the configuration tools.
 
 - If you disable this setting or do not configure it, "Set up services" appears only when there are unconfigured system services.
+
 - If you enable this setting, "Set up services" never appears.
 
 This setting does not prevent users from using other methods to configure services.
@@ -627,7 +628,7 @@ Removes links to the Support Info dialog box from programs on the Change or Remo
 
 Programs listed on the Change or Remove Programs page can include a "Click here for support information" hyperlink. When clicked, the hyperlink opens a dialog box that displays troubleshooting information, including a link to the installation files and data that users need to obtain product support, such as the Product ID and version number of the program. The dialog box also includes a hyperlink to support information on the Internet, such as the Microsoft Product Support Services Web page.
 
-- If you disable this setting or do not configure it, the Support Info hyperlink appears.
+If you disable this setting or do not configure it, the Support Info hyperlink appears.
 
 > [!NOTE]
 > Not all programs provide a support information hyperlink.
@@ -690,7 +691,7 @@ Removes the Add/Remove Windows Components button from the Add or Remove Programs
 
 The Add/Remove Windows Components button lets users configure installed services and use the Windows Component Wizard to add, remove, and configure components of Windows from the installation files.
 
-- If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users.
+If you disable this setting or do not configure it, the Add/Remove Windows Components button is available to all users.
 
 This setting does not prevent users from using other tools and methods to configure services or add or remove program components. However, this setting blocks user access to the Windows Component Wizard.
 <!-- NoWindowsSetupPage-Description-End -->

windows/client-management/mdm/policy-csp-admx-appcompat.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AppCompat Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -241,7 +241,8 @@ The Windows Resource Protection and User Account Control features of Windows use
 
 This option is useful to server administrators who require faster performance and are aware of the compatibility of the applications they are using. It is particularly useful for a web server where applications may be launched several hundred times a second, and the performance of the loader is essential.
 
-NOTE: Many system processes cache the value of this setting for performance reasons. If you make changes to this setting, please reboot to ensure that your system accurately reflects those changes.
+> [!NOTE]
+> Many system processes cache the value of this setting for performance reasons. If you make changes to this setting, please reboot to ensure that your system accurately reflects those changes.
 <!-- AppCompatTurnOffEngine-Description-End -->
 
 <!-- AppCompatTurnOffEngine-Editable-Begin -->

windows/client-management/mdm/policy-csp-admx-auditsettings.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_AuditSettings Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -45,6 +45,7 @@ ms.topic: reference
 This policy setting determines what information is logged in security audit events when a new process has been created.
 
 This setting only applies when the Audit Process Creation policy is enabled.
+
 - If you enable this policy setting the command line information for every process will be logged in plain text in the security event log as part of the Audit Process Creation event 4688, "a new process has been created," on the workstations and servers on which this policy setting is applied.
 
 - If you disable or do not configure this policy setting, the process's command line information will not be included in Audit Process Creation events.

windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_CipherSuiteOrder Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -117,7 +117,7 @@ NistP384
 
 To See all the curves supported on the system, Use the following command:
 
-CertUtil.exe -DisplayEccCurve
+CertUtil.exe -DisplayEccCurve.
 <!-- SSLCurveOrder-Description-End -->
 
 <!-- SSLCurveOrder-Editable-Begin -->

windows/client-management/mdm/policy-csp-admx-controlpanel.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ControlPanel Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -44,7 +44,7 @@ ms.topic: reference
 <!-- Description-Source-ADMX -->
 This setting allows you to display or hide specified Control Panel items, such as Mouse, System, or Personalization, from the Control Panel window and the Start screen. The setting affects the Start screen and Control Panel window, as well as other ways to access Control Panel items, such as shortcuts in Help and Support or command lines that use control.exe. This policy has no effect on items displayed in PC settings.
 
-- If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen.
+If you enable this setting, you can select specific items not to display on the Control Panel window and the Start screen.
 
