diff --git a/.openpublishing.redirection.json b/.openpublishing.redirection.json
index 18686074e9..e406e78302 100644
--- a/.openpublishing.redirection.json
+++ b/.openpublishing.redirection.json
@@ -1197,7 +1197,7 @@
     },
     {
       "source_path": "windows/threat-protection/windows-defender-smartscreen/windows-defender-smartscreen-available-settings.md",
-      "redirect_url": "hhttps://docs.microsoft.com/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
+      "redirect_url": "/windows/security/threat-protection/microsoft-defender-smartscreen/microsoft-defender-smartscreen-available-settings",
       "redirect_document_id": false
     },
     {
@@ -6827,7 +6827,7 @@
     },
     {
       "source_path": "windows/manage/waas-wufb-intune.md",
-      "redirect_url": "/windows/deployment/update/waas-wufb-intune.md",
+      "redirect_url": "/windows/deployment/update/waas-wufb-intune",
       "redirect_document_id": false
     },
     {
@@ -7277,7 +7277,7 @@
     },
     {
       "source_path": "windows/manage/application-development-for-windows-as-a-service.md",
-      "redirect_url": "https://msdn.microsoft.com/windows/uwp/get-started/application-development-for-windows-as-a-service",
+      "redirect_url": "windows/uwp/updates-and-versions/application-development-for-windows-as-a-service",
       "redirect_document_id": false
     },
     {
@@ -7457,7 +7457,7 @@
     },
     {
       "source_path": "windows/plan/chromebook-migration-guide.md",
-      "redirect_url": "edu/windows/chromebook-migration-guide",
+      "redirect_url": "education/windows/chromebook-migration-guide",
       "redirect_document_id": false
     },
     {
@@ -14412,12 +14412,12 @@
     },
     {
       "source_path": "windows/manage/sign-up-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/index.md",
+      "redirect_url": "/microsoft-store/index",
       "redirect_document_id": false
     },
     {
       "source_path": "store-for-business/sign-up-windows-store-for-business.md",
-      "redirect_url": "/microsoft-store/index.md",
+      "redirect_url": "/microsoft-store/index",
       "redirect_document_id": false
     },
     {
@@ -19442,8 +19442,8 @@
     },
     {
       "source_path": "windows/security/threat-protection/intelligence/rootkits-malware.md",
-      "redirect_url": "/microsoft-365/security/intelligence/rootkits-malware.md",
-      "redirect_document_id": false
+      "redirect_url": "/microsoft-365/security/intelligence/rootkits-malware",
+      "redirect_document_id": false  
     },
     {
       "source_path": "windows/security/threat-protection/intelligence/safety-scanner-download.md",
@@ -20074,6 +20074,91 @@
       "source_path": "windows/deployment/upgrade/upgrade-error-codes.md",
       "redirect_url": "/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json",
       "redirect_document_id": false
-    }
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-configuration-manual.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-configuration-manual",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-configuration-mem.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-configuration-intune",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-configuration-script.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-configuration-script",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-enable.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-enable",
+      "redirect_document_id": false
+    },	
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-help.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-help",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-overview.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-overview",
+      "redirect_document_id": false
+    },		
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-prerequisites.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-prerequisites",
+      "redirect_document_id": false
+    },	
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclient.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclient",
+      "redirect_document_id": false
+    },	
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus",
+      "redirect_document_id": false
+    },		
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucdevicealert",
+      "redirect_document_id": false
+    },		
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus",
+      "redirect_document_id": false
+    },		
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema-ucupdatealert",
+      "redirect_document_id": false
+    },	
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-schema.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-schema",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-use.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-use",
+      "redirect_document_id": false
+    },
+    {
+      "source_path": "windows/deployment/update/update-status-admin-center.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-admin-center",
+      "redirect_document_id": false
+    },	    	
+    {
+      "source_path": "windows/deployment/update/update-compliance-v2-workbook.md",
+      "redirect_url": "/windows/deployment/update/wufb-reports-workbook",
+      "redirect_document_id": false
+    }    
   ]
 }
\ No newline at end of file
diff --git a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
index 8f1c4ab06f..08d914e629 100644
--- a/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/add-employees-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to add employees to the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index 781f5ef56f..39adf2816d 100644
--- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index 1213f26097..b4da3f64f5 100644
--- a/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index a1f1c87489..55b2dcd28a 100644
--- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index ed72f19975..c1a7aee9b8 100644
--- a/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/enterprise-mode/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/administrative-templates-and-ie11.md b/browsers/enterprise-mode/administrative-templates-and-ie11.md
index 701ca9da74..d92810ceb5 100644
--- a/browsers/enterprise-mode/administrative-templates-and-ie11.md
+++ b/browsers/enterprise-mode/administrative-templates-and-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Administrative templates and Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
index e9227b9a6f..fd58f63df5 100644
--- a/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/approve-change-request-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
index a75ac8bce7..7696eedaca 100644
--- a/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
+++ b/browsers/enterprise-mode/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -4,7 +4,7 @@ description: You can have centralized control over Enterprise Mode by creating a
 ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
 ms.reviewer: 
 manager: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 ms.sitesec: library
diff --git a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
index b71897b375..91c262c502 100644
--- a/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
+++ b/browsers/enterprise-mode/collect-data-using-enterprise-site-discovery.md
@@ -3,7 +3,7 @@ ms.localizationpriority: low
 ms.mktglfcycl: deploy
 description: Use Internet Explorer to collect data on computers running Windows Internet Explorer 8 through Internet Explorer 11 on Windows 10, Windows 8.1, or Windows 7.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: a145e80f-eb62-4116-82c4-3cc35fd064b6
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
index ed1bde752c..807cc8d2c8 100644
--- a/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/configure-settings-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
index f17b922624..867bb143b8 100644
--- a/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/create-change-request-enterprise-mode-portal.md
@@ -4,11 +4,11 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to create a change request within the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ---
diff --git a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index c057308ffb..ad225f2556 100644
--- a/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ description: Delete a single site from your global Enterprise Mode site list.
 ms.pagetype: appcompat
 ms.mktglfcycl: deploy
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index 8556b78648..403690d64f 100644
--- a/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
index ac30da52e5..ae103d5802 100644
--- a/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
+++ b/browsers/enterprise-mode/enterprise-mode-overview-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
index 4173e90efe..d04fbf79b9 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-1-guidance.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
index cd5349899f..fcdaa18eee 100644
--- a/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/enterprise-mode/enterprise-mode-schema-version-2-guidance.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/enterprise-mode.md b/browsers/enterprise-mode/enterprise-mode.md
index 2ac59044ac..30d32a8d1a 100644
--- a/browsers/enterprise-mode/enterprise-mode.md
+++ b/browsers/enterprise-mode/enterprise-mode.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 description: Use this section to learn about how to turn on Enterprise Mode.
 author: dansimp
 ms.author: dansimp
-ms.prod: windows-client
+ms.prod: edge
 ms.assetid: 
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
index 97fa2345b6..4f4cbb32bb 100644
--- a/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/export-your-enterprise-mode-site-list-from-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: After you create your Enterprise Mode site list in the Enterprise Mode Site List Manager, you can export the contents to an Enterprise Mode (.EMIE) file.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 9ee7c13d-6fca-4446-bc22-d23a0213a95d
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 1d2ee40c8a..a1d5a8a76b 100644
--- a/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
index ed1fe87924..91ff0fab17 100644
--- a/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
+++ b/browsers/enterprise-mode/remove-sites-from-a-local-compatibililty-view-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to remove sites from a local compatibility view list.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: f6ecaa75-ebcb-4f8d-8721-4cd6e73c0ac9
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
index a418d03442..4e7e10efde 100644
--- a/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/enterprise-mode/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to remove sites from a local Enterprise Mode site list.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index 4656d2aaf6..2cb578171f 100644
--- a/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
index 2e0a6802c3..c946663dda 100644
--- a/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/schedule-production-change-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how Administrators can schedule approved change requests for production in the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Schedule approved change requests for production using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index cfb7266de2..bf7e73664e 100644
--- a/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Search to see if a specific site already appears in your global Enterprise Mode site list.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
index 94e0ba38bd..923d4dfe04 100644
--- a/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-logging-and-data-collection.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Set up and turn on Enterprise Mode logging and data collection in your organization.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
index 7c74c356fe..ff7107b46a 100644
--- a/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/set-up-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/turn-off-enterprise-mode.md b/browsers/enterprise-mode/turn-off-enterprise-mode.md
index 4b1fb26c69..d34ccca8ce 100644
--- a/browsers/enterprise-mode/turn-off-enterprise-mode.md
+++ b/browsers/enterprise-mode/turn-off-enterprise-mode.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: How to turn Enterprise Mode off temporarily while testing websites and how to turn it off completely if you no longer want to to use it.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 5027c163-71e0-49b8-9dc0-f0a7310c7ae3
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
index 97f6c66e77..c8ef3d030c 100644
--- a/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/enterprise-mode/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Turn on local user control and logging for Enterprise Mode.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
index 31dad14346..010448c58d 100644
--- a/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/use-the-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: low
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal.
-ms.prod: windows-client
+ms.prod: ie11
 title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
index a9a5579bd2..f68c42ca3c 100644
--- a/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
+++ b/browsers/enterprise-mode/use-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Manager.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: f4dbed4c-08ff-40b1-ab3f-60d3b6e8ec9b
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/using-enterprise-mode.md b/browsers/enterprise-mode/using-enterprise-mode.md
index 135fe64673..c6f3e6048e 100644
--- a/browsers/enterprise-mode/using-enterprise-mode.md
+++ b/browsers/enterprise-mode/using-enterprise-mode.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Use this section to learn about how to turn on and use IE7 Enterprise Mode or IE8 Enterprise Mode.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 238ead3d-8920-429a-ac23-02f089c4384a
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
index d75f9f1eaa..3e06b8b806 100644
--- a/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/verify-changes-preprod-enterprise-mode-portal.md
@@ -4,11 +4,11 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to make sure your change request info is accurate within the pre-production environment of the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Verify your changes using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
-ms.reviewer: 
+ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ---
diff --git a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
index c16ec888fa..8387697841 100644
--- a/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
+++ b/browsers/enterprise-mode/verify-changes-production-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how the Requester makes sure that the change request update is accurate within the production environment using the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Verify the change request update in the production environment using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
index 2aa97c0d95..6ae2c865ea 100644
--- a/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
+++ b/browsers/enterprise-mode/view-apps-enterprise-mode-site-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to view the active Enterprise Mode Site List from the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: View the apps included in the active Enterprise Mode Site List from the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
index 691e0f95d2..855b556dd8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/activex-installation-using-group-policy.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: How to use Group Policy to install ActiveX controls.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 59185370-558c-47e0-930c-8a5ed657e9e3
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
index 4d50089f32..455bae28bd 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-employees-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to add employees to the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Add employees to the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
index 34ab7b07dd..57c8991c7d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-1-schema-and-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can add multiple sites to your Enterprise Mode site list by creating a custom text (TXT) or Extensible Markup Language (XML) file of problematic sites and then adding it in the Bulk add from file area of the Enterprise Mode Site List Manager.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 20aF07c4-051a-451f-9c46-5a052d9Ae27c
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
index 84f713dc64..18c0b63cac 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-multiple-sites-to-enterprise-mode-site-list-using-the-version-2-schema-and-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Add multiple sites to your Enterprise Mode site list using a file and the Enterprise Mode Site List Manager (schema v.2).
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: da659ff5-70d5-4852-995e-4df67c4871dd
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
index 8424b1cdac..8c5e4b4426 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-1-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that's designed to emulate either Windows Internet Explorer 7 or Windows Internet Explorer 8, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 042e44e8-568d-4717-8fd3-69dd198bbf26
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
index 0cf9da171d..10f60620a8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/add-single-sites-to-enterprise-mode-site-list-using-the-version-2-enterprise-mode-tool.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Enterprise Mode is a compatibility mode that runs on Internet Explorer 11, letting websites render using a modified browser configuration that''s designed to emulate either Windows Internet Explorer 8 or Windows Internet Explorer 7, avoiding the common compatibility problems associated with web apps written and tested on older versions of Internet Explorer.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 513e8f3b-fedf-4d57-8d81-1ea4fdf1ac0b
 ms.reviewer: 
 audience: itpro
@@ -16,9 +16,9 @@ ms.date: 07/27/2017
 ---
 
 
-# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
-
-[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
+# Add single sites to the Enterprise Mode site list using the Enterprise Mode Site List Manager (schema v.2)
+
+[!INCLUDE [Microsoft 365 workloads end of support for IE11](../includes/microsoft-365-ie-end-of-support.md)]
 
 
 **Applies to:**
diff --git a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
index 0a543f430b..4de574cbe2 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/administrative-templates-and-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Administrative templates and Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 2b390786-f786-41cc-bddc-c55c8a4c5af3
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
index ac171f15e7..07687792a3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/approve-change-request-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how Approvers can approve open change requests in the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Approve a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
index 89ff89f47e..f87e4e9cc9 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-and-auto-proxy-problems-with-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: networking
 description: Auto configuration and auto proxy problems with Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 3fbbc2c8-859b-4b2e-abc3-de2c299e0938
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
index 26843c17fc..10ff22508d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-configuration-settings-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: networking
 description: Auto configuration settings for Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 90308d59-45b9-4639-ab1b-497e5ba19023
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
index d809f8ffd1..bf9f448755 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-detect-settings-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: networking
 description: Auto detect settings Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: c6753cf4-3276-43c5-aae9-200e9e82753f
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
index 916597f9b9..faba1eb9ac 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/auto-proxy-configuration-settings-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: networking
 description: Auto proxy configuration settings for Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 5120aaf9-8ead-438a-8472-3cdd924b7d9e
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
index 079c74f68e..17f6488e0a 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/blocked-out-of-date-activex-controls.md
@@ -7,7 +7,7 @@ audience: itpro
 manager: dansimp
 ms.date: 05/10/2018
 ms.topic: article
-ms.prod: windows-client
+ms.prod: ie11
 ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: security
diff --git a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
index 4415b0b2f6..3fc8a84465 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/browser-cache-changes-and-roaming-profiles.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: performance
 description: Browser cache changes and roaming profiles
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 85f0cd01-6f82-4bd1-9c0b-285af1ce3436
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
index 734d492686..9b4b3e6f1f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/check-for-new-enterprise-mode-site-list-xml-file.md
@@ -5,7 +5,7 @@ ms.assetid: 2bbc7017-622e-4baa-8981-c0bbda10e9df
 ms.reviewer: 
 audience: itpro
 manager: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
index a8677b4559..810264c501 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-deploy-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Choose how to deploy Internet Explorer 11 (IE11)
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 21b6a301-c222-40bc-ad0b-27f66fc54d9d
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
index 1896eabd90..0175cb7bbe 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/choose-how-to-install-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Choose how to install Internet Explorer 11 (IE11)
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 9572f5f1-5d67-483e-bd63-ffea95053481
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
index 5ac7597d51..db62af6aab 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/configure-settings-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how the Administrator can use the Settings page to set up Groups and roles, the Enterprise Mode Site List Portal environment, and the freeze dates for production changes.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Use the Settings page to finish setting up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
index 012e5f4ce6..cffb48a00d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-change-request-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to create a change request within the Enterprise Mode Site List Portal.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Create a change request using the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
index c6f69cd3eb..395703b43d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/create-install-packages-for-multiple-operating-systems-or-languages.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Create packages for multiple operating systems or languages
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 44051f9d-63a7-43bf-a427-d0a0a1c717da
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 272606e319..843d917596 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/delete-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ description: Delete a single site from your global Enterprise Mode site list.
 ms.pagetype: appcompat
 ms.mktglfcycl: deploy
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 41413459-b57f-48da-aedb-4cbec1e2981a
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
index e237c2bdf9..0f0c56de35 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-automatic-version-synchronization-avs.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: You can deploy Internet Explorer 11 to your users' computers by using your custom browser packages and Automatic Version Synchronization (AVS).
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: f51224bd-3371-4551-821d-1d62310e3384
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
index 59fd8be3e9..7eaac18e22 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deploy-ie11-using-software-distribution-tools.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Deploy Internet Explorer 11 using software distribution tools
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: fd027775-651a-41e1-8ec3-d32eca876d8a
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
index 84dad46c94..5cfa201d18 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/deprecated-document-modes.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Windows Internet Explorer 8 introduced document modes as a way to move from the proprietary coding of web features to a more standardized type of coding that could run on multiple browsers and devices.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 00cb1f39-2b20-4d37-9436-62dc03a6320b
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
index dcccac9252..29574ab860 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/edit-the-enterprise-mode-site-list-using-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can use Internet Explorer 11 and the Enterprise Mode Site List Manager to change whether page rendering should use Enterprise Mode or the default Internet Explorer browser configuration. You can also add, remove, or delete associated comments.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 76aa9a85-6190-4c3a-bc25-0f914de228ea
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
index 685505a35e..e21f3e41ed 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enable-and-disable-add-ons-using-administrative-templates-and-group-policy.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 description: Enable and disable add-ons using administrative templates and group policy
 ms.author: dansimp
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: c6fe1cd3-0bfc-4d23-8016-c9601f674c0b
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
index 8f06049cd6..e5e3c31095 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-overview-for-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn how to set up and use Enterprise Mode, Enterprise Mode Site List Manager, and the Enterprise Mode Site List Portal for your company.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: d52ba8ba-b3c7-4314-ba14-0610e1d8456e
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
index 09a4693145..e486ed248d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-1-guidance.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 7 or Windows 8.1 Update.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 17c61547-82e3-48f2-908d-137a71938823
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
index e54ede9c18..5af6fab521 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/enterprise-mode-schema-version-2-guidance.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the Enterprise Mode Site List Manager to create and update your Enterprise Mode site list for devices running Windows 10.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 909ca359-5654-4df9-b9fb-921232fc05f5
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
index 09da9c417c..9ec7ddf862 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-compat-issues-with-doc-modes-and-enterprise-mode-site-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: The Internet Explorer 11 Enterprise Mode site list lets you specify document modes for specific websites, helping you fix compatibility issues without changing a single line of code on the site.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 4b21bb27-aeac-407f-ae58-ab4c6db2baf6
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
index e5bfe37202..54da1d4ba1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/fix-validation-problems-using-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: When you add multiple sites to your Enterprise Mode site list entries, they’re validated by the Enterprise Mode Site List Manager before they’re entered into your global list.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 9f80e39f-dcf1-4124-8931-131357f31d67
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
index 60c548477a..93486e7113 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-advanced-group-policy-mgmt-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Overview about Group Policy, Advanced Group Policy Management (AGPM), and Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 63a7ef4a-6de2-4d08-aaba-0479131e3406
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
index b30eedc9bc..7e8c419582 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Use the topics in this section to learn about Group Policy and how to use it to manage Internet Explorer.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 50383d3f-9ac9-4a30-8852-354b6eb9434a
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
index f4ed4d0005..c3a615888f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-and-local-group-policy-editor-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Group Policy, the Local Group Policy Editor, and Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 6fc30e91-efac-4ba5-9ee2-fa77dcd36467
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
index 4c92f29a49..12b360b126 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-compatibility-with-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Group Policy suggestions for compatibility with Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 7482c99f-5d79-4344-9e1c-aea9f0a68e18
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
index fa35e57739..b30e90d746 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-preferences-and-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Info about Group Policy preferences versus Group Policy settings
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: f2264c97-7f09-4f28-bb5c-58ab80dcc6ee
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
index a56d04fa5b..8cec1052e4 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-problems-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Links to troubleshooting topics and log files that can help address Group Policy problems with Internet Explorer 11.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 0da0d9a9-200c-46c4-96be-630e82de017b
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
index 43451d4388..8a23dbf697 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/group-policy-shortcut-extensions-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: security
 description: Instructions about how to create and configure shortcut preference extensions to file system objects, URLs, and shell objects.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: c6fbf990-13e4-4be7-9f08-5bdd43179b3b
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
index faa1d6387e..bbfd85b95e 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/ie11-delivery-through-automatic-updates.md
@@ -6,7 +6,7 @@ description: A high-level overview of the delivery process and your options to c
 author: dansimp
 ms.author: dansimp
 ms.manager: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
index c52880200d..83c7c6b9b8 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/img-ie11-docmode-lg.md
@@ -7,7 +7,7 @@ ms.reviewer:
 audience: itpro
 manager: dansimp
 ms.author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ---
 
 # Full-sized flowchart detailing how document modes are chosen in IE11
diff --git a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
index aae9d9a67e..f585e3210d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/import-into-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: If you need to replace your entire site list because of errors, or simply because it’s out of date, you can import your exported Enterprise Mode site list using the Enterprise Mode Site List Manager.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: cacd5d68-700b-4a96-b4c9-ca2c40c1ac5f
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
index 8aa0dba607..47a4d07569 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-and-deploy-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the topics in this section to learn how to customize your Internet Explorer installation package, how to choose the right method for installation, and how to deploy IE into your environment.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: caca18c1-d5c4-4404-84f8-d02bc562915f
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
index 95c12b215a..0ec2a15346 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-microsoft-intune.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to add and deploy the Internet Explorer 11 update using Microsoft Intune.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: b2dfc08c-78af-4c22-8867-7be3b92b1616
 ms.reviewer: 
 manager: dansimp
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
index 5c8e18fedb..469b700481 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-operating-system-deployment-systems.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using Microsoft Deployment Toolkit (MDT) and your Windows images.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: e16f9144-170c-4964-a62d-0d1a16f4cd1f
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
index 184bfe6f0a..d0d9d17be1 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-the-network.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using your network
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 85f6429d-947a-4031-8f93-e26110a35828
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
index 1fd9b6a682..d593de27c6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-third-party-tools.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using third-party tools and command-line options.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 30190c66-49f7-4ca4-8b57-a47656aa0c7e
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
index 7184eb2b6a..07b0485309 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/install-ie11-using-windows-server-update-services-wsus.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to install the Internet Explorer 11 update using Windows Server Update Services (WSUS)'
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 6cbd6797-c670-4236-8423-e0919478f2ce
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
index bdf8c92059..803fc7fb83 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/intranet-problems-and-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: How to fix intranet search problems with Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 3ee71d93-d9d2-48e1-899e-07932c73faa6
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
index d64c489972..58a2d5298b 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/manage-ie11-overview.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Use the topics in this section to learn about how to auto detect your settings, auto configure your configuration settings, and auto configure your proxy configuration settings for Internet Explorer.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: eb3cce62-fc7b-41e3-97b6-2916b85bcf55
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
index 1057b3c5c2..e3e56157b3 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/missing-internet-explorer-maintenance-settings-for-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: IEM-configured settings have been deprecated for Internet Explorer 10 and newer. Use this topic to learn where to go to fix the affected settings through Group Policy Preferences, Administrative Templates (.admx), or the IEAK.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 89084e01-4e3f-46a6-b90e-48ee58d6821c
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
index da41fb9d27..6c68a1ec01 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/net-framework-problems-with-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: How to turn managed browser hosting controls back on in Internet Explorer 11.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: b0b7f60f-9099-45ab-84f4-4ac64d7bcb43
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
index 2f92ef92c1..4eed39657f 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/out-of-date-activex-control-blocking.md
@@ -5,7 +5,7 @@ ms.pagetype: security
 description: Use out-of-date ActiveX control blocking to help you know when IE prevents a webpage from loading outdated ActiveX controls and to update the outdated control, so that it’s safer to use.
 author: dansimp
 ms.author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: e61866bb-1ff1-4a8d-96f2-61d3534e8199
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 43da7e50f7..4c973ffad6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-all-sites-from-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to clear all of the sites from your global Enterprise Mode site list.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 90f38a6c-e0e2-4c93-9a9e-c425eca99e97
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
index cbdfced218..d6bb2e98eb 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/remove-sites-from-a-local-enterprise-mode-site-list.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Instructions about how to remove sites from a local Enterprise Mode site list.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: c7d6dd0b-e264-42bb-8c9d-ac2f837018d2
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
index 3cd2c04fe3..7b80dd178d 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/save-your-site-list-to-xml-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: You can save your current Enterprise Mode compatibility site list as an XML file, for distribution and use by your managed systems.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 254a986b-494f-4316-92c1-b089ee8b3e0a
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
index 25eb75b0e8..f96a952626 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/search-your-enterprise-mode-site-list-in-the-enterprise-mode-site-list-manager.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Search to see if a specific site already appears in your global Enterprise Mode site list.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: e399aeaf-6c3b-4cad-93c9-813df6ad47f9
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
index a0dda11994..b42426f1d7 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-logging-and-data-collection.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Set up and turn on Enterprise Mode logging and data collection in your organization.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 2e98a280-f677-422f-ba2e-f670362afcde
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
index 7837facce4..c022c08569 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/set-up-enterprise-mode-portal.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Details about how to set up the Enterprise Mode Site List Portal for your organization.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Set up the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
index f6394d3e98..70d197c391 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/setup-problems-with-ie11.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: support
 ms.pagetype: appcompat
 description: Reviewing log files to learn more about potential setup problems with Internet Explorer 11.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 2cd79988-17d1-4317-bee9-b3ae2dd110a0
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
index 9effadf0cc..818b3acf64 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/system-requirements-and-language-support-for-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 description: Lists the minimum system requirements and supported languages for Internet Explorer 11.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 27185e3d-c486-4e4a-9c51-5cb317c0006d
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
index 8da9b011be..ec77071c73 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/tips-and-tricks-to-manage-ie-compatibility.md
@@ -5,7 +5,7 @@ ms.pagetype: appcompat
 description: Find out how to achieve better backward compatibility for your legacy web applications with the Enterprise Mode Site List.
 author: dansimp
 ms.author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
index a2acebea3a..bf8ceeb867 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/troubleshoot-ie11.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Use the topics in this section to learn how to troubleshoot several of the more common problems experienced with Internet Explorer.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 0361c1a6-3faa-42b2-a588-92439eebeeab
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
index 88f647c16d..178085c2ad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-off-natural-metrics.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: support
 description: Turn off natural metrics for Internet Explorer 11
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: e31a27d7-662e-4106-a3d2-c6b0531961d5
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
index 638c8229cd..1b32fa64ad 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-enterprise-mode-and-use-a-site-list.md
@@ -5,7 +5,7 @@ ms.assetid: 800e9c5a-57a6-4d61-a38a-4cb972d833e1
 ms.reviewer: 
 audience: itpro
 manager: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 ms.sitesec: library
diff --git a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
index b261f633c7..6290d3a462 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/turn-on-local-control-and-logging-for-enterprise-mode.md
@@ -4,7 +4,7 @@ ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Turn on local user control and logging for Enterprise Mode.
 author: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 ms.assetid: 6622ecce-24b1-497e-894a-e1fd5a8a66d1
 ms.reviewer: 
 audience: itpro
diff --git a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
index 2b4747c07c..fe55abfdc6 100644
--- a/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
+++ b/browsers/internet-explorer/ie11-deploy-guide/use-the-enterprise-mode-portal.md
@@ -3,7 +3,7 @@ ms.localizationpriority: medium
 ms.mktglfcycl: deploy
 ms.pagetype: appcompat
 description: Use the topics in this section to learn about how to use the Enterprise Mode Site List Portal.
-ms.prod: windows-client
+ms.prod: ie11
 title: Use the Enterprise Mode Site List Portal (Internet Explorer 11 for IT Pros)
 ms.sitesec: library
 ms.date: 07/27/2017
diff --git a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
index bb2983bca4..1a51b8977a 100644
--- a/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
+++ b/browsers/internet-explorer/includes/microsoft-365-ie-end-of-support.md
@@ -1,17 +1,14 @@
 ---
-author: dansimp
-ms.author: dansimp
-ms.date:  
-ms.reviewer:
-audience: itpro
-manager: dansimp
+author: aczechowski
+ms.author: aaroncz
+ms.date: 10/27/2022
+ms.reviewer: cathask
+manager: aaroncz
 ms.prod: ie11
 ms.topic: include
 ---
 
-> [!IMPORTANT]
-> The Internet Explorer 11 desktop application is [retired and out of support](https://aka.ms/IEJune15Blog) as of June 15, 2022 for certain versions of Windows 10.  
+> [!WARNING]
+> The retired, out-of-support Internet Explorer 11 (IE11) desktop application will be permanently disabled on certain versions of Windows 10 as part of the February 2023 Windows security update ("B") release scheduled for February 14, 2023.  We highly recommend setting up IE mode in Microsoft Edge and disabling IE11 prior to this date to ensure your organization doesn't experience business disruption.
 >
-> You can still access older, legacy sites that require Internet Explorer with Internet Explorer mode in Microsoft Edge. [Learn how](https://aka.ms/IEmodewebsite). 
-> 
-> The Internet Explorer 11 desktop application will progressively redirect to the faster, more secure Microsoft Edge browser, and will ultimately be disabled via Windows Update. [Disable IE today](/deployedge/edge-ie-disable-ie11). 
+> For more information, see [aka.ms/iemodefaq](https://aka.ms/iemodefaq).
diff --git a/browsers/internet-explorer/index.md b/browsers/internet-explorer/index.md
index 5db86b1956..7aeb739bc8 100644
--- a/browsers/internet-explorer/index.md
+++ b/browsers/internet-explorer/index.md
@@ -4,7 +4,7 @@ description: The landing page for IE11 that lets you access the documentation.
 author: dansimp
 ms.author: dansimp
 manager: dansimp
-ms.prod: windows-client
+ms.prod: ie11
 title: Internet Explorer 11 (IE11) (Internet Explorer 11 for IT Pros)
 assetid: be3dc32e-80d9-4d9f-a802-c7db6c50dbe0
 ms.sitesec: library
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index 1dcaf9dc8b..532654b733 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -130,6 +130,7 @@ The following applications can also run on Windows 11 SE, and can be deployed us
 | Safe Exam Browser                       | 3.3.2.413         | Win32    | Safe Exam Browser            |
 | Senso.Cloud                             | 2021.11.15.0      | Win32    | Senso.Cloud                  |
 | SuperNova Magnifier & Screen Reader     | 21.02             | Win32    | Dolphin Computer Access      |
+| SuperNova Magnifier & Speech            | 21.02             | Win32    | Dolphin Computer Access      |  
 | Zoom                                    | 5.9.1 (2581)      | Win32    | Zoom                         |
 | ZoomText Fusion                         | 2022.2109.10      | Win32    | Freedom Scientific           |
 | ZoomText Magnifier/Reader               | 2022.2109.25      | Win32    | Freedom Scientific           |
diff --git a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
index de91ab07af..74ab14397b 100644
--- a/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
+++ b/windows/application-management/app-v/appv-application-publishing-and-client-interaction.md
@@ -231,7 +231,7 @@ The App-V Client can be configured to change the default behavior of streaming.
 |PackageSourceRoot|The root override where packages should be streamed from|
 |SharedContentStoreMode|Enables the use of Shared Content Store for VDI scenarios|
 
-These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors in streaming packages that is important to understand:
+These settings affect the behavior of streaming App-V package assets to the client. By default, App-V only downloads the assets required after downloading the initial publishing and primary feature blocks. There are three specific behaviors in streaming packages that are important to understand:
 
 - Background Streaming
 - Optimized Streaming
@@ -344,7 +344,7 @@ This process will recreate both the local and network locations for AppData and
 
 In an App-V Full Infrastructure, after applications are sequenced, they're managed and published to users or computers through the App-V Management and Publishing servers. This section details the operations that occur during the common App-V application lifecycle operations (Add, publishing, launch, upgrade, and removal) and the file and registry locations that are changed and modified from the App-V Client perspective. The App-V Client operations are input as PowerShell commands on the computer running the App-V Client.
 
-This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Microsoft Endpoint Configuration Manager, see [Deploy App-V virtual applications with Configuration Manager](/mem/configmgr/apps/get-started/deploying-app-v-virtual-applications).
+This document focuses on App-V Full Infrastructure solutions. For specific information on App-V Integration with Microsoft Configuration Manager, see [Deploy App-V virtual applications with Configuration Manager](/mem/configmgr/apps/get-started/deploying-app-v-virtual-applications).
 
 The App-V application lifecycle tasks are triggered at user sign in (default), machine startup, or as background timed operations. The settings for the App-V Client operations, including Publishing Servers, refresh intervals, package script enablement, and others, are configured (after the client is enabled) with Windows PowerShell commands. See [App-V Client Configuration Settings: Windows PowerShell](appv-client-configuration-settings.md#app-v-client-configuration-settings-windows-powershell).
 
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
index e2024178c1..c1a212d4a9 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2010-wth-appv.md
@@ -38,7 +38,7 @@ Sequencing Office 2010 is one of the main methods for creating an Office 2010 pa
 
 You can deploy Office 2010 packages by using any of the following App-V deployment methods:
 
-* Microsoft Endpoint Configuration Manager
+* Microsoft Configuration Manager
 * App-V server
 * Stand-alone through Windows PowerShell commands
 
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
index 73f9db7e31..2361c92d00 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2013-with-appv.md
@@ -245,7 +245,7 @@ Use the following information to publish an Office package.
 
 Deploy the App-V package for Office 2013 by using the same methods you use for any other package:
 
-* Microsoft Endpoint Configuration Manager
+* Microsoft Configuration Manager
 * App-V Server
 * Stand-alone through Windows PowerShell commands
 
@@ -283,7 +283,7 @@ Use the steps in this section to enable Office plug-ins with your Office package
 
 #### To enable plug-ins for Office App-V packages
 
-1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet.
+1. Add a Connection Group through App-V Server, Microsoft Configuration Manager, or a Windows PowerShell cmdlet.
 2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2013 is installed on the computer being used to sequence the plug-in. It's a good idea to use Microsoft 365 Apps for enterprise (non-virtual) on the sequencing computer when you sequence Office 2013 plug-ins.
 3. Create an App-V package that includes the desired plug-ins.
 4. Add a Connection Group through App-V Server, Configuration Manager, or a Windows PowerShell cmdlet.
diff --git a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
index 745d79c291..871ad80c8d 100644
--- a/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
+++ b/windows/application-management/app-v/appv-deploying-microsoft-office-2016-with-appv.md
@@ -229,7 +229,7 @@ Use the following information to publish an Office package.
 
 Deploy the App-V package for Office 2016 by using the same methods as the other packages that you've already deployed:
 
-* Microsoft Endpoint Configuration Manager
+* Microsoft Configuration Manager
 * App-V Server
 * Stand-alone through Windows PowerShell commands
 
@@ -266,7 +266,7 @@ The following steps will tell you how to enable Office plug-ins with your Office
 
 #### Enable plug-ins for Office App-V packages
 
-1. Add a Connection Group through App-V Server, Microsoft Endpoint Configuration Manager, or a Windows PowerShell cmdlet.
+1. Add a Connection Group through App-V Server, Microsoft Configuration Manager, or a Windows PowerShell cmdlet.
 2. Sequence your plug-ins using the App-V Sequencer. Ensure that Office 2016 is installed on the computer that will be used to sequence the plug-in. We recommend that you use Microsoft 365 Apps for enterprise (non-virtual) on the sequencing computer when sequencing Office 2016 plug-ins.
 3. Create an App-V package that includes the plug-ins you want.
 4. Add a Connection Group through the App-V Server, Configuration Manager, or a Windows PowerShell cmdlet.
diff --git a/windows/application-management/app-v/appv-dynamic-configuration.md b/windows/application-management/app-v/appv-dynamic-configuration.md
index 940ef0f90c..2f5070263e 100644
--- a/windows/application-management/app-v/appv-dynamic-configuration.md
+++ b/windows/application-management/app-v/appv-dynamic-configuration.md
@@ -2,12 +2,13 @@
 title: About App-V Dynamic Configuration (Windows 10/11)
 description: Learn how to create or edit an existing Application Virtualization (App-V) dynamic configuration file.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # About App-V dynamic configuration
diff --git a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
index 91b326948f..c8554bb768 100644
--- a/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-enable-administrators-to-publish-packages-with-electronic-software-distribution-solutions.md
@@ -2,8 +2,8 @@
 title: How to enable only administrators to publish packages by using an ESD
 description: Learn how to enable only administrators to publish packages by bsing an electronic software delivery (ESD).
 author: aczechowski
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-apps
 ms.date: 05/02/2022
 ms.reviewer: 
 manager: dougeby
diff --git a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
index 7e4ecc2081..2b56810126 100644
--- a/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
+++ b/windows/application-management/app-v/appv-enable-reporting-on-the-appv-client-with-powershell.md
@@ -2,12 +2,13 @@
 title: How to Enable Reporting on the App-V Client by Using Windows PowerShell (Windows 10/11)
 description: How to Enable Reporting on the App-V Client by Using Windows PowerShell
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # How to Enable Reporting on the App-V Client by Using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
index 337a016044..c90e3f24f7 100644
--- a/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
+++ b/windows/application-management/app-v/appv-enable-the-app-v-desktop-client.md
@@ -2,12 +2,13 @@
 title: Enable the App-V in-box client (Windows 10/11)
 description: Learn how to enable the Microsoft Application Virtualization (App-V) in-box client installed with Windows 10/11.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Enable the App-V in-box client
diff --git a/windows/application-management/app-v/appv-evaluating-appv.md b/windows/application-management/app-v/appv-evaluating-appv.md
index 0bfbdf81ed..5324043e75 100644
--- a/windows/application-management/app-v/appv-evaluating-appv.md
+++ b/windows/application-management/app-v/appv-evaluating-appv.md
@@ -2,11 +2,12 @@
 title: Evaluating App-V (Windows 10/11)
 description: Learn how to evaluate App-V for Windows 10/11 in a lab environment before deploying into a production environment.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Evaluating App-V
diff --git a/windows/application-management/app-v/appv-for-windows.md b/windows/application-management/app-v/appv-for-windows.md
index 5218e5194d..c0190e9ad0 100644
--- a/windows/application-management/app-v/appv-for-windows.md
+++ b/windows/application-management/app-v/appv-for-windows.md
@@ -2,12 +2,13 @@
 title: Application Virtualization (App-V) (Windows 10/11)
 description: See various articles that can help you administer Application Virtualization (App-V) and its components.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Application Virtualization (App-V) for Windows client overview
diff --git a/windows/application-management/app-v/appv-getting-started.md b/windows/application-management/app-v/appv-getting-started.md
index 813ac3e0df..0ac943721e 100644
--- a/windows/application-management/app-v/appv-getting-started.md
+++ b/windows/application-management/app-v/appv-getting-started.md
@@ -2,12 +2,13 @@
 title: Getting Started with App-V (Windows 10/11)
 description: Get started with Microsoft Application Virtualization (App-V) for Windows 10/11. App-V for Windows client devices delivers Win32 applications to users as virtual applications.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Getting started with App-V for Windows client
diff --git a/windows/application-management/app-v/appv-high-level-architecture.md b/windows/application-management/app-v/appv-high-level-architecture.md
index beb7f72afc..d14f1d6594 100644
--- a/windows/application-management/app-v/appv-high-level-architecture.md
+++ b/windows/application-management/app-v/appv-high-level-architecture.md
@@ -2,12 +2,13 @@
 title: High-level architecture for App-V (Windows 10/11)
 description: Use the information in this article to simplify your Microsoft Application Virtualization (App-V) deployment.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # High-level architecture for App-V
diff --git a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
index 7f3634d48b..ca6176f530 100644
--- a/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
+++ b/windows/application-management/app-v/appv-install-the-appv-databases-and-convert-the-associated-security-identifiers-with-powershell.md
@@ -2,11 +2,12 @@
 title: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell (Windows 10/11)
 description: How to Install the App-V Databases and Convert the Associated Security Identifiers by Using Windows PowerShell
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 
diff --git a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
index 3f9382ed18..262b132cdd 100644
--- a/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
+++ b/windows/application-management/app-v/appv-install-the-management-and-reporting-databases-on-separate-computers.md
@@ -2,12 +2,13 @@
 title: How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services (Windows 10/11)
 description: How to install the Management and Reporting Databases on separate computers from the Management and Reporting Services.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # How to Install the Management and Reporting Databases on separate computers from the Management and Reporting Services
diff --git a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
index ce718b9ce8..1628f2e74c 100644
--- a/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-management-server-on-a-standalone-computer.md
@@ -2,12 +2,13 @@
 title: How to install the Management Server on a Standalone Computer and Connect it to the Database (Windows 10/11)
 description: How to install the Management Server on a Standalone Computer and Connect it to the Database
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # How to install the Management Server on a Standalone Computer and Connect it to the Database
diff --git a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
index 2217e93aab..72db9c5275 100644
--- a/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
+++ b/windows/application-management/app-v/appv-install-the-publishing-server-on-a-remote-computer.md
@@ -2,12 +2,13 @@
 title: Install the Publishing Server on a Remote Computer (Windows 10/11)
 description: Use the procedures in this article to install the Microsoft Application Virtualization (App-V) publishing server on a separate computer.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # How to install the publishing server on a remote computer
diff --git a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
index 109695af22..f76835b49c 100644
--- a/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
+++ b/windows/application-management/app-v/appv-install-the-reporting-server-on-a-standalone-computer.md
@@ -2,12 +2,13 @@
 title: How to install the Reporting Server on a standalone computer and connect it to the database (Windows 10/11)
 description: How to install the App-V Reporting Server on a Standalone Computer and Connect it to the Database
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # How to install the reporting server on a standalone computer and connect it to the database
diff --git a/windows/application-management/app-v/appv-install-the-sequencer.md b/windows/application-management/app-v/appv-install-the-sequencer.md
index c3f7e5871f..7d6a6fafc5 100644
--- a/windows/application-management/app-v/appv-install-the-sequencer.md
+++ b/windows/application-management/app-v/appv-install-the-sequencer.md
@@ -2,12 +2,13 @@
 title: Install the App-V Sequencer (Windows 10/11)
 description: Learn how to install the App-V Sequencer to convert Win32 applications into virtual packages for deployment to user devices.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Install the App-V Sequencer
diff --git a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
index 2f7f7198c4..cd63df0b5f 100644
--- a/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
+++ b/windows/application-management/app-v/appv-load-the-powershell-cmdlets-and-get-cmdlet-help.md
@@ -2,12 +2,13 @@
 title: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help (Windows 10/11)
 description: How to Load the Windows PowerShell Cmdlets for App-V and Get Cmdlet Help
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # How to load the Windows PowerShell cmdlets for App-V and get cmdlet help
diff --git a/windows/application-management/app-v/appv-maintaining-appv.md b/windows/application-management/app-v/appv-maintaining-appv.md
index 4920d942b8..fc8dfc21e0 100644
--- a/windows/application-management/app-v/appv-maintaining-appv.md
+++ b/windows/application-management/app-v/appv-maintaining-appv.md
@@ -2,12 +2,13 @@
 title: Maintaining App-V (Windows 10/11)
 description: After you have deployed App-V for Windows 10/11, you can use the following information to maintain the App-V infrastructure.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Maintaining App-V
diff --git a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
index c31e7e77f1..90dbde5bfe 100644
--- a/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-appv-packages-running-on-a-stand-alone-computer-with-powershell.md
@@ -5,12 +5,13 @@ author: aczechowski
 ms.pagetype: mdop, appcompat, virtualization
 ms.mktglfcycl: deploy
 ms.sitesec: library
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 09/24/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 # How to manage App-V packages running on a stand-alone computer by using Windows PowerShell
 
diff --git a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
index 3530f44a72..9cc33e59c4 100644
--- a/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
+++ b/windows/application-management/app-v/appv-manage-connection-groups-on-a-stand-alone-computer-with-powershell.md
@@ -2,11 +2,12 @@
 title: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell (Windows 10/11)
 description: How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # How to Manage Connection Groups on a Stand-alone Computer by Using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-managing-connection-groups.md b/windows/application-management/app-v/appv-managing-connection-groups.md
index 101a4319c9..92205f0970 100644
--- a/windows/application-management/app-v/appv-managing-connection-groups.md
+++ b/windows/application-management/app-v/appv-managing-connection-groups.md
@@ -2,11 +2,12 @@
 title: Managing Connection Groups (Windows 10/11)
 description: Connection groups can allow administrators to manage packages independently and avoid having to add the same application multiple times to a client computer.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Managing Connection Groups
diff --git a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
index ffc314ab6a..4a56597185 100644
--- a/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
+++ b/windows/application-management/app-v/appv-migrating-to-appv-from-a-previous-version.md
@@ -2,11 +2,12 @@
 title: Migrating to App-V from a Previous Version (Windows 10/11)
 description: Learn how to migrate to Microsoft Application Virtualization (App-V) for Windows 10/11 from a previous version.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Migrating to App-V from previous versions
diff --git a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
index 73cca93a49..5b3828c3ce 100644
--- a/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
+++ b/windows/application-management/app-v/appv-modify-an-existing-virtual-application-package.md
@@ -2,11 +2,12 @@
 title: How to Modify an Existing Virtual Application Package (Windows 10/11)
 description: Learn how to modify an existing virtual application package and add a new application to an existing virtual application package.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # How to Modify an Existing Virtual Application Package
diff --git a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
index ed3b70bd54..221a09536f 100644
--- a/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
+++ b/windows/application-management/app-v/appv-modify-client-configuration-with-powershell.md
@@ -2,11 +2,12 @@
 title: How to Modify Client Configuration by Using Windows PowerShell (Windows 10/11)
 description: Learn how to modify the Application Virtualization (App-V) client configuration by using Windows PowerShell.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # How to Modify Client Configuration by Using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
index b54803c5c3..7a455cd752 100644
--- a/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
+++ b/windows/application-management/app-v/appv-move-the-appv-server-to-another-computer.md
@@ -2,11 +2,12 @@
 title: How to Move the App-V Server to Another Computer (Windows 10/11)
 description: Learn how to create a new management server console in your environment and learn how to connect it to the App-V database.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # How to move the App-V server to another computer
diff --git a/windows/application-management/app-v/appv-operations.md b/windows/application-management/app-v/appv-operations.md
index cc6eb653d1..224a4490ae 100644
--- a/windows/application-management/app-v/appv-operations.md
+++ b/windows/application-management/app-v/appv-operations.md
@@ -2,12 +2,13 @@
 title: Operations for App-V (Windows 10/11)
 description: Learn about the various types of App-V administration and operating tasks that are typically performed by an administrator.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Operations for App-V
diff --git a/windows/application-management/app-v/appv-performance-guidance.md b/windows/application-management/app-v/appv-performance-guidance.md
index 8b935473ac..5675d15eff 100644
--- a/windows/application-management/app-v/appv-performance-guidance.md
+++ b/windows/application-management/app-v/appv-performance-guidance.md
@@ -2,11 +2,12 @@
 title: Performance Guidance for Application Virtualization
 description: Learn how to configure App-V for optimal performance, optimize virtual app packages, and provide a better user experience with RDS and VDI.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Performance Guidance for Application Virtualization
diff --git a/windows/application-management/app-v/appv-planning-checklist.md b/windows/application-management/app-v/appv-planning-checklist.md
index 4587de5ccf..7616cad1e5 100644
--- a/windows/application-management/app-v/appv-planning-checklist.md
+++ b/windows/application-management/app-v/appv-planning-checklist.md
@@ -2,12 +2,13 @@
 title: App-V Planning Checklist (Windows 10/11)
 description: Learn about the recommended steps and items to consider when planning an Application Virtualization (App-V) deployment.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # App-V Planning Checklist
diff --git a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
index 7e5df34930..de5a689d74 100644
--- a/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-folder-redirection-with-appv.md
@@ -2,12 +2,13 @@
 title: Planning to Use Folder Redirection with App-V (Windows 10/11)
 description: Learn about folder redirection with App-V. Folder redirection enables users and administrators to redirect the path of a folder to a new location.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Planning to Use Folder Redirection with App-V
diff --git a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
index bb8c0a834a..9279268e38 100644
--- a/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-appv-server-deployment.md
@@ -2,12 +2,13 @@
 title: Planning for the App-V Server Deployment (Windows 10/11)
 description: Learn what you need to know so you can plan for the Microsoft Application Virtualization (App-V) 5.1 server deployment.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Planning for the App-V server deployment
diff --git a/windows/application-management/app-v/appv-planning-for-appv.md b/windows/application-management/app-v/appv-planning-for-appv.md
index 1436e5d26f..f05793311f 100644
--- a/windows/application-management/app-v/appv-planning-for-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-appv.md
@@ -2,12 +2,13 @@
 title: Planning for App-V (Windows 10/11)
 description: Use the information in this article to plan to deploy App-V without disrupting your existing network or user experience.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Planning for App-V
diff --git a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
index b36e523319..90d0eb2de4 100644
--- a/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
+++ b/windows/application-management/app-v/appv-planning-for-high-availability-with-appv.md
@@ -2,12 +2,13 @@
 title: Planning for High Availability with App-V Server
 description: Learn what you need to know so you can plan for high availability with Application Virtualization (App-V) server.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Planning for high availability with App-V Server
diff --git a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
index f0cdc63ccc..c42918e88b 100644
--- a/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
+++ b/windows/application-management/app-v/appv-planning-for-sequencer-and-client-deployment.md
@@ -2,12 +2,13 @@
 title: Planning for the App-V Sequencer and Client Deployment (Windows 10/11)
 description: Learn what you need to do to plan for the App-V Sequencer and Client deployment, and where to find additional information about the deployment process.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Planning for the App-V Sequencer and Client Deployment
diff --git a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
index e6b05d14bb..451e113eaa 100644
--- a/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
+++ b/windows/application-management/app-v/appv-planning-for-using-appv-with-office.md
@@ -2,12 +2,13 @@
 title: Planning for Deploying App-V with Office (Windows 10/11)
 description: Use the information in this article to plan how to deploy Office within Microsoft Application Virtualization (App-V).
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Planning for deploying App-V with Office
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
index 0058f4790c..ad7565277d 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv-with-electronic-software-distribution-solutions.md
@@ -2,19 +2,20 @@
 title: Planning to Deploy App-V with an Electronic Software Distribution System (Windows 10/11)
 description: Planning to Deploy App-V with an Electronic Software Distribution System
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Planning to Deploy App-V with an electronic software distribution system
 
 [!INCLUDE [Applies to Windows client versions](../includes/applies-to-windows-client-versions.md)]
 
-If you're using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with Microsoft Endpoint Configuration Manager, see [Introduction to application management in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682125(v=technet.10)#BKMK_Appv).
+If you're using an electronic software distribution (ESD) system to deploy App-V packages, review the following planning considerations. For information about deploying App-V with Microsoft Configuration Manager, see [Introduction to application management in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/gg682125(v=technet.10)#BKMK_Appv).
 
 Review the following component and architecture requirements options that apply when you use an ESD to deploy App-V packages:
 
diff --git a/windows/application-management/app-v/appv-planning-to-deploy-appv.md b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
index 2961ee7c7a..9a682b9c47 100644
--- a/windows/application-management/app-v/appv-planning-to-deploy-appv.md
+++ b/windows/application-management/app-v/appv-planning-to-deploy-appv.md
@@ -2,12 +2,13 @@
 title: Planning to Deploy App-V (Windows 10/11)
 description: Learn about the different deployment configurations and requirements to consider before you deploy App-V for Windows 10.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Planning to Deploy App-V for Windows client
diff --git a/windows/application-management/app-v/appv-preparing-your-environment.md b/windows/application-management/app-v/appv-preparing-your-environment.md
index d79827a41c..cf0f423e87 100644
--- a/windows/application-management/app-v/appv-preparing-your-environment.md
+++ b/windows/application-management/app-v/appv-preparing-your-environment.md
@@ -1,13 +1,14 @@
 ---
 title: Preparing Your Environment for App-V (Windows 10/11)
 description: Use this info to prepare for deployment configurations and prerequisites for Microsoft Application Virtualization (App-V).
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 author: aczechowski
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Preparing your environment for App-V
diff --git a/windows/application-management/app-v/appv-prerequisites.md b/windows/application-management/app-v/appv-prerequisites.md
index ec9b2e4fc1..d63f666cfa 100644
--- a/windows/application-management/app-v/appv-prerequisites.md
+++ b/windows/application-management/app-v/appv-prerequisites.md
@@ -2,12 +2,13 @@
 title: App-V Prerequisites (Windows 10/11)
 description: Learn about the prerequisites you need before you begin installing Application Virtualization (App-V).
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/18/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # App-V for Windows client prerequisites
diff --git a/windows/application-management/app-v/appv-publish-a-connection-group.md b/windows/application-management/app-v/appv-publish-a-connection-group.md
index bd948491e4..67936bfc06 100644
--- a/windows/application-management/app-v/appv-publish-a-connection-group.md
+++ b/windows/application-management/app-v/appv-publish-a-connection-group.md
@@ -2,12 +2,13 @@
 title: How to Publish a Connection Group (Windows 10/11)
 description: Learn how to publish a connection group to computers that run the Application Virtualization (App-V) client.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # How to Publish a Connection Group
diff --git a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
index a116987714..3401984dac 100644
--- a/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-publish-a-packages-with-the-management-console.md
@@ -2,12 +2,13 @@
 title: How to publish a package by using the Management console (Windows 10/11)
 description: Learn how the Management console in App-V can help you enable admin controls as well as publish App-V packages.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 09/27/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # How to publish a package by using the Management console
diff --git a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
index 99f10bfe36..0bd4777e42 100644
--- a/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-register-and-unregister-a-publishing-server-with-the-management-console.md
@@ -2,11 +2,12 @@
 title: How to Register and Unregister a Publishing Server by Using the Management Console (Windows 10/11)
 description: How to Register and Unregister a Publishing Server by Using the Management Console
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # How to Register and Unregister a Publishing Server by Using the Management Console
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
index 8ffcdfb10f..5bfd8497af 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows-1703.md
@@ -2,11 +2,12 @@
 title: Release Notes for App-V for Windows 10 version 1703 (Windows 10/11)
 description: A list of known issues and workarounds for App-V running on Windows 10 version 1703 and Windows 11.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Release Notes for App-V for Windows 10 version 1703 and later
diff --git a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
index 3cdbf4b20c..5c38053e2b 100644
--- a/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
+++ b/windows/application-management/app-v/appv-release-notes-for-appv-for-windows.md
@@ -2,11 +2,12 @@
 title: Release Notes for App-V for Windows 10, version 1607 (Windows 10)
 description: A list of known issues and workarounds for App-V running on Windows 10, version 1607.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Release Notes for App-V for Windows 10, version 1607
diff --git a/windows/application-management/app-v/appv-reporting.md b/windows/application-management/app-v/appv-reporting.md
index 2ca67c8695..5464c1fdcc 100644
--- a/windows/application-management/app-v/appv-reporting.md
+++ b/windows/application-management/app-v/appv-reporting.md
@@ -2,12 +2,13 @@
 title: About App-V Reporting (Windows 10/11)
 description: Learn how the App-V reporting feature collects information about computers running the App-V client and virtual application package usage.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/16/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # About App-V reporting
@@ -94,7 +95,7 @@ Yes. Besides manually sending reporting using Windows PowerShell cmdlets (**Send
 
 ## App-V Client reporting
 
-To use App-V reporting,, you must enable and configure the App-V client. To configure reporting on the client, use the Windows PowerShell cmdlet **Set-AppVClientConfiguration**, or the Group Policy **ADMX Template**. For more information about the Windows PowerShell cmdlets, see [About client configuration settings](appv-client-configuration-settings.md). The following section provides examples of Windows PowerShell commands for configuring App-V client reporting.
+To use App-V reporting, you must enable and configure the App-V client. To configure reporting on the client, use the Windows PowerShell cmdlet **Set-AppVClientConfiguration**, or the Group Policy **ADMX Template**. For more information about the Windows PowerShell cmdlets, see [About client configuration settings](appv-client-configuration-settings.md). The following section provides examples of Windows PowerShell commands for configuring App-V client reporting.
 
