From df59568106891aae6fc423750b6eb7ab25b5e88b Mon Sep 17 00:00:00 2001
From: Vinay Pamnani <37223378+vinaypamnani-msft@users.noreply.github.com>
Date: Tue, 28 Feb 2023 13:20:28 -0500
Subject: [PATCH] Fix issues

---
 .openpublishing.redirection.json              |   2 +-
 .../mdm/assignedaccess-csp.md                 |   3 +-
 windows/client-management/mdm/defender-csp.md | 180 ++++----
 .../mdm/diagnosticlog-csp.md                  |  86 ++--
 .../mdm/eap-configuration.md                  | 119 ++---
 .../client-management/mdm/surfacehub-csp.md   | 136 +++---
 windows/client-management/mdm/vpnv2-csp.md    | 418 +++++++++---------
 7 files changed, 475 insertions(+), 469 deletions(-)

diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 34fdd3782a..6b0407617e 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -20532,7 +20532,7 @@
     },
     {
       "source_path": "windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md",
-      "redirect_url": "/windows/client-management/mdm/windows/enterprisedesktopappmanagement-csp#downloadinstall-xsd-schema",
+      "redirect_url": "/windows/client-management/mdm/enterprisedesktopappmanagement-csp#downloadinstall-xsd-schema",
       "redirect_document_id": true
     },
     {
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index 32c1621720..5042ee9974 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -324,8 +324,7 @@ This node accepts a ShellLauncherConfiguration xml as input.
 <!-- Add any additional information about this policy here. Anything outside this section will get overwritten. -->
 In **Windows 10, version 1903**, Shell Launcher V2 was introduced to support both UWP and Win32 apps as the custom shell.
 
-- For more information on the schema, see [ShellLauncherConfiguration XSD](#shelllauncherconfiguration-xsd).
-- For more information, see [Shell Launcher](/windows/configuration/kiosk-shelllauncher).
+For more information, see [Shell Launcher](/windows/configuration/kiosk-shelllauncher).
 
 > [!IMPORTANT]
 > You can't set both ShellLauncher and KioskModeApp at the same time on the device.
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index b2d815dd03..40d679359a 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the Defender CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/17/2023
+ms.date: 02/28/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -21,92 +21,90 @@ ms.topic: reference
 <!-- Defender-Editable-End -->
 
 <!-- Defender-Tree-Begin -->
-The following example shows the Defender configuration service provider in tree format.
+The following list shows the Defender configuration service provider nodes:
 
-```text
-./Device/Vendor/MSFT/Defender
---- Configuration
------- AllowDatagramProcessingOnWinServer
------- AllowNetworkProtectionDownLevel
------- AllowNetworkProtectionOnWinServer
------- ASROnlyPerRuleExclusions
------- DataDuplicationDirectory
------- DataDuplicationLocalRetentionPeriod
------- DataDuplicationRemoteLocation
------- DefaultEnforcement
------- DeviceControl
---------- PolicyGroups
------------- {GroupId}
---------------- GroupData
---------- PolicyRules
------------- {RuleId}
---------------- RuleData
------- DeviceControlEnabled
------- DisableCpuThrottleOnIdleScans
------- DisableDnsOverTcpParsing
------- DisableDnsParsing
------- DisableFtpParsing
------- DisableGradualRelease
------- DisableHttpParsing
------- DisableInboundConnectionFiltering
------- DisableLocalAdminMerge
------- DisableNetworkProtectionPerfTelemetry
------- DisableRdpParsing
------- DisableSmtpParsing
------- DisableSshParsing
------- DisableTlsParsing
------- EnableDnsSinkhole
------- EnableFileHashComputation
------- EngineUpdatesChannel
------- HideExclusionsFromLocalAdmins
------- IntelTDTEnabled
------- MeteredConnectionUpdates
------- PassiveRemediation
------- PlatformUpdatesChannel
------- RandomizeScheduleTaskTimes
------- ScanOnlyIfIdleEnabled
------- SchedulerRandomizationTime
------- SecurityIntelligenceUpdatesChannel
------- SupportLogLocation
------- TamperProtection
------- ThrottleForScheduledScanOnly
---- Detections
------- {ThreatId}
---------- Category
---------- CurrentStatus
---------- ExecutionStatus
---------- InitialDetectionTime
---------- LastThreatStatusChangeTime
---------- Name
---------- NumberOfDetections
---------- Severity
---------- URL
---- Health
------- ComputerState
------- DefenderEnabled
------- DefenderVersion
------- EngineVersion
------- FullScanOverdue
------- FullScanRequired
------- FullScanSigVersion
------- FullScanTime
------- IsVirtualMachine
------- NisEnabled
------- ProductStatus
------- QuickScanOverdue
------- QuickScanSigVersion
------- QuickScanTime
------- RebootRequired
------- RtpEnabled
------- SignatureOutOfDate
------- SignatureVersion
------- TamperProtectionEnabled
---- OfflineScan
---- RollbackEngine
---- RollbackPlatform
---- Scan
---- UpdateSignature
-```
+- ./Device/Vendor/MSFT/Defender
+  - [Configuration](#configuration)
+    - [AllowDatagramProcessingOnWinServer](#configurationallowdatagramprocessingonwinserver)
+    - [AllowNetworkProtectionDownLevel](#configurationallownetworkprotectiondownlevel)
+    - [AllowNetworkProtectionOnWinServer](#configurationallownetworkprotectiononwinserver)
+    - [ASROnlyPerRuleExclusions](#configurationasronlyperruleexclusions)
+    - [DataDuplicationDirectory](#configurationdataduplicationdirectory)
+    - [DataDuplicationLocalRetentionPeriod](#configurationdataduplicationlocalretentionperiod)
+    - [DataDuplicationRemoteLocation](#configurationdataduplicationremotelocation)
+    - [DefaultEnforcement](#configurationdefaultenforcement)
+    - [DeviceControl](#configurationdevicecontrol)
+      - [PolicyGroups](#configurationdevicecontrolpolicygroups)
+        - [{GroupId}](#configurationdevicecontrolpolicygroupsgroupid)
+          - [GroupData](#configurationdevicecontrolpolicygroupsgroupidgroupdata)
+      - [PolicyRules](#configurationdevicecontrolpolicyrules)
+        - [{RuleId}](#configurationdevicecontrolpolicyrulesruleid)
+          - [RuleData](#configurationdevicecontrolpolicyrulesruleidruledata)
+    - [DeviceControlEnabled](#configurationdevicecontrolenabled)
+    - [DisableCpuThrottleOnIdleScans](#configurationdisablecputhrottleonidlescans)
+    - [DisableDnsOverTcpParsing](#configurationdisablednsovertcpparsing)
+    - [DisableDnsParsing](#configurationdisablednsparsing)
+    - [DisableFtpParsing](#configurationdisableftpparsing)
+    - [DisableGradualRelease](#configurationdisablegradualrelease)
+    - [DisableHttpParsing](#configurationdisablehttpparsing)
+    - [DisableInboundConnectionFiltering](#configurationdisableinboundconnectionfiltering)
+    - [DisableLocalAdminMerge](#configurationdisablelocaladminmerge)
+    - [DisableNetworkProtectionPerfTelemetry](#configurationdisablenetworkprotectionperftelemetry)
+    - [DisableRdpParsing](#configurationdisablerdpparsing)
+    - [DisableSmtpParsing](#configurationdisablesmtpparsing)
+    - [DisableSshParsing](#configurationdisablesshparsing)
+    - [DisableTlsParsing](#configurationdisabletlsparsing)
+    - [EnableDnsSinkhole](#configurationenablednssinkhole)
+    - [EnableFileHashComputation](#configurationenablefilehashcomputation)
+    - [EngineUpdatesChannel](#configurationengineupdateschannel)
+    - [HideExclusionsFromLocalAdmins](#configurationhideexclusionsfromlocaladmins)
+    - [IntelTDTEnabled](#configurationinteltdtenabled)
+    - [MeteredConnectionUpdates](#configurationmeteredconnectionupdates)
+    - [PassiveRemediation](#configurationpassiveremediation)
+    - [PlatformUpdatesChannel](#configurationplatformupdateschannel)
+    - [RandomizeScheduleTaskTimes](#configurationrandomizescheduletasktimes)
+    - [ScanOnlyIfIdleEnabled](#configurationscanonlyifidleenabled)
+    - [SchedulerRandomizationTime](#configurationschedulerrandomizationtime)
+    - [SecurityIntelligenceUpdatesChannel](#configurationsecurityintelligenceupdateschannel)
+    - [SupportLogLocation](#configurationsupportloglocation)
+    - [TamperProtection](#configurationtamperprotection)
+    - [ThrottleForScheduledScanOnly](#configurationthrottleforscheduledscanonly)
+  - [Detections](#detections)
+    - [{ThreatId}](#detectionsthreatid)
+      - [Category](#detectionsthreatidcategory)
+      - [CurrentStatus](#detectionsthreatidcurrentstatus)
+      - [ExecutionStatus](#detectionsthreatidexecutionstatus)
+      - [InitialDetectionTime](#detectionsthreatidinitialdetectiontime)
+      - [LastThreatStatusChangeTime](#detectionsthreatidlastthreatstatuschangetime)
+      - [Name](#detectionsthreatidname)
+      - [NumberOfDetections](#detectionsthreatidnumberofdetections)
+      - [Severity](#detectionsthreatidseverity)
+      - [URL](#detectionsthreatidurl)
+  - [Health](#health)
+    - [ComputerState](#healthcomputerstate)
+    - [DefenderEnabled](#healthdefenderenabled)
+    - [DefenderVersion](#healthdefenderversion)
+    - [EngineVersion](#healthengineversion)
+    - [FullScanOverdue](#healthfullscanoverdue)
+    - [FullScanRequired](#healthfullscanrequired)
+    - [FullScanSigVersion](#healthfullscansigversion)
+    - [FullScanTime](#healthfullscantime)
+    - [IsVirtualMachine](#healthisvirtualmachine)
+    - [NisEnabled](#healthnisenabled)
+    - [ProductStatus](#healthproductstatus)
+    - [QuickScanOverdue](#healthquickscanoverdue)
+    - [QuickScanSigVersion](#healthquickscansigversion)
+    - [QuickScanTime](#healthquickscantime)
+    - [RebootRequired](#healthrebootrequired)
+    - [RtpEnabled](#healthrtpenabled)
+    - [SignatureOutOfDate](#healthsignatureoutofdate)
+    - [SignatureVersion](#healthsignatureversion)
+    - [TamperProtectionEnabled](#healthtamperprotectionenabled)
+  - [OfflineScan](#offlinescan)
+  - [RollbackEngine](#rollbackengine)
+  - [RollbackPlatform](#rollbackplatform)
+  - [Scan](#scan)
+  - [UpdateSignature](#updatesignature)
 <!-- Defender-Tree-End -->
 