 To hide a Control Panel item, enable this policy setting and click Show to access the list of disallowed Control Panel items. In the Show Contents dialog box in the Value column, enter the Control Panel item's canonical name. For example, enter Microsoft. Mouse, Microsoft. System, or Microsoft. Personalization.
 
@@ -120,6 +120,7 @@ This policy setting controls the default Control Panel view, whether by category
 - If this policy setting is disabled, the Control Panel opens to the category view.
 
 - If this policy setting is not configured, the Control Panel opens to the view used in the last Control Panel session.
+
 > [!NOTE]
 > Icon size is dependent upon what the user has set it to in the previous session.
 <!-- ForceClassicControlPanel-Description-End -->

windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_ControlPanelDisplay Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/13/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -44,7 +44,7 @@ ms.topic: reference
 <!-- Description-Source-ADMX -->
 Disables the Display Control Panel.
 
-- If you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action.
+If you enable this setting, the Display Control Panel does not run. When users try to start Display, a message appears explaining that a setting prevents the action.
 
 Also, see the "Prohibit access to the Control Panel" (User Configuration\Administrative Templates\Control Panel) and "Remove programs on Settings menu" (User Configuration\Administrative Templates\Start Menu & Taskbar) settings.
 <!-- CPL_Display_Disable-Description-End -->
@@ -537,7 +537,7 @@ Prevents users from changing the background image shown when the machine is lock
 
 By default, users can change the background image shown when the machine is locked or displaying the logon screen.
 
-- If you enable this setting, the user will not be able to change their lock screen and logon image, and they will instead see the default image.
+If you enable this setting, the user will not be able to change their lock screen and logon image, and they will instead see the default image.
 <!-- CPL_Personalization_NoChangingLockScreen-Description-End -->
 
 <!-- CPL_Personalization_NoChangingLockScreen-Editable-Begin -->
@@ -597,7 +597,7 @@ Prevents users from changing the look of their start menu background, such as it
 
 By default, users can change the look of their start menu background, such as its color or accent.
 
-- If you enable this setting, the user will be assigned the default start menu background and colors and will not be allowed to change them.
+If you enable this setting, the user will be assigned the default start menu background and colors and will not be allowed to change them.
 
 If the "Force a specific background and accent color" policy is also set on a supported version of Windows, then those colors take precedence over this policy.
 
@@ -661,7 +661,7 @@ Disables the Color (or Window Color) page in the Personalization Control Panel,
 
 This setting prevents users from using Control Panel to change the window border and taskbar color (on Windows 8), glass color (on Windows Vista and Windows 7), system colors, or color scheme of the desktop and windows.
 
-- If this setting is disabled or not configured, the Color (or Window Color) page or Color Scheme dialog is available in the Personalization or Display Control Panel.
+If this setting is disabled or not configured, the Color (or Window Color) page or Color Scheme dialog is available in the Personalization or Display Control Panel.
 
 For systems prior to Windows Vista, this setting hides the Appearance and Themes tabs in the in Display in Control Panel.
 <!-- CPL_Personalization_NoColorAppearanceUI-Description-End -->
@@ -723,7 +723,7 @@ Prevents users from adding or changing the background design of the desktop.
 
 By default, users can use the Desktop Background page in the Personalization or Display Control Panel to add a background design (wallpaper) to their desktop.
 
-- If you enable this setting, none of the Desktop Background settings can be changed by the user.
+If you enable this setting, none of the Desktop Background settings can be changed by the user.
 
 To specify wallpaper for a group, use the "Desktop Wallpaper" setting.
 
@@ -790,7 +790,7 @@ Prevents users from changing the desktop icons.
 
 By default, users can use the Desktop Icon Settings dialog in the Personalization or Display Control Panel to show, hide, or change the desktop icons.
 
-- If you enable this setting, none of the desktop icons can be changed by the user.
+If you enable this setting, none of the desktop icons can be changed by the user.
 
 For systems prior to Windows Vista, this setting also hides the Desktop tab in the Display Control Panel.
 <!-- CPL_Personalization_NoDesktopIconsUI-Description-End -->
@@ -912,7 +912,7 @@ Prevents users from changing the mouse pointers.
 