 ### Configuring App-V client reporting using Windows PowerShell
 
diff --git a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
index 3237fd2de8..49b68f3ed9 100644
--- a/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
+++ b/windows/application-management/app-v/appv-running-locally-installed-applications-inside-a-virtual-environment.md
@@ -2,11 +2,12 @@
 title: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications (Windows 10/11)
 description: Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 03/08/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Running a Locally Installed Application Inside a Virtual Environment with Virtualized Applications
@@ -41,7 +42,7 @@ Each method accomplishes essentially the same task, but some methods may be bett
 
 To add a locally installed application to a package or to a connection group’s virtual environment, you add a subkey to the `RunVirtual` registry key in the Registry Editor, as described in the following sections.
 
-There's no Group Policy setting available to manage this registry key, so you have to use Microsoft Endpoint Manager or another electronic software distribution (ESD) system, or manually edit the registry.
+There's no Group Policy setting available to manage this registry key. So, you have to use Microsoft Intune or Configuration Manager, another electronic software distribution (ESD) system, or manually edit the registry.
 
 Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages globally or to the user.
 
@@ -65,7 +66,7 @@ Starting with App-V 5.0 SP3, when using RunVirtual, you can publish packages glo
       Use the `HKEY_LOCAL_MACHINE` or `HKEY_CURRENT_USER` key. But, all of the following conditions must be fulfilled:
 
       - If you want to include multiple packages in the virtual environment, you must include them in an enabled connection group.
-      - Create only one subkey for one of the packages in the connection group. If, for example, you have one package that is published globally, and another package that is published to the user, you create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.
+      - Create only one subkey for one of the packages in the connection group. For example, you have one package that is published globally and another package that is published to the user. You create a subkey for either of these packages, but not both. Although you create a subkey for only one of the packages, all of the packages in the connection group, plus the local application, will be available in the virtual environment.
       - The key under which you create the subkey must match the publishing method you used for the package.
 
         For example, if you published the package to the user, you must create the subkey under `HKEY_CURRENT_USER\SOFTWARE\Microsoft\AppV\Client\RunVirtual`. Don't add a key for the same application under both hives.
diff --git a/windows/application-management/app-v/appv-security-considerations.md b/windows/application-management/app-v/appv-security-considerations.md
index 5edc3a1207..23e9dce8a5 100644
--- a/windows/application-management/app-v/appv-security-considerations.md
+++ b/windows/application-management/app-v/appv-security-considerations.md
@@ -2,12 +2,13 @@
 title: App-V Security Considerations (Windows 10/11)
 description: Learn about accounts and groups, log files, and other security-related considerations for Microsoft Application Virtualization (App-V).
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/16/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # App-V security considerations
diff --git a/windows/application-management/app-v/appv-sequence-a-new-application.md b/windows/application-management/app-v/appv-sequence-a-new-application.md
index 5a9c710587..7e0b19b428 100644
--- a/windows/application-management/app-v/appv-sequence-a-new-application.md
+++ b/windows/application-management/app-v/appv-sequence-a-new-application.md
@@ -2,12 +2,13 @@
 title: Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer) (Windows 10/11)
 description: Learn how to manually sequence a new app by using the App-V Sequencer that's included with the Windows ADK.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/16/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Manually sequence a new app using the Microsoft Application Virtualization Sequencer (App-V Sequencer)
diff --git a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
index 6b99b11b7d..65cccc4561 100644
--- a/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
+++ b/windows/application-management/app-v/appv-sequence-a-package-with-powershell.md
@@ -2,11 +2,12 @@
 title: How to sequence a package by using Windows PowerShell (Windows 10/11)
 description: Learn how to sequence a new Microsoft Application Virtualization (App-V) package by using Windows PowerShell.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # How to Sequence a Package by using Windows PowerShell
diff --git a/windows/application-management/app-v/appv-supported-configurations.md b/windows/application-management/app-v/appv-supported-configurations.md
index 2522c24732..e9168ea779 100644
--- a/windows/application-management/app-v/appv-supported-configurations.md
+++ b/windows/application-management/app-v/appv-supported-configurations.md
@@ -2,12 +2,13 @@
 title: App-V Supported Configurations (Windows 10/11)
 description: Learn the requirements to install and run App-V supported configurations in your Windows 10/11 environment.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/16/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # App-V Supported Configurations
@@ -72,7 +73,7 @@ The App-V Publishing server can be installed on a server that runs Windows Serve
 
 ### Publishing server hardware requirements
 
-App-V adds requires nothing beyond the requirements of Windows Server.
+App-V adds require nothing beyond the requirements of Windows Server.
 
 * A 64-bit (x64) processor that runs at 1.4 GHz or faster.
 * 2-GB RAM (64-bit).
@@ -117,7 +118,7 @@ Sequencer is now part of the Windows Assessment and Deployment Kit (Windows ADK)
 
 See the Windows or Windows Server documentation for the hardware requirements.
 
-## Supported versions of Microsoft Endpoint Configuration Manager
+## Supported versions of Microsoft Configuration Manager
 
 The App-V client works with Configuration Manager versions starting with Technical Preview for Configuration Manager, version 1606.
 
diff --git a/windows/application-management/app-v/appv-technical-reference.md b/windows/application-management/app-v/appv-technical-reference.md
index 786dc0acb1..80859782c4 100644
--- a/windows/application-management/app-v/appv-technical-reference.md
+++ b/windows/application-management/app-v/appv-technical-reference.md
@@ -2,11 +2,12 @@
 title: Technical Reference for App-V (Windows 10/11)
 description: Learn strategy and context for many performance optimization practices in this technical reference for Application Virtualization (App-V).
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Technical Reference for App-V
diff --git a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
index 54322edfa1..b0a1c0a587 100644
--- a/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-transfer-access-and-configurations-to-another-version-of-a-package-with-the-management-console.md
@@ -2,11 +2,12 @@
 title: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console (Windows 10/11)
 description: How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # How to Transfer Access and Configurations to Another Version of a Package by Using the Management Console
diff --git a/windows/application-management/app-v/appv-troubleshooting.md b/windows/application-management/app-v/appv-troubleshooting.md
index d5444ae7ab..9bba519134 100644
--- a/windows/application-management/app-v/appv-troubleshooting.md
+++ b/windows/application-management/app-v/appv-troubleshooting.md
@@ -2,11 +2,12 @@
 title: Troubleshooting App-V (Windows 10/11)
 description: Learn how to find information about troubleshooting Application Virtualization (App-V) and information about other App-V articles.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Troubleshooting App-V
diff --git a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
index d8687a7cf5..192f9f4b66 100644
--- a/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
+++ b/windows/application-management/app-v/appv-upgrading-to-app-v-for-windows-10-from-an-existing-installation.md
@@ -2,11 +2,12 @@
 title: Upgrading to App-V for Windows 10/11 from an existing installation (Windows 10/11)
 description: Learn about upgrading to Application Virtualization (App-V) for Windows 10/11 from an existing installation.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Upgrading to App-V for Windows client from an existing installation
diff --git a/windows/application-management/app-v/appv-using-the-client-management-console.md b/windows/application-management/app-v/appv-using-the-client-management-console.md
index c7ece16ed1..c327a058bb 100644
--- a/windows/application-management/app-v/appv-using-the-client-management-console.md
+++ b/windows/application-management/app-v/appv-using-the-client-management-console.md
@@ -2,11 +2,12 @@
 title: Using the App-V Client Management Console (Windows 10/11)
 description: Learn how to use the Application Virtualization (App-V) client management console to manage packages on the computer running the App-V client.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Using the App-V Client Management Console
diff --git a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
index c3742fa2f9..858f0dcbad 100644
--- a/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
+++ b/windows/application-management/app-v/appv-view-and-configure-applications-and-default-virtual-application-extensions-with-the-management-console.md
@@ -2,11 +2,12 @@
 title: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console (Windows 10/11)
 description: How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # How to View and Configure Applications and Default Virtual Application Extensions by Using the Management Console
diff --git a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
index b74ad51647..f5fad71c85 100644
--- a/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
+++ b/windows/application-management/app-v/appv-viewing-appv-server-publishing-metadata.md
@@ -2,11 +2,12 @@
 title: Viewing App-V Server Publishing Metadata (Windows 10/11)
 description: Use this procedure to view App-V Server publishing metadata, which can help you resolve publishing-related issues.
 author: aczechowski
-ms.prod: w10
+ms.prod: windows-client
 ms.date: 04/19/2017
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-apps
 ---
 
 # Viewing App-V Server Publishing Metadata
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index 5e13809150..425e703738 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -20,11 +20,11 @@ ms.technology: itpro-apps
 
 ## Before you begin
 
-As organizations become more global, and to support employees working from anywhere, it's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+As organizations become more global, and to support employees working from anywhere, it's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use the Microsoft Intune family of products. This family includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
 
 In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
 
-- [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
+- [Endpoint Management at Microsoft](/mem/endpoint-manager-overview)
 - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
 - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
 
@@ -32,7 +32,7 @@ In this article, we mention these services. If you're not managing your devices
 
 There are different types of apps that can run on your Windows client devices. This section lists some of the common apps used on Windows devices.
 
-- **Microsoft 365 apps**: These apps are used for business and productivity, and include Outlook, Word, Teams, OneNote, and more. Depending on the licenses your organization has, you may already have these apps. Using an MDM provider, these apps can also be deployed to mobile devices, including smartphones.
+- **Microsoft 365 apps**: These apps are used for business and productivity, and include Outlook, Word, Teams, OneNote, and more. Depending on the licenses your organization has, you may already have these apps. When you use an MDM provider, these apps can also be deployed to mobile devices, including smartphones.
 
   For more information on the Microsoft 365 license options, and what you get, see [Transform your enterprise with Microsoft 365](https://www.microsoft.com/microsoft-365/compare-microsoft-365-enterprise-plans).
 
@@ -95,7 +95,7 @@ When your apps are ready, you can add or deploy these apps to your Windows devic
   - [Add apps to Microsoft Intune](/mem/intune/apps/apps-add)
   - [Application management in Configuration Manager](/mem/configmgr/apps/understand/introduction-to-application-management)
 
-- **Microsoft Store**: Using the Microsoft Store app, Windows users can download apps from the public store. And, they can download apps provided by your organization, which is called the "private store". If your organization creates its own apps, you can use **[Windows Package Manager](/windows/package-manager)** to add apps to the private store.
+- **Microsoft Store**: When you use the Microsoft Store app, Windows users can download apps from the public store. And, they can download apps provided by your organization, which is called the "private store". If your organization creates its own apps, you can use **[Windows Package Manager](/windows/package-manager)** to add apps to the private store.
 
   To help manage the Microsoft Store on your devices, you can use policies:
 
diff --git a/windows/application-management/docfx.json b/windows/application-management/docfx.json
index 0c2d4413bb..4cd7b0588c 100644
--- a/windows/application-management/docfx.json
+++ b/windows/application-management/docfx.json
@@ -36,7 +36,7 @@
       "recommendations": true,
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
-      "ms.technology": "windows",
+      "ms.technology": "itpro-apps",
       "ms.topic": "article",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index 60cb9c5b79..f55199f3a5 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -1,13 +1,14 @@
 ---
 title: Remove background task resource restrictions
 description: Allow enterprise background tasks unrestricted access to computer resources.
-ms.prod: w10
+ms.prod: windows-client
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
 ms.date: 10/03/2017
 ms.reviewer: 
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Remove background task resource restrictions
diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index 7735990889..56381683e9 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -1,12 +1,13 @@
 ---
 title: Per-user services in Windows 10 and Windows Server
 description: Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates.
-ms.prod: w10
+ms.prod: windows-client
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
 ms.date: 09/14/2017
 ms.reviewer: 
+ms.technology: itpro-apps
 ---
 
 # Per-user services in Windows 10 and Windows Server 
@@ -113,7 +114,7 @@ If a per-user service can't be disabled using the security template, you can dis
 
    ![Startup Type is Disabled.](media/gpp-svc-disabled.png)   
    
-9. To add the other services that can't be managed with a Group Policy templates, edit the policy and repeat steps 5-8.  
+9. To add the other services that can't be managed with Group Policy templates, edit the policy and repeat steps 5-8.  
 
 ### Managing Template Services with reg.exe
 
diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index b039ab012b..e9d56cf86b 100644
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -5,9 +5,10 @@ author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
 ms.reviewer: amanh
-ms.prod: w11
+ms.prod: windows-client
 ms.date: 09/15/2021
 ms.localizationpriority: medium
+ms.technology: itpro-apps
 ---
 
 # Private app repository in Windows 11
@@ -26,11 +27,11 @@ This article discusses the Company Portal app installation options, adding organ
 
 ## Before you begin
 
-The Company Portal app is included with Microsoft Endpoint Manager. Endpoint Manager is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It help manages your devices, and manage apps on your devices.
+The Company Portal app is included with Microsoft Intune. Intune is a Mobile Device Management (MDM) and Mobile Application manager (MAM) provider. It helps manage your devices, your identities, and app data on your devices.
 
 If you're not managing your devices using an MDM provider, the following resources may help you get started:
 
-- [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
+- [Endpoint Management at Microsoft](/mem/endpoint-manager-overview)
 - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
 - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
 
@@ -45,7 +46,7 @@ To use the Company Portal app:
 
 To install the Company Portal app, you have some options:
 
-- **Use Microsoft Endpoint Manager**: Endpoint Manager includes Microsoft Intune (cloud) and Configuration Manager (on-premises). With both services, you can add Microsoft Store apps, like the Company Portal app. Once added, you create an app policy that deploys and installs the Company Portal app to your devices.
+- **Use Microsoft Intune**: Microsoft Intune is a family or products that include Microsoft Intune (cloud) and Configuration Manager (on-premises). With both services, you can add Microsoft Store apps, like the Company Portal app. Once added, you create an app policy that deploys and installs the Company Portal app to your devices.
 
   - This option is preferred, and is the most scalable, especially if you have many devices. When you create the app policy, the policy can be deployed to many users and many devices simultaneously. Admins can also use reporting to make sure the app is installed on organization-managed devices.
 
@@ -55,7 +56,7 @@ To install the Company Portal app, you have some options:
 
   For more information, see:
   
-  - [What is Microsoft Endpoint Manager](/mem/endpoint-manager-overview)
+  - [Endpoint Management at Microsoft](/mem/endpoint-manager-overview)
   - [Add Microsoft Store apps to Microsoft Intune](/mem/intune/apps/store-apps-windows)
   - [What is co-management?](/mem/configmgr/comanage/overview)
   - [Use the Company Portal app on co-managed devices](/mem/configmgr/comanage/company-portal)
@@ -73,7 +74,7 @@ To install the Company Portal app, you have some options:
 
 - **Use the Microsoft Store**: The Company Portal app is available in the Microsoft Store, and can be downloaded by your users. Users open the Microsoft Store app on their device, search for **Company Portal**, and install it. When it's installed, users might be prompted to sign in with their organization account (`user@contoso.com`). When the app opens, they see a list of approved organization apps that can be installed.
 
-  - This option requires users to install the Company Portal app themselves. If you have many users, the recommended approach is to deploy the Company Portal app using Endpoint Manager or using Windows Autopilot.
+  - This option requires users to install the Company Portal app themselves. If you have many users, the recommended approach is to deploy the Company Portal app using Intune or using Windows Autopilot.
 
   - When the Company Portal app is installed from the Microsoft Store app, by default, it's automatically updated. Users can also open the Microsoft Store, go to the **Library**, and check for updates. Within the Company Portal app, they can use the update feature to get app fixes and feature updates on the organization apps you added.
 
@@ -101,4 +102,4 @@ If you use a third party or partner MDM provider, be sure to configure the setti
 
 ## Windows Package Manager
 
-If your organization creates its own apps, your app developers can use [Windows Package Manager](/windows/package-manager/) to deploy apps. For more information on Endpoint Manager and Windows Package Manager, see [Evolving the Microsoft Store for Business and Education](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-microsoft-store-for-business-and-education/ba-p/2569423).
+If your organization creates its own apps, your app developers can use [Windows Package Manager](/windows/package-manager/) to deploy apps. For more information on Intune and Windows Package Manager, see [Evolving the Microsoft Store for Business and Education](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-microsoft-store-for-business-and-education/ba-p/2569423).
diff --git a/windows/application-management/provisioned-apps-windows-client-os.md b/windows/application-management/provisioned-apps-windows-client-os.md
index 1c99168f4a..515bf87aeb 100644
--- a/windows/application-management/provisioned-apps-windows-client-os.md
+++ b/windows/application-management/provisioned-apps-windows-client-os.md
@@ -5,9 +5,10 @@ author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
 description: Use the Windows PowerShell Get-AppxProvisionedPackage command to get a list off the provisioned apps installed in Windows OS. See a list of some common provisioned apps installed a Windows Enterprise client computer or device, including Windows 10/11.
-ms.prod: w10
+ms.prod: windows-client
 ms.localizationpriority: medium
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # Provisioned apps installed with the Windows client OS
@@ -44,9 +45,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809| 
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | ✔️ | | | | | |
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 
+    | --- | --- | --- | --- |
+    | ✔️ | ✔️ | ✔️ ||
 
     ---
 
@@ -54,9 +55,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ✔️ | ✔️ | ✔️ | ✔️️|
 
     ---
 
@@ -64,9 +65,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | Use Settings App | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | Use Settings App | ✔️ | ✔️ | ✔️|
 
     ---
 
@@ -74,9 +75,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    |---| --- | --- | --- |
+    | ❌ |  ✔️| ✔️| ✔️|
 
     ---
 
@@ -84,9 +85,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️| ✔️|
 
     ---
 
@@ -94,9 +95,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️| ✔️| ✔️|
 
     ---
     
@@ -106,9 +107,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️|||||||
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️|||
     
     ---  
 
@@ -116,9 +117,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -126,9 +127,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -136,9 +137,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ✔️ | ✔️ | ✔️ | ✔️️|
 
     ---
 
@@ -146,9 +147,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ✔️ | ✔️ | ✔️ | ✔️️|
 
     ---
 
@@ -156,9 +157,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -166,9 +167,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -176,9 +177,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -186,9 +187,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    | ✔️ | ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? | 22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ✔️ | ✔️ | ✔️ | ✔️️|
 
     ---
 
@@ -196,9 +197,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -206,9 +207,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? | 22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    | --- | --- | --- | --- | --- | --- | --- |--- |
-    |️ | ✔️ | ✔️ | ✔️|️ | ✔️|️️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -216,9 +217,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -226,9 +227,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️| | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -236,9 +237,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -246,9 +247,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -256,9 +257,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -266,9 +267,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -276,9 +277,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-     | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -286,9 +287,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -296,9 +297,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -306,9 +307,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -316,9 +317,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -326,9 +327,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -336,9 +337,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -346,9 +347,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -356,9 +357,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -366,9 +367,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -376,9 +377,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -386,9 +387,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -398,9 +399,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -408,9 +409,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -418,9 +419,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -428,9 +429,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -438,9 +439,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -448,9 +449,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -458,9 +459,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -468,9 +469,9 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
 
@@ -478,8 +479,8 @@ Provisioned apps are also listed in **Settings** > **Apps and Features**.
   - Supported versions:
 
     ---
-    | Uninstall through UI? |22H2| 21H1 | 20H2 | 2004 | 1909| 1903| 1809 |
-    |---| --- | --- | --- | --- | --- | --- |--- |
-    | ❌ |  ✔️ | ✔️ | ✔️|✔️ | ✔️| ✔️| ✔️|
+    | Uninstall through UI? |22H2| 21H1 | 20H2 |
+    | --- | --- | --- | --- |
+    | ❌ |  ✔️ | ✔️ | ✔️|  
 
     ---
diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md
index 817364d24a..57b52fce28 100644
--- a/windows/application-management/remove-provisioned-apps-during-update.md
+++ b/windows/application-management/remove-provisioned-apps-during-update.md
@@ -1,12 +1,13 @@
 ---
 title: How to keep apps removed from Windows 10 from returning during an update
 description: How to keep provisioned apps that were removed from your machine from returning during an update.
-ms.prod: w10
+ms.prod: windows-client
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
 ms.date: 05/25/2018
 ms.reviewer: 
+ms.technology: itpro-apps
 ---
 # How to keep apps removed from Windows 10 from returning during an update
 
diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index 466370dcd1..baeae78bd8 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -5,8 +5,9 @@ ms.reviewer:
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 ms.localizationpriority: medium
+ms.technology: itpro-apps
 ---
 
 # Sideload line of business (LOB) apps in Windows client devices
diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md
index 67476d451f..692bae2fe3 100644
--- a/windows/application-management/svchost-service-refactoring.md
+++ b/windows/application-management/svchost-service-refactoring.md
@@ -1,12 +1,13 @@
 ---
 title: Service Host service refactoring in Windows 10 version 1703
 description: Learn about the SvcHost Service Refactoring introduced in Windows 10 version 1703.
-ms.prod: w10
+ms.prod: windows-client
 author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
 ms.date: 07/20/2017
 ms.reviewer: 
+ms.technology: itpro-apps
 ---
 
 # Changes to Service Host grouping in Windows 10
diff --git a/windows/application-management/system-apps-windows-client-os.md b/windows/application-management/system-apps-windows-client-os.md
index eef2f72573..0788b793d8 100644
--- a/windows/application-management/system-apps-windows-client-os.md
+++ b/windows/application-management/system-apps-windows-client-os.md
@@ -5,9 +5,10 @@ author: nicholasswhite
 ms.author: nwhite
 manager: aaroncz
 description: Use the Windows PowerShell Get-AppxPackage command to get a list off the system apps installed in Windows OS. See a list of some common system apps installed a Windows Enterprise client computer or device, including Windows 10/11.
-ms.prod: w10
+ms.prod: windows-client
 ms.localizationpriority: medium
 ms.topic: article
+ms.technology: itpro-apps
 ---
 
 # System apps installed with the Windows client OS
diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index 1f0b6e4447..d5697e455b 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.date: 03/28/2022
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-manage
 ---
 
 # Windows Tools/Administrative Tools
diff --git a/windows/client-management/appv-deploy-and-config.md b/windows/client-management/appv-deploy-and-config.md
index 692e73a572..f0c9843f27 100644
--- a/windows/client-management/appv-deploy-and-config.md
+++ b/windows/client-management/appv-deploy-and-config.md
@@ -1,6 +1,6 @@
 ---
 title: Deploy and configure App-V apps using MDM
-description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Manager or App-V server.
+description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Intune or App-V server.
 ms.author: vinpa
 ms.topic: article
 ms.prod: windows-client
@@ -15,7 +15,7 @@ manager: aaroncz
 
 ## Executive summary
 
-<p>Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies using Microsoft Endpoint Manager or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.</p>
+<p>Microsoft Application Virtualization (App-V) apps have typically been configured, deployed, and managed through on-premises group policies or App-V server. In Windows 10, version 1703, App-V apps can be configured, deployed, and managed using mobile device management (MDM), matching their on-premises counterparts.</p>
 
 <p>MDM services can be used to publish App-V packages to clients running Windows 10, version 1703 (or later). All capabilities such as App-V enablement, configuration, and publishing can be completed using the EnterpriseAppVManagement CSP.</p>
 
diff --git a/windows/client-management/azure-active-directory-integration-with-mdm.md b/windows/client-management/azure-active-directory-integration-with-mdm.md
index 928db9a0cb..d02f1b1f53 100644
--- a/windows/client-management/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/azure-active-directory-integration-with-mdm.md
@@ -36,7 +36,7 @@ For personal devices (BYOD):
 
 ### Azure AD Join
 
-Company owned devices are traditionally joined to the on-premises Active Directory domain of the organization. These devices can be managed using Group Policy or computer management software such as Microsoft Endpoint Configuration Manager. In Windows 10, it’s also possible to manage domain joined devices with an MDM.
+Company owned devices are traditionally joined to the on-premises Active Directory domain of the organization. These devices can be managed using Group Policy or computer management software such as Microsoft Configuration Manager. In Windows 10, it’s also possible to manage domain joined devices with an MDM.
 
 Windows 10 introduces a new way to configure and deploy organization owned Windows devices. This mechanism is called Azure AD Join. Like traditional domain join, Azure AD Join allows devices to become known and managed by an organization. However, with Azure AD Join, Windows authenticates to Azure AD instead of authenticating to a domain controller.
 
diff --git a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
index 4770e2515b..af610cec3c 100644
--- a/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@@ -11,10 +11,14 @@ ms.reviewer:
 manager: aaroncz
 ---
 
-# Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal 
+# Azure AD and Microsoft Intune: Automatic MDM enrollment in the Endpoint Manager admin center
 
-> [!NOTE]
-> Microsoft Intune portal can be accessed at the following link: [https://endpoint.microsoft.com](https://endpoint.microsoft.com).   
+Microsoft Intune can be accessed directly using its own admin center. For more information, go to:
+
+- [Tutorial: Walkthrough Intune in Microsoft Endpoint Manager admin center](/mem/intune/fundamentals/tutorial-walkthrough-endpoint-manager)
+- Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+
+If you use the Azure portal, then you can access Intune using the following steps:
 
 1. Go to your Azure AD Blade.
 2. Select **Mobility (MDM and MAM)**, and find the Microsoft Intune app.
diff --git a/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
index 62d404f9d4..c85858a2d0 100644
--- a/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/bulk-enrollment-using-windows-provisioning-tool.md
@@ -28,12 +28,12 @@ Bulk enrollment is an efficient way to set up a large number of devices to be ma
 
 On the desktop, you can create an Active Directory account, such as "enrollment@contoso.com" and give it only the ability to join the domain. Once the desktop is joined with that admin account, then standard users in the domain can sign in to use it. This account is especially useful in getting a large number of desktop ready to use within a domain.
 
-On the desktop and mobile devices, you can use an enrollment certificate or enrollment username and password, such as "enroll@contoso.com" and "enrollmentpassword." These credentials are used in the provisioning package, which you can use to enroll multiple devices to the MDM service. Once the devices are joined, many users can use them.
+On the desktop and mobile devices, you can use an enrollment certificate or enrollment username and password, such as `enroll@contoso.com` and `enrollmentpassword`. These credentials are used in the provisioning package, which you can use to enroll multiple devices to the MDM service. Once the devices are joined, many users can use them.
 
 > [!NOTE]
 > -   Bulk-join is not supported in Azure Active Directory Join.
 > -   Bulk enrollment does not work in Intune standalone environment.
-> -   Bulk enrollment works in Microsoft Endpoint Manager where the ppkg is generated from the Configuration Manager console.
+> -   Bulk enrollment works in Microsoft Intune where the ppkg is generated from the Configuration Manager console.
 > -   To change bulk enrollment settings, login to **AAD**, then **Devices**, and then click **Device Settings**. Change the number under **Maximum number of devices per user**.
 > -   Bulk Token creation is not supported with federated accounts.
 
@@ -53,14 +53,14 @@ On the desktop and mobile devices, you can use an enrollment certificate or enro
 Using the WCD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings.
 
 1. Open the WCD tool.
-2. Click **Advanced Provisioning**.
+2. Select **Advanced Provisioning**.
 
    ![icd start page.](images/bulk-enrollment7.png)
-3. Enter a project name and click **Next**.
-4. Select **All Windows editions**, since Provisioning CSP is common to all Windows editions, then click **Next**.
-5. Skip **Import a provisioning package (optional)** and click **Finish**.
+3. Enter a project name and select **Next**.
+4. Select **All Windows editions**, since Provisioning CSP is common to all Windows editions, then select **Next**.
+5. Skip **Import a provisioning package (optional)** and select **Finish**.
 6. Expand **Runtime settings** &gt; **Workplace**.
-7. Click **Enrollments**, enter a value in **UPN**, and then click **Add**.
+7. Select **Enrollments**, enter a value in **UPN**, and then select **Add**.
    The UPN is a unique identifier for the enrollment. For bulk enrollment, this UPN must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
 8. On the left navigation pane, expand the **UPN** and then enter the information for the rest of the settings for enrollment process.
    Here's the list of available settings:
@@ -74,8 +74,8 @@ Using the WCD, create a provisioning package using the enrollment information re
 
     ![bulk enrollment screenshot.](images/bulk-enrollment.png)
 9. Configure the other settings, such as the Wi-Fi connections so that the device can join a network before joining MDM (for example, **Runtime settings** &gt; **ConnectivityProfiles** &gt; **WLANSetting**).
-10. When you're done adding all the settings, on the **File** menu, click **Save**.
-11. On the main menu, click **Export** &gt; **Provisioning package**.
+10. When you're done adding all the settings, on the **File** menu, select **Save**.
+11. On the main menu, select **Export** &gt; **Provisioning package**.
 
     ![icd menu for export.](images/bulk-enrollment2.png)
 12. Enter the values for your package and specify the package output location.
@@ -83,7 +83,7 @@ Using the WCD, create a provisioning package using the enrollment information re
     ![enter package information.](images/bulk-enrollment3.png)
     ![enter additional information for package information.](images/bulk-enrollment4.png)
     ![specify file location.](images/bulk-enrollment6.png)
-13. Click **Build**.
+13. Select **Build**.
 
     ![icb build window.](images/bulk-enrollment5.png)
 14. Apply the package to some test devices and verify that they work. For more information, see [Apply a provisioning package](#apply-a-provisioning-package).
@@ -94,13 +94,13 @@ Using the WCD, create a provisioning package using the enrollment information re
 Using the WCD, create a provisioning package using the enrollment information required by your organization. Ensure that you have all the configuration settings.
 
 1. Open the WCD tool.
-2. Click **Advanced Provisioning**.
-3. Enter a project name and click **Next**.
+2. Select **Advanced Provisioning**.
+3. Enter a project name and select **Next**.
 4. Select **Common to all Windows editions**, since Provisioning CSP is common to all Windows editions.
-5. Skip **Import a provisioning package (optional)** and click **Finish**.
+5. Skip **Import a provisioning package (optional)** and select **Finish**.
 6. Specify the certificate.
    1.  Go to **Runtime settings** &gt; **Certificates** &gt; **ClientCertificates**.
-   2.  Enter a **CertificateName** and then click **Add**.
+   2.  Enter a **CertificateName** and then select **Add**.
    3.  Enter the **CertificatePasword**.
    4.  For **CertificatePath**, browse and select the certificate to be used.
    5.  Set **ExportCertificate** to False.
@@ -109,7 +109,7 @@ Using the WCD, create a provisioning package using the enrollment information re
    ![icd certificates section.](images/bulk-enrollment8.png)
 7. Specify the workplace settings.
    1. Got to **Workplace** &gt; **Enrollments**.
-   2. Enter the **UPN** for the enrollment and then click **Add**.
+   2. Enter the **UPN** for the enrollment and then select **Add**.
       The UPN is a unique identifier for the enrollment. For bulk enrollment, this UPN must be a service account that is allowed to enroll multiple users, such as "enrollment@contoso.com".
    3. On the left column, expand the **UPN** and then enter the information for the rest of the settings for enrollment process.
       Here's the list of available settings:
@@ -120,32 +120,32 @@ Using the WCD, create a provisioning package using the enrollment information re
       -   **Secret** - the certificate thumbprint.
       For detailed descriptions of these settings, see [Provisioning CSP](mdm/provisioning-csp.md).
 8. Configure the other settings, such as the Wi-Fi connection so that the device can join a network before joining MDM (for example, **Runtime settings** &gt; **ConnectivityProfiles** &gt; **WLANSetting**).
-9. When you're done adding all the settings, on the **File** menu, click **Save**.
+9. When you're done adding all the settings, on the **File** menu, select **Save**.
 10. Export and build the package (steps 10-13 in the procedure above).
 11. Apply the package to some test devices and verify that they work. For more information, see [Apply a provisioning package](#apply-a-provisioning-package).
 12. Apply the package to your devices.
 
 ## Apply a provisioning package
 
-Here's the list of topics about applying a provisioning package:
+Here's the list of articles about applying a provisioning package:
 
--   [Apply a package on the first-run setup screen (out-of-the-box experience)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment#apply-package) - topic in Technet.
--   [Apply a package to a Windows desktop edition image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_desktop_image) - topic in MSDN
--   [Apply a package from the Settings menu](#apply-a-package-from-the-settings-menu) - topic below
+-   [Apply a package on the first-run setup screen (out-of-the-box experience)](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment#apply-package)
+-   [Apply a package to a Windows desktop edition image](/windows/configuration/provisioning-packages/provisioning-create-package#to_apply_a_provisioning_package_to_a_desktop_image)
+-   [Apply a package from the Settings menu](#apply-a-package-from-the-settings-menu) - article below
 
 ## Apply a package from the Settings menu
 
 1.  Go to **Settings** &gt; **Accounts** &gt; **Access work or school**.
-2.  Click **Add or remove a provisioning package**.
-3.  Click **Add a package**.
+2.  Select **Add or remove a provisioning package**.
+3.  Select **Add a package**.
 
 ## <a href="" id="validate-that-the-provisioning-package-was-applied-"></a>Validate that the provisioning package was applied
 
 1.  Go to **Settings** &gt; **Accounts** &gt; **Access work or school**.
-2.  Click **Add or remove a provisioning package**.
+2.  Select **Add or remove a provisioning package**.
     You should see your package listed.
 
-## Retry logic in case of a failure
+## Retry logic if there's a failure
 
 If the provisioning engine receives a failure from a CSP, it will retry to provision three times in a row.
 
@@ -155,9 +155,9 @@ It will also retry to apply the provisioning each time it's launched, if started
 
 In addition, provisioning will be restarted in a SYSTEM context after a sign in and the system has been idle ([details on idle conditions](/windows/win32/taskschd/task-idle-conditions)).
 
-## Other provisioning topics
+## Other provisioning articles
 
-Here are links to step-by-step provisioning topics in Technet.
+Here are links to step-by-step provisioning articles:
 
 -   [Provision PCs with apps and certificates for initial deployment](/windows/configuration/provisioning-packages/provision-pcs-with-apps)
 -   [Provision PCs with common settings for initial deployment](/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment)
diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md
index 73fe0c3a57..d3410f5068 100644
--- a/windows/client-management/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/change-default-removal-policy-external-storage-media.md
@@ -13,6 +13,7 @@ ms.custom:
 audience: ITPro
 ms.localizationpriority: medium
 manager: kaushika
+ms.technology: itpro-manage
 ---
 
 # Change in default removal policy for external storage media in Windows 10, version 1809
diff --git a/windows/client-management/config-lock.md b/windows/client-management/config-lock.md
index 8725bda82d..04d9be81f2 100644
--- a/windows/client-management/config-lock.md
+++ b/windows/client-management/config-lock.md
@@ -38,10 +38,10 @@ Config lock will be available for all Windows Professional and Enterprise Editio
 
 Config lock isn't enabled by default, or turned on by the OS during boot. Rather, you need to turn it on.
 
-The steps to turn on config lock using Microsoft Endpoint Manager (Microsoft Intune) are as follows:
+The steps to turn on config lock using Microsoft Intune are as follows:
 
 1. Ensure that the device to turn on config lock is enrolled in Microsoft Intune.
-1. From the Microsoft Intune portal main page, select **Devices** > **Configuration Profiles** > **Create a profile**.
+1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** > **Configuration Profiles** > **Create a profile**.
 1. Select the following and press **Create**:
     - **Platform**: Windows 10 and later
     - **Profile type**: Templates
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index d95c178ea4..18fb8a5311 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -10,6 +10,7 @@ ms.reviewer:
 manager: aaroncz
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-manage
 ---
 
 # Connect to remote Azure Active Directory-joined PC
diff --git a/windows/client-management/docfx.json b/windows/client-management/docfx.json
index 21740e86df..8c038b6c43 100644
--- a/windows/client-management/docfx.json
+++ b/windows/client-management/docfx.json
@@ -36,7 +36,7 @@
       "recommendations": true,
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
-      "ms.technology": "windows",
+      "ms.technology": "itpro-manage",
       "audience": "ITPro",
       "ms.topic": "article",
       "manager": "dansimp",
diff --git a/windows/client-management/esim-enterprise-management.md b/windows/client-management/esim-enterprise-management.md
index 34872b5ca8..be730b8fd9 100644
--- a/windows/client-management/esim-enterprise-management.md
+++ b/windows/client-management/esim-enterprise-management.md
@@ -6,6 +6,7 @@ author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.author: vinpa
 ms.topic: conceptual
+ms.technology: itpro-manage
 ---
 
 # How Mobile Device Management Providers support eSIM Management on Windows
diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
index 0ad377277b..3f1e0ef47a 100644
--- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
@@ -9,6 +9,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: troubleshooting
+ms.technology: itpro-manage
 ---
 
 # Group Policy settings that apply only to Windows 10 Enterprise and Education Editions
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index 24fe54f2cf..1ed28e0f9b 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -10,6 +10,7 @@ author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.date: 09/14/2021
 ms.topic: article
+ms.technology: itpro-manage
 ---
 
 # Manage corporate devices
@@ -37,7 +38,7 @@ You can use the same management tools to manage all device types running Windows
 
 ## Learn more
 
-[How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](/mem/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
+[How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Configuration Manager](/mem/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
 
 [Azure AD, Microsoft Intune and Windows 10 - Using the cloud to modernize enterprise mobility](https://blogs.technet.microsoft.com/enterprisemobility/2015/06/12/azure-ad-microsoft-intune-and-windows-10-using-the-cloud-to-modernize-enterprise-mobility/)
 
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index e09a71c63d..6f1cf2860e 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -8,6 +8,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
+ms.technology: itpro-manage
 ---
 
 # Manage Device Installation with Group Policy
@@ -214,7 +215,7 @@ Some of these policies take precedence over other policies. The flowchart shown
 
 ### General
 
-To complete each of the scenarios, ensure your have:
+To complete each of the scenarios, ensure you have:
 
 - A client computer running Windows.
 
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index 285c3b9a28..0bb88c2d24 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -8,6 +8,7 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
+ms.technology: itpro-manage
 ---
 
 # Manage the Settings app with Group Policy
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index 0dd98cccd4..466a326260 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -9,15 +9,16 @@ ms.author: vinpa
 ms.reviewer: 
 manager: aaroncz
 ms.topic: overview
+ms.technology: itpro-manage
 ---
 
 # Manage Windows 10 in your organization - transitioning to modern management
 
 Use of personal devices for work, and employees working outside the office, may be changing how your organization manages devices. Certain parts of your organization might require deep, granular control over devices, while other parts might seek lighter, scenario-based management that empowers the modern workforce. Windows 10 offers the flexibility to respond to these changing requirements, and can easily be deployed in a mixed environment. You can shift the percentage of Windows 10 devices gradually, following the normal upgrade schedules used in your organization.
 
-Your organization might have considered bringing in Windows 10 devices and downgrading them to an earlier version of Windows until everything is in place for a formal upgrade process. While this downgrade may appear to save costs due to standardization, greater savings can come from avoiding the downgrade and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it's easy for versions to coexist.
+Your organization might have considered bringing in Windows 10 devices and downgrading them to an earlier version of Windows until everything is in place for a formal upgrade process. This downgrade may appear to save costs due to standardization. But, you typically save more if you don't downgrade, and immediately taking advantage of the cost reductions Windows 10 can provide. Because Windows 10 devices can be managed using the same processes and technology as other previous Windows versions, it's easy for versions to coexist.
 
-Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Endpoint Configuration Manager, Microsoft Intune, or other third-party products. This "managed diversity" enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
+Your organization can support various operating systems across a wide range of device types, and manage them through a common set of tools such as Microsoft Configuration Manager, Microsoft Intune, or other third-party products. This "managed diversity" enables you to empower your users to benefit from the productivity enhancements available on their new Windows 10 devices (including rich touch and ink support), while still maintaining your standards for security and manageability. It can help you and your organization benefit from Windows 10 much faster.
 
 This six-minute video demonstrates how users can bring in a new retail device and be up and working with their personalized settings and a managed experience in a few minutes, without being on the corporate network. It also demonstrates how IT can apply policies and configurations to ensure device compliance.
 
@@ -114,7 +115,7 @@ MDM with Intune provide tools for applying Windows updates to client computers i
 
 There are various steps you can take to begin the process of modernizing device management in your organization:
 
-**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, reevaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use [Group policy analytics in Microsoft Endpoint Manager](/mem/intune/configuration/group-policy-analytics) to help determine which group policies supported by cloud-based MDM providers, including Microsoft Intune.
+**Assess current management practices, and look for investments you might make today.** Which of your current practices need to stay the same, and which can you change? Specifically, what elements of traditional management do you need to retain and where can you modernize? Whether you take steps to minimize custom imaging, reevaluate settings management, or reassesses authentication and compliance, the benefits can be immediate. You can use [Group policy analytics in Microsoft Intune](/mem/intune/configuration/group-policy-analytics) to help determine which group policies supported by cloud-based MDM providers, including Microsoft Intune.
 
 **Assess the different use cases and management needs in your environment.** Are there groups of devices that could benefit from lighter, simplified management? BYOD devices, for example, are natural candidates for cloud-based management. Users or devices handling more highly regulated data might require an on-premises Active Directory domain for authentication. Configuration Manager and EMS provide you the flexibility to stage implementation of modern management scenarios while targeting different devices the way that best suits your business needs.
 
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index ec6b743d91..7cf55e0587 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -9,6 +9,7 @@ ms.reviewer:
 manager: aaroncz
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-manage
 ---
 
 # Create mandatory user profiles
@@ -79,7 +80,7 @@ First, you create a default user profile with the customizations that you want,
    >
    > Use the [Remove-AppxProvisionedPackage](/powershell/module/dism/remove-appxprovisionedpackage?view=win10-ps&preserve-view=true) and [Remove-AppxPackage -AllUsers](/powershell/module/appx/remove-appxpackage?view=win10-ps&preserve-view=true) cmdlet in Windows PowerShell to uninstall the app that is listed in the log.
 
-1. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the set up, and then sign in to the computer using an account that has local administrator privileges.
+1. The sysprep process reboots the PC and starts at the first-run experience screen. Complete the setup, and then sign in to the computer using an account that has local administrator privileges.
 
 1. Right-click Start, go to **Control Panel** (view by large or small icons) > **System** > **Advanced system settings**, and click **Settings** in the **User Profiles** section.
 
diff --git a/windows/client-management/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm-enrollment-of-windows-devices.md
index d8748f2ee6..368defcb39 100644
--- a/windows/client-management/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm-enrollment-of-windows-devices.md
@@ -8,8 +8,8 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.collection: highpri
 ---
@@ -255,7 +255,7 @@ There are a few instances where your device may not be able to connect to work.
 |--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-----------------------------------------------------------------------------------------------------|
 | Your device is already connected to your organization’s cloud.                                                                                                                             | Your device is already connected to either Azure AD, a work or school account, or an AD domain.     |
 | We couldn't find your identity in your organization’s cloud.                                                                                                                              | The username you entered wasn't found on your Azure AD tenant.                                     |
-| Your device is already being managed by an organization.                                                                                                                                   | Your device is either already managed by MDM or Microsoft Endpoint Configuration Manager.                |
+| Your device is already being managed by an organization.                                                                                                                                   | Your device is either already managed by MDM or Microsoft Configuration Manager.                |
 | You don’t have the right privileges to perform this operation. Talk to your admin.                                                                                                  | You can't enroll your device into MDM as a standard user. You must be on an administrator account. |
 | We couldn’t auto-discover a management endpoint matching the username entered. Check your username and try again. If you know the URL to your management endpoint, enter it. | You need to provide the server URL for your MDM or check the spelling of the username you entered.  |
 
diff --git a/windows/client-management/mdm-overview.md b/windows/client-management/mdm-overview.md
index bde99823e0..8c630a325a 100644
--- a/windows/client-management/mdm-overview.md
+++ b/windows/client-management/mdm-overview.md
@@ -2,9 +2,9 @@
 title: Mobile Device Management overview
 description: Windows 10 and Windows 11 provide an enterprise-level solution to mobile management, to help IT pros comply with security policies while avoiding compromise of user's privacy.
 ms.date: 08/04/2022
-ms.technology: windows
+ms.technology: itpro-manage
 ms.topic: article
-ms.prod: w10
+ms.prod: windows-client
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index 49a866ecb5..0bacf6f8d2 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -73,13 +73,13 @@ This node specifies the username for a new local user account. This setting can
 This node specifies the password for a new local user account. This setting can be managed remotely.
 
 Supported operation is Add.
-GET operation isn't supported.  This setting will report as failed when deployed from the Endpoint Manager.
+GET operation isn't supported.  This setting will report as failed when deployed from Intune.
 
 <a href="" id="users-username-localusergroup"></a>**Users/_UserName_/LocalUserGroup**
 This optional node specifies the local user group that a local user account should be joined to.  If the node isn't set, the new local user account is joined just to the Standard Users group.  Set the value to 2 for Administrators group. This setting can be managed remotely.
 
 Supported operation is Add.
 
-## Related topics
+## Related articles
 
 [Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 454ca55f69..58e6ece757 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -25,7 +25,7 @@ The table below shows the applicability of Windows:
 
 Windows Defender Application Control (WDAC) policies can be managed from an MDM server, or locally by using PowerShell via the WMI Bridge through the ApplicationControl configuration service provider (CSP). The ApplicationControl CSP was added in Windows 10, version 1903. This CSP provides expanded diagnostic capabilities and support for [multiple policies](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) (introduced in Windows 10, version 1903). It also provides support for rebootless policy deployment (introduced in Windows 10, version 1709). Unlike the [AppLocker CSP](applocker-csp.md), the ApplicationControl CSP correctly detects the presence of no-reboot option and consequently doesn't schedule a reboot.
 
-Existing Windows Defender Application Control (WDAC) policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although, WDAC policy deployment via the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
+Existing Windows Defender Application Control (WDAC) policies deployed using the AppLocker CSP's CodeIntegrity node can now be deployed using the ApplicationControl CSP URI. Although WDAC policy deployment using the AppLocker CSP will continue to be supported, all new feature work will be done in the ApplicationControl CSP only.
 
 The following example shows the ApplicationControl CSP in tree format.
 
@@ -150,9 +150,9 @@ Scope is dynamic. Supported operation is Get.
 
 Value type is char.
 
-## Microsoft Endpoint Manager Intune Usage Guidance
+## Microsoft Intune Usage Guidance
 
-For customers using Intune standalone or hybrid management with Microsoft Endpoint Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
+For customers using Intune standalone or hybrid management with Configuration Manager to deploy custom policies via the ApplicationControl CSP, refer to [Deploy Windows Defender Application Control policies by using Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune).
 