 <!-- Device-Configuration-Begin -->
@@ -633,7 +631,7 @@ Control Device Control default enforcement. This is the enforcement applied if t
 
 <!-- Device-Configuration-DeviceControl-PolicyGroups-{GroupId}-GroupData-Description-Begin -->
 <!-- Description-Source-DDF -->
-Follow the instructions provided here: <https://learn.microsoft.com/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control>
+For more information, see [Microsoft Defender for Endpoint Device Control Removable Storage Access Control](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control).
 <!-- Device-Configuration-DeviceControl-PolicyGroups-{GroupId}-GroupData-Description-End -->
 
 <!-- Device-Configuration-DeviceControl-PolicyGroups-{GroupId}-GroupData-Editable-Begin -->
@@ -748,7 +746,7 @@ Follow the instructions provided here: <https://learn.microsoft.com/microsoft-36
 
 <!-- Device-Configuration-DeviceControl-PolicyRules-{RuleId}-RuleData-Description-Begin -->
 <!-- Description-Source-DDF -->
-Follow the instructions provided here: <https://learn.microsoft.com/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control>
+For more information, see [Microsoft Defender for Endpoint Device Control Removable Storage Access Control](/microsoft-365/security/defender-endpoint/device-control-removable-storage-access-control).
 <!-- Device-Configuration-DeviceControl-PolicyRules-{RuleId}-RuleData-Description-End -->
 
 <!-- Device-Configuration-DeviceControl-PolicyRules-{RuleId}-RuleData-Editable-Begin -->
@@ -1795,9 +1793,9 @@ Setting to control automatic remediation for Sense scans.
 
 | Flag | Description |
 |:--|:--|
-| 0x1 |  |
-| 0x2 |  |
-| 0x4 |  |
+| 0x1 | PASSIVE_REMEDIATION_FLAG_SENSE_AUTO_REMEDIATION: Passive Remediation Sense AutoRemediation. |
+| 0x2 | PASSIVE_REMEDIATION_FLAG_RTP_AUDIT: Passive Remediation Realtime Protection Audit. |
+| 0x4 | PASSIVE_REMEDIATION_FLAG_RTP_REMEDIATION: Passive Remediation Realtime Protection Remediation. |
 <!-- Device-Configuration-PassiveRemediation-AllowedValues-End -->
 
 <!-- Device-Configuration-PassiveRemediation-Examples-Begin -->
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 9c9fad82b4..34dbe6281b 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the DiagnosticLog CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/21/2023
+ms.date: 02/28/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -21,49 +21,47 @@ ms.topic: reference
 <!-- DiagnosticLog-Editable-End -->
 
 <!-- DiagnosticLog-Tree-Begin -->
-The following example shows the DiagnosticLog configuration service provider in tree format.
+The following list shows the DiagnosticLog configuration service provider nodes:
 
-```text
-./Vendor/MSFT/DiagnosticLog
---- DeviceStateData
------- MdmConfiguration
---- DiagnosticArchive
------- ArchiveDefinition
------- ArchiveResults
---- EtwLog
------- Channels
---------- {ChannelName}
------------- Export
------------- Filter
------------- State
------- Collectors
---------- {CollectorName}
------------- LogFileSizeLimitMB
------------- Providers
---------------- {ProviderGuid}
------------------- Keywords
------------------- State
------------------- TraceLevel
------------- TraceControl
------------- TraceLogFileMode
------------- TraceStatus
---- FileDownload
------- DMChannel
---------- {FileContext}
------------- BlockCount
------------- BlockData
------------- BlockIndexToRead
------------- BlockSizeKB
------------- DataBlocks
---------------- {BlockNumber}
---- Policy
------- Channels
---------- {ChannelName}
------------- ActionWhenFull
------------- Enabled
------------- MaximumFileSize
------------- SDDL
-```
+- ./Vendor/MSFT/DiagnosticLog
+  - [DeviceStateData](#devicestatedata)
+    - [MdmConfiguration](#devicestatedatamdmconfiguration)
+  - [DiagnosticArchive](#diagnosticarchive)
+    - [ArchiveDefinition](#diagnosticarchivearchivedefinition)
+    - [ArchiveResults](#diagnosticarchivearchiveresults)
+  - [EtwLog](#etwlog)
+    - [Channels](#etwlogchannels)
+      - [{ChannelName}](#etwlogchannelschannelname)
+        - [Export](#etwlogchannelschannelnameexport)
+        - [Filter](#etwlogchannelschannelnamefilter)
+        - [State](#etwlogchannelschannelnamestate)
+    - [Collectors](#etwlogcollectors)
+      - [{CollectorName}](#etwlogcollectorscollectorname)
+        - [LogFileSizeLimitMB](#etwlogcollectorscollectornamelogfilesizelimitmb)
+        - [Providers](#etwlogcollectorscollectornameproviders)
+          - [{ProviderGuid}](#etwlogcollectorscollectornameprovidersproviderguid)
+            - [Keywords](#etwlogcollectorscollectornameprovidersproviderguidkeywords)
+            - [State](#etwlogcollectorscollectornameprovidersproviderguidstate)
+            - [TraceLevel](#etwlogcollectorscollectornameprovidersproviderguidtracelevel)
+        - [TraceControl](#etwlogcollectorscollectornametracecontrol)
+        - [TraceLogFileMode](#etwlogcollectorscollectornametracelogfilemode)
+        - [TraceStatus](#etwlogcollectorscollectornametracestatus)
+  - [FileDownload](#filedownload)
+    - [DMChannel](#filedownloaddmchannel)
+      - [{FileContext}](#filedownloaddmchannelfilecontext)
+        - [BlockCount](#filedownloaddmchannelfilecontextblockcount)
+        - [BlockData](#filedownloaddmchannelfilecontextblockdata)
+        - [BlockIndexToRead](#filedownloaddmchannelfilecontextblockindextoread)
+        - [BlockSizeKB](#filedownloaddmchannelfilecontextblocksizekb)
+        - [DataBlocks](#filedownloaddmchannelfilecontextdatablocks)
+          - [{BlockNumber}](#filedownloaddmchannelfilecontextdatablocksblocknumber)
+  - [Policy](#policy)
+    - [Channels](#policychannels)
+      - [{ChannelName}](#policychannelschannelname)
+        - [ActionWhenFull](#policychannelschannelnameactionwhenfull)
+        - [Enabled](#policychannelschannelnameenabled)
+        - [MaximumFileSize](#policychannelschannelnamemaximumfilesize)
+        - [SDDL](#policychannelschannelnamesddl)
 <!-- DiagnosticLog-Tree-End -->
 