 By default, users can use the Pointers tab in the Mouse Control Panel to add, remove, or change the mouse pointers.
 
-- If you enable this setting, none of the mouse pointer scheme settings can be changed by the user.
+If you enable this setting, none of the mouse pointer scheme settings can be changed by the user.
 <!-- CPL_Personalization_NoMousePointersUI-Description-End -->
 
 <!-- CPL_Personalization_NoMousePointersUI-Editable-Begin -->
@@ -1030,7 +1030,7 @@ Prevents users from changing the sound scheme.
 
 By default, users can use the Sounds tab in the Sound Control Panel to add, remove, or change the system Sound Scheme.
 
-- If you enable this setting, none of the Sound Scheme settings can be changed by the user.
+If you enable this setting, none of the Sound Scheme settings can be changed by the user.
 <!-- CPL_Personalization_NoSoundSchemeUI-Description-End -->
 
 <!-- CPL_Personalization_NoSoundSchemeUI-Editable-Begin -->
@@ -1090,7 +1090,7 @@ Forces Windows to use the specified colors for the background and accent. The co
 
 By default, users can change the background and accent colors.
 
-- If this setting is enabled, the background and accent colors of Windows will be set to the specified colors and users cannot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.
+If this setting is enabled, the background and accent colors of Windows will be set to the specified colors and users cannot change those colors. This setting will not be applied if the specified colors do not meet a contrast ratio of 2:1 with white text.
 <!-- CPL_Personalization_PersonalColors-Description-End -->
 
 <!-- CPL_Personalization_PersonalColors-Editable-Begin -->

windows/client-management/mdm/policy-csp-admx-credentialproviders.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredentialProviders Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -173,7 +173,7 @@ credential providers from use during authentication.
 
 **Note** credential providers are used to process and validate user
 credentials during logon or when authentication is required.
-Windows Vista provides two default credential providers
+Windows Vista provides two default credential providers:
 Password and Smart Card. An administrator can install additional
 credential providers for different sets of credentials
 (for example, to support biometric authentication).

windows/client-management/mdm/policy-csp-admx-credssp.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_CredSsp Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -50,7 +50,7 @@ This policy setting applies when server authentication was achieved by using a t
 
 The policy becomes effective the next time the user signs on to a computer running Windows.
 
-If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB.
+- If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any computer. Applications depending upon this delegation behavior might fail authentication. For more information, see KB.
 
 FWlink for KB:
 <https://go.microsoft.com/fwlink/?LinkId=301508>
@@ -61,7 +61,7 @@ FWlink for KB:
 For Example:
 TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
 TERMSRV/* Remote Desktop Session Host running on all machines.
-TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
+TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com.
 <!-- AllowDefaultCredentials-Description-End -->
 
 <!-- AllowDefaultCredentials-Editable-Begin -->
@@ -123,7 +123,7 @@ This policy setting applies when server authentication was achieved via NTLM.
 
 - If you enable this policy setting, you can specify the servers to which the user's default credentials can be delegated (default credentials are those that you use when first logging on to Windows).
 
-If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine.
+- If you disable or do not configure (by default) this policy setting, delegation of default credentials is not permitted to any machine.
 
 > [!NOTE]
 > The "Allow delegating default credentials with NTLM-only server authentication" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials can be delegated. The use of a single wildcard character is permitted when specifying the SPN.
@@ -131,7 +131,7 @@ If you disable or do not configure (by default) this policy setting, delegation
 For Example:
 TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
 TERMSRV/* Remote Desktop Session Host running on all machines.
-TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
+TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com.
 <!-- AllowDefCredentialsWhenNTLMOnly-Description-End -->
 
 <!-- AllowDefCredentialsWhenNTLMOnly-Editable-Begin -->
@@ -189,19 +189,19 @@ TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all
 <!-- Description-Source-ADMX -->
 Encryption Oracle Remediation
 
-This policy setting applies to applications using the CredSSP component (for example Remote Desktop Connection).
+This policy setting applies to applications using the CredSSP component (for example: Remote Desktop Connection).
 