 ## Generic MDM Server Usage Guidance
 
@@ -329,6 +329,6 @@ New-CimInstance -Namespace $namespace -ClassName $policyClassName -Property @{Pa
 Get-CimInstance -Namespace $namespace -ClassName $policyClassName
 ```
 
-## Related topics
+## Related articles
 
 [Configuration service provider reference](index.yml)
\ No newline at end of file
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index dec02671ea..bc1967ab1b 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -1,12 +1,12 @@
 ---
 title: CM\_CellularEntries CSP
 description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/02/2017
 ---
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index 26f88a1e32..e8cd768732 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -1,12 +1,12 @@
 ---
 title: CMPolicy CSP
 description: Learn how the CMPolicy configuration service provider (CSP) is used to define rules that the Connection Manager uses to identify correct connections.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index 899a3779e8..55ae5b8083 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -1,12 +1,12 @@
 ---
 title: CMPolicyEnterprise CSP
 description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index 0b07180698..35f1e9f495 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: CMPolicyEnterprise DDF file
 description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/configuration-service-provider-ddf.md b/windows/client-management/mdm/configuration-service-provider-ddf.md
index 12b60500aa..4a903492c4 100644
--- a/windows/client-management/mdm/configuration-service-provider-ddf.md
+++ b/windows/client-management/mdm/configuration-service-provider-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: Configuration service provider DDF files
 description: Learn more about the OMA DM device description framework (DDF) for various configuration service providers
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/18/2020
 ms.collection: highpri
diff --git a/windows/client-management/mdm/configuration-service-provider-support.md b/windows/client-management/mdm/configuration-service-provider-support.md
index e6000e0976..4afed5993c 100644
--- a/windows/client-management/mdm/configuration-service-provider-support.md
+++ b/windows/client-management/mdm/configuration-service-provider-support.md
@@ -1,12 +1,12 @@
 ---
 title: Configuration service provider support
 description: Learn more about configuration service provider (CSP) supported scenarios.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/18/2020
 ms.collection: highpri
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index 53b1ab435d..1731f78223 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -1,12 +1,12 @@
 ---
 title: CustomDeviceUI CSP
 description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index e77372750e..1c2b2eb1e0 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: CustomDeviceUI DDF
 description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index c95bb5bc44..f0d3fb39b0 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -1,12 +1,12 @@
 ---
 title: Defender CSP
 description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.date: 02/22/2022
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index b7851e330b..03f96374f6 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: Defender DDF file
 description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.date: 07/23/2021
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index cf12739b69..ac1777a84f 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -1,12 +1,12 @@
 ---
 title: DevDetail CSP
 description: Learn how the DevDetail configuration service provider handles the management object. This CSP provides device-specific parameters to the OMA DM server.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 03/27/2020
 ---
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index d19d909f71..701008751e 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: DevDetail DDF file
 description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/03/2020
 ---
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index 033ace2ec0..56d85eb234 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -1,12 +1,12 @@
 ---
 title: DeveloperSetup CSP
 description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2018
 ---
diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md
index 1b7d9de267..5194793e17 100644
--- a/windows/client-management/mdm/developersetup-ddf.md
+++ b/windows/client-management/mdm/developersetup-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: DeveloperSetup DDF file
 description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index 054ebc1774..b10bd93a62 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -1,12 +1,12 @@
 ---
 title: DeviceLock CSP
 description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index e206a5b29e..a7baeea8fe 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: DeviceLock DDF file
 description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index 70340fe1a6..ba8c8543ab 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -1,12 +1,12 @@
 ---
 title: DeviceManageability CSP
 description: Learn how the DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/01/2017
 ---
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index 5200da534c..8854d21cfc 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: DeviceManageability DDF
 description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index 4d74896075..0f4c3a631c 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -1,12 +1,12 @@
 ---
 title: DeviceStatus CSP
 description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/25/2021
 ---
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index a13d8ad0e9..758d3d324d 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: DeviceStatus DDF
 description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 03/12/2018
 ---
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index 0ed5356c9d..eeef8c18ab 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -1,12 +1,12 @@
 ---
 title: DevInfo CSP
 description: Learn how the DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index 98492f8b3f..dca49363e3 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: DevInfo DDF file
 description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index 8924241e4d..7f88c701b6 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -1,12 +1,12 @@
 ---
 title: DiagnosticLog CSP
 description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/19/2019
 ---
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 05a0e4d332..a268523ce4 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: DiagnosticLog DDF
-description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
-ms.reviewer:
+description: Learn about the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index 8218509c6f..aa91c7caf5 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -1,12 +1,12 @@
 ---
 title: DMAcc CSP
 description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index 2d0f472a36..f2d4b6a20f 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: DMAcc DDF file
 description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index 6013c649ce..a1d4415f08 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -1,12 +1,12 @@
 ---
 title: DMClient CSP
 description: Understand how the DMClient configuration service provider (CSP) is used to specify enterprise-specific mobile device management (MDM) configuration settings.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/01/2017
 ---
@@ -484,7 +484,7 @@ Support operation is Exec.
 <a href="" id="provider-providerid-linkedenrollment-enrollstatus"></a>**Provider/*ProviderID*/LinkedEnrollment/EnrollStatus**
 
 This node can be used to check both enroll and unenroll statuses.
-This will return the enroll action status and is defined as a enum class LinkedEnrollmentStatus. The values are aas follows:
+This will return the enroll action status and is defined as an enum class LinkedEnrollmentStatus. The values are as follows:
 
 - Undefined = 0
 - EnrollmentNotStarted = 1
@@ -502,7 +502,7 @@ This specifies the Hresult to report the enrollment/unenroll results.
 
 <a href="" id="provider-providerid-recovery-allowrecovery"></a>**Provider/*ProviderID*/Recovery/AllowRecovery**
 
-This node determines whether or not the client will automatically initiate a MDM Recovery operation when it detects issues with the MDM certificate.
+This node determines whether or not the client will automatically initiate an MDM Recovery operation when it detects issues with the MDM certificate.
 
 Supported operations are Get, Add, Replace and Delete.
 
@@ -540,7 +540,10 @@ Optional. This node specifies maximum number of concurrent user sync sessions in
 
 The default value is dynamically decided by the client based on CPU usage.
 
-The values are : 0= none, 1= sequential, anything else=  parallel.
+The values are as follows: 
+0 = none 
+1 = sequential
+anything else = parallel
 
 Supported operations are Get, Add, Replace and Delete.
 
@@ -552,7 +555,10 @@ Optional. This node specifies maximum number of concurrent user sync sessions at
 
 The default value is dynamically decided by the client based on CPU usage.
 
-The values are : 0= none, 1= sequential, anything else= parallel.
+The values are as follows: 
+0 = none
+1 = sequential
+anything else = parallel.
 
 Supported operations are Get, Add, Replace and Delete.
 
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index 83705437e0..4f66124b30 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: DMClient DDF file
 description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index 7d1f209458..b7d129f30a 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -3,11 +3,11 @@ title: DMSessionActions CSP
 description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low-power state.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index c03dc36fde..bbf9287698 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -3,11 +3,11 @@ title: DMSessionActions DDF file
 description: Learn about the OMA DM device description framework (DDF) for the DMSessionActions configuration service provider (CSP).
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index 26bf159871..241e6803a9 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -3,11 +3,11 @@ title: DynamicManagement CSP
 description: Learn how the Dynamic Management configuration service provider (CSP) enables configuration of policies that change how the device is managed.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.collection: highpri
 ---
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 48ea1b01a8..e4b4235d51 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: DynamicManagement DDF file
 description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 6e067a0976..35f29d23a7 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -1,12 +1,12 @@
 ---
 title: EAP configuration
 description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index 0fc082236b..31d99fa377 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -1,12 +1,12 @@
 ---
 title: EMAIL2 CSP
 description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index 1543101a54..cda01b7a53 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: EMAIL2 DDF file
 description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index c607ed7015..a7cf76b52f 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -3,8 +3,8 @@ title: EnrollmentStatusTracking DDF
 description: View the OMA DM DDF for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 05/17/2019
 ---
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index 59220928f8..01d414693b 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -3,8 +3,8 @@ title: EnrollmentStatusTracking CSP
 description: Learn how to execute a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 05/21/2019
 ---
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index ef1f136780..abbf2c055b 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -1,12 +1,12 @@
 ---
 title: EnterpriseAPN CSP
 description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/22/2017
 ---
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index e14b2947da..df2d42aa34 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: EnterpriseAPN DDF
 description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index 46de6095eb..f283d78393 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -3,11 +3,11 @@ title: EnterpriseAppVManagement CSP
 description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 or Windows 11 PCs. (Enterprise and Education editions).
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
index 51705bf533..95e991df6b 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
@@ -3,11 +3,11 @@ title: EnterpriseAppVManagement DDF file
 description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAppVManagement configuration service provider (CSP).
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md
index 17adea149a..86f5334e40 100644
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@@ -2,12 +2,12 @@
 title: EnterpriseDataProtection CSP
 description: Learn how the EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings.
 ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/09/2017
 ---
diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
index da67ebd4ea..cde4878163 100644
--- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: EnterpriseDataProtection DDF file
 description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
index ebd53f9de1..62e50eadd1 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@@ -2,12 +2,12 @@
 title: EnterpriseDesktopAppManagement CSP
 description: Learn how the EnterpriseDesktopAppManagement CSP handles enterprise desktop application management tasks, such as installing or removing applications.
 ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 07/11/2017
 ---
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
index 23261b8b07..0a13970546 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: EnterpriseDesktopAppManagement DDF
 description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
index e03181b4e0..7bdeb81114 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
@@ -1,12 +1,12 @@
 ---
 title: EnterpriseDesktopAppManagement XSD
 description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index dfe544370c..534c2117a8 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -1,12 +1,12 @@
 ---
 title: EnterpriseModernAppManagement CSP
 description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/19/2021
 ---
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index ba9430bc83..a7c599a149 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: EnterpriseModernAppManagement DDF
 description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 10/01/2019
 ---
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index c323934254..423e4752c9 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -1,12 +1,12 @@
 ---
 title: EnterpriseModernAppManagement XSD
 description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 5785014560..1d8c5255b7 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -3,11 +3,11 @@ title: eUICCs CSP
 description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, reassign, remove) subscriptions to employees.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 03/02/2018
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index cab2efe2b9..a6de1b34ab 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: eUICCs DDF file
 description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 03/02/2018
 ---
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index 7d3f2c7e1c..ae2d0aca3b 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -3,10 +3,10 @@ title: Firewall CSP
 description: The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
@@ -25,8 +25,6 @@ The table below shows the applicability of Windows:
 
 The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device.  Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.  This CSP was added Windows 10, version 1709.
 
-The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings, per profile settings, and the desired set of custom rules to be enforced on the device.  Using the Firewall CSP the IT admin can now manage non-domain devices, and reduce the risk of network security threats across all systems connecting to the corporate network.  This CSP was added Windows 10, version 1709.
-
 Firewall rules in the FirewallRules section must be wrapped in an Atomic block in SyncML, either individually or collectively.
 
 For detailed information on some of the fields below, see [[MS-FASP]: Firewall and Advanced Security Protocol documentation](/openspecs/windows_protocols/ms-winerrata/6521c5c4-1f76-4003-9ade-5cccfc27c8ac).
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index c31d769719..c270f2f6f9 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -3,11 +3,11 @@ title: Firewall DDF file
 description: Learn about the OMA DM device description framework (DDF) for the Firewall configuration service provider.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index f4b7d29d2e..ef26f2ef61 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -1,14 +1,14 @@
 ---
 title: Device HealthAttestation CSP
 description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
-ms.date:
+ms.date: 
 ---
 
 # Device HealthAttestation CSP
@@ -265,7 +265,7 @@ calls between client and MAA and for each call the GUID is separated by semicolo
 
 ### MAA CSP Integration Steps
 
-1. Set up a MAA provider instance: MAA instance can be created following the steps at [Quickstart: Set up Azure Attestation by using the Azure portal](/azure/attestation/quickstart-portal].
+1. Set up an MAA provider instance: MAA instance can be created following the steps at [Quickstart: Set up Azure Attestation by using the Azure portal](/azure/attestation/quickstart-portal).
 
 2. Update the provider with an appropriate policy: The MAA instance should be updated with an appropriate policy. For more information, see [How to author an Azure Attestation policy](/azure/attestation/claim-rule-grammar).
 
@@ -933,6 +933,16 @@ If DEPPolicy = 0 (Off), then take one of the following actions that align with y
 - Allow conditional access based on other data points that are present at evaluation time. For example, other attributes on the health certificate, or a device's past activities and trust history.
 - Take one of the previous actions and additionally place the device in a watch list to monitor the device more closely for potential risks.
 
+DEP policy evaluation is a non binary status when queried. It is then mapped to an On/Off state.
+
+|DEP policy level |Description | Attestation reported level | Property value |
+|--------------|-----------|------------|-------------|
+|OptIn (default configuration) |Only Windows system components and services have DEP applied. | 0 | 2 |
+|OptOut |DEP is enabled for all processes. Administrators can manually create a list of specific applications that do not have DEP applied. | 1 | 3 |
+|AlwaysOn |DEP is enabled for all processess. | 3 | 1 |
+|AlwaysOff |DEP is not enabled for any process. | 2 | 0 |
+
+
 <a href="" id="bitlockerstatus"></a>**BitLockerStatus** (at boot time)
 
 When BitLocker is reported "on" at boot time, the device is able to protect data that is stored on the drive from unauthorized access, when the system is turned off or goes to hibernation.
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index f0277343bb..74a707236c 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: HealthAttestation DDF
 description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index f4af5800f6..70a952ccd4 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -40,7 +40,7 @@ The following actions are supported:
 > - Azure AD Hybrid joined devices.
 > - Devices that use both GPO and CSP at the same time.
 >
-> The minimum operating system requirement for this CSP is Windows 10, version 2004. This CSP is supported only in Microsoft Surface Hub prior to Windows 10, version 2004.
+> The minimum operating system requirement for this CSP is Windows 10, version 1703. This CSP is not supported in Microsoft Surface Hub prior to Windows 10, version 1703.
 
 The following example shows the NetworkQoSPolicy configuration service provider in tree format.
 ```
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 6aa5459e4a..00aeb772d0 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -45,20 +45,20 @@ ms.date: 08/01/2022
 - [Experience/AllowManualMDMUnenrollment](policy-csp-experience.md#experience-allowmanualmdmunenrollment)
 - [MixedReality/AADGroupMembershipCacheValidityInDays](policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays)
 - [MixedReality/AADGroupMembershipCacheValidityInDays](./policy-csp-mixedreality.md#mixedreality-aadgroupmembershipcachevalidityindays) <sup>9</sup>
-- [MixedReality/AllowCaptivePortalBeforeLogon](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforelogon) <sup>Insider</sup>
+- [MixedReality/AllowCaptivePortalBeforeLogon](./policy-csp-mixedreality.md#mixedreality-allowcaptiveportalpeforelogon) <sup>12</sup>
 - [MixedReality/AllowLaunchUriInSingleAppKiosk](./policy-csp-mixedreality.md#mixedreality-allowlaunchuriinsingleappkiosk)<sup>10</sup>
 - [MixedReality/AutoLogonUser](./policy-csp-mixedreality.md#mixedreality-autologonuser) <sup>11</sup>
 - [MixedReality/BrightnessButtonDisabled](./policy-csp-mixedreality.md#mixedreality-brightnessbuttondisabled) <sup>9</sup>
 - [MixedReality/ConfigureMovingPlatform](policy-csp-mixedreality.md#mixedreality-configuremovingplatform) <sup>*[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)</sup>
-- [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#mixedreality-configurentpclient) <sup>Insider</sup>
-- [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) <sup>Insider</sup>
+- [MixedReality/ConfigureNtpClient](./policy-csp-mixedreality.md#mixedreality-configurentpclient) <sup>12</sup>
+- [MixedReality/DisallowNetworkConnectivityPassivePolling](./policy-csp-mixedreality.md#mixedreality-disablesisallownetworkconnectivitypassivepolling) <sup>12</sup>
 - [MixedReality/FallbackDiagnostics](./policy-csp-mixedreality.md#mixedreality-fallbackdiagnostics) <sup>9</sup>
 - [MixedReality/HeadTrackingMode](policy-csp-mixedreality.md#mixedreality-headtrackingmode) <sup>9</sup>
 - [MixedReality/ManualDownDirectionDisabled](policy-csp-mixedreality.md#mixedreality-manualdowndirectiondisabled) <sup>*[Feb. 2022 Servicing release](/hololens/hololens-release-notes#windows-holographic-version-21h2---february-2022-update)</sup>
 - [MixedReality/MicrophoneDisabled](./policy-csp-mixedreality.md#mixedreality-microphonedisabled) <sup>9</sup>
-- [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#mixedreality-ntpclientenabled) <sup>Insider</sup>
-- [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) <sup>Insider</sup>
-- [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) <sup>Insider</sup>
+- [MixedReality/NtpClientEnabled](./policy-csp-mixedreality.md#mixedreality-ntpclientenabled) <sup>12</sup>
+- [MixedReality/SkipCalibrationDuringSetup](./policy-csp-mixedreality.md#mixedreality-skipcalibrationduringsetup) <sup>12</sup>
+- [MixedReality/SkipTrainingDuringSetup](./policy-csp-mixedreality.md#mixedreality-skiptrainingduringsetup) <sup>12</sup>
 - [MixedReality/VisitorAutoLogon](policy-csp-mixedreality.md#mixedreality-visitorautologon) <sup>10</sup>
 - [MixedReality/VolumeButtonDisabled](./policy-csp-mixedreality.md#mixedreality-volumebuttondisabled) <sup>9</sup>
 - [Power/DisplayOffTimeoutOnBattery](./policy-csp-power.md#power-displayofftimeoutonbattery) <sup>9</sup>
@@ -98,11 +98,11 @@ ms.date: 08/01/2022
 - [Settings/AllowVPN](policy-csp-settings.md#settings-allowvpn)
 - [Settings/PageVisibilityList](./policy-csp-settings.md#settings-pagevisibilitylist) <sup>9</sup>
 - [Speech/AllowSpeechModelUpdate](policy-csp-speech.md#speech-allowspeechmodelupdate)
-- [Storage/AllowStorageSenseGlobal](policy-csp-storage.md#storage-allowstoragesenseglobal) <sup>Insider</sup>
-- [Storage/AllowStorageSenseTemporaryFilesCleanup](policy-csp-storage.md#storage-allowstoragesensetemporaryfilescleanup) <sup>Insider</sup>
-- [Storage/ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md#storage-configstoragesensecloudcontentdehydrationthreshold) <sup>Insider</sup>
-- [Storage/ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md#storage-configstoragesensedownloadscleanupthreshold) <sup>Insider</sup>
-- [Storage/ConfigStorageSenseGlobalCadence](policy-csp-storage.md#storage-configstoragesenseglobalcadence) <sup>Insider</sup>
+- [Storage/AllowStorageSenseGlobal](policy-csp-storage.md#storage-allowstoragesenseglobal) <sup>12</sup>
+- [Storage/AllowStorageSenseTemporaryFilesCleanup](policy-csp-storage.md#storage-allowstoragesensetemporaryfilescleanup) <sup>12</sup>
+- [Storage/ConfigStorageSenseCloudContentDehydrationThreshold](policy-csp-storage.md#storage-configstoragesensecloudcontentdehydrationthreshold) <sup>12</sup>
+- [Storage/ConfigStorageSenseDownloadsCleanupThreshold](policy-csp-storage.md#storage-configstoragesensedownloadscleanupthreshold) <sup>12</sup>
+- [Storage/ConfigStorageSenseGlobalCadence](policy-csp-storage.md#storage-configstoragesenseglobalcadence) <sup>12</sup>
 - [System/AllowCommercialDataPipeline](policy-csp-system.md#system-allowcommercialdatapipeline)
 - [System/AllowLocation](policy-csp-system.md#system-allowlocation)
 - [System/AllowStorageCard](policy-csp-system.md#system-allowstoragecard)
@@ -147,6 +147,7 @@ Footnotes:
 - 9 - Available in [Windows Holographic, version 20H2](/hololens/hololens-release-notes-2004#windows-holographic-version-20h2)
 - 10 - Available in [Windows Holographic, version 21H1](/hololens/hololens-release-notes#windows-holographic-version-21h1)
 - 11 - Available in [Windows Holographic, version 21H2](/hololens/hololens-release-notes#windows-holographic-version-21h2)
+- 12 - Available in [Windows Holographic, version 22H2](/hololens/hololens-release-notes#windows-holographic-version-22h2)
 - Insider - Available in our current [HoloLens Insider builds](/hololens/hololens-insider).
 
 ## Related topics
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index f29a552897..75d6ef18bf 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_DeviceSetup.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/19/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index 7a5e7d8921..e40ed73aad 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_DFS.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index d8489566b1..90522018ee 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_DigitalLocker.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/31/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index f2f068f538..9c83d784c0 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_DiskDiagnostic.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index d74c45064e..679efe6819 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_DiskNVCache.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/12/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index eca5056fc8..35d3111b03 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_DiskQuota.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/12/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index d4544fc733..2f3c8c7fb5 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_DistributedLinkTracking.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 03/22/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 4472593a26..282156487a 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_DnsClient.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/12/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md
index 8c02ae060e..0d52811a07 100644
--- a/windows/client-management/mdm/policy-csp-admx-dwm.md
+++ b/windows/client-management/mdm/policy-csp-admx-dwm.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_DWM.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/31/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md
index 3a7ebf1a7f..4463e3732f 100644
--- a/windows/client-management/mdm/policy-csp-admx-eaime.md
+++ b/windows/client-management/mdm/policy-csp-admx-eaime.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_EAIME.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/19/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
index f3b2d488de..3e68fe88f8 100644
--- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
+++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_EncryptFilesonMove.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
index 6fe53816f6..c8a720e1e6 100644
--- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_EnhancedStorage.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/23/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 4179f9e954..3eb7a233ee 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_ErrorReporting.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/23/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index 5e65d7883b..227a9dfb49 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_EventForwarding.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/17/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 67892620cd..c16f154c2f 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_EventLog.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/01/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
index 2ab2eeaca2..f4391621bc 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_EventLogging.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/12/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
index 5745240332..813b284d14 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_EventViewer.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/13/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index 010a1a10ef..c4a13d5154 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_Explorer.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
index 62cc01fcfd..e86fe56c4b 100644
--- a/windows/client-management/mdm/policy-csp-admx-externalboot.md
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -3,12 +3,12 @@ title: Policy CSP - ADMX_ExternalBoot
 description: Learn about the Policy CSP - ADMX_ExternalBoot.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.date: 09/13/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index 8ea5d19c93..88de0a6413 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_FileRecovery.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 03/24/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index e35b11f6d0..7707136130 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_FileRevocation.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/13/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 19ebcb25d5..ffb6a56824 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_FileServerVSSProvider.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index 7cb1659741..89ca799f8e 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_FileSys.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index c61d424741..9098d1152d 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_FolderRedirection.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/02/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
index af389b9bdc..5e1a31bd4d 100644
--- a/windows/client-management/mdm/policy-csp-admx-framepanes.md
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_FramePanes.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/14/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
index 47dbc15310..6d52f5da19 100644
--- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_FTHSVC.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/15/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index a16529e681..663d447e5d 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_Globalization.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/14/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index 63c71fdaa6..cc8dec4cff 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_GroupPolicy.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/21/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index ede437e273..80b40e5fdd 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_Help.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/03/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index 49ba7126b9..f4b99642f1 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_HelpAndSupport.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/03/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index 4f686073ae..56106a030b 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_HotSpotAuth.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/15/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index 50119589b1..757dd29c41 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_ICM.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/17/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index 737fc0a2a1..9310adaf97 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_IIS.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/17/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index 7fa8e61ea4..44fac81071 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_iSCSI.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/17/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index c8acf4a019..c0cab32903 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_kdc.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index 586d3b63ab..3838c7a105 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_Kerberos.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/12/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index 38ccfc6a29..4f59845591 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_LanmanServer.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index 728720ca70..7d6f194bfc 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_LanmanWorkstation.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index 08ee559f99..665083e58a 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -4,11 +4,11 @@ description: Learn about the Policy CSP - ADMX_LeakDiagnostic.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/17/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index f63de1ae5b..2360df199e 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_LinkLayerTopologyDiscovery.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/04/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index 7552129f46..ef3c5aaed0 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_LocationProviderAdm.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index f8a8aefb1f..636ace2a3b 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_Logon.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/21/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index f15a6eeac0..db7d591d25 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_MicrosoftDefenderAntivirus.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/19/2022
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index ceef59b3eb..cde0000329 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_MMC.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/03/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index 55e94494f7..ccb7e6b2d6 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_MMCSnapins.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/13/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
index 3de6bfa7fe..a6dc221389 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_MobilePCMobilityCenter.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
index 2fa545031f..1fefcaa209 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_MobilePCPresentationSettings.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/20/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index f5dcb18fd2..1c084d9952 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_MSAPolicy.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/14/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index 98fe49b298..8376d30476 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_msched.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/08/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 110b7c8cf8..4b04ef6231 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_MSDT.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/09/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index 6a85538f3e..bb0ca20459 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -4,11 +4,11 @@ description: Learn about Policy CSP - ADMX_MSI.
 ms.author: vinpa
 ms.localizationpriority: medium
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/16/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index ec16257683..9507fbe7e9 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -465,18 +465,18 @@ Value type is integer. Supported values:
 <!--/Scope-->
 <!--Description-->
 > [!Warning]
-> The Web Sign-in feature is in private preview mode only and not meant or recommended for production purposes. This setting is not currently supported at this time.
+> The Web sign-in feature is intended for recovery purposes in the event a password is not available as an authentication method. Web sign-in only supports Temporary Access Pass as an authentication method for Azure Active Directory, unless it is being used in a limited federated scope. 
 
-"Web Sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials, like Temporary Access Pass.
+"Web sign-in" is a new way of signing into a Windows PC. It enables Windows logon support for new Azure AD credentials, like Temporary Access Pass.
 
 > [!Note]
-> Web Sign-in is only supported on Azure AD Joined PCs.
+> Web sign-in is only supported on Azure AD Joined PCs.
 
 Value type is integer. Supported values:
 
 - 0 - (default) The feature defaults to the existing SKU and device capabilities.
-- 1 - Enabled. Web Credential Provider will be enabled for a sign in.
-- 2 - Disabled. Web Credential Provider won't be enabled for a sign in.
+- 1 - Enabled. Web Credential Provider will be enabled for a sign-in.
+- 2 - Disabled. Web Credential Provider won't be enabled for a sign-in.
 
 <!--/Description-->
 <!--SupportedValues-->
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 932ac039fd..c7f637d5a7 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -74,7 +74,7 @@ Secure Launch configuration:
 - 1 - Enables Secure Launch if supported by hardware
 - 2 - Disables Secure Launch.
 
-For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://cloudblogs.microsoft.com/microsoftsecure/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation/) and [How a hardware-based root of trust helps protect Windows 10](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows).
+For more information about System Guard, see [Introducing Windows Defender System Guard runtime attestation](https://www.microsoft.com/security/blog/2018/04/19/introducing-windows-defender-system-guard-runtime-attestation) and [How a hardware-based root of trust helps protect Windows 10](/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows).
 
 <!--/Description-->
 <!--ADMXMapped-->
@@ -256,4 +256,4 @@ The following list shows the supported values:
 
 ## Related topics
 
-[Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
+[Policy configuration service provider](policy-configuration-service-provider.md)
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index 391b5dc68e..7f72869d59 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -113,8 +113,7 @@ Steps to use this policy correctly:
 |HoloLens (first gen) Commercial Suite|No|
 |HoloLens 2|Yes|
 
-> [!NOTE]
-> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
 
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
@@ -160,7 +159,7 @@ Int value
 <hr/>
 
 <!--Description-->
-This can be enabled to allow for other apps to be launched with in a single app Kiosk, which may be useful, for example, if you want to launch the Settings app to calibrate your device or change your Wi-fi.
+This can be enabled to allow for other apps to be launched with in a single app Kiosk, which may be useful, for example, if you want to launch the Settings app to calibrate your device or change your Wi-Fi.
 
 By default, launching applications via Launcher API (Launcher Class (Windows.System) - Windows UWP applications) is disabled in single app kiosk mode. To enable applications to launch in single app kiosk mode on HoloLens devices, set the policy value to true.
 
@@ -341,10 +340,7 @@ Supported value is Integer.
 <!--/Scope-->
 <!--Description-->
 
-> [!NOTE]
-> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
-
-You may want to configure a different time server for your device fleet. IT admins can use thi policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy.
+You may want to configure a different time server for your device fleet. IT admins can use this policy to configure certain aspects of NTP client with following policies. In the Settings app, the Time/Language page will show the time server after a time sync has occurred. E.g. `time.windows.com` or another if another value is configured via MDM policy.
 
 This policy setting specifies a set of parameters for controlling the Windows NTP Client. Refer to [Policy CSP - ADMX_W32Time - Windows Client Management](/windows/client-management/mdm/policy-csp-admx-w32time#admx-w32time-policy-configure-ntpclient) for supported configuration parameters.
 
@@ -394,9 +390,6 @@ value="0"/>
 
 <!--/SupportedSKUs-->
 
-> [!NOTE]
-> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
-
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -609,8 +602,6 @@ The following list shows the supported values:
 
 <!--/Scope-->
 <!--Description-->
-> [!NOTE]
-> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
 
 This policy setting specifies whether the Windows NTP Client is enabled.
 
@@ -642,9 +633,6 @@ This policy setting specifies whether the Windows NTP Client is enabled.
 
 <!--/SupportedSKUs-->
 
-> [!NOTE]
-> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
-
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
 
@@ -678,8 +666,7 @@ The OMA-URI of new policy: `./Device/Vendor/MSFT/Policy/Config/MixedReality/Skip
 
 <!--/SupportedSKUs-->
 
-> [!NOTE]
-> This feature is currently only available in [HoloLens Insider](/hololens/hololens-insider) builds.
+
 
 <!--Scope-->
 [Scope](./policy-configuration-service-provider.md#policy-scope):
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index b4811cb896..27b86f10fb 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -59,7 +59,7 @@ manager: aaroncz
 <!--Description-->
 This policy setting provides the list of URLs (separated by Unicode character 0xF000) to endpoints accessible only within an enterprise's network. If any of the URLs can be resolved over HTTPS, the network would be considered authenticated.
 
-When entering a list of TLS endpoints in Microsoft Endpoint Manager, you must follow this format, even in the UI:
+When entering a list of TLS endpoints in Microsoft Intune, you must follow this format, even in the UI:
 
 `<![CDATA[https://nls.corp.contoso.com&#xF000;https://nls.corp.fabricam.com]]>`
 
@@ -107,6 +107,6 @@ This policy setting provides the string that is to be used to name a network. Th
 
 <!--/Policies-->
 
-## Related topics
+## Related articles
 
 [Policy configuration service provider](policy-configuration-service-provider.md)
\ No newline at end of file
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index aa2b3b9ef4..6b3389617f 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -3,11 +3,11 @@ title: UEFI CSP
 description: The Uefi CSP interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 10/02/2018
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md
index 8a5ce332a6..89a1f72465 100644
--- a/windows/client-management/mdm/uefi-ddf.md
+++ b/windows/client-management/mdm/uefi-ddf.md
@@ -3,11 +3,11 @@ title: UEFI DDF file
 description: Learn about the OMA DM device description framework (DDF) for the Uefi configuration service provider (CSP).
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 10/02/2018
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md
index 001fc121c8..b4e14b056c 100644
--- a/windows/client-management/mdm/unifiedwritefilter-csp.md
+++ b/windows/client-management/mdm/unifiedwritefilter-csp.md
@@ -1,12 +1,12 @@
 ---
 title: UnifiedWriteFilter CSP
 description: The UnifiedWriteFilter (UWF) configuration service provider allows you to remotely manage the UWF. Understand how it helps protect physical storage media.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md
index 72f53c6d59..c44499af11 100644
--- a/windows/client-management/mdm/unifiedwritefilter-ddf.md
+++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md
@@ -1,12 +1,12 @@
 ---
 title: UnifiedWriteFilter DDF File
 description: UnifiedWriteFilter DDF File
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/universalprint-csp.md b/windows/client-management/mdm/universalprint-csp.md
index 5feb529511..c004954f59 100644
--- a/windows/client-management/mdm/universalprint-csp.md
+++ b/windows/client-management/mdm/universalprint-csp.md
@@ -3,8 +3,8 @@ title: UniversalPrint CSP
 description: Learn how the UniversalPrint configuration service provider (CSP) is used to install printers on Windows client devices.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/02/2022
 ms.reviewer: jimwu
diff --git a/windows/client-management/mdm/universalprint-ddf-file.md b/windows/client-management/mdm/universalprint-ddf-file.md
index a3c8a08811..86b77653c2 100644
--- a/windows/client-management/mdm/universalprint-ddf-file.md
+++ b/windows/client-management/mdm/universalprint-ddf-file.md
@@ -3,8 +3,8 @@ title: UniversalPrint DDF file
 description: UniversalPrint DDF file
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/02/2022
 ms.reviewer: jimwu
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index e027f8aa00..fa7376a759 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -1,12 +1,12 @@
 ---
 title: Update CSP
 description: Learn how the Update configuration service provider (CSP) enables IT administrators to manage and control the rollout of new updates.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 02/23/2018
 ---
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index ea83f69b30..3e5be4786d 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: Update DDF file
 description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 02/23/2018
 ---
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index 4c6e172346..0ef20477a4 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -1,12 +1,12 @@
 ---
 title: VPN CSP
 description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 04/02/2017
 ---
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index e44a34731e..db77d0704f 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: VPN DDF file
 description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 31356e2621..ea73b10265 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -5,8 +5,8 @@ ms.reviewer: pesmith
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/21/2021
 ---
@@ -411,7 +411,7 @@ Supported operations include Get, Add, Replace, and Delete.
 Used to indicate the namespace to which the policy applies. When a Name query is issued, the DNS client compares the name in the query to all of the namespaces under DomainNameInformationList to find a match. This parameter can be one of the following types:
 
 - FQDN - Fully qualified domain name
-- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend.**.** to the DNS suffix.
+- Suffix - A domain suffix that will be appended to the shortname query for DNS resolution. To specify a suffix, prepend .**.** to the DNS suffix.
 
 Value type is chr. Supported operations include Get, Add, Replace, and Delete.
 
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index 3446055b9a..66de42bf56 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -5,8 +5,8 @@ ms.reviewer: pesmith
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 10/30/2020
 ---
diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md
index 6398ed6e10..bfca5ab7aa 100644
--- a/windows/client-management/mdm/vpnv2-profile-xsd.md
+++ b/windows/client-management/mdm/vpnv2-profile-xsd.md
@@ -1,12 +1,12 @@
 ---
 title: ProfileXML XSD
 description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 07/14/2020
 ---
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index e0fd9b6275..dea054addd 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -1,12 +1,12 @@
 ---
 title: w4 APPLICATION CSP
 description: Use an APPLICATION configuration service provider (CSP) that has an APPID of w4 to configure Multimedia Messaging Service (MMS).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md
index 0c88306677..e58f0e5922 100644
--- a/windows/client-management/mdm/w7-application-csp.md
+++ b/windows/client-management/mdm/w7-application-csp.md
@@ -1,12 +1,12 @@
 ---
 title: w7 APPLICATION CSP
 description: Learn that the APPLICATION configuration service provider (CSP) that has an APPID of w7 is used for bootstrapping a device with an OMA DM account.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index c025bf6ec4..0df64e0109 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -1,12 +1,12 @@
 ---
 title: WiFi CSP
 description: The WiFi configuration service provider (CSP) provides the functionality to add or delete Wi-Fi networks on a Windows device.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/18/2019
 ---
@@ -54,7 +54,7 @@ WiFi
 The following list shows the characteristics and parameters.
 
 <a href="" id="wifi"></a>**Device or User profile**
-For user profile, use .`/User/Vendor/MSFT/Wifi` path and for device profile, use `./Device/Vendor/MSFT/Wifi` path.
+For user profile, use `./User/Vendor/MSFT/Wifi` path and for device profile, use `./Device/Vendor/MSFT/Wifi` path.
 
 <a href="" id="profile"></a>**Profile**
 Identifies the Wi-Fi network configuration. Each Wi-Fi network configuration is represented by a profile object. This network profile includes all the information required for the device to connect to that network – for example, the SSID, authentication and encryption methods and passphrase if there's WEP or WPA2 networks.
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index f2a53dc84b..a6b9b70daf 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: WiFi DDF file
 description: Learn about the OMA DM device description framework (DDF) for the WiFi configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/28/2018
 ---
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index 0cc696cfdb..c0862b854f 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -1,12 +1,12 @@
 ---
 title: Win32AppInventory CSP
 description: Learn how the Win32AppInventory configuration service provider (CSP) is used to provide an inventory of installed applications on a device.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md
index 9f2d2298b4..8825199231 100644
--- a/windows/client-management/mdm/win32appinventory-ddf-file.md
+++ b/windows/client-management/mdm/win32appinventory-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: Win32AppInventory DDF file
 description: Learn about the OMA DM device description framework (DDF) for the Win32AppInventory configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index 07fdbf9364..9f3d0f3181 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -3,11 +3,11 @@ title: Win32CompatibilityAppraiser CSP
 description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telemetry health.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 07/19/2018
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
@@ -109,7 +109,7 @@ Value type is integer.
 Supported operation is Get.
 
 <a href="" id="compatibilityappraiser-appraiserconfigurationdiagnosis-rebootpending"></a>**CompatibilityAppraiser/AppraiserConfigurationDiagnosis/RebootPending**
-A boolean value representing whether a reboot is pending on this computer. A newly-installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
+A boolean value representing whether a reboot is pending on this computer. A newly installed version of the Compatibility Appraiser may require a reboot before useful data is able to be sent.
 
 Value type is bool.
 
@@ -682,4 +682,4 @@ For the report XML schema, see [Windows Error Reporting connection report](#wind
 
 ## Related topics
 
-[Configuration service provider reference](index.yml)
\ No newline at end of file
+[Configuration service provider reference](index.yml)
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
index 59b68ae164..9fec57ce5d 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@@ -3,11 +3,11 @@ title: Win32CompatibilityAppraiser DDF file
 description: Learn about the XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 07/19/2018
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index af34c66886..917d96da7b 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -1,12 +1,12 @@
 ---
 title: WindowsAdvancedThreatProtection CSP
 description: The Windows Defender Advanced Threat Protection (WDATP) CSP allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/01/2017
 ---
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 88f7963c28..b1cbacd77d 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -2,12 +2,12 @@
 title: WindowsAdvancedThreatProtection DDF file
 description: Learn about the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP).
 ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 12/05/2017
 ---
diff --git a/windows/client-management/mdm/windowsautopilot-csp.md b/windows/client-management/mdm/windowsautopilot-csp.md
index b92231671c..34d9296f84 100644
--- a/windows/client-management/mdm/windowsautopilot-csp.md
+++ b/windows/client-management/mdm/windowsautopilot-csp.md
@@ -1,12 +1,12 @@
 ---
 title: WindowsAutopilot CSP
 description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 05/09/2022
 ---
diff --git a/windows/client-management/mdm/windowsautopilot-ddf-file.md b/windows/client-management/mdm/windowsautopilot-ddf-file.md
index 551d857ce8..8d6ee2e942 100644
--- a/windows/client-management/mdm/windowsautopilot-ddf-file.md
+++ b/windows/client-management/mdm/windowsautopilot-ddf-file.md
@@ -1,13 +1,13 @@
 ---
 title: WindowsAutopilot DDF file
-description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, for the WindowsAutopilot DDF file configuration service provider (CSP) .
+description: Learn how, without the ability to mark a device as remediation required, the device will remain in a broken state for the WindowsAutopilot DDF file configuration service provider (CSP).
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 02/07/2022
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
@@ -77,4 +77,4 @@ Looking for the DDF XML files? See [CSP DDF files download](configuration-servic
 
 ## Related topics
 
-[WindowsAutopilot configuration service provider](windowsautopilot-csp.md)
\ No newline at end of file
+[WindowsAutopilot configuration service provider](windowsautopilot-csp.md)
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 184b0bbad8..32799b0ffd 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -3,11 +3,11 @@ title: WindowsDefenderApplicationGuard CSP
 description: Configure the settings in Microsoft Defender Application Guard by using the WindowsDefenderApplicationGuard configuration service provider (CSP).
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 11/02/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index 393b8c0a28..1c659fd2d1 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -3,11 +3,11 @@ title: WindowsDefenderApplicationGuard DDF file
 description: Learn about the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider (CSP).
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/10/2018
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index c418d82de4..1b912a214a 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -1,12 +1,12 @@
 ---
 title: WindowsLicensing CSP
 description: Learn how the WindowsLicensing configuration service provider (CSP) is designed for licensing related management scenarios.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/15/2018
 ---
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index 07afe1f8ae..00f97205ee 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -1,12 +1,12 @@
 ---
 title: WindowsLicensing DDF file
 description: Learn about the OMA DM device description framework (DDF) for the WindowsLicensing configuration service provider (CSP).
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 07/16/2017
 ---
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
index 509a6c9f68..ecbdc67678 100644
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -3,11 +3,11 @@ title: WiredNetwork CSP
 description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that don't have GP. Learn how it works.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/27/2018
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
index f2d38e308a..95d8425592 100644
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -3,11 +3,11 @@ title: WiredNetwork DDF file
 description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/28/2018
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/mobile-device-enrollment.md b/windows/client-management/mobile-device-enrollment.md
index b161e96c13..93b93d3872 100644
--- a/windows/client-management/mobile-device-enrollment.md
+++ b/windows/client-management/mobile-device-enrollment.md
@@ -5,8 +5,8 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 08/11/2017
 ms.collection: highpri
diff --git a/windows/client-management/new-in-windows-mdm-enrollment-management.md b/windows/client-management/new-in-windows-mdm-enrollment-management.md
index d94df5a96f..b87e711db8 100644
--- a/windows/client-management/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/new-in-windows-mdm-enrollment-management.md
@@ -1,15 +1,15 @@
 ---
 title: What's new in MDM enrollment and management
 description: Discover what's new and breaking changes in Windows 10 and Windows 11 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
-MS-HAID:
+MS-HAID: 
   - 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview'
   - 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management'
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.date: 09/16/2022
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index 5bc9aad966..0adc1b4483 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -4,11 +4,12 @@ description: Learn how Windows 10 includes new policies for management, like Gro
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.prod: w10
+ms.prod: windows-client
 author: vinaypamnani-msft
 ms.localizationpriority: medium
 ms.date: 09/15/2021
 ms.topic: reference
+ms.technology: itpro-manage
 ---
 
 # New policies for Windows 10
diff --git a/windows/client-management/oma-dm-protocol-support.md b/windows/client-management/oma-dm-protocol-support.md
index 4c825aaa5f..d87cd9db0c 100644
--- a/windows/client-management/oma-dm-protocol-support.md
+++ b/windows/client-management/oma-dm-protocol-support.md
@@ -1,12 +1,12 @@
 ---
 title: OMA DM protocol support
 description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/on-premise-authentication-device-enrollment.md b/windows/client-management/on-premise-authentication-device-enrollment.md
index 129f2a8aae..daf5a628d7 100644
--- a/windows/client-management/on-premise-authentication-device-enrollment.md
+++ b/windows/client-management/on-premise-authentication-device-enrollment.md
@@ -5,8 +5,8 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/push-notification-windows-mdm.md b/windows/client-management/push-notification-windows-mdm.md
index 318cb768bb..712795c303 100644
--- a/windows/client-management/push-notification-windows-mdm.md
+++ b/windows/client-management/push-notification-windows-mdm.md
@@ -1,15 +1,15 @@
 ---
 title: Push notification support for device management
 description: The DMClient CSP supports the ability to configure push-initiated device management sessions.
-MS-HAID:
+MS-HAID: 
   - 'p\_phdevicemgmt.push\_notification\_support\_for\_device\_management'
   - 'p\_phDeviceMgmt.push\_notification\_windows\_mdm'
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/22/2017
 ---
diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md
index 0b4918cbd6..475721a37f 100644
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@@ -1,9 +1,9 @@
 ---
 title: Use Quick Assist to help users
 description: How IT Pros can use Quick Assist to help users.
-ms.prod: w10
+ms.prod: windows-client
 ms.topic: article
-ms.technology: windows
+ms.technology: itpro-manage
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.author: vinpa
@@ -30,30 +30,27 @@ The helper can authenticate when they sign in by using a Microsoft account (MSA)
 
 ### Network considerations
 
-Quick Assist communicates over port 443 (https) and connects to the Remote Assistance Service at `https://remoteassistance.support.services.microsoft.com` by using the Remote Desktop Protocol (RDP). The traffic is encrypted with TLS 1.2.
-
-Both the helper and sharer must be able to reach these endpoints over port 443:
+Quick Assist communicates over port 443 (https) and connects to the Remote Assistance Service at `https://remoteassistance.support.services.microsoft.com` by using the Remote Desktop Protocol (RDP). The traffic is encrypted with TLS 1.2. Both the helper and sharer must be able to reach these endpoints over port 443:
 
 | Domain/Name | Description |
 |--|--|
-| `*.api.support.microsoft.com` | API access for Quick Assist |
-| `*.aria.microsoft.com` | Used for accessibility features within the app |
-| `*.cc.skype.com` | Azure Communication Service for chat and connection between parties |
-| `*.channelservices.microsoft.com` | Required for chat services within Quick Assist |
-| `*.channelwebsdks.azureedge.net` | Used for chat services within Quick Assist |
-| `*.edgeassetservice.azureedge.net` | Used for diagnostic data |
-| `*.flightproxy.skype.com` | Azure Communication Service for chat and connection between parties |
-| `*.login.microsoftonline.com` | Required for logging in to the application (Microsoft account) |
-| `*.monitor.azure.com` | Service Performance Monitoring |
-| `*.registrar.skype.com` | Azure Communication Service for chat and connection between parties. |
-| `*.remoteassistanceprodacs.communication.azure.com` | Azure Communication Services (ACS) technology the Quick Assist app uses. |
+| `*.aria.microsoft.com` | Accessible Rich Internet Applications (ARIA) service for providing accessible experiences to users. |
+| `*.cc.skype.com` | Required for Azure Communication Service. |
+| `*.events.data.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. |
+| `*.flightproxy.skype.com` | Required for Azure Communication Service. |
+| `*.live.com` | Required for logging in to the application (MSA). |
+| `*.monitor.azure.com` | Required for telemetry and remote service initialization. |
+| `*.registrar.skype.com` | Required for Azure Communication Service. |
 | `*.support.services.microsoft.com` | Primary endpoint used for Quick Assist application |
-| `*.trouter.skype.com` | Azure Communication Service for chat and connection between parties. |
-| `*.turn.azure.com` | Protocol used to help endpoint. |
-| `*.vortex.data.microsoft.com` | Used for diagnostic data |
-| `browser.pipe.aria.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. |
-| `edge.skype.com` | Azure Communication Service for chat and connection between parties. |
-| `events.data.microsoft.com` | Required diagnostic data for client and services used by Quick Assist. |
+| `*.trouter.skype.com` | Used for Azure Communication Service for chat and connection between parties. |
+| `aadcdn.msauth.net` | Required for logging in to the application (AAD). |
+| `edge.skype.com` | Used for Azure Communication Service for chat and connection between parties. |
+| `login.microsoftonline.com` | Required for Microsoft login service. |
+| `remoteassistanceprodacs.communication.azure.com` | Used for Azure Communication Service for chat and connection between parties. |
+| `turn.azure.com` | Required for Azure Communication Service. |
+
+> [!IMPORTANT]
+> Quick Assist uses Edge WebView2 browser control. For a list of domain URLs that you need to add to the allow list to ensure that the Edge WebView2 browser control can be installed and updated, see [Allow list for Microsoft Edge endpoints](/deployedge/microsoft-edge-security-endpoints).
 
 ## How it works
 
@@ -123,13 +120,13 @@ For more information, visit [Install Quick Assist](https://support.microsoft.com
 
 Before installing Quick Assist, you'll need to set up synchronization between Intune and Microsoft Store for Business. If you've already set up sync, log into [Microsoft Store for Business](https://businessstore.microsoft.com) and skip to step 5.
 
-1. Go to [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/) and navigate to **Tenant administration** / **Connectors and tokens** / **Microsoft Store for Business** and verify that **Microsoft Store for Business sync** is set to **Enable**.
+1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Tenant administration** / **Connectors and tokens** / **Microsoft Store for Business** and verify that **Microsoft Store for Business sync** is set to **Enable**.
 1. Using your Global Admin account, log into [Microsoft Store for Business](https://businessstore.microsoft.com).
 1. Select **Manage** / **Settings** and turn on **Show offline apps**.
 1. Choose the **Distribute** tab and verify that **Microsoft Intune** is **Active**. You may need to use the **+Add management tool** link if it's not.
 1. Search for **Quick Assist** and select it from the Search results.
 1. Choose the **Offline** license and select **Get the app**
-1. From the Intune portal (Endpoint Manager admin center) choose **Sync**.
+1. In the Endpoint Manager admin center, choose **Sync**.
 1. Navigate to **Apps** / **Windows** and you should see **Quick Assist (Offline)** in the list.
 1. Select it to view its properties. By default, the app won't be assigned to anyone or any devices, select the **Edit** link.
 1. Assign the app to the required group of devices and choose **Review + save** to complete the application install.
diff --git a/windows/client-management/reclaim-seat-from-user.md b/windows/client-management/reclaim-seat-from-user.md
index bdd37fcbbe..f6508be544 100644
--- a/windows/client-management/reclaim-seat-from-user.md
+++ b/windows/client-management/reclaim-seat-from-user.md
@@ -5,8 +5,8 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 05/05/2020
 ---
diff --git a/windows/client-management/register-your-free-azure-active-directory-subscription.md b/windows/client-management/register-your-free-azure-active-directory-subscription.md
index c73053417b..2d326ac269 100644
--- a/windows/client-management/register-your-free-azure-active-directory-subscription.md
+++ b/windows/client-management/register-your-free-azure-active-directory-subscription.md
@@ -5,8 +5,8 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/rest-api-reference-windows-store-for-business.md b/windows/client-management/rest-api-reference-windows-store-for-business.md
index 3dc28440bd..526f7f8c83 100644
--- a/windows/client-management/rest-api-reference-windows-store-for-business.md
+++ b/windows/client-management/rest-api-reference-windows-store-for-business.md
@@ -8,8 +8,8 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 09/18/2017
 ---
diff --git a/windows/client-management/server-requirements-windows-mdm.md b/windows/client-management/server-requirements-windows-mdm.md
index 1f89f971a0..c0a307103f 100644
--- a/windows/client-management/server-requirements-windows-mdm.md
+++ b/windows/client-management/server-requirements-windows-mdm.md
@@ -8,8 +8,8 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/structure-of-oma-dm-provisioning-files.md b/windows/client-management/structure-of-oma-dm-provisioning-files.md
index 790d0e2e79..5e5008f0eb 100644
--- a/windows/client-management/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/structure-of-oma-dm-provisioning-files.md
@@ -1,12 +1,12 @@
 ---
 title: Structure of OMA DM provisioning files
 description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/understanding-admx-backed-policies.md b/windows/client-management/understanding-admx-backed-policies.md
index f61c7698e1..4a730f6508 100644
--- a/windows/client-management/understanding-admx-backed-policies.md
+++ b/windows/client-management/understanding-admx-backed-policies.md
@@ -3,11 +3,11 @@ title: Understanding ADMX policies
 description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 03/23/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
index d42e777b93..5c5b946138 100644
--- a/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -5,8 +5,8 @@ ms.reviewer:
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/win32-and-centennial-app-policy-configuration.md b/windows/client-management/win32-and-centennial-app-policy-configuration.md
index e64d03da7e..830640d4c2 100644
--- a/windows/client-management/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/win32-and-centennial-app-policy-configuration.md
@@ -3,11 +3,11 @@ title: Win32 and Desktop Bridge app ADMX policy Ingestion
 description: Starting in Windows 10, version 1703, you can ingest ADMX files and set those ADMX policies for Win32 and Desktop Bridge apps.
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 03/23/2020
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ---
 
diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md
index 2ec424585c..89b5f46cfd 100644
--- a/windows/client-management/windows-libraries.md
+++ b/windows/client-management/windows-libraries.md
@@ -2,10 +2,10 @@
 ms.reviewer: 
 manager: aaroncz
 title: Windows Libraries
-ms.prod: windows-server-threshold
+ms.prod: windows-client
 ms.author: vinpa
 ms.manager: dongill
-ms.technology: storage
+ms.technology: itpro-manage
 ms.topic: article
 author: vinaypamnani-msft
 description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
diff --git a/windows/client-management/windows-mdm-enterprise-settings.md b/windows/client-management/windows-mdm-enterprise-settings.md
index b9eadf5502..c773fbc2ea 100644
--- a/windows/client-management/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/windows-mdm-enterprise-settings.md
@@ -1,15 +1,15 @@
 ---
 title: Enterprise settings, policies, and app management
 description: The DM client manages the interaction between a device and a server. Learn more about the client-server management workflow.
-MS-HAID:
+MS-HAID: 
   - 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management'
   - 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings'
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md
index 939d36455a..0ca2a86f1e 100644
--- a/windows/client-management/windows-version-search.md
+++ b/windows/client-management/windows-version-search.md
@@ -2,7 +2,7 @@
 title: What version of Windows am I running?
 description: Discover which version of Windows you're running to determine whether or not your device is enrolled in the Long-Term Servicing Channel or General Availability Channel.
 keywords: Long-Term Servicing Channel, LTSC, LTSB, General Availability Channel, GAC, Windows, version, OS Build
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: vinaypamnani-msft
@@ -11,6 +11,7 @@ ms.date: 04/30/2018
 ms.reviewer: 
 manager: aaroncz
 ms.topic: troubleshooting
+ms.technology: itpro-manage
 ---
 
 # What version of Windows am I running?
diff --git a/windows/client-management/wmi-providers-supported-in-windows.md b/windows/client-management/wmi-providers-supported-in-windows.md
index d4efdf99e2..3d701812c0 100644
--- a/windows/client-management/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/wmi-providers-supported-in-windows.md
@@ -1,15 +1,15 @@
 ---
 title: WMI providers supported in Windows 10
 description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI).
-MS-HAID:
+MS-HAID: 
   - 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview'
   - 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows'
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.topic: article
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-manage
 author: vinaypamnani-msft
 ms.date: 06/26/2017
 ---
diff --git a/windows/configuration/TOC.yml b/windows/configuration/TOC.yml
index 177b63d3e2..ff2dba8be7 100644
--- a/windows/configuration/TOC.yml
+++ b/windows/configuration/TOC.yml
@@ -327,7 +327,7 @@
                   href: ue-v/uev-manage-configurations.md
                 - name: Configuring UE-V with Group Policy Objects
                   href: ue-v/uev-configuring-uev-with-group-policy-objects.md
-                - name: Configuring UE-V with Microsoft Endpoint Configuration Manager
+                - name: Configuring UE-V with Microsoft Configuration Manager
                   href: ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
                 - name: Administering UE-V with Windows PowerShell and WMI
                   href: ue-v/uev-administering-uev-with-windows-powershell-and-wmi.md
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
index 350a9ffd87..d41be6da7b 100644
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ b/windows/configuration/changes-to-start-policies-in-windows-10.md
@@ -3,12 +3,13 @@ title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
 description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
 ms.reviewer: 
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 11/28/2017
+ms.technology: itpro-configure
 ---
 
 # Changes to Group Policy settings for Windows 10 Start
diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md
index 53a58baf77..a90fd2bb19 100644
--- a/windows/configuration/configure-windows-10-taskbar.md
+++ b/windows/configuration/configure-windows-10-taskbar.md
@@ -2,7 +2,7 @@
 title: Configure Windows 10 taskbar (Windows 10)
 description: Administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
 keywords: [taskbar layout, pin apps]
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: lizgt2000
@@ -13,6 +13,7 @@ ms.date: 01/18/2018
 ms.reviewer: 
 manager: aaroncz
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 # Configure Windows 10 taskbar
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-crm.md b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
index 3790905b51..404702922b 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-crm.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-crm.md
@@ -1,13 +1,14 @@
 ---
 title: Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in Windows
 description: How to set up Cortana to give salespeople insights on important CRM activities, including sales leads, accounts, and opportunities.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Set up and test Cortana with Microsoft Dynamics CRM (Preview feature) in your organization
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
index 0f3bf0b348..c40796bd2a 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-feedback.md
@@ -1,13 +1,14 @@
 ---
 title: Send feedback about Cortana at work back to Microsoft
-description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues..
-ms.prod: w10
+description: Learn how to send feedback to Microsoft about Cortana at work so you can provide more information to help diagnose reported issues.
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Send feedback about Cortana back to Microsoft
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-o365.md b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
index 1d18b8d49d..ad09a7c543 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-o365.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-o365.md
@@ -1,7 +1,7 @@
 ---
 title: Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
 description: Learn how to connect Cortana to Office 365 so employees are notified about regular meetings and unusual events. You can even set an alarm for early meetings.
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: aczechowski
@@ -10,6 +10,7 @@ ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Set up and test Cortana in Windows 10, versions 1909 and earlier, with Microsoft 365 in your organization
@@ -29,7 +30,7 @@ There are a few things to be aware of before you start using Cortana in Windows
 
 - **Office 365 Trust Center.** Cortana in Windows 10, version 1909 and earlier, isn&#39;t a service governed by the [Online Services Terms](https://www.microsoft.com/en-us/licensing/product-licensing/products). [Learn more about how Cortana in Windows 10, versions 1909 and earlier, treats your data](https://support.microsoft.com/en-us/help/4468233/cortana-and-privacy-microsoft-privacy).
 
-- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use WIP, you must also have a management solution. This solution can be Microsoft Intune, Microsoft Endpoint Manager (version 1606 or later), or your current company-wide third-party mobile device management (MDM) solution.
+- Windows Information Protection (WIP). If you want to secure the calendar, email, and contact info provided to Cortana on a device, you can use WIP. For more info about WIP, see [Protect your enterprise data using Windows Information Protection (WIP)](/windows/threat-protection/windows-information-protection/protect-enterprise-data-using-wip). If you decide to use WIP, you must also have a management solution. This solution can be Microsoft Intune, Configuration Manager (version 1606 or later), or your current company-wide third-party mobile device management (MDM) solution.
 
 - **Troubleshooting tips.** If you run into issues, check out these [troubleshooting tips](/office365/troubleshoot/miscellaneous/issues-in-cortana).
 
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-overview.md b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
index 81cc7d9dff..f19e425791 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-overview.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-overview.md
@@ -3,10 +3,11 @@ title: Configure Cortana in Windows 10 and Windows 11
 ms.reviewer: 
 manager: dougeby
 description: Cortana includes powerful configuration options specifically to optimize for unique small to medium-sized business and for enterprise environments.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
+ms.technology: itpro-configure
 ---
 
 # Configure Cortana in Windows 10 and Windows 11
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
index 97966260a0..479f178665 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-policy-settings.md
@@ -1,12 +1,13 @@
 ---
 title: Configure Cortana with Group Policy and MDM settings (Windows)
 description: The list of Group Policy and mobile device management (MDM) policy settings that apply to Cortana at work.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Use Group Policy and mobile device management (MDM) settings to configure Cortana in your organization
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
index fd81d85f3a..daec3595bb 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-powerbi.md
@@ -1,13 +1,14 @@
 ---
 title: Set up and test Cortana for Power BI in your organization (Windows)
 description: How to integrate Cortana with Power BI to help your employees get answers directly from your key business data.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Set up and test Cortana for Power BI in your organization
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
index f19d6c310d..9d10404c6d 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-1.md
@@ -1,12 +1,13 @@
 ---
 title: Sign into Azure AD, enable the wake word, and try a voice query
 description: A test scenario walking you through signing in and managing the notebook.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 1 – Sign into Azure AD, enable the wake word, and try a voice query
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
index 32d197bae2..d31430c312 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-2.md
@@ -1,13 +1,14 @@
 ---
 title: Perform a quick search with Cortana at work (Windows)
 description: This scenario is a test scenario about how to perform a quick search with Cortana at work.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 2 – Perform a Bing search with Cortana
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
index f6d46feb8f..48b5bfd328 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-3.md
@@ -1,13 +1,14 @@
 ---
 title: Set a reminder for a location with Cortana at work (Windows)
 description: A test scenario about how to set a location-based reminder using Cortana at work.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 3 - Set a reminder
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
index 582e780d1f..0ce5972f23 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-4.md
@@ -1,13 +1,14 @@
 ---
 title: Use Cortana at work to find your upcoming meetings (Windows)
 description: A test scenario on how to use Cortana at work to find your upcoming meetings.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 4 - Use Cortana to find free time on your calendar for your upcoming meetings.
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
index 5085f7608d..0111aba809 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-5.md
@@ -1,13 +1,14 @@
 ---
 title: Use Cortana to send email to a co-worker (Windows)
 description: A test scenario about how to use Cortana at work to send email to a co-worker.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 5 - Test scenario 5 – Find out about a person
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
index dcc810fb0f..a6c2d4c3bb 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-6.md
@@ -1,13 +1,14 @@
 ---
 title: Review a reminder suggested by Cortana (Windows)
 description: A test scenario on how to use Cortana with the Suggested reminders feature.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 6 – Change your language and perform a quick search with Cortana
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
index 942d908f2b..e8caaf8cf3 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-scenario-7.md
@@ -1,13 +1,14 @@
 ---
 title: Help protect data with Cortana and WIP (Windows)
 description: An optional test scenario about how to use Cortana at work with Windows Information Protection (WIP).
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 7 - Use Cortana and Windows Information Protection (WIP) to help protect your organization’s data on a device
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
index 55023907da..19dce90d45 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-testing-scenarios.md
@@ -1,13 +1,14 @@
 ---
 title: Cortana at work testing scenarios
 description: Suggested testing scenarios that you can use to test Cortana in your organization.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 06/28/2021
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Cortana at work testing scenarios
diff --git a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
index d38268d716..26f401808e 100644
--- a/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
+++ b/windows/configuration/cortana-at-work/cortana-at-work-voice-commands.md
@@ -1,13 +1,14 @@
 ---
 title: Set up and test custom voice commands in Cortana for your organization (Windows)
 description: How to create voice commands that use Cortana to perform voice-enabled actions in your line-of-business (LOB) Universal Windows Platform (UWP) apps.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Set up and test custom voice commands in Cortana for your organization
@@ -30,27 +31,27 @@ To enable voice commands in Cortana
 
     - **Start Cortana removing focus from your app, using specific voice-enabled statements.** [Activate a background app in Cortana using voice commands](/cortana/voice-commands/launch-a-background-app-with-voice-commands-in-cortana).
 