 <!-- Device-DeviceStateData-Begin -->
@@ -2659,7 +2657,7 @@ Maximum size of the channel log file in MB.
 
 <!-- Device-Policy-Channels-{ChannelName}-SDDL-Description-Begin -->
 <!-- Description-Source-DDF -->
-SDDL String controlling access to the channel. Default: <https://docs.microsoft.com/windows/desktop/WES/eventmanifestschema-channeltype-complextype>
+SDDL String controlling access to the channel. For more information, see [ChannelType Complex Type](/windows/win32/wes/eventmanifestschema-channeltype-complextype).
 <!-- Device-Policy-Channels-{ChannelName}-SDDL-Description-End -->
 
 <!-- Device-Policy-Channels-{ChannelName}-SDDL-Editable-Begin -->
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 35f29d23a7..7f96c29f4f 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -1,7 +1,7 @@
 ---
 title: EAP configuration
 description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10.
-ms.reviewer: 
+ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
@@ -19,45 +19,45 @@ This article provides a step-by-step guide for creating an Extensible Authentica
 
 To get the EAP configuration from your desktop using the rasphone tool that is shipped in the box:
 
-1.  Run rasphone.exe.
+1. Run rasphone.exe.
 
     ![vpnv2 rasphone.](images/vpnv2-csp-rasphone.png)
 
-1.  If you don't currently have a VPN connection and you see the following message, select **OK**.
+1. If you don't currently have a VPN connection and you see the following message, select **OK**.
 
     ![vpnv2 csp network connections.](images/vpnv2-csp-networkconnections.png)
 
-1.  In the wizard, select **Workplace network**.
+1. In the wizard, select **Workplace network**.
 
     ![vpnv2 csp set up connection.](images/vpnv2-csp-setupnewconnection.png)
 
-1.  Enter an Internet address and connection name. These details can be fake since it doesn't impact the authentication parameters.
+1. Enter an Internet address and connection name. These details can be fake since it doesn't impact the authentication parameters.
 
     ![vpnv2 csp set up connection 2.](images/vpnv2-csp-setupnewconnection2.png)
 
-1.  Create a fake VPN connection. In the UI shown here, select **Properties**.
+1. Create a fake VPN connection. In the UI shown here, select **Properties**.
 
     ![vpnv2 csp choose nw connection.](images/vpnv2-csp-choosenetworkconnection.png)
 
-1.  In the **Test Properties** dialog, select the **Security** tab.
+1. In the **Test Properties** dialog, select the **Security** tab.
 
     ![vpnv2 csp test props.](images/vpnv2-csp-testproperties.png)
 
-1.  On the **Security** tab, select **Use Extensible Authentication Protocol (EAP)**.
+1. On the **Security** tab, select **Use Extensible Authentication Protocol (EAP)**.
 
     ![vpnv2 csp test props2.](images/vpnv2-csp-testproperties2.png)
 
-1.  From the drop-down menu, select the EAP method that you want to configure, and then select **Properties** to configure as needed.
+1. From the drop-down menu, select the EAP method that you want to configure, and then select **Properties** to configure as needed.
 
     ![vpnv2 csp test props3.](images/vpnv2-csp-testproperties3.png)![vpnv2 csp test props4](images/vpnv2-csp-testproperties4.png)
 
-1.  Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
+1. Switch over to PowerShell and use the following cmdlets to retrieve the EAP configuration XML.
 
     ```powershell
     Get-VpnConnection -Name Test
     ```
 
-    <a href="" id="pow"></a>Here's an example output.
+    Here's an example output.
 
     ``` syntax
     Name                  : Test
@@ -88,26 +88,46 @@ To get the EAP configuration from your desktop using the rasphone tool that is s
     Here's an example output.
 
     ```xml
-    <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><EapMethod><Type xmlns="http://www.microsoft.co
-    m/provisioning/EapCommon">13</Type><VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId><VendorTy
-    pe xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType><AuthorId xmlns="http://www.microsoft.com/provisi
-    oning/EapCommon">0</AuthorId></EapMethod><Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig"><Eap xmlns="h
-    ttp://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1"><Type>13</Type><EapType xmlns="http://www.microsoft.co
-    m/provisioning/EapTlsConnectionPropertiesV1"><CredentialsSource><CertificateStore><SimpleCertSelection>true</SimpleCertSel
-    ection></CertificateStore></CredentialsSource><ServerValidation><DisableUserPromptForServerValidation>false</DisableUserPr
-    omptForServerValidation><ServerNames></ServerNames></ServerValidation><DifferentUsername>false</DifferentUsername><Perform
-    ServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">true</PerformServerValidation>
-    <AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">true</AcceptServerName><TLSEx
-    tensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2"><FilteringInfo xmlns="http://www.micro
-    soft.com/provisioning/EapTlsConnectionPropertiesV3"><ClientAuthEKUList Enabled="true" /><AnyPurposeEKUList Enabled="true"
-    /></FilteringInfo></TLSExtensions></EapType></Eap></Config></EapHostConfig>
+    <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+      <EapMethod>
+        <Type xmlns="http://www.microsoft.com/provisioning/EapCommon">13</Type>
+        <VendorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorId>
+        <VendorType xmlns="http://www.microsoft.com/provisioning/EapCommon">0</VendorType>
+        <AuthorId xmlns="http://www.microsoft.com/provisioning/EapCommon">0</AuthorId>
+      </EapMethod>
+      <Config xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
+        <Eap xmlns="http://www.microsoft.com/provisioning/BaseEapConnectionPropertiesV1">
+          <Type>13</Type>
+          <EapType xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV1">
+            <CredentialsSource>
+              <CertificateStore>
+                <SimpleCertSelection>true</SimpleCertSelection>
+              </CertificateStore>
+            </CredentialsSource>
+            <ServerValidation>
+              <DisableUserPromptForServerValidation>false</DisableUserPromptForServerValidation>
+              <ServerNames />
+            </ServerValidation>
+            <DifferentUsername>false</DifferentUsername>
+            <PerformServerValidation xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">true</PerformServerValidation>
+            <AcceptServerName xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">true</AcceptServerName>
+            <TLSExtensions xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV2">
+              <FilteringInfo xmlns="http://www.microsoft.com/provisioning/EapTlsConnectionPropertiesV3">
+                <ClientAuthEKUList Enabled="true" />
+                <AnyPurposeEKUList Enabled="true" />
+              </FilteringInfo>
+            </TLSExtensions>
+          </EapType>
+        </Eap>
+      </Config>
+    </EapHostConfig>
     ```
 