 Some versions of the CredSSP protocol are vulnerable to an encryption oracle attack against the client. This policy controls compatibility with vulnerable clients and servers. This policy allows you to set the level of protection desired for the encryption oracle vulnerability.
 
-- If you enable this policy setting, CredSSP version support will be selected based on the following options
+If you enable this policy setting, CredSSP version support will be selected based on the following options:
 
-Force Updated Clients Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. **Note** this setting should not be deployed until all remote hosts support the newest version.
+Force Updated Clients: Client applications which use CredSSP will not be able to fall back to the insecure versions and services using CredSSP will not accept unpatched clients. **Note** this setting should not be deployed until all remote hosts support the newest version.
 
-Mitigated Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.
+Mitigated: Client applications which use CredSSP will not be able to fall back to the insecure version but services using CredSSP will accept unpatched clients. See the link below for important information about the risk posed by remaining unpatched clients.
 
-Vulnerable Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients.
+Vulnerable: Client applications which use CredSSP will expose the remote servers to attacks by supporting fall back to the insecure versions and services using CredSSP will accept unpatched clients.
 
-For more information about the vulnerability and servicing requirements for protection, see <https//go.microsoft.com/fwlink/?linkid=866660>
+For more information about the vulnerability and servicing requirements for protection, see <https://go.microsoft.com/fwlink/?linkid=866660>
 <!-- AllowEncryptionOracle-Description-End -->
 
 <!-- AllowEncryptionOracle-Editable-Begin -->
@@ -262,7 +262,7 @@ This policy setting applies when server authentication was achieved via a truste
 
 - If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+- If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
 
 - If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.
 
@@ -273,7 +273,7 @@ For Example:
 TERMSRV/host.humanresources.fabrikam.com
 Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
 TERMSRV/* Remote Desktop Session Host running on all machines.
-TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com
+TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in .humanresources.fabrikam.com.
 <!-- AllowFreshCredentials-Description-End -->
 
 <!-- AllowFreshCredentials-Editable-Begin -->
@@ -335,7 +335,7 @@ This policy setting applies when server authentication was achieved via NTLM.
 
 - If you enable this policy setting, you can specify the servers to which the user's fresh credentials can be delegated (fresh credentials are those that you are prompted for when executing the application).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+- If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of fresh credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
 
 - If you disable this policy setting, delegation of fresh credentials is not permitted to any machine.
 
@@ -345,7 +345,7 @@ If you do not configure (by default) this policy setting, after proper mutual au
 For Example:
 TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
 TERMSRV/* Remote Desktop Session Host running on all machines.
-TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
+TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com.
 <!-- AllowFreshCredentialsWhenNTLMOnly-Description-End -->
 
 <!-- AllowFreshCredentialsWhenNTLMOnly-Editable-Begin -->
@@ -407,7 +407,7 @@ This policy setting applies when server authentication was achieved via a truste
 
 - If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
+- If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*).
 
 - If you disable this policy setting, delegation of saved credentials is not permitted to any machine.
 
@@ -417,7 +417,7 @@ If you do not configure (by default) this policy setting, after proper mutual au
 For Example:
 TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
 TERMSRV/* Remote Desktop Session Host running on all machines.
-TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
+TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com.
 <!-- AllowSavedCredentials-Description-End -->
 
 <!-- AllowSavedCredentials-Editable-Begin -->
@@ -479,7 +479,7 @@ This policy setting applies when server authentication was achieved via NTLM.
 
 - If you enable this policy setting, you can specify the servers to which the user's saved credentials can be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
 
-If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine.
+- If you do not configure (by default) this policy setting, after proper mutual authentication, delegation of saved credentials is permitted to Remote Desktop Session Host running on any machine (TERMSRV/*) if the client machine is not a member of any domain. If the client is domain-joined, by default the delegation of saved credentials is not permitted to any machine.
 
 - If you disable this policy setting, delegation of saved credentials is not permitted to any machine.
 