-2.	**Install the VCD file on employees' devices**. You can use Microsoft Endpoint Manager or Microsoft Intune to deploy and install the VCD file on your employees' devices, the same way you deploy and install any other package in your organization.
+2.	**Install the VCD file on employees' devices**. You can use Configuration Manager or Microsoft Intune to deploy and install the VCD file on your employees' devices, the same way you deploy and install any other package in your organization.
 
 ## Test scenario: Use voice commands in a Microsoft Store app
 While these apps aren't line-of-business apps, we've worked to make sure to implement a VCD file, allowing you to test how the functionality works with Cortana in your organization.
 
 **To get a Microsoft Store app**
-1. Go to the Microsoft Store, scroll down to the **Collections** area, click **Show All**, and then click **Better with Cortana**.
+1. Go to the Microsoft Store, scroll down to the **Collections** area, select **Show All**, and then select **Better with Cortana**.
 
-2. Click **Uber**, and then click **Install**.
+2. Select **Uber**, and then select **Install**.
 
 3. Open Uber, create an account or sign in, and then close the app.
 
 **To set up the app with Cortana**
-1. Click on the **Cortana** search box in the taskbar, and then click the **Notebook** icon.
+1. Select on the **Cortana** search box in the taskbar, and then select the **Notebook** icon.
 
-2. Click on **Connected Services**, click **Uber**, and then click **Connect**.
+2. Select on **Connected Services**, select **Uber**, and then select **Connect**.
 
     ![Cortana at work, showing where to connect the Uber service to Cortana.](../images/cortana-connect-uber.png)
 
 **To use the voice-enabled commands with Cortana**
-1. Click on the **Cortana** icon in the taskbar, and then click the **Microphone** icon (to the right of the **Search** box).
+1. Select on the **Cortana** icon in the taskbar, and then select the **Microphone** icon (to the right of the **Search** box).
 
 2. Say _Uber get me a taxi_.
 
diff --git a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
index 2a50408b60..53ab837468 100644
--- a/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
+++ b/windows/configuration/cortana-at-work/set-up-and-test-cortana-in-windows-10.md
@@ -3,10 +3,11 @@ title: Set up and test Cortana in Windows 10, version 2004 and later
 ms.reviewer: 
 manager: dougeby
 description: Cortana includes powerful configuration options specifically to optimize unique small to medium-sized business and enterprise environments.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
+ms.technology: itpro-configure
 ---
 
 # Set up and test Cortana in Windows 10, version 2004 and later
diff --git a/windows/configuration/cortana-at-work/test-scenario-1.md b/windows/configuration/cortana-at-work/test-scenario-1.md
index d11ddd9fbf..c3456c0ae6 100644
--- a/windows/configuration/cortana-at-work/test-scenario-1.md
+++ b/windows/configuration/cortana-at-work/test-scenario-1.md
@@ -1,13 +1,14 @@
 ---
 title: Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
 description: A test scenario about how to sign in with your work or school account and use Cortana to manage the notebook.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 1 – Sign in with your work or school account and use Cortana to manage the notebook
diff --git a/windows/configuration/cortana-at-work/test-scenario-2.md b/windows/configuration/cortana-at-work/test-scenario-2.md
index f9128ac53e..2a7d33cdbf 100644
--- a/windows/configuration/cortana-at-work/test-scenario-2.md
+++ b/windows/configuration/cortana-at-work/test-scenario-2.md
@@ -1,13 +1,14 @@
 ---
 title: Test scenario 2 - Perform a quick search with Cortana at work
 description: A test scenario about how to perform a quick search with Cortana at work.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 2 – Perform a quick search with Cortana at work
diff --git a/windows/configuration/cortana-at-work/test-scenario-3.md b/windows/configuration/cortana-at-work/test-scenario-3.md
index 0bef2a7ad9..1724baee87 100644
--- a/windows/configuration/cortana-at-work/test-scenario-3.md
+++ b/windows/configuration/cortana-at-work/test-scenario-3.md
@@ -1,13 +1,14 @@
 ---
 title: Test scenario 3 - Set a reminder for a specific location using Cortana at work
 description: A test scenario about how to set up, review, and edit a reminder based on a location.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 3 - Set a reminder for a specific location using Cortana at work
diff --git a/windows/configuration/cortana-at-work/test-scenario-4.md b/windows/configuration/cortana-at-work/test-scenario-4.md
index 45d2df199c..8cad2a9dab 100644
--- a/windows/configuration/cortana-at-work/test-scenario-4.md
+++ b/windows/configuration/cortana-at-work/test-scenario-4.md
@@ -1,13 +1,14 @@
 ---
 title: Use Cortana to find your upcoming meetings at work (Windows)
 description: A test scenario about how to use Cortana at work to find your upcoming meetings.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 4 - Use Cortana to find your upcoming meetings at work
diff --git a/windows/configuration/cortana-at-work/test-scenario-5.md b/windows/configuration/cortana-at-work/test-scenario-5.md
index 4a890aca59..d3b93dd8a0 100644
--- a/windows/configuration/cortana-at-work/test-scenario-5.md
+++ b/windows/configuration/cortana-at-work/test-scenario-5.md
@@ -1,13 +1,14 @@
 ---
 title: Use Cortana to send an email to co-worker (Windows)
 description: A test scenario on how to use Cortana at work to send email to a co-worker.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 5 - Use Cortana to send an email to co-worker
diff --git a/windows/configuration/cortana-at-work/test-scenario-6.md b/windows/configuration/cortana-at-work/test-scenario-6.md
index 8a9d2fec64..fbd5290713 100644
--- a/windows/configuration/cortana-at-work/test-scenario-6.md
+++ b/windows/configuration/cortana-at-work/test-scenario-6.md
@@ -1,13 +1,14 @@
 ---
 title: Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
 description: A test scenario about how to use Cortana with the Suggested reminders feature.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Test scenario 6 - Review a reminder suggested by Cortana based on what you’ve promised in email
diff --git a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
index b62794ff0f..701b2f4f58 100644
--- a/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
+++ b/windows/configuration/cortana-at-work/testing-scenarios-using-cortana-in-business-org.md
@@ -1,13 +1,14 @@
 ---
 title: Testing scenarios using Cortana in your business or organization
 description: A list of suggested testing scenarios that you can use to test Cortana in your organization.
-ms.prod: w10
+ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.author: aaroncz
 ms.date: 10/05/2017
 ms.reviewer: 
 manager: dougeby
+ms.technology: itpro-configure
 ---
 
 # Testing scenarios using Cortana in your business or organization
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index 747d7491b2..77f7406fb8 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -3,13 +3,14 @@ title: Customize and export Start layout (Windows 10)
 description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
 ms.reviewer: 
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 09/18/2018
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 
 # Customize and export Start layout
diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
index d50036f2c7..7aea595911 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -4,10 +4,11 @@ description: Export Start layout to LayoutModification.json with pinned apps, an
 manager: aaroncz
 ms.author: lizlong
 ms.reviewer: ericpapa
-ms.prod: w11
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 
 # Customize the Start menu layout on Windows 11
@@ -24,17 +25,17 @@ For example, you can override the default set of apps with your own a set of pin
 
 To add apps you want pinned to the Start menu, you use a JSON file. In previous Windows versions, IT administrators used an XML file to customize the Start menu. The XML file isn't available on Windows 11 and later ***unless*** [you're an OEM](/windows-hardware/customize/desktop/customize-the-windows-11-start-menu).
 
-This article shows you how to export an existing Start menu layout, and use the JSON in a Microsoft Endpoint Manager policy.
+This article shows you how to export an existing Start menu layout, and use the JSON in a Microsoft Intune policy.
 
 ## Before you begin
 
 - When you customize the Start layout, you overwrite the entire full layout. A partial Start layout isn't available. Users can pin and unpin apps, and uninstall apps from Start. You can't prevent users from changing the layout.
 
-- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
 
   In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
 
-  - [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
+  - [Endpoint Management at Microsoft](/mem/endpoint-manager-overview)
   - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
   - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
 
@@ -54,7 +55,7 @@ Start has the following areas:
 
   The [Start/HideFrequentlyUsedApps CSP](/windows/client-management/mdm/policy-csp-start#start-hidefrequentlyusedapps) exposes settings that configure the "Most used" section, which is at the top of the all apps list.
 
-  In **Endpoint Manager**, you can configure this Start menu layout feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
+  In **Intune**, you can configure this Start menu layout feature, and more. For more information on the Start menu settings you can configure in an Intune policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
 
   In **Group Policy**, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
 
@@ -65,7 +66,7 @@ Start has the following areas:
 
   The  [Start/HideRecentJumplists CSP](/windows/client-management/mdm/policy-csp-start#start-hiderecentjumplists) exposes settings that prevent files from showing in this section. This CSP also hides recent files that show from the taskbar.
 
-  In **Endpoint Manager**, you can configure this feature, and more. For more information on the Start menu settings you can configure in an Endpoint Manager policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
+  In **Intune**, you can configure this feature, and more. For more information on the Start menu settings you can configure in an Intune policy, see [Windows 10/11 device settings to allow or restrict features](/mem/intune/configuration/device-restrictions-windows-10#start).
 
   In **Group Policy**, there are policies that include settings that control the Start menu layout. Some policies may not work as expected. Be sure to test your policies before broadly deploying them across your devices:
 
@@ -124,15 +125,15 @@ If you're familiar with creating JSON files, you can create your own `LayoutModi
 
 Now that you have the JSON syntax, you're ready to deploy your customized Start layout to devices in your organization.
 
-MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD).  Using an MDM provider, such as Microsoft Endpoint Manager, you can deploy a policy that configures the pinned list.
+MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD).  Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list.
 
-This section shows you how to create a pinned list policy in Endpoint Manager. There isn't a Group Policy to create a pinned list.
+This section shows you how to create a pinned list policy in Intune. There isn't a Group Policy to create a pinned list.
 
-### Create a pinned list using an Endpoint Manager policy
+### Create a pinned list using an Intune policy
 
 To deploy this policy, the devices must be enrolled, and managed by your organization. For more information, see [What is device enrollment?](/mem/intune/enrollment/device-enrollment).
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Sign in to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Devices** > **Configuration profiles** > **Create profile**.
 3. Enter the following properties:
 
@@ -174,7 +175,7 @@ To deploy this policy, the devices must be enrolled, and managed by your organiz
 
 The Windows OS exposes many CSPs that apply to the Start menu. For a list, see [Supported CSP policies for Windows 11 Start menu](supported-csp-start-menu-layout-windows.md).
 
-### Deploy the policy using Endpoint Manager
+### Deploy the policy using Intune
 
 When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized Start layout, the policy can be deployed anytime, including before users sign in the first time.
 
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index 18237e9510..9b5dec303f 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -1,13 +1,14 @@
 ---
 title: Configure and customize Windows 11 taskbar | Microsoft Docs
-description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Endpoint Manager. See what happens to the taskbar when the Windows OS client is installed or upgraded.
+description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Intune. See what happens to the taskbar when the Windows OS client is installed or upgraded.
 manager: aaroncz
 ms.author: lizlong
 ms.reviewer: chataylo
-ms.prod: w11
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 
 # Customize the Taskbar on Windows 11
@@ -36,17 +37,17 @@ This article shows you how to create the XML file, add apps to the XML, and depl
 
 - Some classic Windows applications are packaged differently than they were in previous versions of Windows, including Notepad and File Explorer. Be sure to enter the correct AppID. For more information, see [Application User Model ID (AUMID)](./find-the-application-user-model-id-of-an-installed-app.md) and [Get the AUMID and Desktop app link path](#get-the-aumid-and-desktop-app-link-path) (in this article).
 
-- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. For Microsoft, that includes using Microsoft Endpoint Manager. Endpoint Manager includes Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
+- It's recommended to use a Mobile Device Management (MDM) provider. MDM providers help manage your devices, and help manage apps on your devices. You can use Microsoft Intune. Intune is a family of products that include Microsoft Intune, which is a cloud service, and Configuration Manager, which is on-premises.
 
   In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
 
-  - [Microsoft Endpoint Manager overview](/mem/endpoint-manager-overview)
+  - [Endpoint Management at Microsoft](/mem/endpoint-manager-overview)
   - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
   - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
 
 ## Create the XML file
 
-1. In a text editor, such as Visual Studio Code, create a new XML file. To help you get started, you can copy and paste the following XML sample. The sample pins two apps to the taskbar - File Explorer and the Command Prompt:
+1. In a text editor, such as Visual Studio Code, create a new XML file. To help you get started, you can copy and paste the following XML sample. The sample pins 2 apps to the taskbar - File Explorer and the Command Prompt:
 
     ```xml
     <?xml version="1.0" encoding="utf-8"?>
@@ -133,7 +134,7 @@ This article shows you how to create the XML file, add apps to the XML, and depl
 
 ## Use Group Policy or MDM to create and deploy a taskbar policy
 
-Now that you have the XML file with your customized taskbar, you're ready to deploy it to devices in your organization. You can deploy your taskbar XML file using Group Policy, or using an MDM provider, like Microsoft Endpoint Manager.
+Now that you have the XML file with your customized taskbar, you're ready to deploy it to devices in your organization. You can deploy your taskbar XML file using Group Policy, or using an MDM provider, like Microsoft Intune.
 
 This section shows you how to deploy the XML both ways.
 
@@ -159,13 +160,13 @@ Use the following steps to add your XML file to a group policy, and apply the po
 
     For more information on using group policies, see [Implement Group Policy Objects](/training/modules/implement-group-policy-objects/).
 
-### Create a Microsoft Endpoint Manager policy to deploy your XML file
+### Create a Microsoft Intune policy to deploy your XML file
 
-MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD). Using an MDM provider, such as Microsoft Endpoint Manager, you can deploy a policy that configures the pinned list.
+MDM providers can deploy policies to devices managed by the organization, including organization-owned devices, and personal or bring your own device (BYOD). Using an MDM provider, such as Microsoft Intune, you can deploy a policy that configures the pinned list.
 
-Use the following steps to create an Endpoint Manager policy that deploys your taskbar XML file:
+Use the following steps to create an Intune policy that deploys your taskbar XML file:
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Sign in to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
 2. Select **Devices** > **Configuration profiles** > **Create profile**.
 
@@ -187,7 +188,7 @@ Use the following steps to create an Endpoint Manager policy that deploys your t
 
 8. When the policy is created, you can deploy it now, or deploy it later. Since this policy is a customized taskbar, the policy can also be deployed before users sign in the first time.
 
-    For more information and guidance on assigning policies using Microsoft Endpoint Manager, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
+    For more information and guidance on assigning policies using Microsoft Intune, see [Assign user and device profiles](/mem/intune/configuration/device-profile-assign).
 
 > [!NOTE]
 > For third party partner MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
index dff79978bd..7752ed29fa 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@@ -3,12 +3,13 @@ title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
 description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
 ms.reviewer: 
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.author: lizlong
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 
 # Customize Windows 10 Start and taskbar with Group Policy
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
index d14d3320b6..ff5c66875f 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -3,12 +3,13 @@ title: Change the Windows 10 Start and taskbar using mobile device management |
 description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. For example, use Microsoft Intune to configure the start menu layout and taskbar, and deploy the policy to your devices.
 ms.reviewer: 
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.topic: article
 ms.author: lizlong
 ms.localizationpriority: medium
 ms.date: 08/05/2021
+ms.technology: itpro-configure
 ---
 
 # Customize Windows 10 Start and taskbar with mobile device management (MDM)
@@ -54,7 +55,7 @@ Two features enable Start layout control:
 
 The following example uses Microsoft Intune to configure an MDM policy that applies a customized Start layout:
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Sign in to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
 2. Select **Devices** > **Configuration profiles** > **Create profile**.
 
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index 33777e162b..a853a65ee5 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -3,11 +3,12 @@ title: Customize Windows 10 Start and taskbar with provisioning packages (Window
 description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
 ms.reviewer: 
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
+ms.technology: itpro-configure
 ---
 
 # Customize Windows 10 Start and taskbar with provisioning packages
diff --git a/windows/configuration/docfx.json b/windows/configuration/docfx.json
index 346cc5e640..315f3afa7f 100644
--- a/windows/configuration/docfx.json
+++ b/windows/configuration/docfx.json
@@ -36,7 +36,7 @@
       "recommendations": true,
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
-      "ms.technology": "windows",
+      "ms.technology": "itpro-configure",
       "ms.topic": "article",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
index 27d56ce3c5..89cfab1cba 100644
--- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
+++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
@@ -7,8 +7,9 @@ author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
-ms.prod: w10
+ms.prod: windows-client
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 # Find the Application User Model ID of an installed app
 
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 28d7a44308..a5150fcdcb 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -2,7 +2,7 @@
 title: Guidelines for choosing an app for assigned access (Windows 10/11)
 description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
 keywords: [kiosk, lockdown, assigned access]
-ms.prod: w10
+ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
 author: lizgt2000
@@ -12,6 +12,7 @@ ms.topic: article
 ms.reviewer: sybruckm
 manager: aaroncz
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 
 # Guidelines for choosing an app for assigned access (kiosk mode)
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index 3028bbe1c0..456b4c7a45 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -4,10 +4,11 @@ description: Find more information for configuring, validating, and troubleshoot
 ms.reviewer: sybruckm
 manager: aaroncz
 ms.author: lizlong
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: reference
+ms.technology: itpro-configure
 ---
 
 # More kiosk methods and reference information
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index abda04599e..3e6444f439 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -4,10 +4,11 @@ description: Environments that use Windows Management Instrumentation (WMI) can
 ms.reviewer: sybruckm
 manager: aaroncz
 ms.author: lizlong
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Use MDM Bridge WMI Provider to create a Windows client kiosk
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index fab2b8a41b..00f8c0181b 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -4,10 +4,11 @@ ms.reviewer: sybruckm
 manager: aaroncz
 ms.author: lizlong
 description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
-ms.prod: w10
+ms.prod: windows-client
 ms.localizationpriority: medium
 author: lizgt2000
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Configure kiosks and digital signs on Windows desktop editions
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index fda5b337bf..dec9776934 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -3,11 +3,12 @@ title: Policies enforced on kiosk devices (Windows 10/11)
 description: Learn about the policies enforced on a device when you configure it as a kiosk.
 ms.reviewer: sybruckm
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.author: lizlong
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Policies enforced on kiosk devices
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 86d816a50c..8213f557da 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -4,10 +4,11 @@ description: Learn how to prepare a device for kiosk configuration. Also, learn
 ms.reviewer: sybruckm
 manager: aaroncz
 ms.author: lizlong
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Prepare a device for kiosk configuration
@@ -28,9 +29,9 @@ ms.topic: article
 
   Assigned access can be configured using Windows Management Instrumentation (WMI) or configuration service provider (CSP). Assigned access runs an application using a domain user or service account, not a local account. Using a domain user or service accounts has risks, and might allow an attacker to gain access to domain resources that are accessible to any domain account. When using domain accounts with assigned access, proceed with caution. Consider the domain resources potentially exposed by using a domain account.
 
-- MDM providers, such as [Microsoft Endpoint Manager](/mem/endpoint-manager-getting-started), use the configuration service providers (CSP) exposed by the Windows OS to manage settings on devices. In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
+- MDM providers, such as [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), use the configuration service providers (CSP) exposed by the Windows OS to manage settings on devices. In this article, we mention these services. If you're not managing your devices using an MDM provider, the following resources may help you get started:
 
-  - [Microsoft Endpoint Manager](/mem/endpoint-manager-getting-started)
+  - [Endpoint Management at Microsoft](/mem/endpoint-manager-getting-started)
   - [What is Microsoft Intune](/mem/intune/fundamentals/what-is-intune) and [Microsoft Intune planning guide](/mem/intune/fundamentals/intune-planning-guide)
   - [What is Configuration Manager?](/mem/configmgr/core/understand/introduction)
 
@@ -42,7 +43,7 @@ For a more secure kiosk experience, we recommend that you make the following con
 
   - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Display options for update notifications`
 
-  - **Use an MDM provider**: This feature uses the [Update/UpdateNotificationLevel CSP](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel). In Endpoint Manager, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
+  - **Use an MDM provider**: This feature uses the [Update/UpdateNotificationLevel CSP](/windows/client-management/mdm/policy-csp-update#update-updatenotificationlevel). In Intune, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
 
   - **Use the registry**:
 
@@ -57,7 +58,7 @@ For a more secure kiosk experience, we recommend that you make the following con
 - **Enable and schedule automatic updates**. To enable this feature, you have the following options:
 
   - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Configure Automatic Updates`. Select `4 - Auto download and schedule the install`.
-  - **Use an MDM provider**: This feature uses the [Update/AllowAutoUpdate CSP](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). Select `3 - Auto install and restart at a specified time`. In Endpoint Manager, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
+  - **Use an MDM provider**: This feature uses the [Update/AllowAutoUpdate CSP](/windows/client-management/mdm/policy-csp-update#update-allowautoupdate). Select `3 - Auto install and restart at a specified time`. In Intune, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
 
   You can also schedule automatic updates, including **Schedule Install Day**, **Schedule Install Time**, and **Schedule Install Week**. Installations can take between 30 minutes and 2 hours, depending on the device. Schedule updates to occur when a block of 3-4 hours is available.
 
@@ -65,7 +66,7 @@ For a more secure kiosk experience, we recommend that you make the following con
 
   - **Use Group policy**: `Computer Configuration\Administrative Templates\Windows Components\Windows Update\Always automatically restart at the scheduled time`. Select `4 - Auto download and schedule the install`.
 
-  - **Use an MDM provider**: This feature uses the [Update/ActiveHoursStart](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) and [Update/ActiveHoursEnd](/windows/client-management/mdm/policy-csp-update#update-activehoursend) CSPs. In Endpoint Manager, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
+  - **Use an MDM provider**: This feature uses the [Update/ActiveHoursStart](/windows/client-management/mdm/policy-csp-update#update-activehoursstart) and [Update/ActiveHoursEnd](/windows/client-management/mdm/policy-csp-update#update-activehoursend) CSPs. In Intune, you can use the [Windows update settings](/mem/intune/protect/windows-update-settings) to manage this feature.
 
 - **Replace "blue screen" with blank screen for OS errors**. To enable this feature, use the Registry Editor:
 
@@ -90,7 +91,7 @@ For a more secure kiosk experience, we recommend that you make the following con
 
 - **Hide "Ease of access" feature on the sign-in screen**: To enable this feature, you have the following options:
 
-  - **Use an MDM provider**: In Endpoint Manager, you can use the [Control Panel and Settings](/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings) to manage this feature.
+  - **Use an MDM provider**: In Intune, you can use the [Control Panel and Settings](/mem/intune/configuration/device-restrictions-windows-10#control-panel-and-settings) to manage this feature.
   - **Use the registry**: For more information, see [how to disable the Ease of Access button in the registry](/windows-hardware/customize/enterprise/complementary-features-to-custom-logon#welcome-screen).
 
 - **Disable the hardware power button**: To enable this feature, you have the following options:
@@ -109,7 +110,7 @@ For a more secure kiosk experience, we recommend that you make the following con
 
       To prevent this policy from affecting a member of the Administrators group, be sure to keep the Administrators group.
 
-  - **Use an MDM provider**: In Endpoint Manager, you have some options:
+  - **Use an MDM provider**: In Intune, you have some options:
 
     - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following settings:
 
@@ -129,7 +130,7 @@ For a more secure kiosk experience, we recommend that you make the following con
 
   - **Use Group Policy**: `Computer Configuration\Windows Settings\Security Settings\Local Policies\Security Options\Shutdown: Allow system to be shut down without having to log on`. Select **Disabled**.
 
-  - **Use MDM**: In Endpoint Manager, you have the following option:
+  - **Use MDM**: In Intune, you have the following option:
 
     - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following setting:
 
@@ -144,7 +145,7 @@ For a more secure kiosk experience, we recommend that you make the following con
 
   - **Use Group Policy**: `Computer Configuration\Administrative Templates\Windows Components\Camera: Allow use of camera`: Select **Disabled**.
 
-  - **Use an MDM provider**: This feature uses the [Policy CSP - Camera](/windows/client-management/mdm/policy-csp-camera). In Endpoint Manager, you have the following options:
+  - **Use an MDM provider**: This feature uses the [Policy CSP - Camera](/windows/client-management/mdm/policy-csp-camera). In Intune, you have the following options:
 
     - [General settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#general): This option shows this setting, and more settings you can manage.
     - [Settings Catalog](/mem/intune/configuration/settings-catalog): This option lists all the settings you can configure, including the administrative templates used in on-premises Group Policy. Configure the following setting:
@@ -163,7 +164,7 @@ For a more secure kiosk experience, we recommend that you make the following con
     - `Computer Configuration\Administrative Templates\System\Logon\Turn off app notifications on the lock screen`: Select **Enabled**.
     - `User Configuration\Administrative Templates\Start Menu and Taskbar\Notifications\Turn off toast notifications on the lock screen`: Select **Enabled**.
 
-  - **Use an MDM provider**: This feature uses the [AboveLock/AllowToasts CSP](/windows/client-management/mdm/policy-csp-abovelock#abovelock-allowtoasts). In Endpoint Manager, you have the following options:
+  - **Use an MDM provider**: This feature uses the [AboveLock/AllowToasts CSP](/windows/client-management/mdm/policy-csp-abovelock#abovelock-allowtoasts). In Intune, you have the following options:
 
     - [Locked screen experience device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#locked-screen-experience): See this setting, and more settings you can manage.
 
@@ -185,7 +186,7 @@ For a more secure kiosk experience, we recommend that you make the following con
 
     To prevent this policy from affecting a member of the Administrators group, select `Allow administrators to override Device Installation Restriction policies` > **Enabled**.
 
-  - **Use an MDM provider**: In Endpoint Manager, you have the following options:
+  - **Use an MDM provider**: In Intune, you have the following options:
 
     - [General settings in a device configuration profile](/mem/intune/configuration/device-restrictions-windows-10#general): See the **Removable storage** setting, and more settings you can manage.
 
@@ -243,7 +244,7 @@ You may also want to set up **automatic logon** for your kiosk device. When your
      > [!NOTE]
      > If *DefaultUserName* and *DefaultPassword* aren't there, add them as **New** > **String Value**.
 
-   - *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, do not add this key.
+   - *DefaultDomainName*: set value for domain, only for domain accounts. For local accounts, don't add this key.
 
 4. Close Registry Editor. The next time the computer restarts, the account will sign in automatically.
 
@@ -257,7 +258,7 @@ You may also want to set up **automatic logon** for your kiosk device. When your
 
 The following table describes some features that have interoperability issues we recommend that you consider when running assigned access.
 
-- **Accessibility**: Assigned access does not change Ease of Access settings. We recommend that you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block the following key combinations that bring up accessibility features:
+- **Accessibility**: Assigned access doesn't change Ease of Access settings. We recommend that you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block the following key combinations that bring up accessibility features:
 
   | Key combination | Blocked behavior |
   | --- | --- | 
@@ -269,7 +270,7 @@ The following table describes some features that have interoperability issues we
 
 - **Key sequences blocked by assigned access**: When in assigned access, some key combinations are blocked for assigned access users.
 
-  Alt + F4, Alt + Shift + Tab, Alt + Tab are not blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
+  Alt + F4, Alt + Shift + Tab, Alt + Tab aren't blocked by Assigned Access, it's recommended you use [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) to block these key combinations.
 
   Ctrl + Alt + Delete is the key to break out of Assigned Access. If needed, you can use Keyboard Filter to configure a different key combination to break out of assigned access by setting BreakoutKeyScanCode as described in [WEKF_Settings](/windows-hardware/customize/enterprise/wekf-settings).
 
@@ -282,7 +283,7 @@ The following table describes some features that have interoperability issues we
   | Ctrl + Shift + Esc | Open Task Manager. |
   | Ctrl + Tab | Switch windows within the application currently open. |
   | LaunchApp1 | Open the app that is assigned to this key. |
-  | LaunchApp2 | Open the app that is assigned to this key, which on many Microsoft keyboards is Calculator. |
+  | LaunchApp2 | Open the app that is assigned to this key. On many Microsoft keyboards, the app is Calculator. |
   | LaunchMail | Open the default mail client. |
   | Windows logo key | Open the Start screen. |
 
@@ -292,7 +293,7 @@ The following table describes some features that have interoperability issues we
 
   [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter) is only available on Windows client Enterprise or Education.
 
-- **Power button**: Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user cannot turn off the device when it's in assigned access.
+- **Power button**: Customizations for the Power button complement assigned access, letting you implement features such as removing the power button from the Welcome screen. Removing the power button ensures the user can't turn off the device when it's in assigned access.
 
   For more information on removing the power button or disabling the physical power button, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).
 
@@ -314,7 +315,7 @@ Customers sometimes use virtual machines (VMs) to test configurations before dep
 
 A single-app kiosk configuration runs an app above the lock screen. It doesn't work when it's accessed remotely, which includes *enhanced* sessions in Hyper-V. 
 
-When you connect to a VM configured as a single-app kiosk, you need a *basic* session rather than an enhanced session. In the following image, notice that **Enhanced session** is not selected in the **View** menu; that means it's a basic session.
+When you connect to a VM configured as a single-app kiosk, you need a *basic* session rather than an enhanced session. In the following image, notice that **Enhanced session** isn't selected in the **View** menu; that means it's a basic session.
 
 :::image type="content" source="images/vm-kiosk.png" alt-text="Use a basic session to connect a virtual machine. In the View menu, Extended session isn't selected, which means basic is used.":::
 
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 2b29c534db..5987383d91 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -4,10 +4,11 @@ description: Shell Launcher lets you change the default shell that launches when
 ms.reviewer: sybruckm
 manager: aaroncz
 ms.author: lizlong
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Use Shell Launcher to create a Windows client kiosk
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 8410a63f1f..8fe9c59229 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -4,11 +4,12 @@ description: A single-use device is easy to set up in Windows 10 and Windows 11
 ms.reviewer: sybruckm
 manager: aaroncz
 ms.author: lizlong
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 
 # Set up a single-app kiosk on Windows 10/11
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index ad0602aff4..3f7f0c8659 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -3,11 +3,12 @@ title: Troubleshoot kiosk mode issues (Windows 10/11)
 description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues.
 ms.reviewer: sybruckm
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.author: lizlong
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Troubleshoot kiosk mode issues
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index 6a43b111e8..0d457a1715 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -4,10 +4,11 @@ description: In this article, learn what to expect on a multi-app kiosk in Windo
 ms.reviewer: sybruckm
 manager: aaroncz
 ms.author: lizlong
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Validate kiosk configuration
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index e0277d5709..d2d862af7b 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -3,11 +3,12 @@ title: Assigned Access configuration kiosk XML reference (Windows 10/11)
 description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11.
 ms.reviewer: sybruckm
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.author: lizlong
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Assigned Access configuration (kiosk) XML reference
diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/lock-down-windows-10-applocker.md
index 7c5751d47e..0b37ec1768 100644
--- a/windows/configuration/lock-down-windows-10-applocker.md
+++ b/windows/configuration/lock-down-windows-10-applocker.md
@@ -3,12 +3,13 @@ title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windo
 description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
 ms.reviewer: sybruckm
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.date: 07/30/2018
 ms.author: lizlong
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Use AppLocker to create a Windows 10 kiosk that runs multiple apps
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index 7f321d5025..235382fe70 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -1,8 +1,8 @@
 ---
 title: Set up a multi-app kiosk on Windows 10
 description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps.
-ms.prod: w10
-ms.technology: windows
+ms.prod: windows-client
+ms.technology: itpro-configure
 author: lizgt2000
 ms.author: lizlong
 manager: aaroncz
diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md
index 05bf244383..dab9d24432 100644
--- a/windows/configuration/lockdown-features-windows-10.md
+++ b/windows/configuration/lockdown-features-windows-10.md
@@ -3,11 +3,12 @@ title: Lockdown features from Windows Embedded 8.1 Industry (Windows 10)
 description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10.
 ms.reviewer: 
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
+ms.technology: itpro-configure
 ---
 
 # Lockdown features from Windows Embedded 8.1 Industry
diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md
index 13dd5ee45a..c4f9b5a850 100644
--- a/windows/configuration/manage-tips-and-suggestions.md
+++ b/windows/configuration/manage-tips-and-suggestions.md
@@ -1,7 +1,7 @@
 ---
 title: Manage Windows 10 and Microsoft Store tips, fun facts, and suggestions (Windows 10)
 description: Windows 10 provides organizations with various options to manage user experiences to provide a consistent and predictable experience for employees.
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.date: 09/20/2017
 ms.reviewer: 
 manager: aaroncz
+ms.technology: itpro-configure
 ---
 
 # Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions
diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md
index eaff525abc..8df16b0bf1 100644
--- a/windows/configuration/manage-wifi-sense-in-enterprise.md
+++ b/windows/configuration/manage-wifi-sense-in-enterprise.md
@@ -4,10 +4,11 @@ description: Wi-Fi Sense automatically connects you to Wi-Fi, so you can get onl
 ms.reviewer: 
 manager: aaroncz
 ms.author: lizlong
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
 ms.topic: article
+ms.technology: itpro-configure
 ---
 
 # Manage Wi-Fi Sense in your company
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md
index 2971e83a97..4600c0eaf2 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/provisioning-apn.md
@@ -3,12 +3,13 @@ title: Configure cellular settings for tablets and PCs (Windows 10)
 description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles.
 ms.reviewer: 
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.date: 04/13/2018
+ms.technology: itpro-configure
 ---
 
 # Configure cellular settings for tablets and PCs
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index a1ac8234e6..f6230ee388 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -3,11 +3,12 @@ title: Configuration service providers for IT pros (Windows 10/11)
 description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
 ms.reviewer: gkomatsu
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
+ms.technology: itpro-configure
 ---
 
 # Configuration service providers for IT pros
@@ -31,7 +32,7 @@ CSPs are behind many of the management tasks and policies for Windows client, bo
 
 :::image type="content" source="../images/policytocsp.png" alt-text="How intune maps to CSP":::
 
-CSPs receive configuration policies in the XML-based Synchronization Markup Language (SyncML) format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as Microsoft Endpoint Configuration Manager, can also target CSPs, by using a client-side Windows Management Instrumentation (WMI)-to-CSP Bridge.
+CSPs receive configuration policies in the XML-based Synchronization Markup Language (SyncML) format, pushed from an MDM-compliant management server, such as Microsoft Intune. Traditional enterprise management systems, such as Microsoft Configuration Manager, can also target CSPs, by using a client-side Windows Management Instrumentation (WMI)-to-CSP Bridge.
 
 ### Synchronization Markup Language (SyncML)
 
@@ -55,7 +56,7 @@ You can use Windows Configuration Designer to create [provisioning packages](./p
 
 Many settings in Windows Configuration Designer will display documentation for that setting in the center pane, and will include a reference to the CSP if the setting uses one, as shown in the following image.
 
-:::image type="content" source="../images/cspinicd.png" alt-text="In Windows Configuration Designer, how help content appears in icd.":::
+:::image type="content" source="../images/cspinicd.png" alt-text="In Windows Configuration Designer, how help content appears in ICD.":::
 
 [Provisioning packages in Windows client](provisioning-packages.md) explains how to use the Windows Configuration Designer tool to create a runtime provisioning package.
 
@@ -81,7 +82,7 @@ The full path to a specific configuration setting is represented by its Open Mob
 
 The following example shows the diagram for the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp). The diagram maps to the XML for that CSP. Notice the different shapes in the diagram: rounded elements are nodes, and rectangular elements are settings or policies for which a value must be supplied.
 
-:::image type="content" source="../images/provisioning-csp-assignedaccess.png" alt-text="The CSP reference shows the assigned access csp tree.":::
+:::image type="content" source="../images/provisioning-csp-assignedaccess.png" alt-text="The CSP reference shows the assigned access CSP tree.":::
 
 The element in the tree diagram after the root node tells you the name of the CSP. Knowing this structure, you would recognize in XML the parts of the URI path for that CSP and, if you saw it in XML, you would know which CSP reference to look up. For example, in the following OMS-URI path for the kiosk mode app settings, you can see that it uses the [AssignedAccess CSP](/windows/client-management/mdm/assignedaccess-csp).
 
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index f3f3796147..34e5609b63 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -1,13 +1,14 @@
 ---
 title: Apply a provisioning package (Windows 10/11)
 description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
+ms.technology: itpro-configure
 ---
 
 # Apply a provisioning package
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index 365710b8c3..cebf8679f9 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -1,13 +1,14 @@
 ---
 title: Windows Configuration Designer command-line interface (Windows 10/11)
 description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
+ms.technology: itpro-configure
 ---
 
 # Windows Configuration Designer command-line interface (reference)
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 780fc8c764..6e8bd7a6fb 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -1,13 +1,14 @@
 ---
 title: Create a provisioning package (Windows 10/11)
 description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
+ms.technology: itpro-configure
 ---
 
 # Create a provisioning package
@@ -148,7 +149,7 @@ For details on each specific setting, see [Windows Provisioning settings referen
 
 ## Learn more
 
-- [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Endpoint Configuration Manager](/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
+- [How to bulk-enroll devices with On-premises Mobile Device Management in Microsoft Configuration Manager](/configmgr/mdm/deploy-use/bulk-enroll-devices-on-premises-mdm)
 
 ## Related articles
 
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index 935cd2807e..f06f67b436 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,13 +1,14 @@
 ---
 title: How provisioning works in Windows 10/11
 description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
+ms.technology: itpro-configure
 ---
 
 # How provisioning works in Windows
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index 6440a0c7d2..a18e5b29ce 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,7 +1,7 @@
 ---
 title: Install Windows Configuration Designer (Windows 10/11)
 description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 
 # Install Windows Configuration Designer, and learn about any limitations
@@ -51,6 +52,8 @@ On devices running Windows client, you can install [the Windows Configuration De
 
 ## Current Windows Configuration Designer limitations
 
+- When running Windows Configuration Designer on Windows releases earlier than Windows 10, version 2004 you might need to enable TLS 1.2, especially if using Bulk Enrollment Tokens.  You may see the error message in the `icd.log` file: `Error: AADSTS1002016: You are using TLS version 1.0, 1.1 and/or 3DES cipher which are deprecated to improve the security posture of Azure AD` For more information, see [Enable TLS 1.2 on client or server operating systems](/troubleshoot/azure/active-directory/enable-support-tls-environment#enable-tls-12-on-client-or-server-operating-systems-).
+ 
 - Windows Configuration Designer doesn't work properly if the **Policies > Administrative Templates > Windows Components > Internet Explorer > Security Zones: Use only machine settings** Group Policy setting is enabled. Instead of changing the security setting, we recommend you run Windows Configuration Designer on a different device.
 
 - You can only run one instance of Windows Configuration Designer on your computer at a time.
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 36f22395b0..45a99e20e8 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -1,13 +1,14 @@
 ---
 title: Create a provisioning package with multivariant settings (Windows 10/11)
 description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: gkomatsu
 manager: aaroncz
 ms.author: lizlong
+ms.technology: itpro-configure
 ---
 
 # Create a provisioning package with multivariant settings
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index 48a18fc43e..5c61eb922b 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -3,12 +3,13 @@ title: Provisioning packages overview on Windows 10/11
 description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
 ms.reviewer: gkomatsu
 manager: aaroncz
-ms.prod: w10
+ms.prod: windows-client
 author: lizgt2000
 ms.author: lizlong
 ms.topic: article
 ms.localizationpriority: medium
 ms.collection: highpri
+ms.technology: itpro-configure
 ---
 
 # Provisioning packages for Windows
@@ -18,11 +19,11 @@ ms.collection: highpri
 - Windows 10
 - Windows 11
 
-Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. Using Windows provisioning, an IT administrator can easily specify desired configuration and settings required to enroll the devices into management and then apply that configuration to target devices in a matter of minutes. It is best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. 
+Windows provisioning makes it easy for IT administrators to configure end-user devices without imaging. When you use Windows provisioning, an IT administrator can easily specify the desired configuration and settings required to enroll the devices into management. Then, apply that configuration to target devices in a matter of minutes. It's best suited for small- to medium-sized businesses with deployments that range from tens to a few hundred computers. 
 
 A provisioning package (.ppkg) is a container for a collection of configuration settings. With Windows client, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
 
-Provisioning packages are simple enough that with a short set of written instructions, a student, or non-technical employee can use them to configure their device. This can result in a significant reduction in the time required to configure multiple devices in your organization.
+Provisioning packages are simple enough that with a short set of written instructions, a student, or non-technical employee can use them to configure their device. It can result in a significant reduction in the time required to configure multiple devices in your organization.
 
 <!-- The [Windows Assessment and Deployment Kit (ADK) for Windows 10](https://developer.microsoft.com/windows/hardware/windows-assessment-deployment-kit) includes the Windows Configuration Designer, a tool for configuring provisioning packages.--> 
 Windows Configuration Designer is available as an [app in the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22). 
@@ -92,7 +93,7 @@ The following table provides some examples of settings that you can configure us
 |---|---|
 | Bulk Active Directory join and device name | Join devices to Active Directory domain and assign device names using hardware-specific serial numbers or random characters |
 | Applications  |   Windows apps, line-of-business applications  |
-| Bulk enrollment into MDM  | Automatic enrollment into a third-party MDM service <br/><br/>Using a provisioning package for auto-enrollment to Microsoft Endpoint Manager isn't supported. To enroll devices, use the Configuration Manager console. |
+| Bulk enrollment into MDM  | Automatic enrollment into a third-party MDM service <br/><br/>Using a provisioning package for auto-enrollment to Microsoft Intune isn't supported. To enroll devices, use the Configuration Manager console. |
 | Certificates | Root certification authority (CA), client certificates |
 | Connectivity profiles | Wi-Fi, proxy settings, Email   |
 | Enterprise policies | Security restrictions (password, device lock, camera, and so on), encryption, update settings |
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 8e6b2a4c5a..37416c41fa 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -13,17 +13,20 @@ ms.technology: itpro-configure
 
 # Troubleshoot Start menu errors
 
+> [!div class="nextstepaction"]
+> <a href="https://vsa.services.microsoft.com/v1.0/?partnerId=7d74cf73-5217-4008-833f-87a1a278f2cb&flowId=DMC&initialQuery=31806233" target='_blank'>Try our Virtual Agent</a> - It can help you quickly identify and fix common Start menu issues.
+
 Start failures can be organized into these categories:
 
 - **Deployment/Install issues** - Easiest to identify but difficult to recover. This failure is consistent and usually permanent. Reset, restore from backup, or rollback to recover.
 - **Performance issues** - More common with older hardware, low-powered machines. Symptoms include: High CPU utilization, disk contention, memory resources. This makes Start very slow to respond. Behavior is intermittent depending on available resources.
 - **Crashes** - Also easy to identify. Crashes in Shell Experience Host or related can be found in System or Application event logs. This can be a code defect or related to missing or altered permissions to files or registry keys by a program or incorrect security tightening configurations. Determining permissions issues can be time consuming but a [SysInternals tool called Procmon](/sysinternals/downloads/procmon) will show **Access Denied**. The other option is to get a dump of the process when it crashes and depending on comfort level, review the dump in the debugger, or have support review the data.
-- **Hangs** - in Shell Experience host or related. These are the hardest issues to identify as there are few events logged, but behavior is typically intermittent or recovers with a reboot. If a background application or service hangs, Start will not have resources to respond in time. Clean boot may help identify if the issue is related to additional software. Procmon is also useful in this scenario.
+- **Hangs** - in Shell Experience host or related. These are the hardest issues to identify as there are few events logged, but behavior is typically intermittent or recovers with a reboot. If a background application or service hangs, Start won't have resources to respond in time. Clean boot may help identify if the issue is related to additional software. Procmon is also useful in this scenario.
 - **Other issues** - Customization, domain policies, deployment issues.
 
 ## Basic troubleshooting
 	
-When troubleshooting basic Start issues (and for the most part, all other Windows apps), there are a few things to check if they are not working as expected. For issues where the Start menu or subcomponent isn't working, you can do some quick tests to narrow down where the issue may reside.
+When troubleshooting basic Start issues (and for the most part, all other Windows apps), there are a few things to check if they aren't working as expected. For issues where the Start menu or subcomponent isn't working, you can do some quick tests to narrow down where the issue may reside.
 
 ### Check the OS and update version
 
@@ -36,7 +39,7 @@ When troubleshooting basic Start issues (and for the most part, all other Window
 
 - If Start fails immediately after a feature update, on thing to check is if the App package failed to install successfully.
 
-- If Start was working and just fails intermittently, it's likely that Start is installed correctly, but the issue occurs downstream. The way to check for this problem is to look for output from these two PS commands:
+- If Start was working and just fails intermittently, it's likely that Start is installed correctly, but the issue occurs downstream. The way to check for this problem is to look for output from these two PowerShell commands:
 
   - `get-AppXPackage -Name Microsoft.Windows.ShellExperienceHost`
   - `get-AppXPackage -Name Microsoft.Windows.Cortana`
@@ -45,7 +48,7 @@ When troubleshooting basic Start issues (and for the most part, all other Window
 
     Failure messages will appear if they aren't installed
 
-- If Start is not installed, then the fastest resolution is to revert to a known good configuration. This can be rolling back the update, resetting the PC to defaults (where there is a choice to save to delete user data), or restoring from backup. No method is supported to install Start Appx files. The results are often problematic and unreliable.
+- If Start isn't installed, then the fastest resolution is to revert to a known good configuration. This can be rolling back the update, resetting the PC to defaults (where there's a choice to save to delete user data), or restoring from backup. No method is supported to install Start Appx files. The results are often problematic and unreliable.
 
 ### Check if Start is running
 
@@ -53,25 +56,25 @@ If either component is failing to start on boot, reviewing the event logs for er
 - `get-process -name shellexperiencehost`
 - `get-process -name searchui`
 
-If it is installed but not running, test booting into safe mode or use MSCONFIG to eliminate third-party or additional drivers and applications.
+If it's installed but not running, test booting into safe mode or use MSCONFIG to eliminate third-party or additional drivers and applications.
 
 ### Check whether the system a clean install or upgrade
 
 - Is this system an upgrade or clean install?
   - Run `test-path "$env:windir\panther\miglog.xml"`
-  - If that file does not exist, the system is a clean install.
+  - If that file doesn't exist, the system is a clean install.
 - Upgrade issues can be found by running `test-path "$env:windir\panther\miglog.xml"`
 
 ### Check if Start is registered or activated
 
 - Export the following Event log to CSV and do a keyword search in a text editor or spreadsheet:
   - Microsoft-Windows-TWinUI/Operational for Microsoft.Windows.ShellExperienceHost or Microsoft.Windows.Cortana
-    - "Package was not found"
+    - "Package wasn't found"
     - "Invalid value for registry"
     - "Element not found"
-    - "Package could not be registered"
+    - "Package couldn't be registered"
     
-If these events are found, Start is not activated correctly. Each event will have more detail in the description and should be investigated further. Event messages can vary.
+If these events are found, Start isn't activated correctly. Each event will have more detail in the description and should be investigated further. Event messages can vary.
 
 ### Other things to consider
 
@@ -136,11 +139,11 @@ The following list provides information about common errors you might run into w
 
 ### Symptom: Start Menu doesn't respond on Windows 2012 R2, Windows 10, or Windows 2016
 
-**Cause**: Background Tasks Infrastructure Service (BrokerInfrastructure) service is not started.
+**Cause**: Background Tasks Infrastructure Service (BrokerInfrastructure) service isn't started.
 
 **Resolution**: Ensure that Background Tasks Infrastructure Service is set to automatic startup in Services MMC.
 
-If Background Tasks Infrastructure Service fails to start, verify that the Power Dependency Coordinator Driver (PDC) driver and registry key are not disabled or deleted. If either are missing, restore from backup or the installation media.
+If Background Tasks Infrastructure Service fails to start, verify that the Power Dependency Coordinator Driver (PDC) driver and registry key aren't disabled or deleted. If either are missing, restore from backup or the installation media.
 
 To verify the PDC Service, run `C:\>sc query pdc` in a command prompt. The results will be similar to the following:
 
@@ -167,7 +170,7 @@ The PDC registry key is:
 **Start**=dword:00000000
 **Type**=dword:00000001
 
-In addition to the listed dependencies for the service, Background Tasks Infrastructure Service requires the Power Dependency Coordinator Driver to be loaded. If the PDC does not load at boot, Background Tasks Infrastructure Service will fail and affect Start Menu.
+In addition to the listed dependencies for the service, Background Tasks Infrastructure Service requires the Power Dependency Coordinator Driver to be loaded. If the PDC doesn't load at boot, Background Tasks Infrastructure Service will fail and affect Start Menu.
 
 Events for both PDC and Background Tasks Infrastructure Service will be recorded in the event logs. PDC shouldn't be disabled or deleted. BrokerInfrastructure is an automatic service. This Service is required for all these operating Systems as running to have a stable Start Menu.
 
@@ -189,11 +192,11 @@ Events for both PDC and Background Tasks Infrastructure Service will be recorded
 
 :::image type="content" alt-text="Screenshots that show download icons on app tiles and missing app tiles." source="images/start-ts-2.png" lightbox="images/start-ts-2.png":::
 
-**Cause**: This issue is known. The first-time sign-in experience is not detected and does not trigger the install of some apps.
+**Cause**: This issue is known. The first-time sign-in experience isn't detected and doesn't trigger the install of some apps.
 
 **Resolution**: This issue has been fixed for Windows 10, version 1709 in [KB 4089848](https://support.microsoft.com/help/4089848) March 22, 2018—KB4089848 (OS Build 16299.334)
 
-### Symptom: When attempting to customize Start Menu layout, the customizations do not apply or results are not expected
+### Symptom: When attempting to customize Start Menu layout, the customizations don't apply or results aren't expected
 
 **Cause**: There are two main reasons for this issue:
 
diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md
index e0f187ed40..8ff898fb1d 100644
--- a/windows/configuration/start-secondary-tiles.md
+++ b/windows/configuration/start-secondary-tiles.md
@@ -69,7 +69,7 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE
 
     In the previous command, `-path` is a required parameter that specifies the path and file name for the export file. You can specify a local path or a UNC path (for example, \\\\FileServer01\\StartLayouts\\StartLayoutMarketing.xml).
 
-    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet does not append the file name extension, and the policy settings require the extension.
+    Use a file name of your choice—for example, StartLayoutMarketing.xml. Include the .xml file name extension. The [Export-StartLayout](/powershell/module/startlayout/export-startlayout) cmdlet doesn't append the file name extension, and the policy settings require the extension.
 
 3. If you’d like to change the image for a secondary tile to your own custom image, open the layout.xml file, and look for the images that the tile references.
    - For example, your layout.xml contains `Square150x150LogoUri="ms-appdata:///local/PinnedTiles/21581260870/hires.png" Wide310x150LogoUri="ms-appx:///"` 
@@ -83,13 +83,13 @@ In Windows 10, version 1703, by using the PowerShell cmdlet `export-StartLayoutE
 
 ## Configure policy settings
 
-You can apply the customized Start layout with images for secondary tiles by using [mobile device management](customize-windows-10-start-screens-by-using-mobile-device-management.md) or [a provisioning package](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md). However, because you are including the images for secondary tiles, you must configure an additional setting to import the Edge assets.
+You can apply the customized Start layout with images for secondary tiles by using [mobile device management](customize-windows-10-start-screens-by-using-mobile-device-management.md) or [a provisioning package](customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md). However, because you're including the images for secondary tiles, you must configure another setting to import the Edge assets.
 
 ### Using MDM
 
 In Microsoft Intune, you create a device restrictions policy to apply to device group. For other MDM solutions, you may need to use an OMA-URI setting for Start layout, based on the [Policy configuration service provider (CSP)](/windows/client-management/mdm/policy-configuration-service-provider). The OMA-URI setting is `./User/Vendor/MSFT/Policy/Config/Start/StartLayout`.
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Sign in to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Devices** > **Configuration profiles** > **Create profile**.
 3. Enter the following properties:
 
@@ -133,7 +133,7 @@ The **export-StartLayout** and **export-StartLayoutEdgeAssets** cmdlets produce
 
 2. Copy the contents of assets.xml into an online tool that escapes characters.
 
-3. During the procedure to create a provisioning package, you will copy the text with the escape characters and paste it in the customizations.xml file for your project. 
+3. When you create a provisioning package, you'll copy the text with the escape characters and paste it in the customizations.xml file for your project. 
 
 #### Create a provisioning package that contains a customized Start layout
 
@@ -147,22 +147,22 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
 2. Choose **Advanced provisioning**.
 
-3. Name your project, and click **Next**.
+3. Name your project, and select **Next**.
 
-4. Choose **All Windows desktop editions** and click **Next**.
+4. Choose **All Windows desktop editions** and select **Next**.
 
-5. On **New project**, click **Finish**. The workspace for your package opens.
+5. On **New project**, select **Finish**. The workspace for your package opens.
 
-6. Expand **Runtime settings** &gt; **Policies** &gt; **Start**, and click **StartLayout**.
+6. Expand **Runtime settings** &gt; **Policies** &gt; **Start**, and select **StartLayout**.
 
    >[!TIP]
    >If **Start** is not listed, check the type of settings you selected in step 4. You must create the project using settings for **All Windows desktop editions**.
 
-7. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you will replace with the contents of the layout.xml file in a later step.
+7. Enter **layout.xml**. This value creates a placeholder in the customizations.xml file that you'll replace with the contents of the layout.xml file in a later step.
 
 8. In the **Available customizations** pane, select **ImportEdgeAssets**.
 
-9. Enter **assets.xml**. This value creates a placeholder in the customizations.xml file that you will replace with the contents of the assets.xml file in a later step.
+9. Enter **assets.xml**. This value creates a placeholder in the customizations.xml file that you'll replace with the contents of the assets.xml file in a later step.
 
 10. Save your project and close Windows Configuration Designer.
 
@@ -192,22 +192,22 @@ Use the Windows Configuration Designer tool to create a provisioning package. [L
 
     -   **Enable package signing** - If you select this option, you must select a valid certificate to use for signing the package. You can specify the certificate by clicking **Select...** and choosing the certificate you want to use to sign the package.
 