     > [!NOTE]
     > You should check with Mobile Device Management (MDM) vendor, if you need to pass this XML in escaped format. The XSDs for all EAP methods are shipped in the box and can be found at the following locations:
-    > -   C:\\Windows\\schemas\\EAPHost
-    > -   C:\\Windows\\schemas\\EAPMethods
-
+    >
+    > - C:\\Windows\\schemas\\EAPHost
+    > - C:\\Windows\\schemas\\EAPMethods
 
 ## EAP certificate filtering
 
@@ -115,15 +135,15 @@ In your deployment, if you have multiple certificates provisioned on the device
 
 Enterprises deploying certificate-based EAP authentication for VPN and Wi-Fi can encounter a situation where there are multiple certificates that meet the default criteria for authentication. This situation can lead to issues such as:
 
--   The user might be prompted to select the certificate.
--   The wrong certificate might be auto-selected and cause an authentication failure.
+- The user might be prompted to select the certificate.
+- The wrong certificate might be auto-selected and cause an authentication failure.
 
 A production ready deployment must have appropriate certificate details as part of the profile being deployed. The following information explains how to create or update an EAP configuration XML such that the extraneous certificates are filtered out and appropriate certificate can be used for the authentication.
 
 EAP XML must be updated with relevant information for your environment. This task can be done manually by editing the following XML sample or by using the step-by-step UI guide. After the EAP XML is updated, refer to instructions from your MDM to deploy the updated configuration as follows:
 
--   For Wi-Fi, look for the `<EAPConfig>` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags, you'll find the complete EAP configuration. Replace the section under `<EAPConfig>` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
--   For VPN, EAP configuration is a separate field in the MDM configuration. Work with your MDM provider to identify and update the appropriate field.
+- For Wi-Fi, look for the `<EAPConfig>` section of your current WLAN Profile XML. (This section is what you specify for the WLanXml node in the Wi-Fi CSP.) Within these tags, you'll find the complete EAP configuration. Replace the section under `<EAPConfig>` with your updated XML and update your Wi-Fi profile. You can refer to your MDM’s guidance on how to deploy a new Wi-Fi profile.
+- For VPN, EAP configuration is a separate field in the MDM configuration. Work with your MDM provider to identify and update the appropriate field.
 
 For information about EAP settings, see <https://technet.microsoft.com/library/hh945104.aspx#BKMK_Cfg_cert_Selct>.
 
@@ -135,23 +155,22 @@ For information about adding EKU to a certificate, see <https://technet.microsof
 
 The following list describes the prerequisites for a certificate to be used with EAP:
 
--   The certificate must have at least one of the following EKU properties:
+- The certificate must have at least one of the following EKU properties:
 
-    -   Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
-    -   Any Purpose: This property is an EKU-defined one and is published by Microsoft. It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
-    -   All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
+  - Client Authentication: As defined by RFC 5280, this property is a well-defined OID with value 1.3.6.1.5.5.7.3.2.
+  - Any Purpose: This property is an EKU-defined one and is published by Microsoft. It is a well-defined OID with value 1.3.6.1.4.1.311.10.12.1. The inclusion of this OID implies that the certificate can be used for any purpose. The advantage of this EKU over the All Purpose EKU is that other non-critical or custom EKUs can still be added to the certificate for effective filtering.
+  - All Purpose: As defined by RFC 5280, if a CA includes EKUs to satisfy some application needs, but doesn't want to restrict usage of the key, the CA can add an EKU value of 0. A certificate with such an EKU can be used for all purposes.
 
--   The user or the computer certificate on the client must chain to a trusted root CA.
--   The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
--   The user or the computer certificate doesn't fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server.
--   The Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN) of the user.
+- The user or the computer certificate on the client must chain to a trusted root CA.
+- The user or the computer certificate doesn't fail any one of the checks that are performed by the CryptoAPI certificate store, and the certificate passes requirements in the remote access policy.
+- The user or the computer certificate doesn't fail any one of the certificate object identifier checks that are specified in the Internet Authentication Service (IAS)/Radius Server.
+- The Subject Alternative Name (SubjectAltName) extension in the certificate contains the user principal name (UPN) of the user.
 
 The following XML sample explains the properties for the EAP TLS XML, including certificate filtering.
 