@@ -489,7 +489,7 @@ If you do not configure (by default) this policy setting, after proper mutual au
 For Example:
 TERMSRV/host.humanresources.fabrikam.com Remote Desktop Session Host running on host.humanresources.fabrikam.com machine
 TERMSRV/* Remote Desktop Session Host running on all machines.
-TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com
+TERMSRV/*.humanresources.fabrikam.com Remote Desktop Session Host running on all machines in humanresources.fabrikam.com.
 <!-- AllowSavedCredentialsWhenNTLMOnly-Description-End -->
 
 <!-- AllowSavedCredentialsWhenNTLMOnly-Editable-Begin -->
@@ -549,7 +549,7 @@ This policy setting applies to applications using the Cred SSP component (for ex
 
 - If you enable this policy setting, you can specify the servers to which the user's default credentials cannot be delegated (default credentials are those that you use when first logging on to Windows).
 
-If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+- If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
 
 > [!NOTE]
 > The "Deny delegating default credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.
@@ -619,7 +619,7 @@ This policy setting applies to applications using the Cred SSP component (for ex
 
 - If you enable this policy setting, you can specify the servers to which the user's fresh credentials cannot be delegated (fresh credentials are those that you are prompted for when executing the application).
 
-If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+- If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
 
 > [!NOTE]
 > The "Deny delegating fresh credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.
@@ -689,7 +689,7 @@ This policy setting applies to applications using the Cred SSP component (for ex
 
 - If you enable this policy setting, you can specify the servers to which the user's saved credentials cannot be delegated (saved credentials are those that you elect to save/remember using the Windows credential manager).
 
-If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
+- If you disable or do not configure (by default) this policy setting, this policy setting does not specify any server.
 
 > [!NOTE]
 > The "Deny delegating saved credentials" policy setting can be set to one or more Service Principal Names (SPNs). The SPN represents the target server to which the user credentials cannot be delegated. The use of a single wildcard character is permitted when specifying the SPN.

windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_CtrlAltDel Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -44,7 +44,7 @@ ms.topic: reference
 <!-- Description-Source-ADMX -->
 This policy setting prevents users from changing their Windows password on demand.
 
-- If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.
+If you enable this policy setting, the 'Change Password' button on the Windows Security dialog box will not appear when you press Ctrl+Alt+Del.
 
 However, users are still able to change their password when prompted by the system. The system prompts users for a new password when an administrator requires a new password or their password is expiring.
 <!-- DisableChangePassword-Description-End -->

windows/client-management/mdm/policy-csp-admx-datacollection.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DataCollection Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -44,7 +44,7 @@ ms.topic: reference
 <!-- Description-Source-ADMX -->
 This policy setting defines the identifier used to uniquely associate this device's diagnostic data data as belonging to a given organization. If your organization is participating in a program that requires this device to be identified as belonging to your organization then use this setting to provide that identification. The value for this setting will be provided by Microsoft as part of the onboarding process for the program.
 
-- If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data data with your organization.
+If you disable or do not configure this policy setting, then Microsoft will not be able to use this identifier to associate this machine and its diagnostic data data with your organization.
 <!-- CommercialIdPolicy-Description-End -->
 
 <!-- CommercialIdPolicy-Editable-Begin -->

windows/client-management/mdm/policy-csp-admx-dcom.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_DCOM Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -107,7 +107,7 @@ Allows you to specify that local computer administrators can supplement the "Def
 <!-- Description-Source-ADMX -->
 Allows you to view and change a list of DCOM server application ids (appids) which are exempted from the DCOM Activation security check. DCOM uses two such lists, one configured via Group Policy through this policy setting, and the other via the actions of local computer administrators. DCOM ignores the second list when this policy setting is configured, unless the "Allow local activation security check exemptions" policy is enabled.
 