-21. Click **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
+21. Select **Next** to specify the output location where you want the provisioning package to go when it's built. By default, Windows Imaging and Configuration Designer (ICD) uses the project folder as the output location.
 
-    Optionally, you can click **Browse** to change the default output location.
+    Optionally, you can select **Browse** to change the default output location.
 
-22. Click **Next**.
+22. Select **Next**.
 
-23. Click **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
+23. Select **Build** to start building the package. The provisioning package doesn't take long to build. The project information is displayed in the build page and the progress bar indicates the build status.
 
-    If you need to cancel the build, click **Cancel**. This cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
+    If you need to cancel the build, select **Cancel**. It cancels the current build process, closes the wizard, and takes you back to the **Customizations Page**.
 
 24. If your build fails, an error message will show up that includes a link to the project folder. You can scan the logs to determine what caused the error. Once you fix the issue, try building the package again.
 
     If your build is successful, the name of the provisioning package, output directory, and project directory will be shown.
 
-    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To do this, click **Back** to change the output package name and path, and then click **Next** to start another build.
-    -   If you are done, click **Finish** to close the wizard and go back to the **Customizations Page**.
+    -   If you choose, you can build the provisioning package again and pick a different path for the output package. To change the path, select **Back** to change the output package name and path, and then select **Next** to start another build.
+    -   If you're done, select **Finish** to close the wizard and go back to the **Customizations Page**.
 
 25. Copy the provisioning package to the target device.
 
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 4aa5814b85..684b35d6f3 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -7,6 +7,7 @@ ms.reviewer: ericpapa
 ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
+ms.technology: itpro-configure
 ---
 
 # Supported configuration service provider (CSP) policies for Windows 11 Start menu
@@ -16,7 +17,7 @@ ms.localizationpriority: medium
 - Windows 11
 - Windows 11, version 22H2
 
-The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
+The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). In an MDM policy, these CSPs are settings that you configure in a policy. When the policy is ready, you deploy the policy to your devices.
 
 This article lists the CSPs that are available to customize the Start menu for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start). For more general information, see [Configuration service provider (CSP) reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index d5549aedf8..c094fb12f9 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -7,6 +7,7 @@ ms.reviewer: chataylo
 ms.prod: windows-client
 author: lizgt2000
 ms.localizationpriority: medium
+ms.technology: itpro-configure
 ---
 
 # Supported configuration service provider (CSP) policies for Windows 11 taskbar
@@ -15,7 +16,7 @@ ms.localizationpriority: medium
 
 - Windows 11
 
-The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Endpoint Manager](/mem/endpoint-manager-overview). In an MDM policy, these CSPs are settings that you configure. When the policy is ready, you deploy the policy to your devices.
+The Windows OS exposes CSPs that are used by MDM providers, like [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). In an MDM policy, these CSPs are settings that you configure. When the policy is ready, you deploy the policy to your devices.
 
 This article lists the CSPs that are available to customize the Taskbar for Windows 11 devices. Windows 11 uses the [Policy CSP - Start](/windows/client-management/mdm/policy-csp-start).
 
diff --git a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
index 9c532cfd43..2f4dadd57a 100644
--- a/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
+++ b/windows/configuration/ue-v/uev-configuring-uev-with-system-center-configuration-manager.md
@@ -1,6 +1,6 @@
 ---
-title: Configuring UE-V with Microsoft Endpoint Configuration Manager
-description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Endpoint Configuration Manager.
+title: Configuring UE-V with Microsoft Configuration Manager
+description: Learn how to configure User Experience Virtualization (UE-V) with Microsoft Configuration Manager.
 author: aczechowski
 ms.prod: windows-client
 ms.date: 04/19/2017
@@ -11,12 +11,12 @@ ms.topic: article
 ms.technology: itpro-configure
 ---
 
-# Configuring UE-V with Microsoft Endpoint Manager 
+# Configuring UE-V with Microsoft Configuration Manager 
 
 **Applies to**
 -   Windows 10, version 1607
 
-After you deploy User Experience Virtualization (UE-V) and its required features, you can start to configure it to meet your organization's need. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of Microsoft Endpoint Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
+After you deploy User Experience Virtualization (UE-V) and its required features, you can start to configure it to meet your organization's need. The UE-V Configuration Pack provides a way for administrators to use the Compliance Settings feature of Microsoft Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
 
 ## UE-V Configuration Pack supported features
 
@@ -186,7 +186,7 @@ To distribute a new Notepad template, you would perform these steps:
 
 4.  Import the generated CAB file into ConfigMgr using the console or PowerShell Import-CMBaseline.
 
-## Related topics
+## Related articles
 
 
 [Manage Configurations for UE-V](uev-manage-configurations.md)
diff --git a/windows/configuration/ue-v/uev-deploy-required-features.md b/windows/configuration/ue-v/uev-deploy-required-features.md
index 608cf5454f..f58d68f203 100644
--- a/windows/configuration/ue-v/uev-deploy-required-features.md
+++ b/windows/configuration/ue-v/uev-deploy-required-features.md
@@ -30,7 +30,7 @@ To get up and running with User Experience Virtualization (UE-V), install and co
 
     With Windows 10, version 1607, UE-V is installed automatically. You need to enable the UE-V service on each user device you want to include in your UE-V environment.
 
-The topics in this section describe how to deploy these features.
+The articles in this section describe how to deploy these features.
 
 ## Deploy a UE-V Settings Storage Location
 
@@ -115,7 +115,7 @@ You can configure UE-V before, during, or after you enable the UE-V service on u
 
     Windows Server 2012 and Windows Server 2012 R2
 
--   [**Configuration Manager**](uev-configuring-uev-with-system-center-configuration-manager.md) The UE-V Configuration Pack lets you use the Compliance Settings feature of Microsoft Endpoint Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
+-   [**Configuration Manager**](uev-configuring-uev-with-system-center-configuration-manager.md) The UE-V Configuration Pack lets you use the Compliance Settings feature of Microsoft Configuration Manager to apply consistent configurations across sites where UE-V and Configuration Manager are installed.
 
 -   [**Windows PowerShell and WMI**](uev-administering-uev-with-windows-powershell-and-wmi.md) You can use scripted commands for Windows PowerShell and Windows Management Instrumentation (WMI) to modify the configuration of the UE-V service.
 
@@ -155,7 +155,7 @@ With Windows 10, version 1607 and later, the UE-V service is installed on user d
 
 
 
-## Related topics
+## Related articles
 
 [Prepare a UE-V deployment](uev-prepare-for-deployment.md)
 
diff --git a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
index 79d36471a0..901c9451d1 100644
--- a/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
+++ b/windows/configuration/ue-v/uev-deploy-uev-for-custom-applications.md
@@ -220,7 +220,7 @@ After you create a settings location template with the UE-V template generator,
 
 You can deploy settings location templates using of these methods:
 
--   An electronic software distribution (ESD) system such as Microsoft Endpoint Configuration Manager
+-   An electronic software distribution (ESD) system such as Microsoft Configuration Manager
 
 -   Group Policy preferences
 
diff --git a/windows/configuration/ue-v/uev-getting-started.md b/windows/configuration/ue-v/uev-getting-started.md
index 373021f144..825c7597c7 100644
--- a/windows/configuration/ue-v/uev-getting-started.md
+++ b/windows/configuration/ue-v/uev-getting-started.md
@@ -7,6 +7,7 @@ ms.date: 03/08/2018
 ms.reviewer: 
 manager: dougeby
 ms.author: aaroncz
+ms.technology: itpro-configure
 ---
 
 # Get Started with UE-V
diff --git a/windows/configuration/ue-v/uev-manage-configurations.md b/windows/configuration/ue-v/uev-manage-configurations.md
index 7bc1cfe1cd..6f44c3f7ea 100644
--- a/windows/configuration/ue-v/uev-manage-configurations.md
+++ b/windows/configuration/ue-v/uev-manage-configurations.md
@@ -24,11 +24,11 @@ You can use Group Policy Objects to modify the settings that define how UE-V syn
 
 [Configuring UE-V with Group Policy Objects](uev-configuring-uev-with-group-policy-objects.md)
 
-## Configuring UE-V with Microsoft Endpoint Configuration Manager
+## Configuring UE-V with Microsoft Configuration Manager
 
 You can use Microsoft Endpoint Configuration Manager to manage the UE-V service by using the UE-V Configuration Pack.
 
-[Configuring UE-V with Microsoft Endpoint Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md)
+[Configuring UE-V with Microsoft Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md)
 
 ## Administering UE-V with PowerShell and WMI
 
diff --git a/windows/configuration/ue-v/uev-prepare-for-deployment.md b/windows/configuration/ue-v/uev-prepare-for-deployment.md
index 0f6369634f..39acddadd3 100644
--- a/windows/configuration/ue-v/uev-prepare-for-deployment.md
+++ b/windows/configuration/ue-v/uev-prepare-for-deployment.md
@@ -16,7 +16,7 @@ ms.technology: itpro-configure
 **Applies to**
 -   Windows 10, version 1607
 
-Before you deploy User Experience Virtualization (UE-V), review this topic for important information about the type of deployment you're planning and for preparations you can make beforehand so that your deployment is successful. If you leave this page, be sure to come back and read through the planning information in this topic.
+Before you deploy User Experience Virtualization (UE-V), review this article for important information about the type of deployment you're planning and for preparations you can make beforehand so that your deployment is successful. If you leave this page, be sure to come back and read through the planning information in this article.
 
 ## Plan your UE-V deployment
 
@@ -50,11 +50,11 @@ The workflow diagram below illustrates a typical UE-V deployment and the decisio
 
 ### Planning a UE-V deployment 
 
-Review the following topics to determine which UE-V components you'll be deploying.
+Review the following articles to determine which UE-V components you'll be deploying.
 
 -   [Decide whether to synchronize settings for custom applications](#decide-whether-to-synchronize-settings-for-custom-applications)
 
-    If you want to synchronize settings for custom applications, you'll need to install the UE-V template generator. Use the generator to create custom settings location templates, which involves the following tasks:
+    If you want to synchronize settings for custom applications, you'll need to install the UE-V template generator. Use the generator to create custom settings location templates, which involve the following tasks:
 
     -   Review the [settings that are synchronized automatically in a UE-V deployment](#settings-automatically-synchronized-in-a-ue-v-deployment).
 
@@ -68,7 +68,7 @@ Review the following topics to determine which UE-V components you'll be deployi
 
 In a UE-V deployment, many settings are automatically synchronized. You can also customize UE-V to synchronize settings for other applications, such as line-of-business and third-party apps.
 
-Deciding if you want UE-V to synchronize settings for custom applications is an essential part of planning your UE-V deployment. The topics in this section will help you make that decision.
+Deciding if you want UE-V to synchronize settings for custom applications is an essential part of planning your UE-V deployment. The articles in this section will help you make that decision.
 
 ### Settings automatically synchronized in a UE-V deployment
 
@@ -153,11 +153,11 @@ As an administrator, when you consider which desktop applications to include in
 
 In general, you can synchronize settings that meet the following criteria:
 
--   Settings that are stored in user-accessible locations. For example, do not synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry.
+-   Settings that are stored in user-accessible locations. For example, don't synchronize settings that are stored in System32 or outside the HKEY\_CURRENT\_USER (HKCU) section of the registry.
 
--   Settings that are not specific to the particular device. For example, exclude network shortcuts or hardware configurations.
+-   Settings that aren't specific to the particular device. For example, exclude network shortcuts or hardware configurations.
 
--   Settings that can be synchronized between computers without risk of corrupted data. For example, do not use settings that are stored in a database file.
+-   Settings that can be synchronized between computers without risk of corrupted data. For example, don't use settings that are stored in a database file.
 
 ### Checklist for evaluating custom applications
 
@@ -200,7 +200,7 @@ Many enterprise applications, including Microsoft Outlook, Lync, and Skype for B
 
 UE-V can synchronize enterprise credentials, but doesn't roam credentials intended only for use on the local device.
 
-Credentials are synchronous settings, meaning that they're applied to users' profiles the first time they log on to their devices after UE-V synchronizes.
+Credentials are synchronous settings, meaning that they're applied to users' profiles the first time they sign in to their devices after UE-V synchronizes.
 
 Credentials synchronization is managed by its own settings location template, which is disabled by default. You can enable or disable this template through the same methods used for other templates. The template identifier for this feature is RoamingCredentialSettings.
 
@@ -233,7 +233,7 @@ Copy
 
 3.  If this policy is enabled, you can enable credentials synchronization by checking the **Roaming Credentials** check box, or disable credentials synchronization by unchecking it.
 
-4.  Click **OK**.
+4.  Select **OK**.
 
 ### Credential locations synchronized by UE-V
 
@@ -265,9 +265,9 @@ For more information, see the [Windows Application List](uev-managing-settings-l
 
 If you're deploying UE-V to synchronize settings for custom applications, you’ll use the UE-V template generator to create custom settings location templates for those desktop applications. After you create and test a custom settings location template in a test environment, you can deploy the settings location templates to user devices.
 
-Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including Microsoft Endpoint Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell.
+Custom settings location templates must be deployed with an existing deployment infrastructure, such as an enterprise software distribution method, including Microsoft Configuration Manager, with preferences, or by configuring a UE-V settings template catalog. Templates that are deployed with Configuration Manager or Group Policy must be registered using UE-V WMI or Windows PowerShell.
 
-For more information about custom settings location templates, see [Deploy UE-V with custom applications](uev-deploy-uev-for-custom-applications.md). For more information about using UE-V with Configuration Manager, see [Configuring UE-V with Microsoft Endpoint Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md).
+For more information about custom settings location templates, see [Deploy UE-V with custom applications](uev-deploy-uev-for-custom-applications.md). For more information about using UE-V with Configuration Manager, see [Configuring UE-V with Microsoft Configuration Manager](uev-configuring-uev-with-system-center-configuration-manager.md).
 
 ### Prevent unintentional user settings configuration
 
@@ -275,7 +275,7 @@ UE-V downloads new user settings information from a settings storage location an
 
 -   Each time an application is started that has a registered UE-V template
 
--   When a user logs on to a device
+-   When a user signs in to a device
 
 -   When a user unlocks a device
 
@@ -305,7 +305,7 @@ The UE-V settings storage location and settings template catalog support storing
 
 -   Format the storage volume with an NTFS file system.
 
--   The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) is not supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
+-   The share can use Distributed File System (DFS) replication, but Distributed File System Replication (DFSR) isn't supported. Distributed File System Namespaces (DFSN) are supported. For detailed information, see:
 
     - [Deploying Roaming User Profiles](/windows-server/storage/folder-redirection/deploy-roaming-user-profiles)
     
@@ -360,7 +360,7 @@ The UE-V service synchronizes user settings for devices that aren't always conne
 
 Enable this configuration using one of these methods:
 
-- After you enable the UE-V service, use the Settings Management feature in Microsoft Endpoint Manager or the UE-V ADMX templates (installed with Windows 10, version 1607) to push the SyncMethod = None configuration.
+- After you enable the UE-V service, use the Settings Management feature in Microsoft Configuration Manager or the UE-V ADMX templates (installed with Windows 10, version 1607) to push the SyncMethod = None configuration.
 
 - Use Windows PowerShell or Windows Management Instrumentation (WMI) to set the SyncMethod = None configuration.
 
diff --git a/windows/configuration/wcd/wcd-networkqospolicy.md b/windows/configuration/wcd/wcd-networkqospolicy.md
index 84d67d3ede..50a9d20da9 100644
--- a/windows/configuration/wcd/wcd-networkqospolicy.md
+++ b/windows/configuration/wcd/wcd-networkqospolicy.md
@@ -21,7 +21,7 @@ Use to create network Quality of Service (QoS) policies. A QoS policy performs a
 | --- | :---: | :---: | :---: | :---: |
 | All settings |   | ✔️ |  |  |
 
-1. In **Available customizations**, select **NetworkQ0SPolicy**, enter a friendly name for the account, and then click **Add**.
+1. In **Available customizations**, select **NetworkQoSPolicy**, enter a friendly name for the account, and then click **Add**.
 2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. 
 
 | Setting | Description |
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index c89317ccc0..2356b68241 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -182,129 +182,131 @@
               href: update/waas-wufb-group-policy.md
             - name: 'Walkthrough: use Intune to configure Windows Update for Business'
               href: update/deploy-updates-intune.md
-        - name: Monitor Windows client updates
+    - name: Monitor
+      items:
+      - name: Windows Update for Business reports (preview)
+        items:
+        - name: Windows Update for Business reports overview
+          href: update/wufb-reports-overview.md     
+        - name: Enable Windows Update for Business reports (preview)
+          items: 
+          - name: Windows Update for Business reports prerequisites
+            href: update/wufb-reports-prerequisites.md
+          - name: Enable Windows Update for Business reports
+            href: update/wufb-reports-enable.md                                
+          - name: Configure clients with a script
+            href: update/wufb-reports-configuration-script.md
+          - name: Configure clients manually
+            href: update/wufb-reports-configuration-manual.md
+          - name: Configure clients with Microsoft Intune
+            href: update/wufb-reports-configuration-intune.md 
+        - name: Use Windows Update for Business reports (preview)
           items:
-          - name: Monitor with Update Compliance (preview version)
-            items:
-            - name: Update Compliance overview
-              href: update/update-compliance-v2-overview.md     
-            - name: Enable Update Compliance (preview)
-              items: 
-              - name: Update Compliance prerequisites
-                href: update/update-compliance-v2-prerequisites.md
-              - name: Enable the Update Compliance solution
-                href: update/update-compliance-v2-enable.md                                
-              - name: Configure clients with a script
-                href: update/update-compliance-v2-configuration-script.md
-              - name: Configure clients manually
-                href: update/update-compliance-v2-configuration-manual.md
-              - name: Configure clients with Microsoft Endpoint Manager
-                href: update/update-compliance-v2-configuration-mem.md 
-            - name: Use Update Compliance (preview)
-              items:
-              - name: Update Compliance workbook
-                href: update/update-compliance-v2-workbook.md
-              - name: Software updates in the Microsoft admin center (preview)
-                href: update/update-status-admin-center.md                                
-              - name: Use Update Compliance data
-                href: update/update-compliance-v2-use.md                                
-              - name: Feedback, support, and troubleshooting 
-                href: update/update-compliance-v2-help.md                                               
-            - name: Update Compliance schema reference (preview)
-              items:
-              - name: Update Compliance schema reference
-                href: update/update-compliance-v2-schema.md
-              - name: UCClient
-                href: update/update-compliance-v2-schema-ucclient.md
-              - name: UCClientReadinessStatus
-                href: update/update-compliance-v2-schema-ucclientreadinessstatus.md               
-              - name: UCClientUpdateStatus
-                href: update/update-compliance-v2-schema-ucclientupdatestatus.md
-              - name: UCDeviceAlert
-                href: update/update-compliance-v2-schema-ucdevicealert.md                                
-              - name: UCServiceUpdateStatus
-                href: update/update-compliance-v2-schema-ucserviceupdatestatus.md
-              - name: UCUpdateAlert
-                href: update/update-compliance-v2-schema-ucupdatealert.md                                                                         
-          - name: Monitor updates with Update Compliance
-            href: update/update-compliance-monitor.md
-            items:
-            - name: Get started
-              items: 
-              - name: Get started with Update Compliance
-                href: update/update-compliance-get-started.md
-              - name: Update Compliance configuration script
-                href: update/update-compliance-configuration-script.md
-              - name: Manually configuring devices for Update Compliance
-                href: update/update-compliance-configuration-manual.md
-              - name: Configuring devices for Update Compliance in Microsoft Endpoint Manager
-                href: update/update-compliance-configuration-mem.md
-            - name: Update Compliance monitoring
-              items: 
-              - name: Use Update Compliance
-                href: update/update-compliance-using.md
-              - name: Need attention report
-                href: update/update-compliance-need-attention.md
-              - name: Security update status report
-                href: update/update-compliance-security-update-status.md
-              - name: Feature update status report
-                href: update/update-compliance-feature-update-status.md
-              - name: Safeguard holds report
-                href: update/update-compliance-safeguard-holds.md
-              - name: Delivery Optimization in Update Compliance
-                href: update/update-compliance-delivery-optimization.md
-              - name: Data handling and privacy in Update Compliance
-                href: update/update-compliance-privacy.md
-            - name: Schema reference
-              items:
-              - name: Update Compliance schema reference
-                href: update/update-compliance-schema.md
-              - name: WaaSUpdateStatus
-                href: update/update-compliance-schema-waasupdatestatus.md
-              - name: WaaSInsiderStatus
-                href: update/update-compliance-schema-waasinsiderstatus.md
-              - name: WaaSDeploymentStatus
-                href: update/update-compliance-schema-waasdeploymentstatus.md
-              - name: WUDOStatus
-                href: update/update-compliance-schema-wudostatus.md
-              - name: WUDOAggregatedStatus
-                href: update/update-compliance-schema-wudoaggregatedstatus.md
-        - name: Troubleshooting
+          - name: Windows Update for Business reports workbook
+            href: update/wufb-reports-workbook.md
+          - name: Software updates in the Microsoft 365 admin center
+            href: update/wufb-reports-admin-center.md                                
+          - name: Use Windows Update for Business reports data
+            href: update/wufb-reports-use.md                                
+          - name: Feedback, support, and troubleshooting 
+            href: update/wufb-reports-help.md                                               
+        - name: Windows Update for Business reports (preview) schema reference
           items:
-            - name: Resolve upgrade errors
-              items:
-                - name: Resolve Windows client upgrade errors
-                  href: upgrade/resolve-windows-10-upgrade-errors.md
-                - name: Quick fixes
-                  href: /troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-                - name: SetupDiag
-                  href: upgrade/setupdiag.md
-                - name: Troubleshooting upgrade errors
-                  href: /troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-                - name: Windows error reporting
-                  href: upgrade/windows-error-reporting.md
-                - name: Upgrade error codes
-                  href: /troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-                - name: Log files
-                  href: upgrade/log-files.md
-                - name: Resolution procedures
-                  href: /troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-                - name: Submit Windows client upgrade errors
-                  href: upgrade/submit-errors.md
-            - name: Troubleshoot Windows Update
-              items:
-                - name: How to troubleshoot Windows Update
-                  href: /troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-                - name: Opt out of safeguard holds
-                  href: update/safeguard-opt-out.md
-                - name: Determine the source of Windows Updates
-                  href: ./update/how-windows-update-works.md
-                - name: Common Windows Update errors
-                  href: /troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
-                - name: Windows Update error code reference
-                  href: update/windows-update-error-reference.md
-                - name: Troubleshoot the Windows Update for Business deployment service
-                  href: update/deployment-service-troubleshoot.md
+          - name: Windows Update for Business reports schema reference
+            href: update/wufb-reports-schema.md
+          - name: UCClient
+            href: update/wufb-reports-schema-ucclient.md
+          - name: UCClientReadinessStatus
+            href: update/wufb-reports-schema-ucclientreadinessstatus.md               
+          - name: UCClientUpdateStatus
+            href: update/wufb-reports-schema-ucclientupdatestatus.md
+          - name: UCDeviceAlert
+            href: update/wufb-reports-schema-ucdevicealert.md                                
+          - name: UCServiceUpdateStatus
+            href: update/wufb-reports-schema-ucserviceupdatestatus.md
+          - name: UCUpdateAlert
+            href: update/wufb-reports-schema-ucupdatealert.md                                                                         
+      - name: Monitor updates with Update Compliance
+        href: update/update-compliance-monitor.md
+        items:
+        - name: Get started
+          items: 
+          - name: Get started with Update Compliance
+            href: update/update-compliance-get-started.md
+          - name: Update Compliance configuration script
+            href: update/update-compliance-configuration-script.md
+          - name: Manually configuring devices for Update Compliance
+            href: update/update-compliance-configuration-manual.md
+          - name: Configuring devices for Update Compliance in Microsoft Intune
+            href: update/update-compliance-configuration-mem.md
+        - name: Update Compliance monitoring
+          items: 
+          - name: Use Update Compliance
+            href: update/update-compliance-using.md
+          - name: Need attention report
+            href: update/update-compliance-need-attention.md
+          - name: Security update status report
+            href: update/update-compliance-security-update-status.md
+          - name: Feature update status report
+            href: update/update-compliance-feature-update-status.md
+          - name: Safeguard holds report
+            href: update/update-compliance-safeguard-holds.md
+          - name: Delivery Optimization in Update Compliance
+            href: update/update-compliance-delivery-optimization.md
+          - name: Data handling and privacy in Update Compliance
+            href: update/update-compliance-privacy.md
+        - name: Schema reference
+          items:
+          - name: Update Compliance schema reference
+            href: update/update-compliance-schema.md
+          - name: WaaSUpdateStatus
+            href: update/update-compliance-schema-waasupdatestatus.md
+          - name: WaaSInsiderStatus
+            href: update/update-compliance-schema-waasinsiderstatus.md
+          - name: WaaSDeploymentStatus
+            href: update/update-compliance-schema-waasdeploymentstatus.md
+          - name: WUDOStatus
+            href: update/update-compliance-schema-wudostatus.md
+          - name: WUDOAggregatedStatus
+            href: update/update-compliance-schema-wudoaggregatedstatus.md
+    - name: Troubleshooting
+      items:
+      - name: Resolve upgrade errors
+        items:
+        - name: Resolve Windows client upgrade errors
+          href: upgrade/resolve-windows-10-upgrade-errors.md
+        - name: Quick fixes
+          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-quick-fixes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+        - name: SetupDiag
+          href: upgrade/setupdiag.md
+        - name: Troubleshooting upgrade errors
+          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+        - name: Windows error reporting
+          href: upgrade/windows-error-reporting.md
+        - name: Upgrade error codes
+          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+        - name: Log files
+          href: upgrade/log-files.md
+        - name: Resolution procedures
+          href: /troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+        - name: Submit Windows client upgrade errors
+          href: upgrade/submit-errors.md
+      - name: Troubleshoot Windows Update
+        items:
+        - name: How to troubleshoot Windows Update
+          href: /troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+        - name: Opt out of safeguard holds
+          href: update/safeguard-opt-out.md
+        - name: Determine the source of Windows Updates
+          href: ./update/how-windows-update-works.md
+        - name: Windows Update security
+          href: ./update/windows-update-security.md                  
+        - name: Common Windows Update errors
+          href: /troubleshoot/windows-client/deployment/common-windows-update-errors?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json
+        - name: Windows Update error code reference
+          href: update/windows-update-error-reference.md
+        - name: Troubleshoot the Windows Update for Business deployment service
+          href: update/deployment-service-troubleshoot.md
 
     - name: Reference
       items:
@@ -434,7 +436,7 @@
         
                 - name: User State Migration Tool (USMT) technical reference
                   items:
-                    - name: USMT overview topics
+                    - name: USMT overview articles
                       items:
                         - name: USMT overview
                           href: usmt/usmt-overview.md
@@ -442,7 +444,7 @@
                           href: usmt/getting-started-with-the-user-state-migration-tool.md
                         - name: Windows upgrade and migration considerations
                           href: upgrade/windows-upgrade-and-migration-considerations.md
-                    - name: USMT How-to topics
+                    - name: USMT How-to articles
                       items:
                         - name: Exclude Files and Settings
                           href: usmt/usmt-exclude-files-and-settings.md
diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md
index 48390d04f2..bdcc134152 100644
--- a/windows/deployment/Windows-AutoPilot-EULA-note.md
+++ b/windows/deployment/Windows-AutoPilot-EULA-note.md
@@ -3,12 +3,13 @@ title: Windows Autopilot EULA dismissal – important information
 description: A notice about EULA dismissal through Windows Autopilot
 ms.prod: windows-client
 ms.localizationpriority: medium
-ms.date: 08/22/2017
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+ms.date: 10/31/2022
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ROBOTS: NOINDEX
 ms.topic: article
+ms.technology: itpro-deploy
 ---
 # Windows Autopilot EULA dismissal – important information
 
diff --git a/windows/deployment/add-store-apps-to-image.md b/windows/deployment/add-store-apps-to-image.md
index 390625d732..ac883e80a0 100644
--- a/windows/deployment/add-store-apps-to-image.md
+++ b/windows/deployment/add-store-apps-to-image.md
@@ -3,21 +3,23 @@ title: Add Microsoft Store for Business applications to a Windows 10 image
 description: This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
+author: frankroj
+ms.author: frankroj
 ms.reviewer: 
-manager: dougeby
+manager: aaroncz
 ms.topic: article
 ms.custom: seo-marvel-apr2020
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # Add Microsoft Store for Business applications to a Windows 10 image
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-This topic describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. This will enable you to deploy Windows 10 with pre-installed Microsoft Store for Business apps.
+This article describes the correct way to add Microsoft Store for Business applications to a Windows 10 image. Adding Microsoft Store for Business applications to a Windows 10 image will enable you to deploy Windows 10 with pre-installed Microsoft Store for Business apps.
 
 >[!IMPORTANT]
 >In order for Microsoft Store for Business applications to persist after image deployment, these applications need to be pinned to Start prior to image deployment.
@@ -66,10 +68,9 @@ Now, on the machine where your image file is accessible:
 >[!NOTE]
 >Paths and file names are examples. Use your paths and file names where appropriate.
 >
->For more information on Start customization see [Windows 10 Start Layout Customization](/archive/blogs/deploymentguys/windows-10-start-layout-customization)
+>For more information on Start customization, see [Windows 10 Start Layout Customization](/archive/blogs/deploymentguys/windows-10-start-layout-customization)
 
-
-## Related topics
+## Related articles
 * [Customize and export Start layout](/windows/configuration/customize-and-export-start-layout)
 * [Export-StartLayout](/powershell/module/startlayout/export-startlayout)
 * [Import-StartLayout](/powershell/module/startlayout/import-startlayout)
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index eb2f941cfa..0ee1248e7e 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -1,13 +1,15 @@
 ---
 title: Configure a PXE server to load Windows PE (Windows 10)
-description: This topic describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
+description: This article describes how to configure a PXE server to load Windows PE so that it can be used with an image file to install Windows 10 from the network.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
-manager: dougeby
-ms.author: aaroncz
+author: frankroj
+manager: aaroncz
+ms.author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # Configure a PXE server to load Windows PE
@@ -16,11 +18,11 @@ ms.custom: seo-marvel-apr2020
 
 -   Windows 10
 
-This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
+This walkthrough describes how to configure a PXE server to load Windows PE by booting a client computer from the network. Using the Windows PE tools and a Windows 10 image file, you can install Windows 10 from the network.
 
 ## Prerequisites
 
-- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) and the Windows PE add-on with ADK installed.
+- A deployment computer: A computer with the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) and the Windows PE add-on with ADK installed.
 - A DHCP server: A DHCP server or DHCP proxy configured to respond to PXE client requests is required.
 - A PXE server: A server running the TFTP service that can host Windows PE boot files that the client will download.
 - A file server: A server hosting a network file share.
@@ -29,11 +31,11 @@ All four of the roles specified above can be hosted on the same computer or each
 
 ## Step 1: Copy Windows PE source files
 
-1. On the deployment computer, click **Start**, and type **deployment**.
+1. On the deployment computer, select **Start**, and type **deployment**.
 
-2. Right-click **Deployment and Imaging Tools Environment** and then click **Run as administrator**. The Deployment and Imaging Tools Environment shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools.
+2. Right-click **Deployment and Imaging Tools Environment** and then select **Run as administrator**. The Deployment and Imaging Tools Environment shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools.
 
-3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. The value of **&lt;architecture&gt;** can be **x86**, **amd64**, or **arm** and **&lt;destination&gt;** is a path to a local directory. If the directory doesn't already exist, it will be created.
+3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. The value of **&lt;architecture&gt;** can be **x86**, **amd64**, or **arm** and **&lt;destination&gt;** is a path to a local directory. If the directory doesn't already exist, it will be created.
 
     ```
     copype.cmd <architecture> <destination>
@@ -53,7 +55,7 @@ All four of the roles specified above can be hosted on the same computer or each
     C:\winpe_amd64\media
     C:\winpe_amd64\mount
     ```
-4. Mount the base Windows PE image (winpe.wim) to the \mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. See the following example.
+4. Mount the base Windows PE image (winpe.wim) to the \mount directory using the DISM tool. Mounting an image file unpacks the file contents into a folder so that you can make changes directly or by using tools such as DISM. See the following example.
 
     ```
     Dism /mount-image /imagefile:c:\winpe_amd64\media\sources\boot.wim /index:1 /mountdir:C:\winpe_amd64\mount
@@ -77,7 +79,7 @@ All four of the roles specified above can be hosted on the same computer or each
     ```
     copy C:\winpe_amd64\media\boot\boot.sdi y:\Boot
     ```
-8.  Copy the bootable Windows PE image (boot.wim) to the \boot folder.
+8.  Copy the bootable Windows PE image (boot.wim) to the \boot folder.
 
     ```
     copy C:\winpe_amd64\media\sources\boot.wim y:\Boot
@@ -109,7 +111,7 @@ All four of the roles specified above can be hosted on the same computer or each
     ```
     Copy this GUID for use in the next set of commands. In each command shown, replace "GUID1" with your GUID.
 
-3.  Create a new boot application entry for the Windows PE image:
+3.  Create a new boot application entry for the Windows PE image:
 
     ```
     bcdedit /store c:\BCD /set {GUID1} device ramdisk=[boot]\Boot\boot.wim,{ramdiskoptions} 
@@ -173,14 +175,13 @@ The following process summarizes the PXE client boot.
 1.  A client is directed by DHCP options 066 and 067 to download boot\\PXEboot.n12 from the TFTP server.
 2.  PXEboot.n12 immediately begins a network boot.
 3.  The client downloads boot\\bootmgr.exe and the boot\\BCD file from the TFTP server. Note: The BCD store must reside in the \\boot directory on the TFTP server and must be named BCD.
-5.  Bootmgr.exe reads the BCD operating system entries and downloads boot\\boot.sdi and the Windows PE image (boot\\boot.wim). Optional files that can also be downloaded include true type fonts (boot\\Fonts\\wgl4\_boot.ttf) and the hibernation state file (\\hiberfil.sys) if these files are present.
-6.  Bootmgr.exe starts Windows PE by calling winload.exe within the Windows PE image.
+5.  Bootmgr.exe reads the BCD operating system entries and downloads boot\\boot.sdi and the Windows PE image (boot\\boot.wim). Optional files that can also be downloaded include true type fonts (boot\\Fonts\\wgl4\_boot.ttf) and the hibernation state file (\\hiberfil.sys) if these files are present.
+6.  Bootmgr.exe starts Windows PE by calling winload.exe within the Windows PE image.
 7.  Windows PE loads, a command prompt opens and wpeinit.exe is run to initialize Windows PE.
 8.  The Windows PE client provides access to tools like imagex, diskpart, and bcdboot using the Windows PE command prompt. With the help of these tools accompanied by a Windows 10 image file, the destination computer can be formatted properly to load a full Windows 10 operating system.
 
 ## See Also 
 
-
 ### Concepts
 
 [Windows PE Walkthroughs](/previous-versions/windows/it-pro/windows-vista/cc748899(v=ws.10))
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index 936f2a92f6..b3dd2899ed 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -1,9 +1,9 @@
 ---
 title: Deploy Windows Enterprise licenses
 description: Steps to deploy Windows 10 Enterprise or Windows 11 Enterprise licenses for Windows Enterprise E3 or E5 subscription activation, or for Windows Enterprise E3 in CSP.
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
@@ -12,6 +12,7 @@ ms.collection: highpri
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.date: 10/31/2022
 ---
 
 # Deploy Windows Enterprise licenses
@@ -227,7 +228,7 @@ Figure 11 illustrates a device on which the Windows 10 Pro is activated, but the
 
 Figure 11: Windows 10 Enterprise subscription lapsed or removed in Settings.
 
-It displays the following error: "Windows 10 Enterprise subscription is not valid."
+It displays the following error: "Windows 10 Enterprise subscription isn't valid."
 
 #### Device that's not activated and without an Enterprise subscription
 
@@ -287,7 +288,7 @@ If a device isn't able to connect to Windows Update, it can lose activation stat
 
 - Make sure that the device doesn't have the following registry value: `HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations = 1 (REG_DWORD)`. If this registry value exists, it must be set to `0`.
 
-- Make sure that the following group policy setting is **disabled**: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Do not connect to any Windows Update Internet locations.
+- Make sure that the following group policy setting is **disabled**: Computer Configuration > Administrative Templates > Windows Components > Windows Update > Don't connect to any Windows Update Internet locations.
 
 ## Virtual Desktop Access (VDA)
 
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index 0cc0e0574d..f7574e0d11 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -1,24 +1,26 @@
 ---
 title: Deploy Windows 10 with Microsoft 365
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: Learn about deploying Windows 10 with Microsoft 365 and how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.collection: M365-modern-desktop
 ms.custom: seo-marvel-apr2020
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # Deploy Windows 10 with Microsoft 365
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-This topic provides a brief overview of Microsoft 365 and describes how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
+This article provides a brief overview of Microsoft 365 and describes how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
 
 [Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS). See the [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster) for an overview.
 
@@ -27,8 +29,8 @@ For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor
 - Windows Autopilot
 - In-place upgrade
 - Deploying Windows 10 upgrade with Intune
-- Deploying Windows 10 upgrade with Microsoft Endpoint Configuration Manager
-- Deploying a computer refresh with Microsoft Endpoint Configuration Manager
+- Deploying Windows 10 upgrade with Microsoft Configuration Manager
+- Deploying a computer refresh with Microsoft Configuration Manager
 
 ## Free trial account
 
@@ -49,12 +51,14 @@ You can check out the Microsoft 365 deployment advisor and other resources for f
 2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
 3. Also check out the [Windows Analytics deployment advisor](/mem/configmgr/desktop-analytics/overview). This advisor will walk you through deploying [Desktop Analytics](/mem/configmgr/desktop-analytics/overview). 
 
-That's all there's to it! 
-
 Examples of these two deployment advisors are shown below.
 
-- [Microsoft 365 deployment advisor example](#microsoft-365-deployment-advisor-example)
-- [Windows Analytics deployment advisor example](#windows-analytics-deployment-advisor-example)
+- [Deploy Windows 10 with Microsoft 365](#deploy-windows-10-with-microsoft-365)
+  - [Free trial account](#free-trial-account)
+  - [Microsoft 365 deployment advisor example](#microsoft-365-deployment-advisor-example)
+  - [Windows Analytics deployment advisor example](#windows-analytics-deployment-advisor-example)
+  - [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster)
+  - [Related articles](#related-articles)
 
 ## Microsoft 365 deployment advisor example
 ![Microsoft 365 deployment advisor.](images/m365da.png)
@@ -66,7 +70,7 @@ Examples of these two deployment advisors are shown below.
 
 [![Microsoft 365 Enterprise poster.](images/m365e.png)](https://aka.ms/m365eposter)
 
-## Related Topics
+## Related articles
 
 [Windows 10 deployment scenarios](windows-10-deployment-scenarios.md)<br>
 [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home)
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index 19b303e0b4..170984a53f 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -1,14 +1,16 @@
 ---
 title: What's new in Windows client deployment
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: Use this article to learn about new solutions and online content related to deploying Windows in your organization.
 ms.localizationpriority: medium
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.collection: highpri
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # What's new in Windows client deployment
@@ -17,9 +19,7 @@ ms.collection: highpri
 - Windows 10
 - Windows 11
 
-## In this topic
-
-This topic provides an overview of new solutions and online content related to deploying Windows client in your organization.
+This article provides an overview of new solutions and online content related to deploying Windows client in your organization.
 
 - For an all-up overview of new features in Windows 10, see [What's new in Windows 10](/windows/whats-new/index).
 
@@ -41,7 +41,7 @@ The [Windows ADK for Windows 11](/windows-hardware/get-started/adk-install) is a
 [SetupDiag](#setupdiag) is included with Windows 10, version 2004 and later, and Windows 11.<br>
 New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).<br>
 VPN support is added to [Windows Autopilot](#windows-autopilot)<br>
-An in-place upgrade wizard is available in [Configuration Manager](#microsoft-endpoint-configuration-manager).<br>
+An in-place upgrade wizard is available in [Configuration Manager](#microsoft-configuration-manager).<br>
 The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with more content added and more content coming soon.<br>
 
 ## The Modern Desktop Deployment Center
@@ -63,14 +63,14 @@ See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, whic
 
 Windows PowerShell cmdlets for Delivery Optimization have been improved:
 
-- **Get-DeliveryOptimizationStatus** has added the  **-PeerInfo** option for a real-time peak behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
+- **Get-DeliveryOptimizationStatus** has added the  **-PeerInfo** option for a real-time peek behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
 - **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
 - **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to help in troubleshooting.
 
 Other improvements in [Delivery Optimization](./do/waas-delivery-optimization.md) include:
 - Enterprise network [throttling is enhanced](/windows-insider/archive/new-for-business#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling.
 - Automatic cloud-based congestion detection is available for PCs with cloud service support.
-- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These policies now support Microsoft 365 Apps for enterprise updates and Intune content, with Microsoft Endpoint Manager content coming soon!
+- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These policies now support Microsoft 365 Apps for enterprise updates and Intune content.
 
 The following Delivery Optimization policies are removed in the Windows 10, version 2004 release:
 
@@ -89,7 +89,7 @@ The following Delivery Optimization policies are removed in the Windows 10, vers
 
 - [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically sign in as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
 - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
-- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and run normally.
+- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
 - **Pause updates**: We've extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you'll need to update your device before pausing again.
 - **Improved update notifications**: When there's an update requiring you to restart your device, you'll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
 - **Intelligent active hours**: To further enhance active hours, users now can let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
@@ -125,7 +125,7 @@ The following Windows Autopilot features are available in Windows 10, version 19
 - Windows Autopilot is self-updating during OOBE. From Windows 10 onward, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
 - Windows Autopilot will set the [diagnostics data](/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
 
-### Microsoft Endpoint Configuration Manager
+### Microsoft Configuration Manager
 
 An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
 
@@ -133,7 +133,7 @@ An in-place upgrade wizard is available in Configuration Manager. For more infor
 
 Windows 10 Education support has been added to Windows 10 Subscription Activation.
 
-With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions – Windows 10 Education. For more information, see [Windows 10 Subscription Activation](./windows-10-subscription-activation.md).
+With Windows 10, version 1903, you can step up from Windows 10 Pro Education to the enterprise-grade edition for educational institutions - Windows 10 Education. For more information, see [Windows 10 Subscription Activation](./windows-10-subscription-activation.md).
 
 ### SetupDiag
 
@@ -151,12 +151,11 @@ Upgrade Readiness helps you ensure that applications and drivers are ready for a
 
 The development of Upgrade Readiness has been heavily influenced by input from the community; the development of new features is ongoing. To begin using Upgrade Readiness, add it to an existing Operation Management Suite (OMS) workspace or sign up for a new OMS workspace with the Upgrade Readiness solution enabled.
 
-For more information about Upgrade Readiness, see the following topics:
+For more information about Upgrade Readiness, see the following articles:
 
 - [Windows Analytics blog](https://aka.ms/blog/WindowsAnalytics/)
 - [Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview)
 
-
 ### Update Compliance
 
 Update Compliance helps you to keep Windows 10 devices in your organization secure and up-to-date.
@@ -203,13 +202,13 @@ For more information, see the following guides:
 
 - [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
 - [Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit](windows-10-poc-mdt.md)
-- [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
+- [Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
 
 ## Troubleshooting guidance
 
-[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The topic provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.
+[Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) was published in October of 2016 and will continue to be updated with new fixes. The article provides a detailed explanation of the Windows 10 upgrade process and instructions on how to locate, interpret, and resolve specific errors that can be encountered during the upgrade process.
 
-## Related topics
+## Related articles
 
 [Overview of Windows as a service](update/waas-overview.md)<br>
 [Windows 10 deployment considerations](planning/windows-10-deployment-considerations.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/TOC.yml b/windows/deployment/deploy-windows-cm/TOC.yml
index f47a156a14..13d898e1b5 100644
--- a/windows/deployment/deploy-windows-cm/TOC.yml
+++ b/windows/deployment/deploy-windows-cm/TOC.yml
@@ -1,4 +1,4 @@
-- name: Deploy Windows 10 with Microsoft Endpoint Configuration Manager
+- name: Deploy Windows 10 with Microsoft Configuration Manager
   items: 
     - name: Prepare for Windows 10 deployment with Configuration Manager
       items: 
diff --git a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
index 6836f336bb..c723dc30ae 100644
--- a/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-a-windows-10-operating-system-image-using-configuration-manager.md
@@ -2,23 +2,24 @@
 title: Add a Windows 10 operating system image using Configuration Manager
 description: Operating system images are typically the production image used for deployment throughout the organization.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Add a Windows 10 operating system image using Configuration Manager
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-Operating system images are typically the production image used for deployment throughout the organization. This topic shows you how to add a Windows 10 operating system image created with Microsoft Endpoint Configuration Manager, and how to distribute the image to a distribution point.
+Operating system images are typically the production image used for deployment throughout the organization. This article shows you how to add a Windows 10 operating system image created with Microsoft Configuration Manager, and how to distribute the image to a distribution point.
 
 ## Infrastructure
 
@@ -40,22 +41,22 @@ An existing Configuration Manager infrastructure that is integrated with MDT is
 
     ![figure 17.](../images/ref-image.png)
 
-    The Windows 10 image being copied to the Sources folder structure.
+    The Windows 10 image being copied to the Sources folder structure.
 
 3.  Using the Configuration Manager Console, in the Software Library workspace, right-click **Operating System Images**, and select **Add Operating System Image**.
-4.  On the **Data Source** page, in the **Path:** text box, browse to \\\\CM01\\Sources$\\OSD\\OS\\Windows 10 Enterprise x64 RTM\\REFW10-X64-001.wim, select x64 next to Architecture and choose a language, then click **Next**.
-5.  On the **General** page, assign the name Windows 10 Enterprise x64 RTM, click **Next** twice, and then click **Close**.
-6.  Distribute the operating system image to the CM01 distribution point by right-clicking the **Windows 10 Enterprise x64 RTM** operating system image and then clicking **Distribute Content**.
-7.  In the Distribute Content Wizard, add the CM01 distribution point, click **Next** and click **Close**.
-8.  View the content status for the Windows 10 Enterprise x64 RTM package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
+4.  On the **Data Source** page, in the **Path:** text box, browse to \\\\CM01\\Sources$\\OSD\\OS\\Windows 10 Enterprise x64 RTM\\REFW10-X64-001.wim, select x64 next to Architecture and choose a language, then select **Next**.
+5.  On the **General** page, assign the name Windows 10 Enterprise x64 RTM, select **Next** twice, and then select **Close**.
+6.  Distribute the operating system image to the CM01 distribution point by right-clicking the **Windows 10 Enterprise x64 RTM** operating system image and then clicking **Distribute Content**.
+7.  In the Distribute Content Wizard, add the CM01 distribution point, select **Next** and select **Close**.
+8.  View the content status for the Windows 10 Enterprise x64 RTM package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
 
     ![figure 18.](../images/fig18-distwindows.png)
 
-    The distributed Windows 10 Enterprise x64 RTM package.
+    The distributed Windows 10 Enterprise x64 RTM package.
 
 Next, see [Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md). 
 
-## Related topics
+## Related articles
 
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
index cc5a8040ad..7dfcbe25b8 100644
--- a/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md
@@ -2,23 +2,24 @@
 title: Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
 description: Learn how to configure the Windows Preinstallation Environment (Windows PE) to include required network and storage drivers.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager
 
 **Applies to**
 
-- Windows 10
+- Windows 10
 
-In this topic, you'll learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it's likely you'll have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
+In this article, you'll learn how to configure the Windows Preinstallation Environment (Windows PE) to include the network drivers required to connect to the deployment share and the storage drivers required to see the local storage on machines. Even though the Windows PE boot image and the Windows 10 operating system contain many out-of-the-box drivers, it's likely you'll have to add new or updated drivers to support all your hardware. In this section, you import drivers for both Windows PE and the full Windows 10 operating system.
 
 For the purposes of this guide, we'll use one server computer: CM01.
 - CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.  
@@ -41,12 +42,12 @@ Driver folder structure on CM01
 On **CM01**:
 
 1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click the **Drivers** node and select **Import Driver**.
-2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and click **Next**.
-3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **WinPE x64**, and then click **Next**.
-4. On the **Select the packages to add the imported driver** page, click **Next**.
-5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image and click **Next**.
-6. In the popup window that appears, click **Yes** to automatically update the distribution point.
-7. Click **Next**, wait for the image to be updated, and then click **Close**.
+2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\WinPE x64** folder and select **Next**.
+3. On the **Specify the details for the imported driver** page, select **Categories**, create a category named **WinPE x64**, and then select **Next**.
+4. On the **Select the packages to add the imported driver** page, select **Next**.
+5. On the **Select drivers to include in the boot image** page, select the **Zero Touch WinPE x64** boot image and select **Next**.
+6. In the popup window that appears, select **Yes** to automatically update the distribution point.
+7. Select **Next**, wait for the image to be updated, and then select **Close**.
 
   ![Add drivers to Windows PE step 1.](../images/fig21-add-drivers1.png)<br>
   ![Add drivers to Windows PE step 2.](../images/fig21-add-drivers2.png)<br>
@@ -68,15 +69,15 @@ Driver folder structure on CM01
 On **CM01**:
 
 1. Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click the **Drivers** node and select **Import Driver**.
-2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder and click **Next**. Wait a minute for driver information to be validated.
-3. On the **Specify the details for the imported driver** page, click **Categories**, create a category named **Windows 10 x64 - HP EliteBook 8560w**, click **OK**, and then click **Next**.
+2. In the Import New Driver Wizard, on the **Specify a location to import driver** page, select the **Import all drivers in the following network path (UNC)** option, browse to the **\\\\CM01\\Sources$\\OSD\\DriverSources\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w** folder and select **Next**. Wait a minute for driver information to be validated.
+3. On the **Specify the details for the imported driver** page, select **Categories**, create a category named **Windows 10 x64 - HP EliteBook 8560w**, select **OK**, and then select **Next**.
 
     ![Create driver categories.](../images/fig22-createcategories.png "Create driver categories")
 
     Create driver categories
 
 
-4. On the **Select the packages to add the imported driver** page, click **New Package**, use the following settings for the package, and then click **Next**:
+4. On the **Select the packages to add the imported driver** page, select **New Package**, use the following settings for the package, and then select **Next**:
 
     * Name: Windows 10 x64 - HP EliteBook 8560w
     * Path: \\\\CM01\\Sources$\\OSD\\DriverPackages\\Windows 10 x64\\Hewlett-Packard\\HP EliteBook 8560w
@@ -84,7 +85,7 @@ On **CM01**:
     >[!NOTE]
     >The package path does not yet exist, so you've to type it in. The wizard will create the new package using the path you specify.
 
-5.  On the **Select drivers to include in the boot image** page, don't select anything, and click **Next** twice. After the package has been created, click **Close**.
+5.  On the **Select drivers to include in the boot image** page, don't select anything, and select **Next** twice. After the package has been created, select **Close**.
 
     >[!NOTE]
     >If you want to monitor the driver import process more closely, you can open the SMSProv.log file during driver import.
@@ -95,7 +96,7 @@ On **CM01**:
 
 Next, see [Create a task sequence with Configuration Manager and MDT](create-a-task-sequence-with-configuration-manager-and-mdt.md).
 
-## Related topics
+## Related articles
 
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
index 337c328493..25f8bd58cf 100644
--- a/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md
@@ -1,24 +1,25 @@
 ---
 title: Create a custom Windows PE boot image with Configuration Manager (Windows 10)
-description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Endpoint Configuration Manager.
+description: Learn how to create custom Windows Preinstallation Environment (Windows PE) boot images in Microsoft Configuration Manager.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Create a custom Windows PE boot image with Configuration Manager
 
 **Applies to**
 
-- Windows 10
+- Windows 10
 
-In Microsoft Endpoint Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This topic shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
+In Microsoft Configuration Manager, you can create custom Windows Preinstallation Environment (Windows PE) boot images that include extra components and features. This article shows you how to create a custom Windows PE 5.0 boot image with the Microsoft Deployment Toolkit (MDT) wizard. You can also add the Microsoft Diagnostics and Recovery Toolset (DaRT) 10 to the boot image as part of the boot image creation process.
 - The boot image that is created is based on the version of ADK that is installed.
 
 For the purposes of this guide, we'll use one server computer: CM01.
@@ -28,7 +29,7 @@ For the purposes of this guide, we'll use one server computer: CM01.
 
 ## Add DaRT 10 files and prepare to brand the boot image
 
-The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. These steps are optional. If you don't wish to add DaRT, skip the steps below to copy DaRT tools and later skip adding the DaRT component to the boot image.
+The steps below outline the process for adding DaRT 10 installation files to the MDT installation directory. You also copy a custom background image to be used later. These steps are optional. If you don't wish to add DaRT, skip the steps below to copy DaRT tools, and later skip adding the DaRT component to the boot image.
 
 We assume you've downloaded [Microsoft Desktop Optimization Pack (MDOP) 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015) and copied the x64 version of MSDaRT100.msi to the **C:\\Setup\\DaRT 10** folder on CM01. We also assume you've created a custom background image and saved it in **C:\\Setup\\Branding** on CM01. In this section, we use a custom background image named <a href="../images/ContosoBackground.png">ContosoBackground.bmp</a>.
 
@@ -48,14 +49,14 @@ By using the MDT wizard to create the boot image in Configuration Manager, you g
 On **CM01**:
 
 1.  Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Boot Images**, and select **Create Boot Image using MDT**.
-2.  On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and click **Next**.
+2.  On the **Package Source** page, in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Boot\\Zero Touch WinPE x64** and select **Next**.
 
     >[!NOTE]
     >The Zero Touch WinPE x64 folder does not yet exist. The folder will be created later by the wizard.
 
-3.  On the **General Settings** page, assign the name **Zero Touch WinPE x64** and click **Next**.
-4.  On the **Options** page, select the **x64** platform, and click **Next**.
-5.  On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box and click **Next**.
+3.  On the **General Settings** page, assign the name **Zero Touch WinPE x64** and select **Next**.
+4.  On the **Options** page, select the **x64** platform, and select **Next**.
+5.  On the **Components** page, in addition to the default selected **Microsoft Data Access Components (MDAC/ADO)** support, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box and select **Next**.
 
     ![Add the DaRT component to the Configuration Manager boot image.](../images/mdt-06-fig16.png "Add the DaRT component to the Configuration Manager boot image")
 
@@ -63,7 +64,7 @@ On **CM01**:
 
     >Note: Another common component to add here is Windows PowerShell to enable PowerShell support within Windows PE.
 