 > [!NOTE]
 > For PEAP or TTLS profiles, the EAP TLS XML is embedded within some PEAP-specific or TTLS-specific elements.
 
- 
 ```xml
 <EapHostConfig xmlns="http://www.microsoft.com/provisioning/EapHostConfig">
  <EapMethod>
@@ -254,36 +273,32 @@ The following XML sample explains the properties for the EAP TLS XML, including
 > [!NOTE]
 > The EAP TLS XSD is located at %systemdrive%\\Windows\\schemas\\EAPMethods\\eaptlsconnectionpropertiesv3.xsd.
 
- 
 Alternatively, you can use the following procedure to create an EAP configuration XML:
 
-1.  Follow steps 1 through 7 in the EAP configuration article.
-1.  In the **Microsoft VPN SelfHost Properties** dialog box, select **Microsoft: Smart Card or other Certificate** from the drop-down menu (this value selects EAP TLS).
+1. Follow steps 1 through 7 in the EAP configuration article.
+1. In the **Microsoft VPN SelfHost Properties** dialog box, select **Microsoft: Smart Card or other Certificate** from the drop-down menu (this value selects EAP TLS).
 
     ![vpn self host properties window.](images/certfiltering1.png)
 
     > [!NOTE]
     > For PEAP or TTLS, select the appropriate method and continue following this procedure.
 
-     
-
-1.  Select the **Properties** button underneath the drop-down menu.
-1.  On the **Smart Card or other Certificate Properties** menu, select the **Advanced** button.
+1. Select the **Properties** button underneath the drop-down menu.
+1. On the **Smart Card or other Certificate Properties** menu, select the **Advanced** button.
 
     ![smart card or other certificate properties window.](images/certfiltering2.png)
 
-1.  On the **Configure Certificate Selection** menu, adjust the filters as needed.
+1. On the **Configure Certificate Selection** menu, adjust the filters as needed.
 
     ![configure certificate window.](images/certfiltering3.png)
 
-1.  Select **OK** to close the windows and get back to the main rasphone.exe dialog box.
-1.  Close the rasphone dialog box.
-1.  Continue following the procedure in the EAP configuration article from step 9 to get an EAP TLS profile with appropriate filtering.
+1. Select **OK** to close the windows and get back to the main rasphone.exe dialog box.
+1. Close the rasphone dialog box.
+1. Continue following the procedure in the EAP configuration article from step 9 to get an EAP TLS profile with appropriate filtering.
 
 > [!NOTE]
 > You can also set all the other applicable EAP Properties through this UI as well. A guide for what these properties mean can be found in the [Extensible Authentication Protocol (EAP) Settings for Network Access](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh945104(v=ws.11)) article.
 
-
 ## Related topics
 
 [Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index 8053fbaba7..1925bbdccc 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the SurfaceHub CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/24/2023
+ms.date: 02/28/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -25,74 +25,72 @@ The SurfaceHub configuration service provider (CSP) is used to configure Microso
 <!-- SurfaceHub-Editable-End -->
 
 <!-- SurfaceHub-Tree-Begin -->
-The following example shows the SurfaceHub configuration service provider in tree format.
+The following list shows the SurfaceHub configuration service provider nodes:
 
-```text
-./Vendor/MSFT/SurfaceHub
---- AutopilotSelfdeploy
------- FriendlyName
------- Password
------- UserPrincipalName
---- DeviceAccount
------- CalendarSyncEnabled
------- DomainName
------- Email
------- ErrorContext
------- ExchangeModernAuthEnabled
------- ExchangeServer
------- Password
------- PasswordRotationPeriod
------- SipAddress
------- UserName
------- UserPrincipalName
------- ValidateAndCommit
---- Dot3
------- EapUserData
------- LanProfile
---- InBoxApps
------- Connect
---------- AutoLaunch
------- SkypeForBusiness
---------- DomainName
------- Teams
---------- Configurations
------- Welcome
---------- AutoWakeScreen
---------- CurrentBackgroundPath
---------- MeetingInfoOption
------- Whiteboard
---------- SharingDisabled
---------- SignInDisabled
---------- TelemetryDisabled
------- WirelessProjection
---------- Channel
---------- Enabled
---------- PINRequired
---- MaintenanceHoursSimple
------- Hours
---------- Duration
---------- StartTime
---- Management
------- GroupName
------- GroupSid
---- MOMAgent
------- WorkspaceID
------- WorkspaceKey
---- Properties
------- AllowAutoProxyAuth
------- AllowSessionResume
------- DefaultVolume
------- DisableSigninSuggestions
------- DoNotShowMyMeetingsAndFiles
------- FriendlyName
------- ProxyServers
------- ScreenTimeout
------- SessionTimeout
------- SleepMode
------- SleepTimeout
------- SurfaceHubMeetingMode
------- VtcAppPackageId
-```
+- ./Vendor/MSFT/SurfaceHub
+  - [AutopilotSelfdeploy](#autopilotselfdeploy)
+    - [FriendlyName](#autopilotselfdeployfriendlyname)
+    - [Password](#autopilotselfdeploypassword)
+    - [UserPrincipalName](#autopilotselfdeployuserprincipalname)
+  - [DeviceAccount](#deviceaccount)
+    - [CalendarSyncEnabled](#deviceaccountcalendarsyncenabled)
+    - [DomainName](#deviceaccountdomainname)
+    - [Email](#deviceaccountemail)
+    - [ErrorContext](#deviceaccounterrorcontext)
+    - [ExchangeModernAuthEnabled](#deviceaccountexchangemodernauthenabled)
+    - [ExchangeServer](#deviceaccountexchangeserver)
+    - [Password](#deviceaccountpassword)
+    - [PasswordRotationPeriod](#deviceaccountpasswordrotationperiod)
+    - [SipAddress](#deviceaccountsipaddress)
+    - [UserName](#deviceaccountusername)
+    - [UserPrincipalName](#deviceaccountuserprincipalname)
+    - [ValidateAndCommit](#deviceaccountvalidateandcommit)
+  - [Dot3](#dot3)
+    - [EapUserData](#dot3eapuserdata)
+    - [LanProfile](#dot3lanprofile)
+  - [InBoxApps](#inboxapps)
+    - [Connect](#inboxappsconnect)
+      - [AutoLaunch](#inboxappsconnectautolaunch)
+    - [SkypeForBusiness](#inboxappsskypeforbusiness)
+      - [DomainName](#inboxappsskypeforbusinessdomainname)
+    - [Teams](#inboxappsteams)
+      - [Configurations](#inboxappsteamsconfigurations)
+    - [Welcome](#inboxappswelcome)
+      - [AutoWakeScreen](#inboxappswelcomeautowakescreen)
+      - [CurrentBackgroundPath](#inboxappswelcomecurrentbackgroundpath)
+      - [MeetingInfoOption](#inboxappswelcomemeetinginfooption)
+    - [Whiteboard](#inboxappswhiteboard)
+      - [SharingDisabled](#inboxappswhiteboardsharingdisabled)
+      - [SignInDisabled](#inboxappswhiteboardsignindisabled)
+      - [TelemetryDisabled](#inboxappswhiteboardtelemetrydisabled)
+    - [WirelessProjection](#inboxappswirelessprojection)
+      - [Channel](#inboxappswirelessprojectionchannel)
+      - [Enabled](#inboxappswirelessprojectionenabled)
+      - [PINRequired](#inboxappswirelessprojectionpinrequired)
+  - [MaintenanceHoursSimple](#maintenancehourssimple)
+    - [Hours](#maintenancehourssimplehours)
+      - [Duration](#maintenancehourssimplehoursduration)
+      - [StartTime](#maintenancehourssimplehoursstarttime)
+  - [Management](#management)
+    - [GroupName](#managementgroupname)
+    - [GroupSid](#managementgroupsid)
+  - [MOMAgent](#momagent)
+    - [WorkspaceID](#momagentworkspaceid)
+    - [WorkspaceKey](#momagentworkspacekey)
+  - [Properties](#properties)
+    - [AllowAutoProxyAuth](#propertiesallowautoproxyauth)
+    - [AllowSessionResume](#propertiesallowsessionresume)
+    - [DefaultVolume](#propertiesdefaultvolume)
+    - [DisableSigninSuggestions](#propertiesdisablesigninsuggestions)
+    - [DoNotShowMyMeetingsAndFiles](#propertiesdonotshowmymeetingsandfiles)
+    - [FriendlyName](#propertiesfriendlyname)
+    - [ProxyServers](#propertiesproxyservers)
+    - [ScreenTimeout](#propertiesscreentimeout)
+    - [SessionTimeout](#propertiessessiontimeout)