-DCOM server appids added to this policy must be listed in curly-brace format. For example: {b5dcb061-cefb-42e0-a1be-e6a6438133fe}. If you enter a non-existent or improperly formatted appid DCOM will add it to the list without checking for errors.
+DCOM server appids added to this policy must be listed in curly-brace format. For Example: `{b5dcb061-cefb-42e0-a1be-e6a6438133fe}`. If you enter a non-existent or improperly formatted appid DCOM will add it to the list without checking for errors.
 
 - If you enable this policy setting, you can view and change the list of DCOM activation security check exemptions defined by Group Policy settings. If you add an appid to this list and set its value to 1, DCOM will not enforce the Activation security check for that DCOM server. If you add an appid to this list and set its value to 0 DCOM will always enforce the Activation security check for that DCOM server regardless of local settings.
 

windows/client-management/mdm/policy-csp-admx-desktop.md

@@ -4,7 +4,7 @@ description: Learn more about the ADMX_Desktop Area in Policy CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 01/09/2023
+ms.date: 03/23/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -233,7 +233,7 @@ Enables Active Desktop and prevents users from disabling it.
 
 This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.
 
-- If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.
+If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.
 
 > [!NOTE]
 > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting ( in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both of these policies are ignored.
@@ -296,7 +296,7 @@ Disables Active Desktop and prevents users from enabling it.
 
 This setting prevents users from trying to enable or disable Active Desktop while a policy controls it.
 
-- If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.
+If you disable this setting or do not configure it, Active Desktop is disabled by default, but users can enable it.
 
 > [!NOTE]
 > If both the "Enable Active Desktop" setting and the "Disable Active Desktop" setting are enabled, the "Disable Active Desktop" setting is ignored. If the "Turn on Classic Shell" setting (in User Configuration\Administrative Templates\Windows Components\Windows Explorer) is enabled, Active Desktop is disabled, and both these policies are ignored.
@@ -1098,7 +1098,7 @@ Removes the Properties option from the Recycle Bin context menu.
 <!-- Description-Source-ADMX -->
 Prevents users from saving certain changes to the desktop.
 
-- If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved.
+If you enable this setting, users can change the desktop, but some changes, such as the position of open windows or the size and position of the taskbar, are not saved when users log off. However, shortcuts placed on the desktop are always saved.
 <!-- NoSaveSettings-Description-End -->
 
 <!-- NoSaveSettings-Editable-Begin -->
@@ -1343,7 +1343,7 @@ Prevents users from removing Web content from their Active Desktop.
 
 In Active Desktop, you can add items to the desktop but close them so they are not displayed.
 
-- If you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel.
+If you enable this setting, items added to the desktop cannot be closed; they always appear on the desktop. This setting removes the check boxes from items on the Web tab in Display in Control Panel.
 
 > [!NOTE]
 > This setting does not prevent users from deleting items from their Active Desktop.
@@ -1585,7 +1585,7 @@ This setting removes all Active Desktop items from the desktop. It also removes
 <!-- Description-Source-ADMX -->
 Prevents users from manipulating desktop toolbars.
 
-- If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars.
+If you enable this setting, users cannot add or remove toolbars from the desktop. Also, users cannot drag toolbars on to or off of docked toolbars.
 
 > [!NOTE]
 > If users have added or removed toolbars, this setting prevents them from restoring the default configuration.
@@ -1776,7 +1776,7 @@ This setting lets you specify the wallpaper on users' desktops and prevents user
 
 To use this setting, type the fully qualified path and name of the file that stores the wallpaper image. You can type a local path, such as C:\Windows\web\wallpaper\home.jpg or a UNC path, such as \\Server\Share\Corp.jpg. If the specified file is not available when the user logs on, no wallpaper is displayed. Users cannot specify alternative wallpaper. You can also use this setting to specify that the wallpaper image be centered, tiled, or stretched. Users cannot change this specification.
 
-- If you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.
+If you disable this setting or do not configure it, no wallpaper is displayed. However, users can select the wallpaper of their choice.
 
 Also, see the "Allow only bitmapped wallpaper" in the same location, and the "Prevent changing wallpaper" setting in User Configuration\Administrative Templates\Control Panel.