-6.  On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ContosoBackground.bmp** and then click **Next** twice. Wait a few minutes while the boot image is generated, and then click **Finish**.
+6.  On the **Customization** page, select the **Use a custom background bitmap file** check box, and in the **UNC path:** text box, browse to **\\\\CM01\\Sources$\\OSD\\Branding\\ContosoBackground.bmp** and then select **Next** twice. Wait a few minutes while the boot image is generated, and then select **Finish**.
 7.  Distribute the boot image to the CM01 distribution point by selecting the **Boot images** node, right-clicking the **Zero Touch WinPE x64** boot image, and selecting **Distribute Content**.
 8.  In the Distribute Content Wizard, add the CM01 distribution point, and complete the wizard.
 9.  Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file. Don't continue until you can see that the boot image is distributed. Look for the line that reads **STATMSG: ID=2301**. You also can monitor Content Status in the Configuration Manager Console at **\Monitoring\Overview\Distribution Status\Content Status\Zero Touch WinPE x64**. See the following examples:
@@ -74,7 +75,7 @@ On **CM01**:
     Content status for the Zero Touch WinPE x64 boot image
 
 10. Using the Configuration Manager Console, in the Software Library workspace, under **Boot Images**, right-click the **Zero Touch WinPE x64** boot image and select **Properties**.
-11. On the **Data Source** tab, select the **Deploy this boot image from the PXE-enabled distribution point** check box, and click **OK**.
+11. On the **Data Source** tab, select the **Deploy this boot image from the PXE-enabled distribution point** check box, and select **OK**.
 12. Using Configuration Manager Trace, review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for this text: **Expanding PS100009 to D:\\RemoteInstall\\SMSImages**.
 13. Review the **D:\\RemoteInstall\\SMSImages** folder. You should see three folders containing boot images. Two are from the default boot images, and the third folder (PS100009) is from your new boot image with DaRT. See the examples below:
 
@@ -85,7 +86,7 @@ On **CM01**:
 
 Next, see [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md). 
 
-## Related topics
+## Related articles
 
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
index 7780379c78..3378ffe20d 100644
--- a/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
+++ b/windows/deployment/deploy-windows-cm/create-a-task-sequence-with-configuration-manager-and-mdt.md
@@ -2,20 +2,21 @@
 title: Create a task sequence with Configuration Manager (Windows 10)
 description: Create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Create a task sequence with Configuration Manager and MDT
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
 In this article, you'll learn how to create a Configuration Manager task sequence with Microsoft Deployment Toolkit (MDT) integration using the MDT wizard. Creating task sequences in Configuration Manager requires many more steps than creating task sequences for MDT Lite Touch installation. Luckily, the MDT wizard helps you through the process and also guides you through creating the needed packages.
 
@@ -31,11 +32,11 @@ This section walks you through the process of creating a Configuration Manager t
 On **CM01**:
 
 1.  Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.
-2.  On the **Choose Template** page, select the **Client Task Sequence** template and click **Next**.
-3.  On the **General** page, assign the following settings and then click **Next**:
+2.  On the **Choose Template** page, select the **Client Task Sequence** template and select **Next**.
+3.  On the **General** page, assign the following settings and then select **Next**:
     * Task sequence name: Windows 10 Enterprise x64 RTM
     * Task sequence comments: Production image with Office 365 Pro Plus x64
-4.  On the **Details** page, assign the following settings and then click **Next**:
+4.  On the **Details** page, assign the following settings and then select **Next**:
     * Join a Domain
     * Domain: contoso.com
         * Account: contoso\\CM\_JD
@@ -45,18 +46,18 @@ On **CM01**:
         * Organization name: Contoso
         * Product key: &lt;blank&gt;
 
-5.  On the **Capture Settings** page, accept the default settings, and click **Next**.
-6.  On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then click **Next**.
-7.  On the **MDT Package** page, select **Create a new Microsoft Deployment Toolkit Files package**, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\MDT\\MDT**. Then click **Next**.
-8.  On the **MDT Details** page, assign the name **MDT** and click **Next**.
-9.  On the **OS Image** page, browse and select the **Windows 10 Enterprise x64 RTM** package. Then click **Next**.
-10. On the **Deployment Method** page, accept the default settings (Zero Touch installation) and click **Next**.
-11. On the **Client Package** page, browse and select the **Microsoft Corporation Configuration Manager Client Package** and click **Next**.
-12. On the **USMT Package** page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package and click **Next**.
-13. On the **Settings Package** page, select the **Create a new settings package** option, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Settings\\Windows 10 x64 Settings** and click **Next**.
-14. On the **Settings Details** page, assign the name **Windows 10 x64 Settings** and click **Next**.
-15. On the **Sysprep Package** page, click **Next** twice.
-16. On the **Confirmation** page, click **Finish**.
+5.  On the **Capture Settings** page, accept the default settings, and select **Next**.
+6.  On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then select **Next**.
+7.  On the **MDT Package** page, select **Create a new Microsoft Deployment Toolkit Files package**, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\MDT\\MDT**. Then select **Next**.
+8.  On the **MDT Details** page, assign the name **MDT** and select **Next**.
+9.  On the **OS Image** page, browse and select the **Windows 10 Enterprise x64 RTM** package. Then select **Next**.
+10. On the **Deployment Method** page, accept the default settings (Zero Touch installation) and select **Next**.
+11. On the **Client Package** page, browse and select the **Microsoft Corporation Configuration Manager Client Package** and select **Next**.
+12. On the **USMT Package** page, browse and select the **Microsoft Corporation User State Migration Tool for Windows** package and select **Next**.
+13. On the **Settings Package** page, select the **Create a new settings package** option, and in the **Package source folder to be created (UNC Path):** text box, type **\\\\CM01\\Sources$\\OSD\\Settings\\Windows 10 x64 Settings** and select **Next**.
+14. On the **Settings Details** page, assign the name **Windows 10 x64 Settings** and select **Next**.
+15. On the **Sysprep Package** page, select **Next** twice.
+16. On the **Confirmation** page, select **Finish**.
 
 ## Edit the task sequence
 
@@ -64,7 +65,7 @@ After you create the task sequence, we recommend that you configure the task seq
 
 On **CM01**:
 
-1.  Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, click **Task Sequences**, right-click the **Windows 10 Enterprise x64 RTM** task sequence, and click **Edit**.
+1.  Using the Configuration Manager Console, in the Software Library workspace, expand **Operating Systems**, select **Task Sequences**, right-click the **Windows 10 Enterprise x64 RTM** task sequence, and select **Edit**.
 2.  In the **Install** group (about halfway down), select the **Set Variable for Drive Letter** action and configure the following:
     * OSDPreserveDriveLetter: True
     
@@ -110,7 +111,7 @@ On **CM01**:
       * Task Sequence Variable
       * USMTLOCAL not equals True
 
-11. Click **OK**.
+11. Select **OK**.
 
 ## Organize your packages (optional)
 
@@ -121,13 +122,13 @@ To create a folder for packages:
 On **CM01**:
 
 1.  Using the Configuration Manager Console, in the Software Library workspace, expand **Application Management**, and then select **Packages**.
-2.  Right-click **Packages**, point to **Folder**, click **Create Folder** and create the OSD folder. This process will create the Root \ OSD folder structure.
+2.  Right-click **Packages**, point to **Folder**, select **Create Folder** and create the OSD folder. This process will create the Root \ OSD folder structure.
 3.  Select the **MDT**, **User State Migration Tool for Windows**, and **Windows 10 x64 Settings** packages, right-click and select **Move**.
-4.  In the **Move Selected Items** dialog box, select the **OSD** folder, and click **OK**.
+4.  In the **Move Selected Items** dialog box, select the **OSD** folder, and select **OK**.
 
 Next, see [Finalize the operating system configuration for Windows 10 deployment with Configuration Manager](finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md).
 
-## Related topics
+## Related articles
 
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Create a custom Windows PE boot image with Configuration Manager](../deploy-windows-cm/create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
index 382ccfcfa3..104e5718ef 100644
--- a/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/create-an-application-to-deploy-with-windows-10-using-configuration-manager.md
@@ -1,15 +1,16 @@
 ---
 title: Create an app to deploy with Windows 10 using Configuration Manager
-description: Microsoft Endpoint Manager supports deploying applications as part of the Windows 10 deployment process.
+description: Microsoft Configuration Manager supports deploying applications as part of the Windows 10 deployment process.
 ms.assetid: 2dfb2f39-1597-4999-b4ec-b063e8a8c90c
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Create an application to deploy with Windows 10 using Configuration Manager
@@ -17,9 +18,9 @@ ms.technology: itpro-deploy
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-Microsoft Endpoint Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in Microsoft Endpoint Manager that you later configure the task sequence to use.
+Microsoft Configuration Manager supports deploying applications as part of the Windows 10 deployment process. In this section, you create an application in Microsoft Configuration Manager that you later configure the task sequence to use.
 
 For the purposes of this guide, we'll use one server computer: CM01.
 - CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used. 
@@ -43,8 +44,8 @@ On **CM01**:
 
 3.  Using File Explorer, copy the **D:\\Setup\\Adobe** folder to the **D:\\Sources\\Software\\Adobe** folder.
 4.  In the Configuration Manager Console, in the Software Library workspace, expand **Application Management**.
-5.  Right-click **Applications**, point to **Folder** and then click **Create Folder**. Assign the name **OSD**.
-6.  Right-click the **OSD** folder, and click **Create Application**.
+5.  Right-click **Applications**, point to **Folder** and then select **Create Folder**. Assign the name **OSD**.
+6.  Right-click the **OSD** folder, and select **Create Application**.
 7.  In the Create Application Wizard, on the **General** page, use the following settings:
 
     * Automatically detect information about this application from installation files
@@ -55,9 +56,9 @@ On **CM01**:
 
     The Create Application Wizard
 
-8.  Click **Next**, and wait while Configuration Manager parses the MSI file.
-9.  On the **Import Information** page, review the information and then click **Next**.
-10.  On the **General Information** page, name the application Adobe Acrobat Reader DC - OSD Install, click **Next** twice, and then click **Close**.
+8.  Select **Next**, and wait while Configuration Manager parses the MSI file.
+9.  On the **Import Information** page, review the information and then select **Next**.
+10.  On the **General Information** page, name the application Adobe Acrobat Reader DC - OSD Install, select **Next** twice, and then select **Close**.
 
   >[!NOTE]
   >Because it is not possible to reference an application deployment type in the task sequence, you should have a single deployment type for applications deployed by the task sequence. If you are deploying applications via both the task sequence and normal application deployment, and you have multiple deployment types, you should have two applications of the same software. In this section, you add the "OSD Install" suffix to applications that are deployed via the task sequence. If using packages, you can still reference both package and program in the task sequence.
@@ -66,12 +67,12 @@ On **CM01**:
   
   Add the "OSD Install" suffix to the application name
 
-11.  In the **Applications** node, select the Adobe Reader - OSD Install application, and click **Properties** on the ribbon bar (this path is another place to view properties, you can also right-click and select properties).
-12. On the **General Information** tab, select the **Allow this application to be installed from the Install Application task sequence action without being deployed** check box, and click **OK**.
+11.  In the **Applications** node, select the Adobe Reader - OSD Install application, and select **Properties** on the ribbon bar (this path is another place to view properties, you can also right-click and select properties).
+12. On the **General Information** tab, select the **Allow this application to be installed from the Install Application task sequence action without being deployed** check box, and select **OK**.
 
 Next, see [Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md). 
 
-## Related topics
+## Related articles
 
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
index 68dd3a13f8..c9e0d32d11 100644
--- a/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md
@@ -1,14 +1,15 @@
 ---
 title: Deploy Windows 10 using PXE and Configuration Manager (Windows 10)
-description: In this topic, you'll learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences.
+description: In this article, you'll learn how to deploy Windows 10 using Microsoft Configuration Manager deployment packages and task sequences.
 ms.assetid: fb93f514-5b30-4f4b-99dc-58e6860009fa
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Deploy Windows 10 using PXE and Configuration Manager
@@ -17,9 +18,9 @@ ms.technology: itpro-deploy
 
 -   Windows 10
 
-In this topic, you'll learn how to deploy Windows 10 using Microsoft Endpoint Manager deployment packages and task sequences. This topic will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this topic.
+In this article, you'll learn how to deploy Windows 10 using Microsoft Configuration Manager deployment packages and task sequences. This article will walk you through the process of deploying the Windows 10 Enterprise image to a Unified Extensible Firmware Interface (UEFI) computer named PC0001. An existing Configuration Manager infrastructure that is integrated with MDT is used for the procedures in this article.
 
-This topic assumes that you've completed the following prerequisite procedures:
+This article assumes that you've completed the following prerequisite procedures:
 - [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)
 - [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
 - [Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
@@ -39,7 +40,7 @@ For the purposes of this guide, we'll use a minimum of two server computers (DC0
 
 All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used. 
 
-All server and client computers referenced in this guide are on the same subnet. This connection isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
+All server and client computers referenced in this guide are on the same subnet. This connection isn't required. But each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the `contoso.com` domain. Internet connectivity is also required to download OS and application updates.
 
 >[!NOTE]
 >No WDS console configuration is required for PXE to work. Everything is done with the Configuration Manager console.
@@ -47,11 +48,11 @@ All server and client computers referenced in this guide are on the same subnet.
 ## Procedures
 
 1. Start the PC0001 computer. At the Pre-Boot Execution Environment (PXE) boot menu, press **Enter** to allow it to PXE boot.
-2. On the **Welcome to the Task Sequence Wizard** page, type in the password **pass\@word1** and click **Next**.
-3. On the **Select a task sequence to run** page, select **Windows 10 Enterprise x64 RTM** and click **Next**.
-4. On the **Edit Task Sequence Variables** page, double-click the **OSDComputerName** variable, and in the **Value** field, type **PC0001** and click **OK**. Then click **Next**.
+2. On the **Welcome to the Task Sequence Wizard** page, type in the password **pass\@word1** and select **Next**.
+3. On the **Select a task sequence to run** page, select **Windows 10 Enterprise x64 RTM** and select **Next**.
+4. On the **Edit Task Sequence Variables** page, double-click the **OSDComputerName** variable, and in the **Value** field, type **PC0001** and select **OK**. Then select **Next**.
 5. The operating system deployment will take several minutes to complete. 
-6. You can monitor the deployment on CM01 using the MDT Deployment Workbench. When you see the PC0001 entry, double-click **PC0001**, and then click **DaRT Remote Control** and review the **Remote Control** option. The task sequence will run and do the following steps:
+6. You can monitor the deployment on CM01 using the MDT Deployment Workbench. When you see the PC0001 entry, double-click **PC0001**, and then select **DaRT Remote Control** and review the **Remote Control** option. The task sequence will run and do the following steps:
 
     * Install the Windows 10 operating system.
     * Install the Configuration Manager client and the client hotfix.
@@ -86,7 +87,7 @@ Examples are provided below of various stages of deployment:
 
 Next, see [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
 
-## Related topics
+## Related articles
 
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
index cd56ad9b66..5bec64ed7d 100644
--- a/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/finalize-the-os-configuration-for-windows-10-deployment-with-configuration-manager.md
@@ -2,23 +2,24 @@
 title: Finalize operating system configuration for Windows 10 deployment
 description: This article provides a walk-through to finalize the configuration of your Windows 10 operating deployment.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Finalize the operating system configuration for Windows 10 deployment with Configuration Manager
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-This topic walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enabling optional MDT monitoring for Configuration Manager, logs folder settings, rules configuration, content distribution, and deployment of the previously created task sequence.
+This article walks you through the steps to finalize the configuration of your Windows 10 operating deployment, which includes enabling optional MDT monitoring for Configuration Manager, logs folder settings, rules configuration, content distribution, and deployment of the previously created task sequence.
 
 For the purposes of this guide, we'll use one server computer: CM01.
 - CM01 is a domain member server and Configuration Manager software distribution point. In this guide, CM01 is a standalone primary site server. CM01 is running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used.  
@@ -31,14 +32,14 @@ This section will walk you through the process of creating the D:\\MDTProduction
 
 On **CM01**:
 
-1.  Open the Deployment Workbench, right-click **Deployment Shares** and click **New Deployment Share**. Use the following settings for the New Deployment Share Wizard:
+1.  Open the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**. Use the following settings for the New Deployment Share Wizard:
 
     * Deployment share path: D:\\MDTProduction
     * Share name: MDTProduction$
     * Deployment share description: MDT Production
     * Options: &lt;default settings&gt;
 
-2.  Right-click the **MDT Production** deployment share, and click **Properties**. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box, and click **OK**.
+2.  Right-click the **MDT Production** deployment share, and select **Properties**. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box, and select **OK**.
 
     ![Enable MDT monitoring for Configuration Manager.](../images/mdt-06-fig31.png)
 
@@ -80,7 +81,7 @@ On **CM01**:
 
    The Settings package, holding the rules and the Unattend.xml template used during deployment
 
-3. In the Configuration Manager console, update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**. Click **OK** in the popup dialog box.
+3. In the Configuration Manager console, update the distribution point for the **Windows 10 x64 Settings** package by right-clicking the **Windows 10 x64 Settings** package and selecting **Update Distribution Points**. Select **OK** in the popup dialog box.
 
    >[!NOTE]
    >Although you haven't yet added a distribution point, you still need to select Update Distribution Points. This process also updates the Configuration Manager content library with changes.
@@ -92,7 +93,7 @@ In Configuration Manager, you can distribute all packages needed by a task seque
 On **CM01**:
 
 1.  Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems** and select **Task Sequences**. Right-click the **Windows 10 Enterprise x64 RTM** task sequence, and select **Distribute Content**.
-2.  In the Distribute Content Wizard, click **Next** twice then on the **Specify the content destination** page add the Distribution Point: **CM01.CONTOSO.COM**, and then complete the wizard.
+2.  In the Distribute Content Wizard, select **Next** twice then on the **Specify the content destination** page add the Distribution Point: **CM01.CONTOSO.COM**, and then complete the wizard.
 3.  Using the CMTrace tool, verify the distribution to the CM01 distribution point by reviewing the distmgr.log file, or use the Distribution Status / Content Status option in the Monitoring workspace. Don't continue until you see all the new packages being distributed successfully.
 
    ![Content status.](../images/cm01-content-status1.png)
@@ -105,9 +106,9 @@ This section provides steps to help you create a deployment for the task sequenc
 
 On **CM01**:
 
-1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems** and select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM** and then click **Deploy**.
-2. In the Deploy Software Wizard, on the **General** page, select the **All Unknown Computers** collection and click **Next**.
-3. On the **Deployment Settings** page, use the following settings and then click **Next**:
+1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems** and select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM** and then select **Deploy**.
+2. In the Deploy Software Wizard, on the **General** page, select the **All Unknown Computers** collection and select **Next**.
+3. On the **Deployment Settings** page, use the below settings and then select **Next**:
 
    * Purpose: Available
    * Make available to the following: Only media and PXE
@@ -116,10 +117,10 @@ On **CM01**:
     
    Configure the deployment settings
 
-4. On the **Scheduling** page, accept the default settings and click **Next**.
-5. On the **User Experience** page, accept the default settings and click **Next**.
-6. On the **Alerts** page, accept the default settings and click **Next**.
-7. On the **Distribution Points** page, accept the default settings, click **Next** twice, and then click **Close**.
+4. On the **Scheduling** page, accept the default settings and select **Next**.
+5. On the **User Experience** page, accept the default settings and select **Next**.
+6. On the **Alerts** page, accept the default settings and select **Next**.
+7. On the **Distribution Points** page, accept the default settings, select **Next** twice, and then select **Close**.
 
    ![Task sequence deployed.](../images/fig32-deploywiz.png)
 
@@ -133,14 +134,14 @@ This section provides steps to help you configure the All Unknown Computers coll
 
 On **CM01**:
 
-1. Using the Configuration Manager console, in the Asset and Compliance workspace, select **Device Collections**, right-click **All Unknown Computers**, and click **Properties**.
+1. Using the Configuration Manager console, in the Asset and Compliance workspace, select **Device Collections**, right-click **All Unknown Computers**, and select **Properties**.
 
 2. On the **Collection Variables** tab, create a new variable with the following settings:
 
    * Name: OSDComputerName
    * Clear the **Do not display this value in the Configuration Manager console** check box.
 
-3. Click **OK**.
+3. Select **OK**.
 
    >[!NOTE]
    >Configuration Manager can prompt for information in many ways. Using a collection variable with an empty value is just one of them. Another option is the User-Driven Installation (UDI) wizard.
@@ -151,7 +152,7 @@ On **CM01**:
 
 Next, see [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md).
 
-## Related topics
+## Related articles
 
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 54c4a707ea..ce164ba563 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -2,13 +2,14 @@
 title: Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
 description: Learn how to prepare a Zero Touch Installation of Windows 10 with Configuration Manager, by integrating Configuration Manager with Microsoft Deployment Toolkit.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: how-to
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Prepare for Zero Touch Installation of Windows 10 with Configuration Manager
@@ -17,7 +18,7 @@ ms.technology: itpro-deploy
 
 - Windows 10
 
-This article walks you through the Zero Touch Installation (ZTI) process of Windows 10 OS deployment using Microsoft Endpoint Configuration Manager [integrated](#why-integrate-mdt-with-configuration-manager) with Microsoft Deployment Toolkit (MDT).
+This article walks you through the Zero Touch Installation (ZTI) process of Windows 10 OS deployment using Microsoft Configuration Manager [integrated](#why-integrate-mdt-with-configuration-manager) with Microsoft Deployment Toolkit (MDT).
 
 ## Prerequisites
 
@@ -64,7 +65,7 @@ On **DC01**:
 
 To create the OU structure, you can use the Active Directory Users and Computers console (dsa.msc), or you can use Windows PowerShell. The procedure below uses Windows PowerShell.
 
-To use Windows PowerShell, copy the following commands into a text file and save it as `C:\Setup\Scripts\ou.ps1` Ensure that you're viewing file extensions and that you save the file with the `.ps1` extension.
+To use Windows PowerShell, copy the following commands into a text file and save it as `C:\Setup\Scripts\ou.ps1`. Ensure that you're viewing file extensions and that you save the file with the `.ps1` extension.
 
 ```powershell
 $oulist = Import-csv -Path c:\oulist.txt
@@ -285,7 +286,7 @@ Next, see [Create a custom Windows PE boot image with Configuration Manager](cre
 
 ## Components of Configuration Manager operating system deployment
 
-Operating system deployment with Configuration Manager is part of the normal software distribution infrastructure, but there are more components. For example, operating system deployment in Configuration Manager may use the State Migration Point role, which isn't used by normal application deployment in Configuration Manager. This section describes the Configuration Manager components involved with the deployment of an operating system, such as Windows 10.
+Operating system deployment with Configuration Manager is part of the normal software distribution infrastructure, but there are more components. For example, operating system deployment in Configuration Manager may use the State Migration Point role, which isn't used by normal application deployment in Configuration Manager. This section describes the Configuration Manager components involved with the deployment of an operating system, such as Windows 10.
 
 -   **State migration point (SMP).** The state migration point is used to store user state migration data during computer replace scenarios.
 -   **Distribution point (DP).** The distribution point is used to store all packages in Configuration Manager, including the operating system deployment-related packages.
diff --git a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
index d8969c0190..473643d7e9 100644
--- a/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -2,23 +2,24 @@
 title: Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
 description: Learn how to use Configuration Manager and Microsoft Deployment Toolkit (MDT) to refresh a Windows 7 SP1 client with Windows 10.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager
 
 **Applies to**
 
-- Windows 10
+- Windows 10
 
-This topic will show you how to refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager and Microsoft Deployment Toolkit (MDT). A computer refresh isn't the same as an in-place upgrade. A computer refresh involves storing user data and settings from the old installation, wiping the hard drives, installing a new OS, and then restoring the user data at the end of the installation. Also see the MDT refresh procedure: [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
+This article will show you how to refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager and Microsoft Deployment Toolkit (MDT). A computer refresh isn't the same as an in-place upgrade. A computer refresh involves storing user data and settings from the old installation, wiping the hard drives, installing a new OS, and then restoring the user data at the end of the installation. Also see the MDT refresh procedure: [Refresh a Windows 7 computer with Windows 10](../deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md).
 
 A computer refresh with Configuration Manager works the same as it does with MDT Lite Touch installation. Configuration Manager also uses the User State Migration Tool (USMT) from the Windows Assessment and Deployment Kit (Windows ADK) 10 in the background. A computer refresh with Configuration Manager has the following steps:
 
@@ -53,7 +54,7 @@ To verify that PC003 is correctly assigned to the PS1 site:
 On **PC0003**:
 
 1. Open the Configuration Manager control panel (control smscfgrc).
-2. On the **Site** tab, click **Configure Settings**, then click **Find Site**.
+2. On the **Site** tab, select **Configure Settings**, then select **Find Site**.
 3. Verify that Configuration Manager has successfully found a site to manage this client is displayed. See the following example.
 
 ![Found a site to manage this client.](../images/pc0003a.png)
@@ -75,7 +76,7 @@ On **CM01**:
     * Select Resources
       * Select **PC0003**
 
-  Use the default settings to complete the remaining wizard pages and click **Close**.
+  Use the default settings to complete the remaining wizard pages and select **Close**.
 
 2.  Review the Install Windows 10 Enterprise x64 collection. Don't continue until you see the PC0003 machine in the collection.
 
@@ -86,7 +87,7 @@ On **CM01**:
 
 On **CM01**:
 
-Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then click **Deploy**. Use the following settings:
+Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, select **Task Sequences**, right-click **Windows 10 Enterprise x64 RTM**, and then select **Deploy**. Use the below settings:
 
 - General
     - Collection: Install Windows 10 Enterprise x64
@@ -112,12 +113,12 @@ Now you can start the computer refresh on PC0003.
 
 On **CM01**:
 
-1. Using the Configuration Manager console, in the Assets and Compliance workspace, click the **Install Windows 10 Enterprise x64** collection, right-click **PC0003**, point to **Client Notification**, click **Download Computer Policy**, and then click **OK** in the popup dialog box that appears.
+1. Using the Configuration Manager console, in the Assets and Compliance workspace, select the **Install Windows 10 Enterprise x64** collection, right-click **PC0003**, point to **Client Notification**, select **Download Computer Policy**, and then select **OK** in the popup dialog box that appears.
 
 On **PC0003**:
 
-1.  Open the Software Center (click Start and type **Software Center**, or click the **New software is available** balloon in the system tray), select **Operating Systems** and click the **Windows 10 Enterprise x64 RTM** deployment, then click **Install**.
-2.  In the **Software Center** warning dialog box, click **Install Operating System**. 
+1.  Open the Software Center (select Start and type **Software Center**, or select the **New software is available** balloon in the system tray), select **Operating Systems** and select the **Windows 10 Enterprise x64 RTM** deployment, then select **Install**.
+2.  In the **Software Center** warning dialog box, select **Install Operating System**. 
 3. The client computer will run the Configuration Manager task sequence, boot into Windows PE, and install the new OS and applications. See the following examples:
 
 ![Task sequence example 1.](../images/pc0003b.png)<br>
@@ -133,7 +134,7 @@ On **PC0003**:
 
 Next, see [Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md).
 
-## Related topics
+## Related articles
 
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
index 8dbbb5bb98..45a35d3282 100644
--- a/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/replace-a-windows-7-client-with-windows-10-using-configuration-manager.md
@@ -1,27 +1,28 @@
 ---
 title: Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
-description: In this topic, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager.
+description: In this article, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Configuration Manager.
 ms.assetid: 3c8a2d53-8f08-475f-923a-bca79ca8ac36
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager
 
 **Applies to**
 
-- Windows 10
+- Windows 10
 
-In this topic, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Endpoint Configuration Manager. This process is similar to refreshing a computer, but since you're replacing the device, you have to run the backup job separately from the deployment of Windows 10.
+In this article, you'll learn how to replace a Windows 7 SP1 computer using Microsoft Configuration Manager. This process is similar to refreshing a computer, but since you're replacing the device, you have to run the backup job separately from the deployment of Windows 10.
 
-In this topic, you'll create a backup-only task sequence that you run on PC0004 (the device you're replacing), deploy the PC0006 computer running Windows 10, and then restore this backup of PC0004 onto PC006. This process is similar to the MDT replace process: [Replace a Windows 7 computer with a Windows 10 computer](../deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md).
+In this article, you'll create a backup-only task sequence that you run on PC0004 (the device you're replacing), deploy the PC0006 computer running Windows 10, and then restore this backup of PC0004 onto PC006. This process is similar to the MDT replace process: [Replace a Windows 7 computer with a Windows 10 computer](../deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md).
 
 ## Infrastructure
 
@@ -48,18 +49,18 @@ All server and client computers referenced in this guide are on the same subnet.
 On **CM01**:
 
 1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create MDT Task Sequence**.
-2. On the **Choose Template** page, select the **Client Replace Task Sequence** template and click **Next**.
-3. On the **General** page, assign the following settings and click **Next**:
+2. On the **Choose Template** page, select the **Client Replace Task Sequence** template and select **Next**.
+3. On the **General** page, assign the following settings and select **Next**:
 
    * Task sequence name: Replace Task Sequence
    * Task sequence comments: USMT backup only
 
-4. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then click **Next**.
-5. On the **MDT Package** page, browse and select the **OSD / MDT** package. Then click **Next**.
-6. On the **USMT Package** page, browse and select the **OSD / Microsoft Corporation User State Migration Tool for Windows** package. Then click **Next**.
-7. On the **Settings Package** page, browse and select the **OSD / Windows 10 x64 Settings** package. Then click **Next**.
-8. On the **Summary** page, review the details and then click **Next**.
-9. On the **Confirmation** page, click **Finish**.
+4. On the **Boot Image** page, browse and select the **Zero Touch WinPE x64** boot image package. Then select **Next**.
+5. On the **MDT Package** page, browse and select the **OSD / MDT** package. Then select **Next**.
+6. On the **USMT Package** page, browse and select the **OSD / Microsoft Corporation User State Migration Tool for Windows** package. Then select **Next**.
+7. On the **Settings Package** page, browse and select the **OSD / Windows 10 x64 Settings** package. Then select **Next**.
+8. On the **Summary** page, review the details and then select **Next**.
+9. On the **Confirmation** page, select **Finish**.
 
 10. Review the Replace Task Sequence. 
 
@@ -80,9 +81,9 @@ On **HV01** (if PC0006 is a VM) or in the PC0006 BIOS:
 
 On **CM01**:
 
-2.  When you're using the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices**, and then click **Import Computer Information**.
-3.  On the **Select Source** page, select **Import single computer** and click **Next**.
-4.  On the **Single Computer** page, use the following settings and then click **Next**:
+2.  When you're using the Configuration Manager console, in the Assets and Compliance workspace, right-click **Devices**, and then select **Import Computer Information**.
+3.  On the **Select Source** page, select **Import single computer** and select **Next**.
+4.  On the **Single Computer** page, use the following settings and then select **Next**:
 
     * Computer Name: PC0006
     * MAC Address: &lt;the mac address that you wrote down&gt;
@@ -92,12 +93,12 @@ On **CM01**:
 
     Creating the computer association between PC0004 and PC0006.
 
-5.  On the **User Accounts** page, select **Capture and restore all user accounts** and click **Next**.
-6.  On the **Data Preview** page, click **Next**.
-7.  On the **Choose additional collections** page, click **Add** and then select the **Install Windows 10 Enterprise x64** collection. Now, select the checkbox next to the Install Windows 10 Enterprise x64 collection you just added, and then click **Next**.
-8.  On the **Summary** page, click **Next**, and then click **Close**.
+5.  On the **User Accounts** page, select **Capture and restore all user accounts** and select **Next**.
+6.  On the **Data Preview** page, select **Next**.
+7.  On the **Choose additional collections** page, select **Add** and then select the **Install Windows 10 Enterprise x64** collection. Now, select the checkbox next to the Install Windows 10 Enterprise x64 collection you just added, and then select **Next**.
+8.  On the **Summary** page, select **Next**, and then select **Close**.
 9.  Select the **User State Migration** node and review the computer association in the right hand pane.
-10. Right-click the **PC0004/PC0006** association and click **View Recovery Information**. A recovery key has been assigned already, but a user state store location hasn't.
+10. Right-click the **PC0004/PC0006** association and select **View Recovery Information**. A recovery key has been assigned already, but a user state store location hasn't.
 11. Review the **Install Windows 10 Enterprise x64** collection. Don't continue until you see the **PC0006** computer in the collection. You might have to update membership and refresh the collection again.
 
 ## Create a device collection and add the PC0004 computer
@@ -117,7 +118,7 @@ On **CM01**:
         * Select Resources:
           * Select **PC0004**
 
-    Use default settings for the remaining wizard pages, then click **Close**.
+    Use default settings for the remaining wizard pages, then select **Close**.
 
 2.  Review the **USMT Backup (Replace)** collection. Don't continue until you see the **PC0004** computer in the collection.
 
@@ -148,12 +149,12 @@ This section assumes that you have a computer named PC0004 with the Configuratio
 On **PC0004**:
 
 1.  If it's not already started, start the PC0004 computer and open the Configuration Manager control panel (control smscfgrc).
-2.  On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, and then click **OK** in the popup dialog box that appears.
+2.  On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, select **Run Now**, and then select **OK** in the popup dialog box that appears.
 
     >[!NOTE]
     >You also can use the Client Notification option in the Configuration Manager console, as shown in [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
 
-3.  Open the Software Center, select the **Replace Task Sequence** deployment and then click **Install**.
+3.  Open the Software Center, select the **Replace Task Sequence** deployment and then select **Install**.
 4.  Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
 5.  Allow the Replace Task Sequence to complete. The PC0004 computer will gather user data, boot into Windows PE and gather more data, then boot back to the full OS. The entire process should only take a few minutes.
 
@@ -200,7 +201,7 @@ When the process is complete, you'll have a new Windows 10 computer in your doma
 
 Next, see [Perform an in-place upgrade to Windows 10 using Configuration Manager](upgrade-to-windows-10-with-configuration-manager.md).
 
-## Related topics
+## Related articles
 
 [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md)<br>
 [Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)<br>
diff --git a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
index f410e7a5c1..687b63ad7c 100644
--- a/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md
@@ -1,15 +1,16 @@
 ---
 title: Perform in-place upgrade to Windows 10 via Configuration Manager
-description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Endpoint Manager task sequence.
+description: Learn how to perform an in-place upgrade to Windows 10 by automating the process with a Microsoft Configuration Manager task sequence.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/27/2022
 ---
 
 # Perform an in-place upgrade to Windows 10 using Configuration Manager
@@ -17,9 +18,9 @@ ms.technology: itpro-deploy
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Endpoint Manager task sequence to completely automate the process.
+The simplest path to upgrade PCs currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. You can use a Microsoft Configuration Manager task sequence to completely automate the process.
 
 >[!IMPORTANT]
 >Beginning with Windows 10 and Windows Server 2016, Windows Defender is already installed. A management client for Windows Defender is also installed automatically if the Configuration Manager client is installed. However, previous Windows operating systems installed the System Center Endpoint Protection (SCEP) client with the Configuration Manager client. The SCEP client can block in-place upgrade to Windows 10 due to incompatibility, and must be removed from a device before performing an in-place upgrade to Windows 10.
@@ -34,7 +35,7 @@ For the purposes of this article, we'll use one server computer (CM01) and one c
 
 All servers are running Windows Server 2019. However, an earlier, supported version of Windows Server can also be used. 
 
-All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain. Internet connectivity is also required to download OS and application updates.
+All server and client computers referenced in this guide are on the same subnet. This interrelation isn't required. But each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the `contoso.com` domain. Internet connectivity is also required to download OS and application updates.
 
 ## Add an OS upgrade package
 
@@ -42,30 +43,30 @@ Configuration Manager Current Branch includes a native in-place upgrade task. Th
 
 On **CM01**:
 
-1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Operating System Upgrade Packages**, and click **Add Operating System Upgrade Package**.
-2. On the **Data Source** page, under **Path**, click **Browse** and enter the UNC path to your media source. In this example, we've extracted the Windows 10 installation media to **\\\\cm01\\Sources$\\OSD\\UpgradePackages\\Windows 10**.
+1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Operating System Upgrade Packages**, and select **Add Operating System Upgrade Package**.
+2. On the **Data Source** page, under **Path**, select **Browse** and enter the UNC path to your media source. In this example, we've extracted the Windows 10 installation media to **\\\\cm01\\Sources$\\OSD\\UpgradePackages\\Windows 10**.
 3. If you have multiple image indexes in the installation media, select **Extract a specific image index from install.wim...** and choose the image index you want from the dropdown menu. In this example, we've chosen **Windows 10 Enterprise**.
-4. Next to **Architecture**, select **x64**, choose a language from the dropdown menu next to **Language**, and then click **Next**.
+4. Next to **Architecture**, select **x64**, choose a language from the dropdown menu next to **Language**, and then select **Next**.
 5. Next to **Name**, enter **Windows 10 x64 RTM** and then complete the wizard by clicking **Next** and **Close**.
-6.  Distribute the OS upgrade package to the CM01 distribution point by right-clicking the **Windows 10 x64 RTM** OS upgrade package and then clicking **Distribute Content**.
-7.  In the Distribute Content Wizard, add the CM01 distribution point, click **Next** and click **Close**.
-8.  View the content status for the Windows 10 x64 RTM upgrade package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
+6.  Distribute the OS upgrade package to the CM01 distribution point by right-clicking the **Windows 10 x64 RTM** OS upgrade package and then clicking **Distribute Content**.
+7.  In the Distribute Content Wizard, add the CM01 distribution point, select **Next** and select **Close**.
+8.  View the content status for the Windows 10 x64 RTM upgrade package. Don't continue until the distribution is completed (it might take a few minutes). You also can review the D:\\Program Files\\Microsoft Configuration Manager\\Logs\\distmgr.log file and look for the **STATMSG: ID=2301** line.
 
 ## Create an in-place upgrade task sequence
 
 On **CM01**:
 
 1. Using the Configuration Manager console, in the Software Library workspace, expand **Operating Systems**, right-click **Task Sequences**, and select **Create Task Sequence**.
-2. On the **Create a new task sequence** page, select **Upgrade an operating system from an upgrade package** and click **Next**.
-3. Use the following settings to complete the wizard:
+2. On the **Create a new task sequence** page, select **Upgrade an operating system from an upgrade package** and select **Next**.
+3. Use the below settings to complete the wizard:
 
    * Task sequence name: Upgrade Task Sequence
    * Description: In-place upgrade
    * Upgrade package: Windows 10 x64 RTM
-   * Include software updates: Do not install any software updates
+   * Include software updates: Don't install any software updates
    * Install applications: OSD \ Adobe Acrobat Reader DC
 
-4. Complete the wizard, and click **Close**.
+4. Complete the wizard, and select **Close**.
 5. Review the Upgrade Task Sequence.
 
 ![The upgrade task sequence.](../images/cm-upgrade-ts.png)
@@ -74,13 +75,13 @@ The Configuration Manager upgrade task sequence
 
 ## Create a device collection
 
-After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0004 computer running Windows 7 SP1, with the Configuration Manager client installed.
+After you create the upgrade task sequence, you can create a collection to test a deployment. In this section, we assume you have the PC0004 computer running Windows 7 SP1, with the Configuration Manager client installed.
 
 On **CM01**:
 
 1.  When you're using the Configuration Manager console, in the Asset and Compliance workspace, right-click **Device Collections**, and then select **Create Device Collection**. Use the following settings:
     - General
-        - Name: Windows 10 x64 in-place upgrade
+        - Name: Windows 10 x64 in-place upgrade
         - Limited Collection: All Systems
     - Membership rules:
         - Direct rule
@@ -90,37 +91,37 @@ On **CM01**:
         - Select Resources
           - Select PC0004
 
-2.  Review the Windows 10 x64 in-place upgrade collection. Don't continue until you see PC0004 in the collection.
+2.  Review the Windows 10 x64 in-place upgrade collection. Don't continue until you see PC0004 in the collection.
 
-## Deploy the Windows 10 upgrade
+## Deploy the Windows 10 upgrade
 
-In this section, you create a deployment for the Windows 10 Enterprise x64 Update application.
+In this section, you create a deployment for the Windows 10 Enterprise x64 Update application.
 
 On **CM01**:
 
-1.  Using the Configuration Manager console, in the Software Library workspace, right-click the **Upgrade Task Sequence** task sequence, and then click **Deploy**.
-2.  On the **General** page, browse and select the **Windows 10 x64 in-place upgrade** collection, and then click **Next**.
-3.  On the **Content** page, click **Next**.
-4.  On the **Deployment Settings** page, click **Next**:
-5.  On the **Scheduling** page, accept the default settings, and then click **Next**.
-6.  On the **User Experience** page, accept the default settings, and then click **Next**.
-7.  On the **Alerts** page, accept the default settings, and then click **Next**.
-7.  On the **Distribution Points** page, accept the default settings, and then click **Next**.
-8.  On the **Summary** page, click **Next**, and then click **Close**.
+1.  Using the Configuration Manager console, in the Software Library workspace, right-click the **Upgrade Task Sequence** task sequence, and then select **Deploy**.
+2.  On the **General** page, browse and select the **Windows 10 x64 in-place upgrade** collection, and then select **Next**.
+3.  On the **Content** page, select **Next**.
+4.  On the **Deployment Settings** page, select **Next**:
+5.  On the **Scheduling** page, accept the default settings, and then select **Next**.
+6.  On the **User Experience** page, accept the default settings, and then select **Next**.
+7.  On the **Alerts** page, accept the default settings, and then select **Next**.
+7.  On the **Distribution Points** page, accept the default settings, and then select **Next**.
+8.  On the **Summary** page, select **Next**, and then select **Close**.
 
-## Start the Windows 10 upgrade
+## Start the Windows 10 upgrade
 
 Next, run the in-place upgrade task sequence on PC0004.
 
 On **PC0004**:
 
 1.  Open the Configuration Manager control panel (control smscfgrc).
-2.  On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, click **Run Now**, and then click **OK** in the popup dialog box that appears.
+2.  On the **Actions** tab, select **Machine Policy Retrieval & Evaluation Cycle**, select **Run Now**, and then select **OK** in the popup dialog box that appears.
 
     >[!NOTE]
     >You also can use the Client Notification option in the Configuration Manager console, as shown in [Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md).
 
-3.  Open the Software Center, select the **Upgrade Task Sequence** deployment and then click **Install**.
+3.  Open the Software Center, select the **Upgrade Task Sequence** deployment and then select **Install**.
 4.  Confirm you want to upgrade the operating system on this computer by clicking **Install** again.
 5.  Allow the Upgrade Task Sequence to complete. The PC0004 computer will download the install.wim file, perform an in-place upgrade, and install your added applications. See the following examples:
 
@@ -132,7 +133,7 @@ On **PC0004**:
 ![Upgrade task sequence example 6.](../images/pc0004-f.png)<br>
 ![Upgrade task sequence example 7.](../images/pc0004-g.png)
 
-## Related topics
+## Related articles
 
 [Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
 [Configuration Manager Team blog](https://techcommunity.microsoft.com/t5/configuration-manager-blog/bg-p/ConfigurationManagerBlog)
diff --git a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
index a3b15273f2..c267cbdf68 100644
--- a/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/assign-applications-using-roles-in-mdt.md
@@ -1,19 +1,20 @@
 ---
 title: Assign applications using roles in MDT (Windows 10)
-description: This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer.
+description: This article will show you how to add applications to a role in the MDT database and then assign that role to a computer.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Assign applications using roles in MDT
 
-This topic will show you how to add applications to a role in the MDT database and then assign that role to a computer. For the purposes of this topic, the application we are adding is Adobe Reader XI. In addition to using computer-specific entries in the database, you can use roles in MDT to group settings together.
+This article will show you how to add applications to a role in the MDT database and then assign that role to a computer. For the purposes of this article, the application we're adding is Adobe Reader XI. In addition to using computer-specific entries in the database, you can use roles in MDT to group settings together.
 
 ## <a href="" id="sec01"></a>Create and assign a role entry in the database
 
@@ -40,9 +41,9 @@ Figure 13. The Standard PC role added to PC00075 (having ID 1 in the database).
 
 ## <a href="" id="sec03"></a>Verify database access in the MDT simulation environment
 
-When the database is populated, you can use the MDT simulation environment to simulate a deployment. The applications are not installed, but you can see which applications would be installed if you did a full deployment of the computer.
+When the database is populated, you can use the MDT simulation environment to simulate a deployment. The applications aren't installed, but you can see which applications would be installed if you did a full deployment of the computer.
 1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
-2.  Modify the C:\\MDT\\CustomSettings.ini file to look like the following:
+2.  Modify the C:\\MDT\\CustomSettings.ini file to look like below:
 
     ``` 
     [Settings]
@@ -119,7 +120,7 @@ When the database is populated, you can use the MDT simulation environment to si
 
 Figure 14. ZTIGather.log displaying the application GUID belonging to the Adobe Reader XI application that would have been installed if you deployed this machine.
 
-## Related topics
+## Related articles
 
 [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
 <BR>[Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)
@@ -127,6 +128,4 @@ Figure 14. ZTIGather.log displaying the application GUID belonging to the Adobe
 <BR>[Simulate a Windows 10 deployment in a test environment](simulate-a-windows-10-deployment-in-a-test-environment.md)
 <BR>[Use the MDT database to stage Windows 10 deployment information](use-the-mdt-database-to-stage-windows-10-deployment-information.md)
 <BR>[Use web services in MDT](use-web-services-in-mdt.md)
-<BR>[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
- 
- 
+<BR>[Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
\ No newline at end of file
diff --git a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
index 1048b64218..1e3e971ecc 100644
--- a/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
+++ b/windows/deployment/deploy-windows-mdt/build-a-distributed-environment-for-windows-10-deployment.md
@@ -1,31 +1,32 @@
 ---
 title: Build a distributed environment for Windows 10 deployment (Windows 10)
-description: In this topic, you'll learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
+description: In this article, you'll learn how to replicate your Windows 10 deployment shares to facilitate the deployment of Windows 10 in remote or branch locations.
 ms.assetid: a6cd5657-6a16-4fff-bfb4-44760902d00c
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Build a distributed environment for Windows 10 deployment
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
 Perform the steps in this article to build a distributed environment for Windows 10 deployment. A distributed environment for deployment is useful when you have a segmented network, for example one that is segmented geographically into two branch locations. If you work in a distributed environment, replicating the deployment shares is an important part of a deployment solution because images of 5 GB or more in size can present bandwidth issues when deployed over the wire. Replicating this content enables clients to do local deployments.
 
-Four computers are used in this topic: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we'll deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation. 
+Four computers are used in this article: DC01, MDT01, MDT02, and PC0006. DC01 is a domain controller, MDT01 and MDT02 are domain member computers running Windows Server 2019, and PC0006 is a blank device where we'll deploy Windows 10. The second deployment server (MDT02) will be configured for a remote site (Stockholm) by replicating the deployment share on MDT01 at the original site (New York). All devices are members of the domain contoso.com for the fictitious Contoso Corporation. 
 
-For the purposes of this article, we assume that MDT02 is prepared with the same network and storage capabilities that were specified for MDT01, except that MDT02 is located on a different subnet than MDT01. For more information on the infrastructure setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+For the purposes of this article, we assume that MDT02 is prepared with the same network and storage capabilities that were specified for MDT01, except that MDT02 is located on a different subnet than MDT01. For more information on the infrastructure setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 
 ![figure 1.](../images/mdt-10-fig01.png)
 
-Computers used in this topic.
+Computers used in this article.
 
 >HV01 is also used in this topic to host the PC0006 virtual machine.
 
@@ -42,7 +43,7 @@ LDS is a built-in feature in MDT for replicating content. However, LDS works bes
 
 ### Why DFS-R is a better option
 
-DFS-R isn't only fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication targets as read-only, which is exactly what you want for MDT. This way, you can have your master deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
+DFS-R isn't only fast and reliable, but it also offers central monitoring, bandwidth control, and a great delta replication engine. DFS-R will work equally well whether you have 2 sites or 90. When using DFS-R for MDT, we recommend running your deployment servers on Windows Server 2008 R2 or higher. From that version on, you can configure the replication targets as read-only, which is exactly what you want for MDT. This way, you can have your main deployment share centralized and replicate out changes as they happen. DFS-R will quickly pick up changes at the central deployment share in MDT01 and replicate the delta changes to MDT02.
 
 ## Set up Distributed File System Replication (DFS-R) for replication
 
@@ -111,7 +112,7 @@ On **MDT02**:
 
 ### Configure the deployment share
 
-When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT, that can be done by using the DefaultGateway property.
+When you have multiple deployment servers sharing the same content, you need to configure the Bootstrap.ini file with information about which server to connect to based on where the client is located. In MDT that can be done by using the DefaultGateway property.
 
 On **MDT01**:
 
@@ -158,29 +159,29 @@ On **MDT01**:
 
    ### Create the replication group
 
-6. On MDT01, using DFS Management (dfsmgmt.msc), right-click **Replication**, and click **New Replication Group**.
-7. On the **Replication Group Type** page, select **Multipurpose replication group**, and click **Next**.
-8. On the **Name and Domain** page, assign the **MDTProduction** name, and click **Next**.
-9. On the **Replication Group Members** page, click **Add**, add **MDT01** and **MDT02**, and then click **Next**.
+6. On MDT01, using DFS Management (dfsmgmt.msc), right-click **Replication**, and select **New Replication Group**.
+7. On the **Replication Group Type** page, select **Multipurpose replication group**, and select **Next**.
+8. On the **Name and Domain** page, assign the **MDTProduction** name, and select **Next**.
+9. On the **Replication Group Members** page, select **Add**, add **MDT01** and **MDT02**, and then select **Next**.
 
     ![figure 6.](../images/mdt-10-fig06.png)
 
     Adding the Replication Group Members.
 
-10. On the **Topology Selection** page, select the **Full mesh** option and click **Next**.
-11. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and click **Next**.
-12. On the **Primary Member** page, select **MDT01** and click **Next**.
-13. On the **Folders to Replicate** page, click **Add**, enter **D:\\MDTProduction** as the folder to replicate, click **OK**, and then click **Next**.
-14. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and click **Edit**.
-15. On the **Edit** page, select the **Enabled** option, type in **D:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, click **OK**, and then click **Next**.
-16. On the **Review Settings and Create Replication Group** page, click **Create**.
-17. On the **Confirmation** page, click **Close**.
+10. On the **Topology Selection** page, select the **Full mesh** option and select **Next**.
+11. On the **Replication Group Schedule and Bandwidth** page, accept the default settings and select **Next**.
+12. On the **Primary Member** page, select **MDT01** and select **Next**.
+13. On the **Folders to Replicate** page, select **Add**, enter **D:\\MDTProduction** as the folder to replicate, select **OK**, and then select **Next**.
+14. On the **Local Path of MDTProduction** on the **Other Members** page, select **MDT02**, and select **Edit**.
+15. On the **Edit** page, select the **Enabled** option, type in **D:\\MDTProduction** as the local path of folder, select the **Make the selected replicated folder on this member read-only** check box, select **OK**, and then select **Next**.
+16. On the **Review Settings and Create Replication Group** page, select **Create**.
+17. On the **Confirmation** page, select **Close**.
 
     ### Configure replicated folders
 
 18. On **MDT01**, using DFS Management, expand **Replication** and then select **MDTProduction**.
-19. In the middle pane, right-click the **MDT01** member and click **Properties**.
-20. On the **MDT01 (MDTProduction) Properties** page, configure the following and then click **OK**:
+19. In the middle pane, right-click the **MDT01** member and select **Properties**.
+20. On the **MDT01 (MDTProduction) Properties** page, configure the following and then select **OK**:
     1.  In the **Staging** tab, set the quota to **20480 MB**.
     2.  In the **Advanced** tab, set the quota to **8192 MB**.
         In this scenario the size of the deployment share is known, but you might need to change the values for your environment. A good rule of thumb is to get the size of the 16 largest files and make sure they fit in the staging area. Below is a Windows PowerShell example that calculates the size of the 16 largest files in the D:\\MDTProduction deployment share:
@@ -190,7 +191,7 @@ On **MDT01**:
         ```
 
 21. In the middle pane, right-click the **MDT02** member and select **Properties**.
-22. On the **MDT02 (MDTProduction) Properties** page, configure the following and then click **OK**:
+22. On the **MDT02 (MDTProduction) Properties** page, configure the following and then select **OK**:
     1.  In the **Staging** tab, set the quota to **20480 MB**.
     2.  In the **Advanced** tab, set the quota to **8192 MB**.
 
@@ -212,11 +213,11 @@ On **MDT02**:
 
 1. Wait until you start to see content appear in the **D:\\MDTProduction** folder.
 2. Using DFS Management, expand **Replication**, right-click **MDTProduction**, and select **Create Diagnostics Report**.
-3. In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, choose **Health report** and click **Next**.
-4. On the **Path and Name** page, accept the default settings and click **Next**.
-5. On the **Members to Include** page, accept the default settings and click **Next**.
-6. On the **Options** page, accept the default settings and click **Next**.
-7. On the **Review Settings and Create Report** page, click **Create**.
+3. In the Diagnostics Report Wizard, on the **Type of Diagnostics Report or Test** page, choose **Health report** and select **Next**.
+4. On the **Path and Name** page, accept the default settings and select **Next**.
+5. On the **Members to Include** page, accept the default settings and select **Next**.
+6. On the **Options** page, accept the default settings and select **Next**.
+7. On the **Review Settings and Create Report** page, select **Create**.
 8. Open the report in Internet Explorer, and if necessary, select the **Allow blocked content** option.
 
 ![figure 9.](../images/mdt-10-fig09.png)
@@ -227,13 +228,13 @@ The DFS Replication Health Report.
 
 ## Configure Windows Deployment Services (WDS) in a remote site
 
-Like you did in the previous topic for MDT01, you need to add the MDT Production Lite Touch x64 Boot image to Windows Deployment Services on MDT02. For the following steps, we assume that WDS has already been installed on MDT02.
+Like you did in the previous article for MDT01, you need to add the MDT Production Lite Touch x64 Boot image to Windows Deployment Services on MDT02. For the following steps, we assume that WDS has already been installed on MDT02.
 1. On MDT02, using the WDS console, right-click **Boot Images** and select **Add Boot Image**.
 2. Browse to the **D:\\MDTProduction\\Boot\\LiteTouchPE\_x64.wim** file and add the image with the default settings.
 
-## Deploy a Windows 10 client to the remote site
+## Deploy a Windows 10 client to the remote site
 
-Now you should have a solution ready for deploying the Windows 10 client to the remote site: Stockholm, using the MDTProduction deployment share replica on MDT02. You can test this deployment with the following optional procedure. 
+Now you should have a solution ready for deploying the Windows 10 client to the remote site: Stockholm, using the MDTProduction deployment share replica on MDT02. You can test this deployment with the following optional procedure. 
 
 >For demonstration purposes, the following procedure uses a virtual machine (PC0006) hosted by the Hyper-V server HV01. To use the remote site server (MDT02) the VM must be assigned a default gateway that matches the one you entered in the Boostrap.ini file.
 
@@ -246,21 +247,21 @@ Now you should have a solution ready for deploying the Windows 10 client to the
     6. Install an operating system from a network-based installation server
 2.  Start the PC0006 virtual machine, and press **Enter** to start the Pre-Boot Execution Environment (PXE) boot. The VM will now load the Windows PE boot image from the WDS server.
 3.  After Windows Preinstallation Environment (Windows PE) has booted, complete the Windows Deployment Wizard using the following settings:
-    1.  Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image 
+    1.  Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image 
     2.  Computer Name: PC0006
     3.  Applications: Select the Install - Adobe Reader
 4.  Setup will now start and perform the following steps:
-    1.  Install the Windows 10 Enterprise operating system.
+    1.  Install the Windows 10 Enterprise operating system.
     2.  Install applications.
     3.  Update the operating system using your local Windows Server Update Services (WSUS) server.
 
 ![pc0001.](../images/pc0006.png)
 
-## Related topics
+## Related articles
 
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
 [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
 [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
 [Refresh a Windows 7 computer with Windows 10](refresh-a-windows-7-computer-with-windows-10.md)<br>
 [Replace a Windows 7 computer with a Windows 10 computer](replace-a-windows-7-computer-with-a-windows-10-computer.md)<br>
-[Configure MDT settings](configure-mdt-settings.md)
+[Configure MDT settings](configure-mdt-settings.md)
\ No newline at end of file
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
index e9f56b8a9b..6c254caad5 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-deployment-share-rules.md
@@ -2,18 +2,19 @@
 title: Configure MDT deployment share rules (Windows 10)
 description: Learn how to configure the MDT rules engine to reach out to other resources for additional information instead of storing settings directly in the rules engine.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Configure MDT deployment share rules
 
-In this topic, you'll learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
+In this article, you'll learn how to configure the MDT rules engine to reach out to other resources, including external scripts, databases, and web services, for additional information instead of storing settings directly in the rules engine. The rules engine in MDT is powerful: most of the settings used for operating system deployments are retrieved and assigned via the rules engine. In its simplest form, the rules engine is the CustomSettings.ini text file.
 
 ## <a href="" id="sec01"></a>Assign settings
 
@@ -30,7 +31,7 @@ Before adding the more advanced components like scripts, databases, and web serv
 
 ### Set computer name by MAC Address
 
-If you have a small test environment, or simply want to assign settings to a limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. If you have many machines, it makes sense to use the database instead.
+If you have a small test environment, or simply want to assign settings to a limited number of machines, you can edit the rules to assign settings directly for a given MAC Address. When you have many machines, it makes sense to use the database instead.
 