+    - [SleepMode](#propertiessleepmode)
+    - [SleepTimeout](#propertiessleeptimeout)
+    - [SurfaceHubMeetingMode](#propertiessurfacehubmeetingmode)
+    - [VtcAppPackageId](#propertiesvtcapppackageid)
 <!-- SurfaceHub-Tree-End -->
 
 <!-- Device-AutopilotSelfdeploy-Begin -->
@@ -1148,7 +1146,7 @@ Node for the Skype for Business settings.
 
 <!-- Device-InBoxApps-SkypeForBusiness-DomainName-Description-Begin -->
 <!-- Description-Source-DDF -->
-Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see <https://docs.microsoft.com/SkypeForBusiness/set-up-skype-for-business-online/set-up-skype-for-business-online?redirectSourcePath=%252fen-us%252farticle%252fSet-up-Skype-for-Business-Online-40296968-e779-4259-980b-c2de1c044c6e#bkmk_users>
+Specifies the domain of the Skype for Business account when you are using Active Directory. For more information, see [Set up your domain and users](/skypeforbusiness/set-up-skype-for-business-online/set-up-skype-for-business-online#3-set-up-your-domain-and-users).
 <!-- Device-InBoxApps-SkypeForBusiness-DomainName-Description-End -->
 
 <!-- Device-InBoxApps-SkypeForBusiness-DomainName-Editable-Begin -->
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index dbefb53ad4..ce9204701c 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -4,7 +4,7 @@ description: Learn more about the VPNv2 CSP.
 author: vinaypamnani-msft
 manager: aaroncz
 ms.author: vinpa
-ms.date: 02/27/2023
+ms.date: 02/28/2023
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.technology: itpro-manage
@@ -36,214 +36,212 @@ The XSDs for all EAP methods are shipped in the box and can be found at the foll
 <!-- VPNv2-Editable-End -->
 
 <!-- VPNv2-Tree-Begin -->
-The following example shows the VPNv2 configuration service provider in tree format.
+The following list shows the VPNv2 configuration service provider nodes:
 
-```text
-./Device/Vendor/MSFT/VPNv2
---- {ProfileName}
------- AlwaysOn
------- AlwaysOnActive
------- APNBinding
---------- AccessPointName
---------- AuthenticationType
---------- IsCompressionEnabled
---------- Password
---------- ProviderId
---------- UserName
------- AppTriggerList
---------- {appTriggerRowId}
------------- App
---------------- Id
---------------- Type
------- ByPassForLocal
------- DataEncryption
------- DeviceCompliance
---------- Enabled
---------- Sso
------------- Eku
------------- Enabled
------------- IssuerHash
------- DeviceTunnel
------- DisableAdvancedOptionsEditButton
------- DisableDisconnectButton
------- DisableIKEv2Fragmentation
------- DnsSuffix
------- DomainNameInformationList
---------- {dniRowId}
------------- AutoTrigger
------------- DnsServers
------------- DomainName
------------- DomainNameType
------------- Persistent
------------- WebProxyServers
------- EdpModeId
------- IPv4InterfaceMetric
------- IPv6InterfaceMetric
------- NativeProfile
---------- Authentication
------------- Certificate
---------------- Eku
---------------- Issuer
------------- Eap
---------------- Configuration
---------------- Type
------------- MachineMethod
------------- UserMethod
---------- CryptographySuite
------------- AuthenticationTransformConstants
------------- CipherTransformConstants
------------- DHGroup
------------- EncryptionMethod
------------- IntegrityCheckMethod
------------- PfsGroup
---------- DisableClassBasedDefaultRoute
---------- L2tpPsk
---------- NativeProtocolType
---------- PlumbIKEv2TSAsRoutes
---------- ProtocolList
------------- NativeProtocolList
---------------- {NativeProtocolRowId}
------------------- Type
------------- RetryTimeInHours
---------- RoutingPolicyType
---------- Servers
------- NetworkOutageTime
------- PluginProfile
---------- CustomConfiguration
---------- PluginPackageFamilyName
---------- ServerUrlList
------- PrivateNetwork
------- ProfileXML
------- Proxy
---------- AutoConfigUrl
---------- Manual
------------- Server
------- RegisterDNS
------- RememberCredentials
------- RouteList
---------- {routeRowId}
------------- Address
------------- ExclusionRoute
------------- Metric
------------- PrefixSize
------- TrafficFilterList
---------- {trafficFilterId}
------------- App
---------------- Id
---------------- Type
------------- Claims
------------- Direction
------------- LocalAddressRanges
------------- LocalPortRanges
------------- Protocol
------------- RemoteAddressRanges
------------- RemotePortRanges
------------- RoutingPolicyType
------- TrustedNetworkDetection
------- UseRasCredentials
-./User/Vendor/MSFT/VPNv2
---- {ProfileName}
------- AlwaysOn
------- AlwaysOnActive
------- APNBinding
---------- AccessPointName
---------- AuthenticationType
---------- IsCompressionEnabled
---------- Password
---------- ProviderId
---------- UserName
------- AppTriggerList
---------- {appTriggerRowId}
------------- App
---------------- Id
---------------- Type
------- ByPassForLocal
------- DataEncryption
------- DeviceCompliance
---------- Enabled
---------- Sso
------------- Eku
------------- Enabled
------------- IssuerHash
------- DisableAdvancedOptionsEditButton
------- DisableDisconnectButton
------- DisableIKEv2Fragmentation
------- DnsSuffix
------- DomainNameInformationList
---------- {dniRowId}
------------- AutoTrigger
------------- DnsServers
------------- DomainName
------------- DomainNameType
------------- Persistent
------------- WebProxyServers
------- EdpModeId
------- IPv4InterfaceMetric
------- IPv6InterfaceMetric
------- NativeProfile
---------- Authentication
------------- Certificate
---------------- Eku
---------------- Issuer
------------- Eap
---------------- Configuration
---------------- Type
------------- MachineMethod
------------- UserMethod
---------- CryptographySuite
------------- AuthenticationTransformConstants
------------- CipherTransformConstants
------------- DHGroup
------------- EncryptionMethod
------------- IntegrityCheckMethod
------------- PfsGroup
---------- DisableClassBasedDefaultRoute
---------- L2tpPsk
---------- NativeProtocolType
---------- PlumbIKEv2TSAsRoutes
---------- ProtocolList
------------- NativeProtocolList
---------------- {NativeProtocolRowId}
------------------- Type
------------- RetryTimeInHours
---------- RoutingPolicyType
---------- Servers
------- NetworkOutageTime
------- PluginProfile
---------- CustomConfiguration
---------- PluginPackageFamilyName
---------- ServerUrlList
------- PrivateNetwork
------- ProfileXML
------- Proxy
---------- AutoConfigUrl
---------- Manual
------------- Server
------- RegisterDNS
------- RememberCredentials
------- RequireVpnClientAppUI
------- RouteList
---------- {routeRowId}
------------- Address
------------- ExclusionRoute
------------- Metric
------------- PrefixSize
------- TrafficFilterList
---------- {trafficFilterId}
------------- App
---------------- Id
---------------- Type
------------- Claims
------------- Direction
------------- LocalAddressRanges
------------- LocalPortRanges
------------- Protocol
------------- RemoteAddressRanges
------------- RemotePortRanges
------------- RoutingPolicyType
------- TrustedNetworkDetection
------- UseRasCredentials
-```
+- ./Device/Vendor/MSFT/VPNv2
+  - [{ProfileName}](#deviceprofilename)
+    - [AlwaysOn](#deviceprofilenamealwayson)
+    - [AlwaysOnActive](#deviceprofilenamealwaysonactive)
+    - [APNBinding](#deviceprofilenameapnbinding)
+      - [AccessPointName](#deviceprofilenameapnbindingaccesspointname)
+      - [AuthenticationType](#deviceprofilenameapnbindingauthenticationtype)
+      - [IsCompressionEnabled](#deviceprofilenameapnbindingiscompressionenabled)
+      - [Password](#deviceprofilenameapnbindingpassword)
+      - [ProviderId](#deviceprofilenameapnbindingproviderid)
+      - [UserName](#deviceprofilenameapnbindingusername)
+    - [AppTriggerList](#deviceprofilenameapptriggerlist)