 ``` 
 [Settings]
@@ -71,10 +72,10 @@ OSDComputerName=PC-%SerialNumber%
 ```
 
 In this sample, you configure the rules to set the computer name to a prefix (PC-) and then the serial number. If the serial number of the machine is CND0370RJ7, the preceding configuration sets the computer name to PC-CND0370RJ7.
-**Note**  
+**Note**  
 
 Be careful when using the serial number to assign computer names. A serial number can contain more than 15 characters, but the Windows setup limits a computer name to 15 characters.
- 
+ 
 ### Generate a limited computer name based on a serial number
 
 To avoid assigning a computer name longer than 15 characters, you can configure the rules in more detail by adding VBScript functions, as follows:
@@ -104,7 +105,7 @@ Subsection=Laptop-%IsLaptop%
 MachineObjectOU=OU=Laptops,OU=Contoso,DC=contoso,DC=com
 ```
 
-## Related topics
+## Related articles
 
 [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
 
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
index 4e16c79434..0ef50cfcd2 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-for-userexit-scripts.md
@@ -1,19 +1,20 @@
 ---
 title: Configure MDT for UserExit scripts (Windows 10)
-description: In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
+description: In this article, you'll learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Configure MDT for UserExit scripts
 
-In this topic, you will learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. MDT supports calling external VBScripts as part of the Gather process; these scripts are referred to as UserExit scripts. The script also removes the colons in the MAC Address.
+In this article, you'll learn how to configure the MDT rules engine to use a UserExit script to generate computer names based on a prefix and the computer MAC Address. MDT supports calling external VBScripts as part of the Gather process; these scripts are referred to as UserExit scripts. The script also removes the colons in the MAC Address.
 
 ## Configure the rules to call a UserExit script
 
@@ -28,7 +29,7 @@ UserExit=Setname.vbs
 OSDComputerName=#SetName("%MACADDRESS%")#
 ```
 
-The UserExit=Setname.vbs calls the script and then assigns the computer name to what the SetName function in the script returns. In this sample the %MACADDRESS% variable is passed to the script
+The UserExit=Setname.vbs calls the script and then assigns the computer name to what the SetName function in the script returns. In this sample, the %MACADDRESS% variable is passed to the script
 
 ## The Setname.vbs UserExit script
 
@@ -49,10 +50,10 @@ End Function
 ```
 The first three lines of the script make up a header that all UserExit scripts have. The interesting part is the lines between Function and End Function. Those lines add a prefix (PC), remove the colons from the MAC Address, and return the value to the rules by setting the SetName value.
 
-**Note**  
-The purpose of this sample is not to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process.
+>[!NOTE]  
+>The purpose of this sample isn't to recommend that you use the MAC Address as a base for computer naming, but to show you how to take a variable from MDT, pass it to an external script, make some changes to it, and then return the new value to the deployment process.
  
-## Related topics
+## Related articles
 
 [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
 
diff --git a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
index fd4be32da5..6270caa911 100644
--- a/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
+++ b/windows/deployment/deploy-windows-mdt/configure-mdt-settings.md
@@ -3,23 +3,24 @@ title: Configure MDT settings (Windows 10)
 description: One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization.
 ms.assetid: d3e1280c-3d1b-4fad-8ac4-b65dc711f122
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Configure MDT settings
 
-One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization. In this topic, you learn about configuring customizations for your environment.
-For the purposes of this topic, we'll use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this topic, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
+One of the most powerful features in Microsoft Deployment Toolkit (MDT) is its extension capabilities; there's virtually no limitation to what you can do in terms of customization. In this article, you learn about configuring customizations for your environment.
+For the purposes of this article, we'll use four machines: DC01, MDT01, HV01, and PC0001. DC01 is a domain controller, MDT01 is a Windows Server 2012 R2 Standard server, and PC0001 is a Windows 10 Enterprise x64 client used for the MDT simulation environment. OR01 has Microsoft System Center 2012 R2 Orchestrator installed. MDT01, OR01, and PC0001 are members of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this article, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
 
 ![figure 1.](../images/mdt-09-fig01.png)
 
-The computers used in this topic.
+The computers used in this article.
 
 ## In this section
 
@@ -32,7 +33,7 @@ The computers used in this topic.
 -   [Use web services in MDT](use-web-services-in-mdt.md)
 -   [Use Orchestrator runbooks with MDT](use-orchestrator-runbooks-with-mdt.md)
 
-## Related topics
+## Related articles
 
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
 [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
diff --git a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
index 7c243c3189..864d74b4d8 100644
--- a/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
+++ b/windows/deployment/deploy-windows-mdt/create-a-windows-10-reference-image.md
@@ -2,33 +2,34 @@
 title: Create a Windows 10 reference image (Windows 10)
 description: Creating a reference image is important because that image serves as the foundation for the devices in your organization.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Create a Windows 10 reference image
 
 **Applies to**
-- Windows 10
+- Windows 10
 
-Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this topic, you 'll learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You 'll create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this topic, you 'll have a Windows 10 reference image that can be used in your deployment solution.
+Creating a reference image is important because that image serves as the foundation for the devices in your organization. In this article, you 'll learn how to create a Windows 10 reference image using the Microsoft Deployment Toolkit (MDT). You 'll create a deployment share, configure rules and settings, and import all the applications and operating system files required to build a Windows 10 reference image. After completing the steps outlined in this article, you 'll have a Windows 10 reference image that can be used in your deployment solution.
 
 >[!NOTE]
 >For more information about the server, client, and network infrastructure used in this guide, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 
-For the purposes of this topic, we'll use three computers: DC01, MDT01, and HV01.
+For the purposes of this article, we'll use three computers: DC01, MDT01, and HV01.
    - DC01 is a domain controller for the contoso.com domain.
    - MDT01 is a contoso.com domain member server.
    - HV01 is a Hyper-V server that will be used to build the reference image.
  
    ![devices.](../images/mdt-08-fig01.png)
 
-   Computers used in this topic.
+   Computers used in this article.
 
 ## The reference image
 
@@ -40,21 +41,21 @@ The reference image described in this guide is designed primarily for deployment
 
 ## Set up the MDT build lab deployment share
 
-With Windows 10, there's no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications and all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
+With Windows 10, there's no hard requirement to create reference images. However, to reduce the time needed for deployment, you might want to create a reference image that contains a few base applications and all of the latest updates. This section will show you how to create and configure the MDT Build Lab deployment share to create a Windows 10 reference image. Because reference images will be deployed only to virtual machines during the creation process and have specific settings (rules), you should always create a separate deployment share specifically for this process.
 
 ### Create the MDT build lab deployment share
 
 On **MDT01**:
 
-- Sign in as contoso\\administrator using a password of <b>pass@word1</b> (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) topic).
+- Sign in as contoso\\administrator using a password of <b>pass@word1</b> (credentials from the [prepare for deployment](prepare-for-windows-deployment-with-mdt.md) article).
 - Start the MDT deployment workbench, and pin this workbench to the taskbar for easy access.
 - Using the Deployment Workbench, right-click **Deployment Shares** and select **New Deployment Share**.
 - Use the following settings for the New Deployment Share Wizard:
   - Deployment share path: **D:\\MDTBuildLab**
   - Share name: **MDTBuildLab$**
   - Deployment share description: **MDT Build Lab**
-- Accept the default selections on the Options page and click **Next**.
-- Review the Summary page, click **Next**, wait for the deployment share to be created, then click **Finish**.
+- Accept the default selections on the Options page and select **Next**.
+- Review the Summary page, select **Next**, wait for the deployment share to be created, then select **Finish**.
 - Verify that you can access the <b>\\\\MDT01\\MDTBuildLab$</b> share.
 
    ![figure 2.](../images/mdt-08-fig02.png)
@@ -63,7 +64,7 @@ On **MDT01**:
 
 ### Enable monitoring
 
-To monitor the task sequence as it happens, right-click the **MDT Build Lab** deployment share, click **Properties**, click the **Monitoring** tab, and select **Enable monitoring for this deployment share**.  This step is optional.
+To monitor the task sequence as it happens, right-click the **MDT Build Lab** deployment share, select **Properties**, select the **Monitoring** tab, and select **Enable monitoring for this deployment share**.  This step is optional.
 
 ### Configure permissions for the deployment share
 
@@ -81,20 +82,20 @@ On **MDT01**:
 
 ## Add setup files
 
-This section will show you how to populate the MDT deployment share with the Windows 10 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.
+This section will show you how to populate the MDT deployment share with the Windows 10 operating system source files, commonly referred to as setup files, which will be used to create a reference image. Setup files are used during the reference image creation process and are the foundation for the reference image.
 
-### Add the Windows 10 installation files
+### Add the Windows 10 installation files
 
-MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you've created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
+MDT supports adding both full source Windows 10 DVDs (ISOs) and custom images that you've created. In this case, you create a reference image, so you add the full source setup files from Microsoft.
 
 >[!NOTE]
->Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
+>Due to the Windows limits on path length, we are purposely keeping the operating system destination directory short, using the folder name W10EX64RTM rather than a more descriptive name like Windows 10 Enterprise x64 RTM.
  
-### Add Windows 10 Enterprise x64 (full source)
+### Add Windows 10 Enterprise x64 (full source)
 
 On **MDT01**:
 
-1. Sign in as **contoso\\administrator** and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01. The following example shows the files copied to the D:\\Downloads folder, but you can also choose to import the OS directly from an ISO or DVD.
+1. Sign in as **contoso\\administrator** and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01. The following example shows the files copied to the D:\\Downloads folder, but you can also choose to import the OS directly from an ISO or DVD.
 
     ![ISO.](../images/iso-data.png)
 
@@ -112,16 +113,16 @@ On **MDT01**:
 
 ## Add applications
 
-Before you create an MDT task sequence, you need to add any applications and scripts you wish to install to the MDT Build Lab share.
+Before you create an MDT task sequence, you need to add applications and scripts you wish to install to the MDT Build Lab share.
 
 On **MDT01**:
 
 First, create an MDT folder to store the Microsoft applications that will be installed:
 
 1. In the MDT Deployment Workbench, expand **Deployment Shares \\ MDT Build Lab \\ Applications**
-2. Right-click **Applications** and then click **New Folder**.
+2. Right-click **Applications** and then select **New Folder**.
 3. Under **Folder name**, type **Microsoft**.
-4. Click **Next** twice, and then click **Finish**.
+4. Select **Next** twice, and then select **Finish**.
 
 The steps in this section use a strict naming standard for your MDT applications. 
 - Use the "<b>Install - </b>" prefix for typical application installations that run a setup installer of some kind, 
@@ -147,7 +148,8 @@ Download links:
 
 Download all three items in this list to the D:\\Downloads folder on MDT01. 
 
-**Note**: For the purposes of this lab, we'll leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
+>[!NOTE]
+>For the purposes of this lab, we'll leave the MSVC files in the D:\\Downloads folder and the Office365 files will be extracted to a child folder. If you prefer, you can place each application in its own separate child folder, and then modify the $ApplicationSourcePath below as needed (instead of just D:\\Downloads).
 
 >[!NOTE]
 >All the Microsoft Visual C++ downloads can be found on [The latest supported Visual C++ downloads](https://go.microsoft.com/fwlink/p/?LinkId=619523). Visual C++ 2015, 2017 and 2019 all share the same redistributable files.
@@ -162,7 +164,7 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
         > [!NOTE]
         > 64-bit is now the default and recommended edition. 
       - Use the General Availability Channel and get updates directly from the Office CDN on the internet. 
-      - Perform a silent installation. You won’t see anything that shows the progress of the installation and you won’t see any error messages.
+      - Perform a silent installation. You won't see anything that shows the progress of the installation and you won't see any error messages.
 
      ```xml
      <Configuration>
@@ -176,7 +178,7 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
      </Configuration>
      ```
 
-     When you use these settings, any time you build the reference image you’ll be installing the most up-to-date General Availability Channel version of Microsoft 365 Apps for enterprise.
+     When you use these settings, anytime you build the reference image you'll be installing the most up-to-date General Availability Channel version of Microsoft 365 Apps for enterprise.
 
  >[!TIP]
  >You can also use the web-based interface of the [Office Customization Tool](https://config.office.com/) to help you create your configuration.xml file.
@@ -193,14 +195,14 @@ Download all three items in this list to the D:\\Downloads folder on MDT01.
  >After Microsoft 365 Apps for enterprise is installed on the reference image, do NOT open any Office programs. if you open an Office program, you're prompted to sign-in, which activates the installation of Microsoft 365 Apps for enterprise. Even if you don't sign in and you close the Sign in to set up Office dialog box, a temporary product key is installed. You don't want any kind of product key for Microsoft 365 Apps for enterprise installed as part of your reference image.
 
 Additional information
-- Microsoft 365 Apps for enterprise is updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel you’re using). That means that once you’ve deployed your reference image, Microsoft 365 Apps for enterprise will most likely need to download and install the latest updates that have been released since you created your reference image.
+- Microsoft 365 Apps for enterprise is updated on a monthly basis with security updates and other quality updates (bug fixes), and possibly new features (depending on which update channel you're using). That means that once you've deployed your reference image, Microsoft 365 Apps for enterprise will most likely need to download and install the latest updates that have been released since you created your reference image.
 
-- **Note**: With the installing Office Deployment Tool being used as part of the reference image, Microsoft 365 Apps for enterprise is installed immediately after the reference image is deployed to the user’s device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Microsoft 365 Apps for enterprise right away and won’t have to download any new updates (which is most likely what would happen if Microsoft 365 Apps for enterprise was installed as part of the reference image.)
- - When you're creating your reference image, instead of installing Microsoft 365 Apps for enterprise directly from the Office CDN on the internet, you can install Microsoft 365 Apps for enterprise from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Microsoft 365 Apps for enterprise from that location on to your reference image. As part of that process, you’ll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Microsoft 365 Apps for enterprise files. If you decide to do this step, the next time you create a new reference image, you’ll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Microsoft 365 Apps for enterprise to that location on your internal network. That way your new reference image will have a more up-to-date installation of Microsoft 365 Apps for enterprise.
+- **Note**: With the installing Office Deployment Tool being used as part of the reference image, Microsoft 365 Apps for enterprise is installed immediately after the reference image is deployed to the user's device, rather than including Office apps part of the reference image. This way the user will have the most up-to-date version of Microsoft 365 Apps for enterprise right away and won't have to download any new updates (which is most likely what would happen if Microsoft 365 Apps for enterprise was installed as part of the reference image.)
+ - When you're creating your reference image, instead of installing Microsoft 365 Apps for enterprise directly from the Office CDN on the internet, you can install Microsoft 365 Apps for enterprise from a location on your local network, such as a file share. To do that, you would use the Office Deployment Tool in /download mode to download the installation files to that file share. Then you could use the Office Deployment Tool in /configure mode to install Microsoft 365 Apps for enterprise from that location on to your reference image. As part of that process, you'll need to point to that location in your configuration.xml file so that the Office Deployment Tool knows where to get the Microsoft 365 Apps for enterprise files. If you decide to do this step, the next time you create a new reference image, you'll want to be sure to use the Office Deployment Tool to download the most up-to-date installation files for Microsoft 365 Apps for enterprise to that location on your internal network. That way your new reference image will have a more up-to-date installation of Microsoft 365 Apps for enterprise.
 
 ### Connect to the deployment share using Windows PowerShell
 
-If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in and then make the deployment share a PowerShell drive (PSDrive).
+If you need to add many applications, you can take advantage of the PowerShell support that MDT has. To start using PowerShell against the deployment share, you must first load the MDT PowerShell snap-in, and then make the deployment share a PowerShell drive (PSDrive).
 
 On **MDT01**:
 
@@ -294,16 +296,16 @@ On **MDT01**:
 
 ## Create the reference image task sequence
 
-In order to build and capture your Windows 10 reference image for deployment using MDT, you 'll create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 10 reference image.
+In order to build and capture your Windows 10 reference image for deployment using MDT, you 'll create a task sequence. The task sequence will reference the operating system and applications that you previously imported into the MDT Build Lab deployment share to build a Windows 10 reference image.
 After creating the task sequence, you configure it to enable patching against the Windows Server Update Services (WSUS) server. The Task Sequence Windows Update action supports getting updates directly from Microsoft Update, but you get more stable patching if you use a local WSUS server. WSUS also allows for an easy process of approving the patches that you're deploying.
 
 ### Drivers and the reference image
 
-Because we use modern virtual platforms for creating our reference images, we don’t need to worry about drivers when creating reference images for Windows 10. We use Hyper-V in our environment, and Windows Preinstallation Environment (Windows PE) already has all the needed drivers built-in for Hyper-V.
+Because we use modern virtual platforms for creating our reference images, we don't need to worry about drivers when creating reference images for Windows 10. We use Hyper-V in our environment, and Windows Preinstallation Environment (Windows PE) already has all the needed drivers built-in for Hyper-V.
 
 ### Create a task sequence for Windows 10 Enterprise
 
-To create a Windows 10 reference image task sequence, the process is as follows:
+To create a Windows 10 reference image task sequence, the process is as follows:
 
 On **MDT01**:
 
@@ -320,18 +322,18 @@ On **MDT01**:
    9. Internet Explorer home page: http://www.contoso.com
    10. Admin Password: Don't specify an Administrator Password at this time
 
-### Edit the Windows 10 task sequence
+### Edit the Windows 10 task sequence
 
-The steps below walk you through the process of editing the Windows 10 reference image task sequence to include the actions required to update the reference image with the latest updates from WSUS, install roles and features, and utilities, and install Microsoft Office365 ProPlus x64.
+The steps below walk you through the process of editing the Windows 10 reference image task sequence to include the actions required to update the reference image with the latest updates from WSUS, install roles and features, and utilities, and install Microsoft Office365 ProPlus x64.
 
 On **MDT01**:
 
-1. In the **Task Sequences / Windows 10** folder, right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence, and select **Properties**.
-2. On the **Task Sequence** tab, configure the Windows 10 Enterprise x64 RTM Default Image task sequence with the following settings:
+1. In the **Task Sequences / Windows 10** folder, right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence, and select **Properties**.
+2. On the **Task Sequence** tab, configure the Windows 10 Enterprise x64 RTM Default Image task sequence with the following settings:
     1. **State Restore > Windows Update (Pre-Application Installation)** action: Enable this action by clicking the **Options** tab and clearing the **Disable this step** check box.
          
     2. **State Restore > Windows Update (Post-Application Installation)** action: Also enable this action.
-    3. **State Restore**: After the **Tattoo** action, add a new **Group** action (click **Add** then click **New Group**) with the following setting:
+    3. **State Restore**: After the **Tattoo** action, add a new **Group** action (select **Add** then select **New Group**) with the following setting:
         -   Name: **Custom Tasks (Pre-Windows Update)**
     4. **State Restore**: After **Windows Update (Post-Application Installation)** action, rename **Custom Tasks** to **Custom Tasks (Post-Windows Update)**.
         - **Note**: The reason for adding the applications after the Tattoo action but before running Windows Update is simply to save time during the deployment. This way we can add all applications that will upgrade some of the built-in components and avoid unnecessary updating.
@@ -351,14 +353,14 @@ On **MDT01**:
         1. Name: Microsoft Visual C++ Redistributable 2019 - x86
         2. Install a Single Application: browse to **Install - MSVC 2019 - x86**
     7.  Repeat these steps (add a new **Install Application**) to add Microsoft Visual C++ Redistributable 2019 - x64 and Microsoft 365 Apps for enterprise as well.
-3. Click **OK**.
+3. Select **OK**.
 
  ![apps.](../images/mdt-apps.png) 
 
 
 ### Optional configuration: Add a suspend action
 
-The goal when creating a reference image is to automate everything. But sometimes you've a special configuration or application setup that is too time-consuming to automate. If you need to do some manual configuration, you can add a little-known feature called Lite Touch Installation (LTI) Suspend. If you add the LTISuspend.wsf script as a custom action in the task sequence, it will suspend the task sequence until you click the Resume Task Sequence shortcut icon on the desktop. In addition to using the LTI Suspend feature for manual configuration or installation, you can also use it simply for verifying a reference image before you allow the task sequence to continue and use Sysprep and capture the virtual machine.
+The goal when creating a reference image is to automate everything. But sometimes you've a special configuration or application setup that is too time-consuming to automate. If you need to do some manual configuration, you can add a little-known feature called Lite Touch Installation (LTI) Suspend. If you add the LTISuspend.wsf script as a custom action in the task sequence, it will suspend the task sequence until you select the Resume Task Sequence shortcut icon on the desktop. In addition to using the LTI Suspend feature for manual configuration or installation, you can also use it simply for verifying a reference image before you allow the task sequence to continue and use Sysprep and capture the virtual machine.
 
    ![figure 8.](../images/fig8-suspend.png)
 
@@ -368,22 +370,22 @@ The goal when creating a reference image is to automate everything. But sometime
 
    The Windows 10 desktop with the Resume Task Sequence shortcut.
 
-### Edit the Unattend.xml file for Windows 10 Enterprise
+### Edit the Unattend.xml file for Windows 10 Enterprise
 
-When using MDT, you don't need to edit the Unattend.xml file often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer behavior, then you can edit the Unattend.xml. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you 'll want to use the Internet Explorer Administration Kit (IEAK).
+When using MDT, you don't need to edit the Unattend.xml file often because most configurations are taken care of by MDT. However if, for example, you want to configure Internet Explorer behavior, then you can edit the Unattend.xml. Editing the Unattend.xml for basic Internet Explorer settings is easy, but for more advanced settings, you 'll want to use the Internet Explorer Administration Kit (IEAK).
 
 >[!WARNING]
 >Don't use **SkipMachineOOBE** or **SkipUserOOBE** in your Unattend.xml file. These settings are deprecated and can have unintended effects if used.
 
 >[!NOTE]
->You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you're adding packages via Unattend.xml, it's version specific, so Unattend.xml must match the exact version of the operating system you're servicing.
+>You also can use the Unattend.xml to enable components in Windows 10, like the Telnet Client or Hyper-V client. Normally we prefer to do this via the **Install Roles and Features** action, or using Deployment Image Servicing and Management (DISM) command-line tools, because then we can add that as an application, being dynamic, having conditions, and so forth. Also, if you're adding packages via Unattend.xml, it's version specific, so Unattend.xml must match the exact version of the operating system you're servicing.
  
-Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence:
+Follow these steps to configure Internet Explorer settings in Unattend.xml for the Windows 10 Enterprise x64 RTM Default Image task sequence:
 
 On **MDT01**:
 
 1. When you're using the Deployment Workbench, under **Deployment Shares > MDT Build Lab > Task Sequences** right-click the **Windows 10 Enterprise x64 RTM Default Image** task sequence and select **Properties**.
-2. In the **OS Info** tab, click **Edit Unattend.xml**. MDT now generates a catalog file. This file generation process will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
+2. In the **OS Info** tab, select **Edit Unattend.xml**. MDT now generates a catalog file. This file generation process will take a few minutes, and then Windows System Image Manager (Windows SIM) will start.
 
  > [!IMPORTANT]
  > The ADK version 1903 has a [known issue](/windows-hardware/get-started/what-s-new-in-kits-and-tools#whats-new-in-the-windows-adk-for-windows-10-version-1903) generating a catalog file for Windows 10, version 1903 or 1909 X64 install.wim. You might see the error "Could not load file or assembly" in in the console output. To avoid this issue, [install the ADK, version 2004 or a later version](/windows-hardware/get-started/adk-install). A workaround is also available for the ADK version 1903:
@@ -398,7 +400,7 @@ On **MDT01**:
 5. Save the Unattend.xml file, and close Windows SIM.
      > [!NOTE]
      > If errors are reported that certain display values are incorrect, you can ignore this message or browse to **7oobeSystem\\amd64_Microsoft-Windows-Shell-Setup__neutral\\Display** and enter the following: ColorDepth 32, HorizontalResolution 1, RefreshRate 60, VerticalResolution 1.
-6. On the Windows 10 Enterprise x64 RTM Default Image Properties, click **OK**.
+6. On the Windows 10 Enterprise x64 RTM Default Image Properties, select **OK**.
 
     ![figure 10.](../images/fig10-unattend.png)
 
@@ -410,7 +412,7 @@ Understanding rules is critical to successfully using MDT. Rules are configured
 
 ### MDT deployment share rules overview
 
-In MDT, there are always two rule files: the **CustomSettings.ini** file and the **Bootstrap.ini** file. You can add almost any rule to either. However, the Bootstrap.ini file is copied from the Control folder to the boot image, so the boot image needs to be updated every time you change that file. For this reason, add only a minimal set of rules to Bootstrap.ini, such as which deployment server and share to connect to - the DEPLOYROOT value. Put the other rules in CustomSettings.ini because that file is updated immediately when you click OK. 
+In MDT, there are always two rule files: the **CustomSettings.ini** file and the **Bootstrap.ini** file. You can add almost any rule to either. However, the Bootstrap.ini file is copied from the Control folder to the boot image, so the boot image needs to be updated every time you change that file. For this reason, add only a minimal set of rules to Bootstrap.ini, such as which deployment server and share to connect to - the DEPLOYROOT value. Put the other rules in CustomSettings.ini because that file is updated immediately when you select OK. 
 
 To configure the rules for the MDT Build Lab deployment share:
 
@@ -457,7 +459,7 @@ On **MDT01**:
 
     The server-side rules for the MDT Build Lab deployment share.
  
-3.  Click **Edit Bootstrap.ini** and modify using the following information:
+3.  Select **Edit Bootstrap.ini** and modify using the following information:
 
     ``` 
     [Settings]
@@ -483,7 +485,7 @@ On **MDT01**:
 7. In the **Lite Touch Boot Image Settings** area, configure the following settings:
    1.  Image description: MDT Build Lab x64
    2.  ISO file name: MDT Build Lab x64.iso
-8. Click **OK**.
+8. Select **OK**.
 
 >[!NOTE]
 >In MDT, the x86 boot image can deploy both x86 and x64 operating systems (except on computers based on Unified Extensible Firmware Interface).
@@ -581,7 +583,8 @@ SkipFinalSummary=YES
 - **AdminPassword.** Sets the local Administrator account password.
 - **TimeZoneName.** Establishes the time zone to use. Don't confuse this value with TimeZone, which is only for legacy operating systems (Windows 7 and Windows Server 2003).
 
-    **Note**: The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
+    >[!NOTE]
+    >The easiest way to find the current time zone name on a Windows 10 machine is to run tzutil /g in a command prompt. You can also run tzutil /l to get a listing of all available time zone names.
      
 - **JoinWorkgroup.** Configures Windows to join a workgroup.
 - **HideShell.** Hides the Windows Shell during deployment. This hide-operation is especially useful for Windows 10 deployments in which the deployment wizard will otherwise appear behind the tiles.
@@ -602,7 +605,7 @@ SkipFinalSummary=YES
 - **SkipSummary.** Skips the initial Windows Deployment Wizard summary pane.
 - **SkipRoles.** Skips the Install Roles and Features pane.
 - **SkipCapture.** Skips the Capture pane.
-- **SkipFinalSummary.** Skips the final Windows Deployment Wizard summary. Because you use FinishAction=Shutdown, you don't want the wizard to stop in the end so that you need to click OK before the machine shuts down.
+- **SkipFinalSummary.** Skips the final Windows Deployment Wizard summary. Because you use FinishAction=Shutdown, you don't want the wizard to stop in the end so that you need to select OK before the machine shuts down.
 
 ## Build the Windows 10 reference image
 
@@ -614,7 +617,8 @@ The steps below outline the process used to boot a virtual machine using an ISO
 
 1. Copy D:\\MDTBuildLab\\Boot\\MDT Build Lab x86.iso on MDT01 to C:\\ISO on your Hyper-V host (HV01).
 
-    **Note**: Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That's why you can use the x86 boot image instead of the x64 boot image.
+    >[!NOTE]
+    >Remember, in MDT you can use the x86 boot image to deploy both x86 and x64 operating system images. That's why you can use the x86 boot image instead of the x64 boot image.
 
 On **HV01**:
      
@@ -628,11 +632,13 @@ On **HV01**:
    8. Install OS with image file: C:\\ISO\\MDT Build Lab x86.iso
 1. Before you start the VM, add a checkpoint for REFW10X64-001, and name it **Clean with MDT Build Lab x86 ISO**.
 
-    **Note**: Checkpoints are useful if you need to restart the process and want to make sure you can start clean.
+    >[!NOTE]
+    >Checkpoints are useful if you need to restart the process and want to make sure you can start clean.
      
 4. Start the REFW10X64-001 virtual machine and connect to it.
 
-    **Note**: Up to this point we haven't discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers.  You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario, this connectivity is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
+    >[!NOTE]
+    >Up to this point we haven't discussed IP addressing or DHCP. In the initial setup for this guide, DC01 was provisioned as a DHCP server to provide IP address leases to client computers.  You might have a different DHCP server on your network that you wish to use. The REFW10X64-001 virtual machine requires an IP address lease that provides it with connectivity to MDT01 so that it can connect to the \\MDT01\MDTBuildLab$ share. In the current scenario, this connectivity is accomplished with a DHCP scope that provides IP addresses in the 10.10.10.100 - 10.10.10.200 range, as part of a /24 subnet so that the client can connect to MDT01 at 10.10.10.11.
 
     After booting into Windows PE, complete the Windows Deployment Wizard with the following settings:
     1. Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Default Image
@@ -653,7 +659,7 @@ On **HV01**:
     6. Captures the installation to a Windows Imaging (WIM) file.
     7. Turns off the virtual machine.
 
-After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
+After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
 
    ![image.](../images/image-captured.png)
 
@@ -668,9 +674,9 @@ If you [enabled monitoring](#enable-monitoring), you can check the progress of t
 
 If there are problems with your task sequence, you can troubleshoot in Windows PE by pressing F8 to open a command prompt. There are several [MDT log files](/configmgr/mdt/troubleshooting-reference#mdt-logs) created that can be helpful determining the origin of an error, such as BDD.log.  From the command line in Windows PE, you can copy these logs from the client to your MDT server for viewing with CMTrace. For example: copy BDD.log \\\\mdt01\\logs$.
 
-After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
+After some time, you 'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep, located in the D:\\MDTBuildLab\\Captures folder on your deployment server. The file name is REFW10X64-001.wim.
 
-## Related topics
+## Related articles
 
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
 [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)<br>
diff --git a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
index 6012851f0d..efcf8b1227 100644
--- a/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/deploy-a-windows-10-image-using-mdt.md
@@ -1,33 +1,34 @@
 ---
 title: Deploy a Windows 10 image using MDT (Windows 10)
-description: This topic will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
+description: This article will show you how to take your reference image for Windows 10, and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
 ms.collection: 
   - highpri
+ms.date: 10/28/2022
 ---
 
 # Deploy a Windows 10 image using MDT
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
-This topic will show you how to take your reference image for Windows 10 (that was [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT). 
+This article will show you how to take your reference image for Windows 10 (that was [created](create-a-windows-10-reference-image.md)), and deploy that image to your environment using the Microsoft Deployment Toolkit (MDT). 
 
 We'll prepare for this deployment by creating an MDT deployment share that is used solely for image deployment. Separating the processes of creating reference images from the processes used to deploy them in production allows greater control of on both processes. We'll configure Active Directory permissions, configure the deployment share, create a new task sequence, and add applications, drivers, and rules.
 
-For the purposes of this topic, we'll use four computers: DC01, MDT01, HV01 and PC0005. 
+For the purposes of this article, we'll use four computers: DC01, MDT01, HV01 and PC0005. 
 
 - DC01 is a domain controller 
 - MDT01 is a domain member server 
 - HV01 is a Hyper-V server 
-- PC0005 is a blank device to which we'll deploy Windows 10
+- PC0005 is a blank device to which we'll deploy Windows 10
 
 MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contoso Corporation.  HV01 used to test deployment of PC0005 in a virtual environment.
 
@@ -38,7 +39,7 @@ MDT01 and PC0005 are members of the domain contoso.com for the fictitious Contos
 
 ## Step 1: Configure Active Directory permissions
 
-These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you've  The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
+These steps will show you how to configure an Active Directory account with the permissions required to deploy a Windows 10 machine to the domain using MDT. These steps assume you've  The account is used for Windows Preinstallation Environment (Windows PE) to connect to MDT01. In order for MDT to join machines into the contoso.com domain you need to create an account and configure permissions in Active Directory.
 
 On **DC01**:
 
@@ -85,13 +86,13 @@ The steps for creating the deployment share for production are the same as when
 
 1. Ensure you're signed on as: contoso\administrator.
 2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
-3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
+3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and select **Next**.
 
-4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**.
+4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and select **Next**.
 
-5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**.
+5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and select **Next**.
 
-6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**.
+6. On the **Options** page, accept the default settings and select **Next** twice, and then select **Finish**.
 7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
 
 ### Configure permissions for the production deployment share
@@ -110,22 +111,22 @@ On **MDT01**:
 
 ## Step 3: Add a custom image
 
-The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 10. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10 stores other components in the Sources\\SxS folder that is outside the image and may be required when installing components.
+The next step is to add a reference image into the deployment share with the setup files required to successfully deploy Windows 10. When adding a custom image, you still need to copy setup files (an option in the wizard) because Windows 10 stores other components in the Sources\\SxS folder that is outside the image and may be required when installing components.
 
-### Add the Windows 10 Enterprise x64 RTM custom image
+### Add the Windows 10 Enterprise x64 RTM custom image
 
-In these steps, we assume that you've completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) topic, so you've a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01.
+In these steps, we assume that you've completed the steps in the [Create a Windows 10 reference image](create-a-windows-10-reference-image.md) article, so you've a Windows 10 reference image at **D:\\MDTBuildLab\\Captures\REFW10X64-001.wim** on MDT01.
 
 1.  Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**; select the **Operating Systems** node, and create a folder named **Windows 10**.
 2.  Right-click the **Windows 10** folder and select **Import Operating System**.
 
-3.  On the **OS Type** page, select **Custom image file** and click **Next**.
+3.  On the **OS Type** page, select **Custom image file** and select **Next**.
 
-4.  On the **Image** page, in the **Source file** text box, browse to **D:\\MDTBuildLab\\Captures\\REFW10X64-001.wim** and click **Next**.
+4.  On the **Image** page, in the **Source file** text box, browse to **D:\\MDTBuildLab\\Captures\\REFW10X64-001.wim** and select **Next**.
 
-5.  On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM** and click **Next**.
+5.  On the **Setup** page, select the **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path** option; in the **Setup source directory** text box, browse to **D:\\MDTBuildLab\\Operating Systems\\W10EX64RTM** and select **Next**.
 
-6.  On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, click **Next** twice, and then click **Finish**.
+6.  On the **Destination** page, in the **Destination directory name** text box, type **W10EX64RTM**, select **Next** twice, and then select **Finish**.
 7.  After adding the operating system, double-click the added operating system name in the **Operating Systems / Windows 10** node and change the name to **Windows 10 Enterprise x64 RTM Custom Image**.
 
 >[!NOTE]
@@ -142,22 +143,22 @@ When you configure your MDT Build Lab deployment share, you can also add applica
 
 On **MDT01**:
 
-1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2100520060_en_US.exe) to **D:\\setup\\adobe** on MDT01.
-2. Extract the .exe file that you downloaded to a .msi (ex: .\AcroRdrDC2100520060_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
+1. Download the Enterprise distribution version of [Adobe Acrobat Reader DC](https://get.adobe.com/reader/enterprise/) (AcroRdrDC2200320263_en_US.exe) to **D:\\setup\\adobe** on MDT01.
+2. Extract the .exe file that you downloaded to a .msi (ex: .\AcroRdrDC2200320263_en_US.exe -sfx_o"d:\setup\adobe\install\" -sfx_ne).
 3. In the Deployment Workbench, expand the **MDT Production** node and navigate to the **Applications** node.
 4. Right-click the **Applications** node, and create a new folder named **Adobe**.
 
 5. In the **Applications** node, right-click the **Adobe** folder and select **New Application**.
 
-6. On the **Application Type** page, select the **Application with source files** option and click **Next**.
+6. On the **Application Type** page, select the **Application with source files** option and select **Next**.
 
-7. On the **Details** page, in the **Application Name** text box, type **Install - Adobe Reader** and click *Next**.
+7. On the **Details** page, in the **Application Name** text box, type **Install - Adobe Reader** and select *Next**.
 
-8. On the **Source** page, in the **Source Directory** text box, browse to **D:\\setup\\adobe\\install** and click **Next**.
+8. On the **Source** page, in the **Source Directory** text box, browse to **D:\\setup\\adobe\\install** and select **Next**.
 
-9. On the **Destination** page, in the **Specify the name of the directory that should be created** text box, type **Install - Adobe Reader** and click **Next**.
+9. On the **Destination** page, in the **Specify the name of the directory that should be created** text box, type **Install - Adobe Reader** and select **Next**.
 
-10. On the **Command Details** page, in the **Command Line** text box, type **msiexec /i AcroRead.msi /q**, click **Next** twice, and then click **Finish**.
+10. On the **Command Details** page, in the **Command Line** text box, type **msiexec /i AcroRead.msi /q**, select **Next** twice, and then select **Finish**.
 
     ![acroread image.](../images/acroread.png)
 
@@ -165,7 +166,7 @@ On **MDT01**:
 
 ## Step 5: Prepare the drivers repository
 
-In order to deploy Windows 10 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples:
+In order to deploy Windows 10 with MDT successfully, you need drivers for the boot images and for the actual operating system. This section will show you how to add drivers for the boot image and operating system, using the following hardware models as examples:
 -   Lenovo ThinkPad T420
 -   Dell Latitude 7390
 -   HP EliteBook 8560w
@@ -250,12 +251,12 @@ On **MDT01**:
 2.  In the New Selection Profile Wizard, create a selection profile with the following settings:
     1.  Selection Profile name: WinPE x86
     2.  Folders: Select the WinPE x86 folder in Out-of-Box Drivers.
-    3. Click **Next**, **Next** and **Finish**.
+    3. Select **Next**, **Next** and **Finish**.
 3.  Right-click the **Selection Profiles** node again, and select **New Selection Profile**.
 4.  In the New Selection Profile Wizard, create a selection profile with the following settings:
     1.  Selection Profile name: WinPE x64
     2.  Folders: Select the WinPE x64 folder in Out-of-Box Drivers.
-    3.  Click **Next**, **Next** and **Finish**.
+    3.  Select **Next**, **Next** and **Finish**.
 
     ![figure 5.](../images/fig5-selectprofile.png)
 
@@ -381,7 +382,7 @@ On **MDT01**:
 
    4.  State Restore. Enable the **Windows Update (Post-Application Installation)** action.
 
-3. Click **OK**.
+3. Select **OK**.
 
    ![drivergroup.](../images/fig6-taskseq.png)
 
@@ -438,7 +439,7 @@ On **MDT01**:
    SkipFinalSummary=NO
    ```
 
-3. Click **Edit Bootstrap.ini** and modify using the following information:
+3. Select **Edit Bootstrap.ini** and modify using the following information:
 
    ``` 
    [Settings]
@@ -480,7 +481,7 @@ On **MDT01**:
 
 10. In the **Monitoring** tab, select the **Enable monitoring for this deployment share** check box.
 
-11. Click **OK**.
+11. Select **OK**.
 
     >[!NOTE]
     >It will take a while for the Deployment Workbench to create the monitoring database and web service.
@@ -607,7 +608,7 @@ On **MDT01**:
 
 9. In the **Features** sub tab, in addition to the default selected feature pack, select the **Microsoft Diagnostics and Recovery Toolkit (DaRT)** check box.
 
-10. Click **OK**.
+10. Select **OK**.
 
 ### Update the deployment share
 
@@ -640,9 +641,9 @@ On **MDT01**:
 
    The boot image added to the WDS console.
 
-### Deploy the Windows 10 client
+### Deploy the Windows 10 client
 
-At this point, you should have a solution ready for deploying the Windows 10 client. We recommend starting by trying a few deployments at a time until you're confident that your configuration works as expected. We find it useful to try some initial tests on virtual machines before testing on physical hardware. These tests help rule out hardware issues when testing or troubleshooting. Here are the steps to deploy your Windows 10 image to a virtual machine:
+At this point, you should have a solution ready for deploying the Windows 10 client. We recommend starting by trying a few deployments at a time until you're confident that your configuration works as expected. We find it useful to try some initial tests on virtual machines before testing on physical hardware. These tests help rule out hardware issues when testing or troubleshooting. Here are the steps to deploy your Windows 10 image to a virtual machine:
 
 On **HV01**:
 
@@ -721,7 +722,7 @@ Setting up MDT for multicast is straightforward. You enable multicast on the dep
 On **MDT01**:
 
 1.  In the Deployment Workbench, right-click the **MDT Production** deployment share folder and select **Properties**.
-2.  On the **General** tab, select the **Enable multicast for this deployment share (requires Windows Server 2008 R2 Windows Deployment Services)** check box, and click **OK**.
+2.  On the **General** tab, select the **Enable multicast for this deployment share (requires Windows Server 2008 R2 Windows Deployment Services)** check box, and select **OK**.
 3.  Right-click the **MDT Production** deployment share folder and select **Update Deployment Share**.
 4.  After updating the deployment share, use the Windows Deployment Services console to, verify that the multicast namespace was created.
 
@@ -729,9 +730,9 @@ On **MDT01**:
 
     The newly created multicast namespace.
 
-## Use offline media to deploy Windows 10
+## Use offline media to deploy Windows 10
 
-In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can easily generate an offline version of your deployment share - either the full deployment share or a subset of it - by using selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
+In addition to network-based deployments, MDT supports the use of offline media-based deployments of Windows 10. You can easily generate an offline version of your deployment share - either the full deployment share or a subset of it - by using selection profiles. The generated offline media can be burned to a DVD or copied to a USB stick for deployment.
 
 Offline media are useful not only when you don't have network connectivity to the deployment share, but also when you've limited connection to the deployment share and don't want to copy 5 GB of data over the wire. Offline media can still join the domain, but you save the transfer of operating system images, drivers, and applications over the wire.
 
@@ -796,7 +797,7 @@ On **MDT01**:
 
 6.  On the **Drivers and Patches** sub tab, select the **WinPE x64** selection profile and select the **Include all drivers from the selection profile** option.
 
-7.  Click **OK**.
+7.  Select **OK**.
 
 ### Generate the offline media
 
@@ -837,7 +838,7 @@ As referenced in [Windows 10 deployment scenarios and tools](../windows-deployme
 
 The partitions when deploying an UEFI-based machine.
 
-## Related topics
+## Related articles
 
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
 [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
diff --git a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
index adb5403751..701f10efc1 100644
--- a/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/get-started-with-the-microsoft-deployment-toolkit.md
@@ -1,22 +1,23 @@
 ---
 title: Get started with the Microsoft Deployment Toolkit (MDT) (Windows 10)
-description: This topic will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment.
+description: This article will help you gain a better understanding of how to use the Microsoft Deployment Toolkit (MDT), as part of a Windows operating system deployment.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
 ms.collection: 
   - highpri
+ms.date: 10/28/2022
 ---
 
 # Get started with MDT
 
 **Applies to**
-- Windows 10
+- Windows 10
 
 This article provides an overview of the features, components, and capabilities of the [Microsoft Deployment Toolkit (MDT)](/mem/configmgr/mdt/). When you have finished reviewing this information, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 
@@ -26,7 +27,7 @@ MDT is a unified collection of tools, processes, and guidance for automating des
 
 In addition to reducing deployment time and standardizing desktop and server images, MDT enables you to more easily manage security and ongoing configurations. MDT builds on top of the core deployment tools in the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) with more guidance and features designed to reduce the complexity and time required for deployment in an enterprise environment.
 
-MDT supports the deployment of Windows 10, and Windows 7, Windows 8.1, and Windows Server. It also includes support for zero-touch installation (ZTI) with [Microsoft Endpoint Configuration Manager](/configmgr/).
+MDT supports the deployment of Windows 10, and Windows 7, Windows 8.1, and Windows Server. It also includes support for zero-touch installation (ZTI) with [Microsoft Configuration Manager](/configmgr/).
 
 > [!IMPORTANT]
 > For more information about MDT supported platforms, see [MDT Release Notes](/mem/configmgr/mdt/release-notes#supported-platforms) and [MDT FAQ](/mem/configmgr/mdt/faq#is-this-release-only-supported-with-version--x--of-windows-client--windows-adk--or-configuration-manager-).
@@ -36,8 +37,8 @@ MDT supports the deployment of Windows 10, and Windows 7, Windows 8.1, and Wi
 MDT has been in existence since 2003, when it was first introduced as Business Desktop Deployment (BDD) 1.0. The toolkit has evolved, both in functionality and popularity, and today it's considered fundamental to Windows operating system and enterprise application deployment.
 
 MDT has many useful features, such as:
-- **Windows Client support.** Supports Windows 7, Windows 8.1, and Windows 10.
-- **Windows Server support.** Supports Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
+- **Windows Client support.** Supports Windows 7, Windows 8.1, and Windows 10.
+- **Windows Server support.** Supports Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2, Windows Server 2016, and Windows Server 2019.
 - **Additional operating systems support.** Supports Windows Thin PC and [Windows Embedded POSReady 7](https://www.microsoft.com/en-us/download/details.aspx?id=26558), and Windows 8.1 Embedded Industry.
 - **UEFI support.** Supports deployment to machines using Unified Extensible Firmware Interface (UEFI) version 2.3.1.
 - **GPT support.** Supports deployment to machines that require the new GPT partition table format. This feature is related to UEFI.
@@ -66,19 +67,19 @@ MDT has many useful features, such as:
 - **Microsoft System Center Orchestrator integration.** Provides the capability to use Orchestrator runbooks as part of the task sequence.
 - **Support for DaRT.** Supports optional integration of the DaRT components into the boot image.
 - **Support for Microsoft Office.** Provides added support for deploying Microsoft Office.
-- **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
+- **Support for Modern UI app package provisioning.** Provisions applications based on the new Windows app package standard, which is used in Windows 8 and later.
 - **Extensibility.** Provides the capability to extend MDT far beyond the built-in features by adding custom scripts, web services, System Center Orchestrator runbooks, PowerShell scripts, and VBScripts.
-- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, see the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
+- **Upgrade task sequence.** Provides a new upgrade task sequence template that you can use to upgrade existing Windows 7, Windows 8, and Windows 8.1 systems directly to Windows 10, automatically preserving all data, settings, applications, and drivers. For more information about using this new upgrade task sequence, see the [Microsoft Deployment Toolkit resource page](/mem/configmgr/mdt/).
 
 ## MDT Lite Touch components
 
-Many features in MDT support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disk.
+Many features in MDT support Lite Touch Installation (LTI) for Windows 10. An LTI deployment strategy requires little infrastructure or user interaction, and can be used to deploy an operating system from a network share or from a physical media, such as a USB flash drive or disk.
 
-When the Windows operating system is being deployed using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, click **View Script**. You're provided the PowerShell command.
+When the Windows operating system is being deployed using MDT, most of the administration and configuration is done through the Deployment Workbench, but you also can perform many of the tasks using Windows PowerShell. The easiest way to find out how to use PowerShell in MDT is to use the Deployment Workbench to perform an operation and at the end of that task, select **View Script**. You're provided the PowerShell command.
 
 ![figure 4.](../images/mdt-05-fig04.png)
 
-If you click **View Script** on the right side, you'll get the PowerShell code that was used to perform the task.
+If you select **View Script** on the right side, you'll get the PowerShell code that was used to perform the task.
 
 ## Deployment shares
 
@@ -104,7 +105,7 @@ share on the server and start the deployment.
 
 ## Operating systems
 
-Using the Deployment Workbench, you import the operating systems you want to deploy. You can import either the full source (like the full Windows 10 DVD/ISO) or a custom image that you've created. The full-source operating systems are primarily used to create reference images; however, they also can be used for normal deployments.
+Using the Deployment Workbench, you import the operating systems you want to deploy. You can import either the full source (like the full Windows 10 DVD/ISO) or a custom image that you've created. The full-source operating systems are primarily used to create reference images; however, they also can be used for normal deployments.
 
 ## Applications
 
@@ -145,7 +146,7 @@ MDT comes with nine default task sequence templates. You can also create your ow
 - **Post OS Installation task sequence.** A task sequence prepared to run actions after the operating system has been deployed. Useful for server deployments but not often used for client deployments.
 - **Deploy to VHD Client task sequence.** Similar to the Standard Client task sequence template but also creates a virtual hard disk (VHD) file on the target computer and deploys the image to the VHD file.
 - **Deploy to VHD Server task sequence.** Same as the Deploy to VHD Client task sequence but for servers.
-- **Standard Client Upgrade task sequence.** A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.
+- **Standard Client Upgrade task sequence.** A simple task sequence template used to perform an in-place upgrade from Windows 7, Windows 8, or Windows 8.1 directly to Windows 10, automatically preserving existing data, settings, applications, and drivers.
 
 ## Selection profiles
 
@@ -160,7 +161,7 @@ Selection profiles, which are available in the Advanced Configuration node, prov
 
 MDT uses many log files during operating system deployments. By default the logs are client side, but by configuring the deployment settings, you can have MDT store them on the server, as well.
 
-**Note**  
+**Note**  
 The easiest way to view log files is to use Configuration Manager Trace (CMTrace), which is included in the [Configuration Manager Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=734717).
 
 ## Monitoring
diff --git a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
index 12e90a0dd0..874e591992 100644
--- a/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md
@@ -1,16 +1,17 @@
 ---
 title: Prepare for deployment with MDT (Windows 10)
-description: This topic will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
+description: This article will walk you through the steps necessary to create the server structure required to deploy the Windows 10 operating system using the Microsoft Deployment Toolkit (MDT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
 ms.collection: 
   - highpri
+ms.date: 10/28/2022
 ---
 
 # Prepare for deployment with MDT
@@ -26,12 +27,12 @@ The procedures in this guide use the following names and infrastructure.
 
 ### Network and servers
 
-For the purposes of this topic, we will use three server computers: **DC01**, **MDT01**, and **HV01**.
+For the purposes of this article, we'll use three server computers: **DC01**, **MDT01**, and **HV01**.
 - All servers are running Windows Server 2019. 
     - You can use an earlier version of Windows Server with minor modifications to some procedures.
     - Note: Although MDT supports Windows Server 2008 R2, at least Windows Server 2012 R2 or later is required to perform the procedures in this guide.
 - **DC01** is a domain controller, DHCP server, and DNS server for <b>contoso.com</b>, representing the fictitious Contoso Corporation.
-- **MDT01** is a domain member server in contoso.com with a data (D:) drive that can store at least 200GB. MDT01 will host deployment shares and run the Windows Deployment Service. Optionally, MDT01 is also a WSUS server.
+- **MDT01** is a domain member server in contoso.com with a data (D:) drive that can store at least 200 GB. MDT01 will host deployment shares and run the Windows Deployment Service. Optionally, MDT01 is also a WSUS server.
     - A second MDT server (**MDT02**) configured identically to MDT01 is optionally used to [build a distributed environment](build-a-distributed-environment-for-windows-10-deployment.md) for Windows 10 deployment. This server is located on a different subnet than MDT01 and has a different default gateway.
 - **HV01** is a Hyper-V host computer that is used to build a Windows 10 reference image.
     - See [Hyper-V requirements](#hyper-v-requirements) below for more information about HV01.
@@ -40,25 +41,25 @@ For the purposes of this topic, we will use three server computers: **DC01**, **
 
 Several client computers are referenced in this guide with hostnames of PC0001 to PC0007.
 
-- **PC0001**: A computer running Windows 10 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain.
+- **PC0001**: A computer running Windows 10 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain.
   - Client name: PC0001
   - IP Address: DHCP
-- **PC0002**: A computer running Windows 7 SP1 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This computer is referenced during the migration scenarios.
+- **PC0002**: A computer running Windows 7 SP1 Enterprise x64, fully patched with the latest security updates, and configured as a member in the contoso.com domain. This computer is referenced during the migration scenarios.
   - Client name: PC0002
   - IP Address: DHCP
 - **PC0003 - PC0007**: These are other client computers similar to PC0001 and PC0002 that are used in this guide and another guide for various scenarios. The device names are incremented for clarity within each scenario. For example, PC0003 and PC0004 are running Windows 7 just like PC0002, but are used for Configuration Manager refresh and replace scenarios, respectively.
 