+      - [{appTriggerRowId}](#deviceprofilenameapptriggerlistapptriggerrowid)
+        - [App](#deviceprofilenameapptriggerlistapptriggerrowidapp)
+          - [Id](#deviceprofilenameapptriggerlistapptriggerrowidappid)
+          - [Type](#deviceprofilenameapptriggerlistapptriggerrowidapptype)
+    - [ByPassForLocal](#deviceprofilenamebypassforlocal)
+    - [DataEncryption](#deviceprofilenamedataencryption)
+    - [DeviceCompliance](#deviceprofilenamedevicecompliance)
+      - [Enabled](#deviceprofilenamedevicecomplianceenabled)
+      - [Sso](#deviceprofilenamedevicecompliancesso)
+        - [Eku](#deviceprofilenamedevicecompliancessoeku)
+        - [Enabled](#deviceprofilenamedevicecompliancessoenabled)
+        - [IssuerHash](#deviceprofilenamedevicecompliancessoissuerhash)
+    - [DeviceTunnel](#deviceprofilenamedevicetunnel)
+    - [DisableAdvancedOptionsEditButton](#deviceprofilenamedisableadvancedoptionseditbutton)
+    - [DisableDisconnectButton](#deviceprofilenamedisabledisconnectbutton)
+    - [DisableIKEv2Fragmentation](#deviceprofilenamedisableikev2fragmentation)
+    - [DnsSuffix](#deviceprofilenamednssuffix)
+    - [DomainNameInformationList](#deviceprofilenamedomainnameinformationlist)
+      - [{dniRowId}](#deviceprofilenamedomainnameinformationlistdnirowid)
+        - [AutoTrigger](#deviceprofilenamedomainnameinformationlistdnirowidautotrigger)
+        - [DnsServers](#deviceprofilenamedomainnameinformationlistdnirowiddnsservers)
+        - [DomainName](#deviceprofilenamedomainnameinformationlistdnirowiddomainname)
+        - [DomainNameType](#deviceprofilenamedomainnameinformationlistdnirowiddomainnametype)
+        - [Persistent](#deviceprofilenamedomainnameinformationlistdnirowidpersistent)
+        - [WebProxyServers](#deviceprofilenamedomainnameinformationlistdnirowidwebproxyservers)
+    - [EdpModeId](#deviceprofilenameedpmodeid)
+    - [IPv4InterfaceMetric](#deviceprofilenameipv4interfacemetric)
+    - [IPv6InterfaceMetric](#deviceprofilenameipv6interfacemetric)
+    - [NativeProfile](#deviceprofilenamenativeprofile)
+      - [Authentication](#deviceprofilenamenativeprofileauthentication)
+        - [Certificate](#deviceprofilenamenativeprofileauthenticationcertificate)
+          - [Eku](#deviceprofilenamenativeprofileauthenticationcertificateeku)
+          - [Issuer](#deviceprofilenamenativeprofileauthenticationcertificateissuer)
+        - [Eap](#deviceprofilenamenativeprofileauthenticationeap)
+          - [Configuration](#deviceprofilenamenativeprofileauthenticationeapconfiguration)
+          - [Type](#deviceprofilenamenativeprofileauthenticationeaptype)
+        - [MachineMethod](#deviceprofilenamenativeprofileauthenticationmachinemethod)
+        - [UserMethod](#deviceprofilenamenativeprofileauthenticationusermethod)
+      - [CryptographySuite](#deviceprofilenamenativeprofilecryptographysuite)
+        - [AuthenticationTransformConstants](#deviceprofilenamenativeprofilecryptographysuiteauthenticationtransformconstants)
+        - [CipherTransformConstants](#deviceprofilenamenativeprofilecryptographysuiteciphertransformconstants)
+        - [DHGroup](#deviceprofilenamenativeprofilecryptographysuitedhgroup)
+        - [EncryptionMethod](#deviceprofilenamenativeprofilecryptographysuiteencryptionmethod)
+        - [IntegrityCheckMethod](#deviceprofilenamenativeprofilecryptographysuiteintegritycheckmethod)
+        - [PfsGroup](#deviceprofilenamenativeprofilecryptographysuitepfsgroup)
+      - [DisableClassBasedDefaultRoute](#deviceprofilenamenativeprofiledisableclassbaseddefaultroute)
+      - [L2tpPsk](#deviceprofilenamenativeprofilel2tppsk)
+      - [NativeProtocolType](#deviceprofilenamenativeprofilenativeprotocoltype)
+      - [PlumbIKEv2TSAsRoutes](#deviceprofilenamenativeprofileplumbikev2tsasroutes)
+      - [ProtocolList](#deviceprofilenamenativeprofileprotocollist)
+        - [NativeProtocolList](#deviceprofilenamenativeprofileprotocollistnativeprotocollist)
+          - [{NativeProtocolRowId}](#deviceprofilenamenativeprofileprotocollistnativeprotocollistnativeprotocolrowid)
+            - [Type](#deviceprofilenamenativeprofileprotocollistnativeprotocollistnativeprotocolrowidtype)
+        - [RetryTimeInHours](#deviceprofilenamenativeprofileprotocollistretrytimeinhours)
+      - [RoutingPolicyType](#deviceprofilenamenativeprofileroutingpolicytype)
+      - [Servers](#deviceprofilenamenativeprofileservers)
+    - [NetworkOutageTime](#deviceprofilenamenetworkoutagetime)
+    - [PluginProfile](#deviceprofilenamepluginprofile)
+      - [CustomConfiguration](#deviceprofilenamepluginprofilecustomconfiguration)
+      - [PluginPackageFamilyName](#deviceprofilenamepluginprofilepluginpackagefamilyname)
+      - [ServerUrlList](#deviceprofilenamepluginprofileserverurllist)
+    - [PrivateNetwork](#deviceprofilenameprivatenetwork)
+    - [ProfileXML](#deviceprofilenameprofilexml)
+    - [Proxy](#deviceprofilenameproxy)
+      - [AutoConfigUrl](#deviceprofilenameproxyautoconfigurl)
+      - [Manual](#deviceprofilenameproxymanual)
+        - [Server](#deviceprofilenameproxymanualserver)
+    - [RegisterDNS](#deviceprofilenameregisterdns)
+    - [RememberCredentials](#deviceprofilenameremembercredentials)
+    - [RouteList](#deviceprofilenameroutelist)
+      - [{routeRowId}](#deviceprofilenameroutelistrouterowid)
+        - [Address](#deviceprofilenameroutelistrouterowidaddress)
+        - [ExclusionRoute](#deviceprofilenameroutelistrouterowidexclusionroute)
+        - [Metric](#deviceprofilenameroutelistrouterowidmetric)
+        - [PrefixSize](#deviceprofilenameroutelistrouterowidprefixsize)
+    - [TrafficFilterList](#deviceprofilenametrafficfilterlist)
+      - [{trafficFilterId}](#deviceprofilenametrafficfilterlisttrafficfilterid)
+        - [App](#deviceprofilenametrafficfilterlisttrafficfilteridapp)
+          - [Id](#deviceprofilenametrafficfilterlisttrafficfilteridappid)
+          - [Type](#deviceprofilenametrafficfilterlisttrafficfilteridapptype)
+        - [Claims](#deviceprofilenametrafficfilterlisttrafficfilteridclaims)
+        - [Direction](#deviceprofilenametrafficfilterlisttrafficfilteriddirection)
+        - [LocalAddressRanges](#deviceprofilenametrafficfilterlisttrafficfilteridlocaladdressranges)
+        - [LocalPortRanges](#deviceprofilenametrafficfilterlisttrafficfilteridlocalportranges)
+        - [Protocol](#deviceprofilenametrafficfilterlisttrafficfilteridprotocol)
+        - [RemoteAddressRanges](#deviceprofilenametrafficfilterlisttrafficfilteridremoteaddressranges)
+        - [RemotePortRanges](#deviceprofilenametrafficfilterlisttrafficfilteridremoteportranges)
+        - [RoutingPolicyType](#deviceprofilenametrafficfilterlisttrafficfilteridroutingpolicytype)
+    - [TrustedNetworkDetection](#deviceprofilenametrustednetworkdetection)
+    - [UseRasCredentials](#deviceprofilenameuserascredentials)
+- ./User/Vendor/MSFT/VPNv2
+  - [{ProfileName}](#userprofilename)
+    - [AlwaysOn](#userprofilenamealwayson)
+    - [AlwaysOnActive](#userprofilenamealwaysonactive)
+    - [APNBinding](#userprofilenameapnbinding)
+      - [AccessPointName](#userprofilenameapnbindingaccesspointname)
+      - [AuthenticationType](#userprofilenameapnbindingauthenticationtype)
+      - [IsCompressionEnabled](#userprofilenameapnbindingiscompressionenabled)
+      - [Password](#userprofilenameapnbindingpassword)
+      - [ProviderId](#userprofilenameapnbindingproviderid)
+      - [UserName](#userprofilenameapnbindingusername)
+    - [AppTriggerList](#userprofilenameapptriggerlist)
+      - [{appTriggerRowId}](#userprofilenameapptriggerlistapptriggerrowid)
+        - [App](#userprofilenameapptriggerlistapptriggerrowidapp)
+          - [Id](#userprofilenameapptriggerlistapptriggerrowidappid)
+          - [Type](#userprofilenameapptriggerlistapptriggerrowidapptype)
+    - [ByPassForLocal](#userprofilenamebypassforlocal)
+    - [DataEncryption](#userprofilenamedataencryption)
+    - [DeviceCompliance](#userprofilenamedevicecompliance)
+      - [Enabled](#userprofilenamedevicecomplianceenabled)
+      - [Sso](#userprofilenamedevicecompliancesso)
+        - [Eku](#userprofilenamedevicecompliancessoeku)
+        - [Enabled](#userprofilenamedevicecompliancessoenabled)
+        - [IssuerHash](#userprofilenamedevicecompliancessoissuerhash)
+    - [DisableAdvancedOptionsEditButton](#userprofilenamedisableadvancedoptionseditbutton)
+    - [DisableDisconnectButton](#userprofilenamedisabledisconnectbutton)
+    - [DisableIKEv2Fragmentation](#userprofilenamedisableikev2fragmentation)
+    - [DnsSuffix](#userprofilenamednssuffix)
+    - [DomainNameInformationList](#userprofilenamedomainnameinformationlist)
+      - [{dniRowId}](#userprofilenamedomainnameinformationlistdnirowid)
+        - [AutoTrigger](#userprofilenamedomainnameinformationlistdnirowidautotrigger)
+        - [DnsServers](#userprofilenamedomainnameinformationlistdnirowiddnsservers)
+        - [DomainName](#userprofilenamedomainnameinformationlistdnirowiddomainname)
+        - [DomainNameType](#userprofilenamedomainnameinformationlistdnirowiddomainnametype)
+        - [Persistent](#userprofilenamedomainnameinformationlistdnirowidpersistent)
+        - [WebProxyServers](#userprofilenamedomainnameinformationlistdnirowidwebproxyservers)
+    - [EdpModeId](#userprofilenameedpmodeid)
+    - [IPv4InterfaceMetric](#userprofilenameipv4interfacemetric)
+    - [IPv6InterfaceMetric](#userprofilenameipv6interfacemetric)
+    - [NativeProfile](#userprofilenamenativeprofile)
+      - [Authentication](#userprofilenamenativeprofileauthentication)
+        - [Certificate](#userprofilenamenativeprofileauthenticationcertificate)
+          - [Eku](#userprofilenamenativeprofileauthenticationcertificateeku)
+          - [Issuer](#userprofilenamenativeprofileauthenticationcertificateissuer)
+        - [Eap](#userprofilenamenativeprofileauthenticationeap)
+          - [Configuration](#userprofilenamenativeprofileauthenticationeapconfiguration)
+          - [Type](#userprofilenamenativeprofileauthenticationeaptype)
+        - [MachineMethod](#userprofilenamenativeprofileauthenticationmachinemethod)
+        - [UserMethod](#userprofilenamenativeprofileauthenticationusermethod)
+      - [CryptographySuite](#userprofilenamenativeprofilecryptographysuite)
+        - [AuthenticationTransformConstants](#userprofilenamenativeprofilecryptographysuiteauthenticationtransformconstants)
+        - [CipherTransformConstants](#userprofilenamenativeprofilecryptographysuiteciphertransformconstants)
+        - [DHGroup](#userprofilenamenativeprofilecryptographysuitedhgroup)
+        - [EncryptionMethod](#userprofilenamenativeprofilecryptographysuiteencryptionmethod)
+        - [IntegrityCheckMethod](#userprofilenamenativeprofilecryptographysuiteintegritycheckmethod)
+        - [PfsGroup](#userprofilenamenativeprofilecryptographysuitepfsgroup)
+      - [DisableClassBasedDefaultRoute](#userprofilenamenativeprofiledisableclassbaseddefaultroute)
+      - [L2tpPsk](#userprofilenamenativeprofilel2tppsk)
+      - [NativeProtocolType](#userprofilenamenativeprofilenativeprotocoltype)
+      - [PlumbIKEv2TSAsRoutes](#userprofilenamenativeprofileplumbikev2tsasroutes)
+      - [ProtocolList](#userprofilenamenativeprofileprotocollist)
+        - [NativeProtocolList](#userprofilenamenativeprofileprotocollistnativeprotocollist)
+          - [{NativeProtocolRowId}](#userprofilenamenativeprofileprotocollistnativeprotocollistnativeprotocolrowid)
+            - [Type](#userprofilenamenativeprofileprotocollistnativeprotocollistnativeprotocolrowidtype)
+        - [RetryTimeInHours](#userprofilenamenativeprofileprotocollistretrytimeinhours)
+      - [RoutingPolicyType](#userprofilenamenativeprofileroutingpolicytype)
+      - [Servers](#userprofilenamenativeprofileservers)
+    - [NetworkOutageTime](#userprofilenamenetworkoutagetime)
+    - [PluginProfile](#userprofilenamepluginprofile)
+      - [CustomConfiguration](#userprofilenamepluginprofilecustomconfiguration)
+      - [PluginPackageFamilyName](#userprofilenamepluginprofilepluginpackagefamilyname)
+      - [ServerUrlList](#userprofilenamepluginprofileserverurllist)
+    - [PrivateNetwork](#userprofilenameprivatenetwork)
+    - [ProfileXML](#userprofilenameprofilexml)
+    - [Proxy](#userprofilenameproxy)
+      - [AutoConfigUrl](#userprofilenameproxyautoconfigurl)
+      - [Manual](#userprofilenameproxymanual)
+        - [Server](#userprofilenameproxymanualserver)
+    - [RegisterDNS](#userprofilenameregisterdns)
+    - [RememberCredentials](#userprofilenameremembercredentials)
+    - [RequireVpnClientAppUI](#userprofilenamerequirevpnclientappui)
+    - [RouteList](#userprofilenameroutelist)
+      - [{routeRowId}](#userprofilenameroutelistrouterowid)
+        - [Address](#userprofilenameroutelistrouterowidaddress)
+        - [ExclusionRoute](#userprofilenameroutelistrouterowidexclusionroute)
+        - [Metric](#userprofilenameroutelistrouterowidmetric)
+        - [PrefixSize](#userprofilenameroutelistrouterowidprefixsize)
+    - [TrafficFilterList](#userprofilenametrafficfilterlist)
+      - [{trafficFilterId}](#userprofilenametrafficfilterlisttrafficfilterid)
+        - [App](#userprofilenametrafficfilterlisttrafficfilteridapp)
+          - [Id](#userprofilenametrafficfilterlisttrafficfilteridappid)
+          - [Type](#userprofilenametrafficfilterlisttrafficfilteridapptype)
+        - [Claims](#userprofilenametrafficfilterlisttrafficfilteridclaims)
+        - [Direction](#userprofilenametrafficfilterlisttrafficfilteriddirection)
+        - [LocalAddressRanges](#userprofilenametrafficfilterlisttrafficfilteridlocaladdressranges)
+        - [LocalPortRanges](#userprofilenametrafficfilterlisttrafficfilteridlocalportranges)
+        - [Protocol](#userprofilenametrafficfilterlisttrafficfilteridprotocol)
+        - [RemoteAddressRanges](#userprofilenametrafficfilterlisttrafficfilteridremoteaddressranges)
+        - [RemotePortRanges](#userprofilenametrafficfilterlisttrafficfilteridremoteportranges)
+        - [RoutingPolicyType](#userprofilenametrafficfilterlisttrafficfilteridroutingpolicytype)
+    - [TrustedNetworkDetection](#userprofilenametrustednetworkdetection)
+    - [UseRasCredentials](#userprofilenameuserascredentials)
 <!-- VPNv2-Tree-End -->
 
 <!-- Device-{ProfileName}-Begin -->
@@ -2142,7 +2140,7 @@ Required when the native profile specifies EAP authentication. EAP configuration
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Description-Begin -->
 <!-- Description-Source-DDF -->
-HTML encoded XML of the EAP configuration. For more information about EAP configuration XML, see <https://docs.microsoft.com/windows/client-management/mdm/eap-configuration>.
+HTML encoded XML of the EAP configuration. For more information,see [EAP configuration](eap-configuration.md).
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Description-End -->
 
 <!-- Device-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Editable-Begin -->
@@ -6367,7 +6365,7 @@ Required when the native profile specifies EAP authentication. EAP configuration
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Description-Begin -->
 <!-- Description-Source-DDF -->
-HTML encoded XML of the EAP configuration. For more information about EAP configuration XML, see <https://docs.microsoft.com/windows/client-management/mdm/eap-configuration>.
+HTML encoded XML of the EAP configuration. For more information,see [EAP configuration](eap-configuration.md).
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Description-End -->
 
 <!-- User-{ProfileName}-NativeProfile-Authentication-Eap-Configuration-Editable-Begin -->