 ### Storage requirements
 
-MDT01 and HV01 should have the ability to store up to 200 GB of files on a data drive (D:). If you use a computer with a single system partition (C:), you will need to adjust some procedures in this guide to specify the C: drive instead of the D: drive.
+MDT01 and HV01 should have the ability to store up to 200 GB of files on a data drive (D:). If you use a computer with a single system partition (C:), you'll need to adjust some procedures in this guide to specify the C: drive instead of the D: drive.
 
 ### Hyper-V requirements
 
-If you do not have access to a Hyper-V server, you can install Hyper-V on a Windows 10 or Windows 8.1 computer temporarily to use for building reference images. For instructions on how to enable Hyper-V on Windows 10, see the [Verify support and install Hyper-V](../windows-10-poc.md#verify-support-and-install-hyper-v) section in the Windows 10 deployment test lab guide. This guide is a proof-of-concept guide that has detailed instructions for installing Hyper-V.
+If you don't have access to a Hyper-V server, you can install Hyper-V on a Windows 10 or Windows 8.1 computer temporarily to use for building reference images. For instructions on how to enable Hyper-V on Windows 10, see the [Verify support and install Hyper-V](../windows-10-poc.md#verify-support-and-install-hyper-v) section in the Windows 10 deployment test lab guide. This guide is a proof-of-concept guide that has detailed instructions for installing Hyper-V.
 
 ### Network requirements
 
-All server and client computers referenced in this guide are on the same subnet. This is not required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain.  Internet connectivity is also required to download OS and application updates.
+All server and client computers referenced in this guide are on the same subnet. This isn't required, but each server and client computer must be able to connect to each other to share files, and to resolve all DNS names and Active Directory information for the contoso.com domain.  Internet connectivity is also required to download OS and application updates.
 
 ### Domain credentials
 
@@ -80,20 +81,20 @@ These steps assume that you have the MDT01 member server running and configured
 
 On **MDT01**:
 
-Visit the [Download and install the Windows ADK](/windows-hardware/get-started/adk-install) page and download the following items to the **D:\\Downloads\\ADK** folder on MDT01 (you will need to create this folder):
+Visit the [Download and install the Windows ADK](/windows-hardware/get-started/adk-install) page and download the following items to the **D:\\Downloads\\ADK** folder on MDT01 (you'll need to create this folder):
 - [The Windows ADK for Windows 10](https://go.microsoft.com/fwlink/?linkid=2086042)
 - [The Windows PE add-on for the ADK](https://go.microsoft.com/fwlink/?linkid=2087112)
 - [The Windows System Image Manager (WSIM) 1903 update](https://go.microsoft.com/fwlink/?linkid=2095334)
 - (Optional) [The MDT_KB4564442 patch for BIOS firmware](https://download.microsoft.com/download/3/0/6/306AC1B2-59BE-43B8-8C65-E141EF287A5E/KB4564442/MDT_KB4564442.exe)
-  - This patch is needed to resolve a bug that causes detection of BIOS-based machines as UEFI-based machines.  If you have a UEFI deployment, you do not need this patch.
+  - This patch is needed to resolve a bug that causes detection of BIOS-based machines as UEFI-based machines.  If you have a UEFI deployment, you don't need this patch.
 
 >[!TIP]
 >You might need to temporarily disable IE Enhanced Security Configuration for administrators in order to download files from the Internet to the server. This setting can be disabled by using Server Manager (Local Server/Properties).
 
-1. On **MDT01**, ensure that you are signed in as an administrator in the CONTOSO domain.
-    - For the purposes of this guide, we are using a Domain Admin account of **administrator** with a password of <b>pass@word1</b>. You can use your own administrator username and password as long as you properly adjust all steps in this guide that use these login credentials.
-2. Start the **ADK Setup** (D:\\Downloads\\ADK\\adksetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page accept the default list of features by clicking **Install**. This will install deployment tools and the USMT. Verify that the installation completes successfully before moving to the next step.
-3. Start the **WinPE Setup** (D:\\Downloads\\ADK\\adkwinpesetup.exe), click **Next** twice to accept the default installation parameters, click **Accept** to accept the license agreement, and then on the **Select the features you want to install** page click **Install**. This will install Windows PE for x86, AMD64, ARM, and ARM64. Verify that the installation completes successfully before moving to the next step.
+1. On **MDT01**, ensure that you're signed in as an administrator in the CONTOSO domain.
+    - For the purposes of this guide, we're using a Domain Admin account of **administrator** with a password of <b>pass@word1</b>. You can use your own administrator username and password as long as you properly adjust all steps in this guide that use these login credentials.
+2. Start the **ADK Setup** (D:\\Downloads\\ADK\\adksetup.exe), select **Next** twice to accept the default installation parameters, select **Accept** to accept the license agreement, and then on the **Select the features you want to install** page accept the default list of features by clicking **Install**. This will install deployment tools and the USMT. Verify that the installation completes successfully before moving to the next step.
+3. Start the **WinPE Setup** (D:\\Downloads\\ADK\\adkwinpesetup.exe), select **Next** twice to accept the default installation parameters, select **Accept** to accept the license agreement, and then on the **Select the features you want to install** page select **Install**. This will install Windows PE for x86, AMD64, ARM, and ARM64. Verify that the installation completes successfully before moving to the next step.
 4. Extract the **WSIM 1903 update** (D:\\Downloads\ADK\\WSIM1903.zip) and then run the **UpdateWSIM.bat** file.
    - You can confirm that the update is applied by viewing properties of the ImageCat.exe and ImgMgr.exe files at **C:\\Program Files (x86)\\Windows Kits\\10\\Assessment and Deployment Kit\\Deployment Tools\\WSIM** and verifying that the **Details** tab displays a **File version** of **10.0.18362.144** or later.
 5. If you downloaded the optional MDT_KB4564442 patch for BIOS based deployment, see [this support article](https://support.microsoft.com/en-us/topic/windows-10-deployments-fail-with-microsoft-deployment-toolkit-on-computers-with-bios-type-firmware-70557b0b-6be3-81d2-556f-b313e29e2cb7) for instructions on how to install the patch.
@@ -133,7 +134,7 @@ To install WSUS on MDT01, enter the following at an elevated Windows PowerShell
 
 On **MDT01**:
 
-1. Visit the [MDT resource page](/mem/configmgr/mdt/) and click **Download MDT**. 
+1. Visit the [MDT resource page](/mem/configmgr/mdt/) and select **Download MDT**. 
 2. Save the **MicrosoftDeploymentToolkit_x64.msi** file to the D:\\Downloads\\MDT folder on MDT01. 
     - **Note**: As of the publishing date for this guide, the current version of MDT is 8456 (6.3.8456.1000), but a later version will also work.
 3. Install **MDT** (D:\\Downloads\\MDT\\MicrosoftDeploymentToolkit_x64.exe) with the default settings.
@@ -160,7 +161,7 @@ Workstations,"OU=Computers,OU=Contoso,DC=CONTOSO,DC=COM"
 Security Groups,"OU=Groups,OU=Contoso,DC=CONTOSO,DC=COM"
 ```
 
-Next, copy the following commands into a file and save it as `~\Setup\Scripts\ou.ps1`. Be sure that you are viewing file extensions and that you save the file with the `.ps1` extension.
+Next, copy the following commands into a file and save it as `~\Setup\Scripts\ou.ps1`. Be sure that you're viewing file extensions and that you save the file with the `.ps1` extension.
 
 ```powershell
 Import-CSV -Path $home\Setup\Scripts\oulist.csv | ForEach-Object {
@@ -215,7 +216,7 @@ If you have the Active Directory Users and Computers console open you can refres
 
 ## Create and share the logs folder
 
-By default MDT stores the log files locally on the client. In order to capture a reference image, you will need to enable server-side logging and, to do that, you will need to have a folder in which to store the logs. For more information, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
+By default MDT stores the log files locally on the client. In order to capture a reference image, you'll need to enable server-side logging and, to do that, you'll need to have a folder in which to store the logs. For more information, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
 
 On **MDT01**:
 
@@ -247,12 +248,12 @@ After installing the ConfigMgrTools.msi file, you can search for **cmtrace** and
 
 ## Next steps
 
-When you have completed all the steps in this section to prepare for deployment, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
+When you've completed all the steps in this section to prepare for deployment, see [Create a Windows 10 reference image](create-a-windows-10-reference-image.md).
 
 ## Appendix
 
 **Sample files**
 
-The following sample files are also available to help automate some MDT deployment tasks. This guide does not use these files, but they are made available here so you can see how some tasks can be automated with Windows PowerShell.
+The following sample files are also available to help automate some MDT deployment tasks. This guide doesn't use these files, but they're made available here so you can see how some tasks can be automated with Windows PowerShell.
 - [Set-OUPermissions.ps1](https://go.microsoft.com/fwlink/p/?LinkId=619362). This sample Windows PowerShell script creates a domain account and then configures OU permissions to allow the account to join machines to the domain in the specified OU.
 - [MDTSample.zip](https://go.microsoft.com/fwlink/p/?LinkId=619363). This sample web service shows you how to configure a computer name dynamically using MDT.
diff --git a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
index 59a8fd98f4..13c28f34bf 100644
--- a/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
+++ b/windows/deployment/deploy-windows-mdt/refresh-a-windows-7-computer-with-windows-10.md
@@ -1,39 +1,40 @@
 ---
 title: Refresh a Windows 7 computer with Windows 10 (Windows 10)
-description: This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process.
+description: This article will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the computer refresh process.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Refresh a Windows 7 computer with Windows 10
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
-This topic will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/).
+This article will show you how to use MDT Lite Touch Installation (LTI) to upgrade a Windows 7 computer to a Windows 10 computer using the online computer refresh process. The computer refresh scenario is a reinstallation of an updated operating system on the same computer. You can also use this procedure to reinstall the same OS version. In this article, the computer refresh will be done while the computer is online. MDT also supports an offline computer refresh. For more info on that scenario, see the USMTOfflineMigration property on the [MDT resource page](/mem/configmgr/mdt/).
 
-For the purposes of this topic, we'll use three computers: DC01, MDT01, and PC0001. 
+For the purposes of this article, we'll use three computers: DC01, MDT01, and PC0001. 
 - DC01 is a domain controller for the contoso.com domain.
 - MDT01 is domain member server that hosts your deployment share.
-- PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1.
+- PC0001 is a domain member computer running a previous version of Windows that is going to be refreshed to a new version of Windows 10, with data and settings restored. The example used here is a computer running Windows 7 SP1.
 
-Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+Both DC01 and MDT01 are running Windows Server 2019; however any supported version of Windows Server can be used. For more information on the setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 
 ![computers.](../images/mdt-04-fig01.png "Computers used in this topic")
 
-The computers used in this topic.
+The computers used in this article.
 
 ## The computer refresh process
 
 A computer refresh isn't the same as an in-place upgrade because a computer refresh involves exporting user data and settings then wiping the device before installing a fresh OS and restoring the user's data and settings.
 
-For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh, you will:
+For a computer refresh with MDT, you use the User State Migration Tool (USMT), which is part of the Windows Assessment and Deployment Kit (ADK) for Windows 10, to migrate user data and settings. To complete a computer refresh, you will:
 
 1.  Back up data and settings locally, in a backup folder.
 2.  Wipe the partition, except for the backup folder.
@@ -41,7 +42,7 @@ For a computer refresh with MDT, you use the User State Migration Tool (USMT), w
 4.  Install other applications.
 5.  Restore data and settings.
 
-During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are linked in the file system, which allows for fast migration, even when there's a lot of data.
+During the computer refresh, USMT uses a feature called Hard-Link Migration Store. When you use this feature, the files are linked in the file system, which allows for fast migration, even when there's many files.
 
 >[!NOTE]
 >In addition to the USMT backup, you can enable an optional full Windows Imaging (WIM) backup of the machine by configuring the MDT rules. If you do this, a .wim file is created in addition to the USMT backup. The .wim file contains the entire volume from the computer and helpdesk personnel can extract content from it if needed. Please note that this is a data WIM backup only. Using this backup to restore the entire computer is not a supported scenario.
@@ -61,19 +62,19 @@ In addition to the command-line switches that control which profiles to migrate,
 
 ### Multicast
 
-Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment for a small number of computers. You'll need to update the deployment share after changing this setting.
+Multicast is a technology designed to optimize simultaneous deployment to multiple devices. If you have a limited number of simultaneous deployments, you should disable multicast which was [configured in a previous procedure](deploy-a-windows-10-image-using-mdt.md#set-up-mdt-for-multicast) in this guide. Disabling multicast will speed up deployment there are only a few computers. You'll need to update the deployment share after changing this setting.
 
-## Refresh a Windows 7 SP1 client
+## Refresh a Windows 7 SP1 client
 
-In this section, we assume that you've already performed the prerequisite procedures in the following topics, so that you have a deployment share named **MDTProduction$** on MDT01:
+In this section, we assume that you've already performed the prerequisite procedures in the following articles, so that you have a deployment share named **MDTProduction$** on MDT01:
 
 - [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
 - [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
 - [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
 
-It is also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10.  For demonstration purposes, we'll be refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
+It's also assumed that you have a domain member client computer named PC0001 in your environment running Windows 7, 8.1 or 10 that is ready for a refresh to the latest version of Windows 10.  For demonstration purposes, we'll be refreshing a Windows 7 SP1 PC to Windows 10, version 1909.
  
-### Upgrade (refresh) a Windows 7 SP1 client
+### Upgrade (refresh) a Windows 7 SP1 client
 
 >[!IMPORTANT]
 >Domain join details [specified in the deployment share rules](deploy-a-windows-10-image-using-mdt.md#configure-the-rules) will be used to rejoin the computer to the domain during the refresh process.  If the Windows 7 client is domain-jonied in a different OU than the one specified by MachineObjectOU, the domain join process will initially fail and then retry without specifying an OU. If the domain account that is specified (ex: **MDT_JD**) has [permissions limited to a specific OU](deploy-a-windows-10-image-using-mdt.md#step-1-configure-active-directory-permissions) then the domain join will ultimately fail, the refresh process will proceed, and the client computer object will be orphaned in Active Directory. In the current guide, computer objects should be located in Contoso > Computers > Workstations. Use the Active Directory Users and Computers console to review the location of computer objects and move them if needed. To diagnose MDT domain join errors, see **ZTIDomainJoin.log** in the C:\Windows\Temp\DeploymentLogs directory on the client computer. 
@@ -83,14 +84,14 @@ It is also assumed that you have a domain member client computer named PC0001 in
     
    * Select a task sequence to execute on this computer: Windows 10 Enterprise x64 RTM Custom Image
    * Computer name: &lt;default&gt;
-   * Specify where to save a complete computer backup: Do not back up the existing computer
+   * Specify where to save a complete computer backup: Don't back up the existing computer
      >[!NOTE]
      >Skip this optional full WIM backup that we are choosing not to perform. The USMT backup will still run.
    * Select one or more applications to install: Install - Adobe Reader
 
      ![Computer refresh.](../images/fig2-taskseq.png "Start the computer refresh")
 
-4. Setup starts and does the following:
+4. Setup starts and performs the following actions:
     
    * Backs up user settings and data using USMT.
    * Installs the Windows 10 Enterprise x64 operating system.
@@ -104,7 +105,7 @@ It is also assumed that you have a domain member client computer named PC0001 in
 
 6. After the refresh process completes, sign in to the Windows 10 computer and verify that user accounts, data and settings were migrated.
 
-## Related topics
+## Related articles
 
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
 [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)<br>
diff --git a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
index 9df180c66e..8476e0e4ed 100644
--- a/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
+++ b/windows/deployment/deploy-windows-mdt/replace-a-windows-7-computer-with-a-windows-10-computer.md
@@ -3,33 +3,34 @@ title: Replace a Windows 7 computer with a Windows 10 computer (Windows 10)
 description: In this article, you'll learn how to replace a Windows 7 device with a Windows 10 device.
 ms.custom: seo-marvel-apr2020
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Replace a Windows 7 computer with a Windows 10 computer
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
-A computer replace scenario for Windows 10 is similar to a computer refresh for Windows 10. However, because you're replacing a device, you can't store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings. 
+A computer replace scenario for Windows 10 is similar to a computer refresh for Windows 10. However, because you're replacing a device, you can't store the backup on the old computer. Instead you need to store the backup to a location where the new computer can read it. The User State Migration Tool (USMT) will be used to back up and restore data and settings. 
 
-For the purposes of this topic, we'll use four computers: DC01, MDT01, PC0002, and PC0007. 
+For the purposes of this article, we'll use four computers: DC01, MDT01, PC0002, and PC0007. 
 - DC01 is a domain controller for the contoso.com domain.
 - MDT01 is domain member server that hosts your deployment share.
-- PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007. 
+- PC0002 is an old computer running Windows 7 SP1 that will be replaced by PC0007. 
 - PC0007 is a new computer will have the Windows 10 OS installed prior to data from PC0002 being migrated. Both PC0002 and PC0007 are members of the contoso.com domain.
 
-For more details on the setup for this topic, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
+For more details on the setup for this article, see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
 
 ![The computers used in this topic.](../images/mdt-03-fig01.png)
 
-The computers used in this topic.
+The computers used in this article.
 
 >HV01 is also used in this topic to host the PC0007 virtual machine for demonstration purposes, however typically PC0007 is a physical computer.
 
@@ -63,7 +64,7 @@ On **MDT01**:
 
    * Task sequence ID: REPLACE-001
    * Task sequence name: Backup Only Task Sequence
-   * Task sequence comments: Run USMT to backup user data and settings
+   * Task sequence comments: Run USMT to back up user data and settings
    * Template: Standard Client Replace Task Sequence
 
 4. In the **Other** folder, double-click **Backup Only Task Sequence**, and then in the **Task Sequence** tab, review the sequence. Notice that it only contains a subset of the normal client task sequence actions.
@@ -74,7 +75,7 @@ On **MDT01**:
 
 ## Perform the computer replace
 
-During a computer replace, these are the high-level steps that occur:
+During a computer replace, the following are the high-level steps that occur:
 
 1.  On the computer you're replacing, a special replace task sequence runs the USMT backup and, if you configured it, runs the optional full Windows Imaging (WIM) backup.
 2.  On the new computer, you perform a standard bare-metal deployment. At the end of the bare-metal deployment, the USMT backup from the old computer is restored.
@@ -94,7 +95,7 @@ On **PC0002**:
         >[!NOTE]
         >If you are replacing the computer at a remote site you should create the MigData folder on MDT02 and use that share instead.
          
-    2.  Specify where to save a complete computer backup: Do not back up the existing computer
+    2.  Specify where to save a complete computer backup: Don't back up the existing computer
 
     The task sequence will now run USMT (Scanstate.exe) to capture user data and settings of the computer.
 
@@ -102,7 +103,7 @@ On **PC0002**:
 
     The new task sequence running the Capture User State action on PC0002.
 
-4.  On **MDT01**, verify that you have an USMT.MIG compressed backup file in the **D:\\MigData\\PC0002\\USMT** folder.
+4.  On **MDT01**, verify that you have a USMT.MIG compressed backup file in the **D:\\MigData\\PC0002\\USMT** folder.
 
     ![The USMT backup.](../images/mdt-03-fig04.png "The USMT backup")
 
@@ -134,14 +135,14 @@ On **HV01**:
     * Select a task sequence to execute on this computer:
         * Windows 10 Enterprise x64 RTM Custom Image
         * Computer Name: PC0007
-        * Move Data and Settings: Do not move user data and settings.
+        * Move Data and Settings: Don't move user data and settings.
         * User Data (Restore) > Specify a location: \\\\MDT01\\MigData$\\PC0002
         * Applications: Adobe > Install - Adobe Reader
 
-4.  Setup now starts and does the following:
+4.  Setup now starts and does the following actions:
 
     * Partitions and formats the disk.
-    * Installs the Windows 10 Enterprise operating system.
+    * Installs the Windows 10 Enterprise operating system.
     * Installs the application.
     * Updates the operating system via your local Windows Server Update Services (WSUS) server.
     * Restores the USMT backup from PC0002.
@@ -150,7 +151,7 @@ You can view progress of the process by clicking the Monitoring node in the Depl
 
 ![Monitor progress.](../images/mdt-replace.png)
 
-## Related topics
+## Related articles
 
 [Get started with the Microsoft Deployment Toolkit (MDT)](get-started-with-the-microsoft-deployment-toolkit.md)<br>
 [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)<br>
diff --git a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
index c2bac58b70..c4b88adeaf 100644
--- a/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
+++ b/windows/deployment/deploy-windows-mdt/set-up-mdt-for-bitlocker.md
@@ -1,25 +1,26 @@
 ---
 title: Set up MDT for BitLocker (Windows 10)
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: Learn how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-mar2020
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Set up MDT for BitLocker
 
-This topic will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:
+This article will show you how to configure your environment for BitLocker, the disk volume encryption built into Windows 10 Enterprise and Windows 10 Pro, using MDT. BitLocker in Windows 10 has two requirements in regard to an operating system deployment:
 
 - A protector, which can either be stored in the Trusted Platform Module (TPM) chip, or stored as a password. Technically, you can also use a USB stick to store the protector, but it's not a practical approach as the USB stick can be lost or stolen. We, therefore, recommend that you instead use a TPM chip and/or a password.
 - Multiple partitions on the hard drive.
 
-To configure your environment for BitLocker, you will need to do the following:
+To configure your environment for BitLocker, you'll need to do the following actions:
 
 1. Configure Active Directory for BitLocker.
 2. Download the various BitLocker scripts and tools.
@@ -33,11 +34,11 @@ If you have access to Microsoft BitLocker Administration and Monitoring (MBAM),
 > [!NOTE]
 > Backing up TPM to Active Directory was supported only on Windows 10 version 1507 and 1511.
 
-For the purposes of this topic, we will use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more details on the setup for this topic, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
+For the purposes of this article, we'll use DC01, a domain controller that is a member of the domain contoso.com for the fictitious Contoso Corporation. For more information on the setup for this article, see [Deploy Windows 10 with the Microsoft Deployment Toolkit](./prepare-for-windows-deployment-with-mdt.md).
 
 ## Configure Active Directory for BitLocker
 
-To enable BitLocker to store the recovery key and TPM information in Active Directory, you need to create a Group Policy for it in Active Directory. For this section, we are running Windows Server 2012 R2, so you do not need to extend the Schema. You do, however, need to set the appropriate permissions in Active Directory.
+To enable BitLocker to store the recovery key and TPM information in Active Directory, you need to create a Group Policy for it in Active Directory. For this section, we're running Windows Server 2012 R2, so you don't need to extend the Schema. You do, however, need to set the appropriate permissions in Active Directory.
 
 > [!NOTE]
 > Depending on the Active Directory Schema version, you might need to update the Schema before you can store BitLocker information in Active Directory.
@@ -52,16 +53,16 @@ The BitLocker Recovery information on a computer object in the contoso.com domai
 
 The BitLocker Drive Encryption Administration Utilities are added as features via Server Manager (or Windows PowerShell):
 
-1. On DC01, log on as **CONTOSO\\Administrator**, and, using Server Manager, click **Add roles and features**.
-2. On the **Before you begin** page, click **Next**.
-3. On the **Select installation type** page, select **Role-based or feature-based installation**, and click **Next**.
-4. On the **Select destination server** page, select **DC01.contoso.com** and click **Next**.
-5. On the **Select server roles** page, click **Next**.
-6. On the **Select features** page, expand **Remote Server Administration Tools**, expand **Feature Administration Tools**, select the following features, and then click **Next**:
+1. On DC01, log on as **CONTOSO\\Administrator**, and, using Server Manager, select **Add roles and features**.
+2. On the **Before you begin** page, select **Next**.
+3. On the **Select installation type** page, select **Role-based or feature-based installation**, and select **Next**.
+4. On the **Select destination server** page, select **DC01.contoso.com** and select **Next**.
+5. On the **Select server roles** page, select **Next**.
+6. On the **Select features** page, expand **Remote Server Administration Tools**, expand **Feature Administration Tools**, select the following features, and then select **Next**:
     1. BitLocker Drive Encryption Administration Utilities
     2. BitLocker Drive Encryption Tools
     3. BitLocker Recovery Password Viewer
-7. On the **Confirm installation selections** page, click **Install**, and then click **Close**.
+7. On the **Confirm installation selections** page, select **Install**, and then select **Close**.
 
 ![figure 3.](../images/mdt-09-fig03.png)
 
@@ -78,7 +79,7 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor
     1. Enable the **Choose how BitLocker-protected operating system drives can be recovered** policy, and configure the following settings:
         1. Allow data recovery agent (default)
         2. Save BitLocker recovery information to Active Directory Domain Services (default)
-        3. Do not enable BitLocker until recovery information is stored in AD DS for operating system drives
+        3. Don't enable BitLocker until recovery information is stored in AD DS for operating system drives
     2. Enable the **Configure TPM platform validation profile for BIOS-based firmware configurations** policy.
     3. Enable the **Configure TPM platform validation profile for native UEFI firmware configurations** policy.
 
@@ -87,7 +88,7 @@ Following these steps, you enable the backup of BitLocker and TPM recovery infor
 
 ### Set permissions in Active Directory for BitLocker
 
-In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you have downloaded the [Add-TPMSelfWriteACE.vbs script](https://raw.githubusercontent.com/DeploymentArtist/DF4/master/BitLocker%20and%20TPM/Add-TPMSelfWriteACE.vbs) to C:\\Setup\\Scripts on DC01.
+In addition to the Group Policy created previously, you need to configure permissions in Active Directory to be able to store the TPM recovery information. In these steps, we assume you've downloaded the [Add-TPMSelfWriteACE.vbs script](https://raw.githubusercontent.com/DeploymentArtist/DF4/master/BitLocker%20and%20TPM/Add-TPMSelfWriteACE.vbs) to C:\\Setup\\Scripts on DC01.
 
 1. On DC01, start an elevated PowerShell prompt (run as Administrator).
 2. Configure the permissions by running the following command:
@@ -110,7 +111,7 @@ If you want to automate enabling the TPM chip as part of the deployment process,
 
 ### Add tools from HP
 
-The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here is a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
+The HP tools are part of HP System Software Manager. The executable file from HP is named BiosConfigUtility.exe. This utility uses a configuration file for the BIOS settings. Here's a sample command to enable TPM and set a BIOS password using the BiosConfigUtility.exe tool:
 
 ```dos
 BIOSConfigUtility.EXE /SetConfig:TPMEnable.REPSET /NewAdminPassword:Password1234
@@ -132,7 +133,7 @@ Embedded Security Device Availability
 
 ### Add tools from Lenovo
 
-The Lenovo tools are a set of VBScripts available as part of the Lenovo BIOS Setup using Windows Management Instrumentation Deployment Guide. Lenovo also provides a separate download of the scripts. Here is a sample command to enable TPM using the Lenovo tools:
+The Lenovo tools are a set of VBScripts available as part of the Lenovo BIOS Setup using Windows Management Instrumentation Deployment Guide. Lenovo also provides a separate download of the scripts. Here's a sample command to enable TPM using the Lenovo tools:
 
 ```dos
 cscript.exe SetConfig.vbs SecurityChip Active
@@ -140,12 +141,12 @@ cscript.exe SetConfig.vbs SecurityChip Active
 
 ## Configure the Windows 10 task sequence to enable BitLocker
 
-When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it is helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In the following task sequence, we are using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](/archive/blogs/deploymentguys/check-to-see-if-the-tpm-is-enabled).
+When configuring a task sequence to run any BitLocker tool, either directly or using a custom script, it's helpful if you also add some logic to detect whether the BIOS is already configured on the machine. In the following task sequence, we're using a sample script (ZTICheckforTPM.wsf) from the Deployment Guys web page to check the status on the TPM chip. You can download this script from the Deployment Guys Blog post, [Check to see if the TPM is enabled](/archive/blogs/deploymentguys/check-to-see-if-the-tpm-is-enabled).
 
 In the following task sequence, we added five actions:
 
 - **Check TPM Status.** Runs the ZTICheckforTPM.wsf script to determine if TPM is enabled. Depending on the status, the script will set the TPMEnabled and TPMActivated properties to either true or false.
-- **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip is not already activated. Use the properties from the ZTICheckforTPM.wsf.
+- **Configure BIOS for TPM.** Runs the vendor tools (in this case, HP, Dell, and Lenovo). To ensure this action is run only when necessary, add a condition so the action is run only when the TPM chip isn't already activated. Use the properties from the ZTICheckforTPM.wsf.
 
     > [!NOTE]
     > It is common for organizations to wrap these tools in scripts to get additional logging and error handling.
@@ -154,7 +155,7 @@ In the following task sequence, we added five actions:
 - **Check TPM Status.** Runs the ZTICheckforTPM.wsf script one more time.
 - **Enable BitLocker.** Runs the built-in action to activate BitLocker.
 
-## Related topics
+## Related articles
 
 [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)<br>
 [Configure MDT for UserExit scripts](configure-mdt-for-userexit-scripts.md)<br>
diff --git a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
index 34585abaf6..39b4f39cc5 100644
--- a/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
+++ b/windows/deployment/deploy-windows-mdt/simulate-a-windows-10-deployment-in-a-test-environment.md
@@ -1,24 +1,25 @@
 ---
 title: Simulate a Windows 10 deployment in a test environment (Windows 10)
-description: This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT.
+description: This article will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Simulate a Windows 10 deployment in a test environment
 
-This topic will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it is most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you are using a domain-joined client.
+This article will walk you through the process of creating a simulated environment on which to test your Windows 10 deployment using MDT. When working with advanced settings and rules, especially those like database calls, it's most efficient to be able to test the settings without having to run through a complete deployment. Luckily, MDT enables you to perform a simulated deployment by running the Gather process by itself. The simulation works best when you're using a domain-joined client.
 
 ## Test environment
 
 - A Windows 10 client named **PC0001** will be used to simulate deployment. The client is joined to the contoso.com domain and has access to the Internet to required download tools and scripts.
-- It is assumed that you have performed (at least) the following procedures so that you have an MDT service account and an MDT production deployment share:
+- It's assumed that you've performed (at least) the following procedures so that you have an MDT service account and an MDT production deployment share:
   - [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md)
   - [Create a Windows 10 reference image](create-a-windows-10-reference-image.md)
   - [Deploy a Windows 10 image using MDT](deploy-a-windows-10-image-using-mdt.md)
@@ -72,13 +73,13 @@ On **PC0001**:
 
 11. Review the ZTIGather.log in the **C:\\MININT\\SMSOSD\\OSDLOGS** folder using CMTrace.
     **Note**  
-    Warnings or errors with regard to the Wizard.hta are expected. If the log file looks okay, you are ready to try a real deployment.
+    Warnings or errors regarding the Wizard.hta are expected. If the log file looks okay, you're ready to try a real deployment.
  
    ![ztigather.](../images/mdt-09-fig07.png)
 
    The ZTIGather.log file from PC0001.
 
-## Related topics
+## Related articles
 
 [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)<br>
 [Configure MDT deployment share rules](configure-mdt-deployment-share-rules.md)<br>
diff --git a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
index 57e775f8a9..f7438e3a79 100644
--- a/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
+++ b/windows/deployment/deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md
@@ -1,37 +1,38 @@
 ---
 title: Perform an in-place upgrade to Windows 10 with MDT (Windows 10)
-description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
+description: The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Perform an in-place upgrade to Windows 10 with MDT
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
-The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. 
+The simplest path to upgrade PCs that are currently running Windows 7, Windows 8, or Windows 8.1 to Windows 10 is through an in-place upgrade. 
 
 >[!TIP]
 >In-place upgrade is the preferred method to use when migrating from Windows 10 to a later release of Windows 10, and is also a preferred method for upgrading from Windows 7 or 8.1 if you do not plan to significantly change the device's configuration or applications. MDT includes an in-place upgrade task sequence template that makes the process really simple. 
 
-In-place upgrade differs from [computer refresh](refresh-a-windows-7-computer-with-windows-10.md) in that you cannot use a custom image to perform the in-place upgrade. In this article we will add a default Windows 10 image to the production deployment share specifically to perform an in-place upgrade.
+In-place upgrade differs from [computer refresh](refresh-a-windows-7-computer-with-windows-10.md) in that you can't use a custom image to perform the in-place upgrade. In this article, we'll add a default Windows 10 image to the production deployment share specifically to perform an in-place upgrade.
 
-Three computers are used in this topic: DC01, MDT01, and PC0002. 
+Three computers are used in this article: DC01, MDT01, and PC0002. 
 
 - DC01 is a domain controller for the contoso.com domain
 - MDT01 is a domain member server 
-- PC0002 is a domain member computer running Windows 7 SP1, targeted for the Windows 10 upgrade
+- PC0002 is a domain member computer running Windows 7 SP1, targeted for the Windows 10 upgrade
 
  ![computers.](../images/mdt-upgrade.png)
 
- The computers used in this topic.
+ The computers used in this article.
 
 >[!NOTE]
 >For details about the setup for the procedures in this article, please see [Prepare for deployment with MDT](prepare-for-windows-deployment-with-mdt.md).
@@ -42,12 +43,12 @@ Three computers are used in this topic: DC01, MDT01, and PC0002.
 
 On **MDT01**:
 
-1. Ensure you are signed on as: contoso\administrator.
+1. Ensure you're signed on as: contoso\administrator.
 2. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
-3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and click **Next**.
-4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and click **Next**.
-5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and click **Next**.
-6. On the **Options** page, accept the default settings and click **Next** twice, and then click **Finish**.
+3. On the **Path** page, in the **Deployment share path** text box, type **D:\\MDTProduction** and select **Next**.
+4. On the **Share** page, in the **Share name** text box, type **MDTProduction$** and select **Next**.
+5. On the **Descriptive Name** page, in the **Deployment share description** text box, type **MDT Production** and select **Next**.
+6. On the **Options** page, accept the default settings and select **Next** twice, and then select **Finish**.
 7. Using File Explorer, verify that you can access the **\\\\MDT01\\MDTProduction$** share.
 
 ## Add Windows 10 Enterprise x64 (full source)
@@ -56,7 +57,7 @@ On **MDT01**:
 
 On **MDT01**:
 
-1. Sign in as contoso\\administrator and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01.
+1. Sign in as contoso\\administrator and copy the content of a Windows 10 Enterprise x64 DVD/ISO to the **D:\\Downloads\\Windows 10 Enterprise x64** folder on MDT01, or just insert the DVD or mount an ISO on MDT01.
 2. Using the Deployment Workbench, expand the **Deployment Shares** node, and then expand **MDT Production**.
 3. Right-click the **Operating Systems** node, and create a new folder named **Windows 10**.
 4. Expand the **Operating Systems** node, right-click the **Windows 10** folder, and select **Import Operating System**. Use the following settings for the Import Operating System Wizard:
@@ -65,30 +66,30 @@ On **MDT01**:
     - Destination directory name: <b>W10EX64RTM</b>
 5. After adding the operating system, in the **Operating Systems / Windows 10** folder, double-click it and change the name to: **Windows 10 Enterprise x64 RTM Default Image**.
 
-## Create a task sequence to upgrade to Windows 10 Enterprise
+## Create a task sequence to upgrade to Windows 10 Enterprise
 
 On **MDT01**:
 
-1.  Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, and create a folder named **Windows 10**.
+1.  Using the Deployment Workbench, select **Task Sequences** in the **MDT Production** node, then create a folder named **Windows 10**.
 2.  Right-click the new **Windows 10** folder and select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
     -   Task sequence ID: W10-X64-UPG
     -   Task sequence name: Windows 10 Enterprise x64 RTM Upgrade
     -   Template: Standard Client Upgrade Task Sequence
     -   Select OS: Windows 10 Enterprise x64 RTM Default Image
-    -   Specify Product Key: Do not specify a product key at this time
+    -   Specify Product Key: Don't specify a product key at this time
     -   Organization: Contoso
-    -   Admin Password: Do not specify an Administrator password at this time
+    -   Admin Password: Don't specify an Administrator password at this time
 
-## Perform the Windows 10 upgrade
+## Perform the Windows 10 upgrade
 
 To initiate the in-place upgrade, perform the following steps on PC0002 (the device to be upgraded).
 
 On **PC0002**:
 
 1. Start the MDT deployment wizard by running the following command: **\\\\MDT01\\MDTProduction$\\Scripts\\LiteTouch.vbs**
-2. Select the **Windows 10 Enterprise x64 RTM Upgrade** task sequence, and then click **Next**. 
+2. Select the **Windows 10 Enterprise x64 RTM Upgrade** task sequence, and then select **Next**. 
 3. Select one or more applications to install (will appear if you use custom image): Install - Adobe Reader
-4. On the **Ready** tab, click **Begin** to start the task sequence.
+4. On the **Ready** tab, select **Begin** to start the task sequence.
    When the task sequence begins, it automatically initiates the in-place upgrade process by invoking the Windows setup program (Setup.exe) with the necessary command-line parameters to perform an automated upgrade, which preserves all data, settings, apps, and drivers.
 
 ![upgrade1.](../images/upgrademdt-fig5-winupgrade.png)
@@ -101,9 +102,9 @@ On **PC0002**:
 
 ![upgrade3.](../images/mdt-post-upg.png)
 
-After the task sequence completes, the computer will be fully upgraded to Windows 10.
+After the task sequence completes, the computer will be fully upgraded to Windows 10.
 
-## Related topics
+## Related articles
 
 [Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)<br>
 [Microsoft Deployment Toolkit downloads and resources](/mem/configmgr/mdt/)
diff --git a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
index d705a88376..f4fe3ef970 100644
--- a/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-orchestrator-runbooks-with-mdt.md
@@ -2,35 +2,35 @@
 title: Use Orchestrator runbooks with MDT (Windows 10)
 description: Learn how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Use Orchestrator runbooks with MDT
 
-This topic will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
+This article will show you how to integrate Microsoft System Center 2012 R2 Orchestrator with MDT to replace the existing web services that are used in deployment solutions.
 MDT can integrate with System Center 2012 R2 Orchestrator, which is a component that ties the Microsoft System Center products together, as well as other products from both Microsoft and third-party vendors. The difference between using Orchestrator and "normal" web services, is that with Orchestrator you have a rich drag-and-drop style interface when building the solution, and little or no coding is required.
 
-**Note**  
-If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
+>[!Note]
+>If you are licensed to use Orchestrator, we highly recommend that you start using it. To find out more about licensing options for System Center 2012 R2 and Orchestrator, visit the [System Center 2012 R2](https://go.microsoft.com/fwlink/p/?LinkId=619553) website.
  
 ## <a href="" id="sec01"></a>Orchestrator terminology
 
-Before diving into the core details, here is a quick course in Orchestrator terminology:
+Before diving into the core details, here's a quick course in Orchestrator terminology:
 -   **Orchestrator Server.** This is a server that executes runbooks.
--   **Runbooks.** A runbook is similar to a task sequence; it is a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
+-   **Runbooks.** A runbook is similar to a task sequence; it's a series of instructions based on conditions. Runbooks consist of workflow activities; an activity could be Copy File, Get User from Active Directory, or even Write to Database.
 -   **Orchestrator Designer.** This is where you build the runbooks. In brief, you do that by creating an empty runbook, dragging in the activities you need, and then connecting them in a workflow with conditions and subscriptions.
 -   **Subscriptions.** These are variables that come from an earlier activity in the runbook. So if you first execute an activity in which you type in a computer name, you can then subscribe to that value in the next activity. All these variables are accumulated during the execution of the runbook.
 -   **Orchestrator Console.** This is the Microsoft Silverlight-based web page you can use interactively to execute runbooks. The console listens to TCP port 81 by default.
 -   **Orchestrator web services.** These are the web services you use in the Microsoft Deployment Toolkit to execute runbooks during deployment. The web services listen to TCP port 82 by default.
 -   **Integration packs.** These provide additional workflow activities you can import to integrate with other products or solutions, like the rest of Active Directory, other System Center 2012 R2 products, or Microsoft Exchange Server, to name a few.
 
-**Note**  
+**Note**  
 To find and download additional integration packs, see [Integration Packs for System Center 2012 - Orchestrator](/previous-versions/system-center/packs/hh295851(v=technet.10)).
  
 ## <a href="" id="sec02"></a>Create a sample runbook
@@ -40,7 +40,7 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
 1. On OR01, using File Explorer, create the **E:\\Logfile** folder, and grant Users modify permissions (NTFS).
 2. In the **E:\\Logfile** folder, create the DeployLog.txt file.
    **Note**  
-   Make sure File Explorer is configured to show known file extensions so the file is not named DeployLog.txt.txt.
+   Make sure File Explorer is configured to show known file extensions so the file isn't named DeployLog.txt.txt.
      
    ![figure 23.](../images/mdt-09-fig23.png)
 
@@ -53,7 +53,7 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
    Figure 24. Folder created in the Runbooks node.
 
 4. In the **Runbooks** node, right-click the **1.0 MDT** folder, and select **New / Runbook**.
-5. On the ribbon bar, click **Check Out**.
+5. On the ribbon bar, select **Check Out**.
 6. Right-click the **New Runbook** label, select **Rename**, and assign the name **MDT Sample**.
 7. Add (using a drag-and-drop operation) the following items from the **Activities** list to the middle pane:
    1.  Runbook Control / Initialize Data
@@ -65,7 +65,7 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
    Figure 25. Activities added and connected.
 
 9. Right-click the **Initialize Data** activity, and select **Properties**
-10. On **the Initialize Data Properties** page, click **Add**, change **Parameter 1** to **OSDComputerName**, and then click **Finish**.
+10. On **the Initialize Data Properties** page, select **Add**, change **Parameter 1** to **OSDComputerName**, and then select **Finish**.
 
     ![figure 26.](../images/mdt-09-fig26.png)
 
@@ -86,23 +86,23 @@ This section assumes you have Orchestrator 2012 R2 installed on a server named O
 
     Figure 28. Subscribing to data.
 
-16. In the **Published Data** window, select the **OSDComputerName** item, and click **OK**.
+16. In the **Published Data** window, select the **OSDComputerName** item, and select **OK**.
 17. After the **{OSDComputerName from "Initialize Data"}** text, type in **has been deployed at** and, once again, right-click and select **Subscribe / Published Data**.
-18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and click **OK**.
+18. In the **Published Data** window, select the **Show common Published Data** check box, select the **Activity end time** item, and select **OK**.
 
     ![figure 29.](../images/mdt-09-fig29.png)
 
     Figure 29. The expanded text box after all subscriptions have been added.
 
-19. On the **Append Line Properties** page, click **Finish**.
+19. On the **Append Line Properties** page, select **Finish**.
     ## <a href="" id="sec03"></a>Test the demo MDT runbook
-    After the runbook is created, you are ready to test it.
-20. On the ribbon bar, click **Runbook Tester**.
-21. Click **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then click **OK**:
+    After the runbook is created, you're ready to test it.
+20. On the ribbon bar, select **Runbook Tester**.
+21. Select **Run**, and in the **Initialize Data Parameters** dialog box, use the following setting and then select **OK**:
     -   OSDComputerName: PC0010
-22. Verify that all activities are green (for additional information, see each target).
+22. Verify that all activities are green (for more information, see each target).
 23. Close the **Runbook Tester**.
-24. On the ribbon bar, click **Check In**.
+24. On the ribbon bar, select **Check In**.
 
 ![figure 30.](../images/mdt-09-fig30.png)
 
@@ -126,7 +126,7 @@ Figure 30. All tests completed.
 7.  After the **Set Task Sequence Variable** action, add a new **Execute Orchestrator Runbook** action with the following settings:
     1.  Orchestrator Server: OR01.contoso.com
     2.  Use Browse to select **1.0 MDT / MDT Sample**.
-8.  Click **OK**.
+8.  Select **OK**.
 
 ![figure 31.](../images/mdt-09-fig31.png)
 
@@ -134,9 +134,9 @@ Figure 31. The ready-made task sequence.
 
 ## Run the orchestrator sample task sequence
 
-Since this task sequence just starts a runbook, you can test this on the PC0001 client that you used for the MDT simulation environment.
-**Note**  
-Make sure the account you are using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](/previous-versions/system-center/system-center-2012-R2/hh403774(v=sc.12)).
+Since this task sequence just starts a runbook, you can test the task sequence on the PC0001 client that you used for the MDT simulation environment.
+**Note**  
+Make sure the account you're using has permissions to run runbooks on the Orchestrator server. For more information about runbook permissions, see [Runbook Permissions](/previous-versions/system-center/system-center-2012-R2/hh403774(v=sc.12)).
  
 1.  On PC0001, log on as **CONTOSO\\MDT\_BA**.
 2.  Using an elevated command prompt (run as Administrator), type the following command:
@@ -156,7 +156,7 @@ Make sure the account you are using has permissions to run runbooks on the Orche
 
 Figure 32. The ready-made task sequence.
 
-## Related topics
+## Related articles
 
 [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
 
diff --git a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
index bb95e708ec..f4d4812ffe 100644
--- a/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
+++ b/windows/deployment/deploy-windows-mdt/use-the-mdt-database-to-stage-windows-10-deployment-information.md
@@ -2,41 +2,42 @@
 title: Use MDT database to stage Windows 10 deployment info (Windows 10)
 description: Learn how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Use the MDT database to stage Windows 10 deployment information
 
-This topic is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). You can use this process, for example, to add the client machines you want to deploy, specify their computer names and IP addresses, indicate applications to be deployed, and determine many additional settings for the machines.
+This article is designed to teach you how to use the MDT database to pre-stage information on your Windows 10 deployment in a Microsoft SQL Server 2012 SP1 Express database, rather than include the information in a text file (CustomSettings.ini). You can use this process, for example, to add the client machines you want to deploy, specify their computer names and IP addresses, indicate applications to be deployed, and determine many more settings for the machines.
 
 ## <a href="" id="sec01"></a>Database prerequisites
 
-MDT can use either SQL Server Express or full SQL Server, but since the deployment database isn't big, even in large enterprise environments, we recommend using the free SQL Server 2012 SP1 Express database in your environment.
+MDT can use either SQL Server Express or full SQL Server. However, since the deployment database isn't large, even in large enterprise environments, we recommend using the free SQL Server 2012 SP1 Express database in your environment.
 
 >[!NOTE]
 >Be sure to enable Named Pipes when configuring the SQL Server 2012 SP1 Express database. Although it is a legacy protocol, Named Pipes has proven to work well when connecting from Windows Preinstallation Environment (Windows PE) to the SQL Server database.
- 
+ 
 ## <a href="" id="sec02"></a>Create the deployment database
 
 The MDT database is by default created and managed from the Deployment Workbench. In these steps, we assume you have installed SQL Server 2012 SP1 Express on MDT01.
 
 >[!NOTE]
 >Since SQL Server 2012 SP1 Express runs by default on a separate instance (SQLEXPRESS), the SQL Server Browser service must be running, and the firewall configured to allow traffic to it. Port 1433 TCP and port 1434 UDP need to be opened for inbound traffic on MDT01.
- 
+ 
 1.  On MDT01, using Deployment Workbench, expand the MDT Production deployment share, expand **Advanced Configuration**, right-click **Database**, and select **New Database**.
-2.  In the New DB Wizard, on the **SQL Server Details** page, enter the following settings and click **Next**:
+2.  In the New DB Wizard, on the **SQL Server Details** page, enter the following settings and select **Next**:
     1.  SQL Server Name: MDT01
     2.  Instance: SQLEXPRESS
     3.  Port: &lt;blank&gt;
     4.  Network Library: Named Pipes
-3.  On the **Database** page, select **Create a new database**; in the **Database** field, type **MDT** and click **Next**.
-4.  On the **SQL Share** page, in the **SQL Share** field, type **Logs$** and click **Next**. Click **Next** again and then click **Finish**.
+3.  On the **Database** page, select **Create a new database**; in the **Database** field, type **MDT** and select **Next**.
+4.  On the **SQL Share** page, in the **SQL Share** field, type **Logs$** and select **Next**. Select **Next** again and then select **Finish**.
 
 ![figure 8.](../images/mdt-09-fig08.png)
 
@@ -46,18 +47,18 @@ Figure 8. The MDT database added to MDT01.
 
 After creating the database, you need to assign permissions to it. In MDT, the account you used to run the deployment is used to access the database. In this environment, the network access account is MDT\_BA.
 1.  On MDT01, start SQL Server Management Studio.
-2.  In the **Connect to Server** dialog box, in the **Server name** list, select **MDT01\\SQLEXPRESS** and click **Connect**.
+2.  In the **Connect to Server** dialog box, in the **Server name** list, select **MDT01\\SQLEXPRESS** and select **Connect**.
 3.  In the **Object Explorer** pane, expand the top-level **Security** node, right-click **Logins**, and select **New Login**.
 
     ![figure 9.](../images/mdt-09-fig09.png)
 
     Figure 9. The top-level Security node.
 
-4.  On the **Login - New** page, next to the **Login** name field, click **Search**, and search for **CONTOSO\\MDT\_BA**. Then in the left pane, select **User Mapping**. Select the **MDT** database, and assign the following roles:
+4.  On the **Login - New** page, next to the **Login** name field, select **Search**, and search for **CONTOSO\\MDT\_BA**. Then in the left pane, select **User Mapping**. Select the **MDT** database, and assign the following roles:
     1.  db\_datareader
     2.  db\_datawriter
     3.  public (default)
-5.  Click **OK**, and close SQL Server Management Studio.
+5.  Select **OK**, and close SQL Server Management Studio.
 
 ![figure 10.](../images/mdt-09-fig10.png)
 
@@ -76,7 +77,7 @@ To start using the database, you add a computer entry and assign a description a
 
 Figure 11. Adding the PC00075 computer to the database.
 
-## Related topics
+## Related articles
 
 [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
 
diff --git a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
index e60ed99985..9c9f75a03e 100644
--- a/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
+++ b/windows/deployment/deploy-windows-mdt/use-web-services-in-mdt.md
@@ -1,24 +1,25 @@
 ---
 title: Use web services in MDT (Windows 10)
-description: Learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
+description: Learn how to create a web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Use web services in MDT
 
-In this topic, you will learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. Web services provide a powerful way to assign settings during a deployment. Simply put, web services are web applications that run code on the server side, and MDT has built-in functions to call these web services.
-Using a web service in MDT is straightforward, but it does require that you have enabled the Web Server (IIS) role on the server. Developing web services involves a little bit of coding, but for most web services used with MDT, you can use the free Microsoft Visual Studio Express 2013 for Web.
+In this article, you'll learn how to create a simple web service that generates computer names and then configure MDT to use that service during your Windows 10 deployment. Web services provide a powerful way to assign settings during a deployment. Web services are web applications that run code on the server side, and MDT has built-in functions to call these web services.
+Using a web service in MDT is straightforward, but it does require that you've enabled the Web Server (IIS) role on the server. Developing web services involves some coding, but for most web services used with MDT, you can use the free Microsoft Visual Studio Express 2013 for Web.
 
 ## <a href="" id="sec01"></a>Create a sample web service
 
-In these steps we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://www.microsoft.com/download/details.aspx?id=42516) from the Microsoft Download Center and extracted it to C:\\Projects.
+In these steps, we assume you have installed Microsoft Visual Studio Express 2013 for Web on PC0001 (the Windows 10 client) and downloaded the [MDT Sample Web Service](https://www.microsoft.com/download/details.aspx?id=42516) from the Microsoft Download Center and extracted it to C:\\Projects.
 1.  On PC0001, using Visual Studio Express 2013 for Web, open the C:\\Projects\\MDTSample\\ MDTSample.sln solution file.
 2.  On the ribbon bar, verify that Release is selected.
 3.  In the **Debug** menu, select the **Build MDTSample** action.
@@ -34,15 +35,15 @@ Figure 15. The sample project in Microsoft Visual Studio Express 2013 for Web.
 
 ## <a href="" id="sec02"></a>Create an application pool for the web service
 
-This section assumes that you have enabled the Web Server (IIS) role on MDT01.
+This section assumes that you've enabled the Web Server (IIS) role on MDT01.
 1.  On MDT01, using Server Manager, install the **IIS Management Console** role (available under Web Server (IIS) / Management Tools).
-2.  Using Internet Information Services (IIS) Manager, expand the **MDT01 (CONTOSO\\Administrator)** node. If prompted with the "Do you want to get started with Microsoft Web Platform?" question, select the **Do not show this message** check box and then click **No**.
+2.  Using Internet Information Services (IIS) Manager, expand the **MDT01 (CONTOSO\\Administrator)** node. If prompted with the **Do you want to get started with Microsoft Web Platform?** question, select the **Do not show this message** check box and then select **No**.
 3.  Right-click **Application Pools**, select **Add Application Pool**, and configure the new application pool with the following settings:
     1.  Name: MDTSample
     2.  .NET Framework version: .NET Framework 4.0.30319
     3.  Manage pipeline mode: Integrated
     4.  Select the **Start application pool immediately** check box.
-    5.  Click **OK**.
+    5.  Select **OK**.
 
 ![figure 16.](../images/mdt-09-fig16.png)
 
@@ -70,12 +71,12 @@ Figure 18. Configuring Authentication for the MDTSample web service.
 ## <a href="" id="sec04"></a>Test the web service in Internet Explorer
 
 1.  On PC0001, using Internet Explorer, navigate to: **http://MDT01/MDTSample/mdtsample.asmx**.
-2.  Click the **GetComputerName** link.
+2.  Select the **GetComputerName** link.
 
     ![figure 19.](../images/mdt-09-fig19.png)
 
     Figure 19. The MDT Sample web service.
-3.  On the **GetComputerName** page, type in the following settings, and click **Invoke**:
+3.  On the **GetComputerName** page, type in the following settings, and select **Invoke**:
     1.  Model: Hewlett-Packard
     2.  SerialNumber: 123456789
 
@@ -85,7 +86,7 @@ Figure 20. The result from the MDT Sample web service.
 
 ## <a href="" id="sec05"></a>Test the web service in the MDT simulation environment
 
-After verifying the web service using Internet Explorer, you are ready to do the same test in the MDT simulation environment.
+After verifying the web service using Internet Explorer, you're ready to do the same test in the MDT simulation environment.
 
 1. On PC0001, edit the CustomSettings.ini file in the **C:\\MDT** folder to look like the following:
    ``` 
@@ -114,7 +115,7 @@ After verifying the web service using Internet Explorer, you are ready to do the
 
 Figure 22. The OSDCOMPUTERNAME value obtained from the web service.
 
-## Related topics
+## Related articles
 
 [Set up MDT for BitLocker](set-up-mdt-for-bitlocker.md)
 
diff --git a/windows/deployment/deploy-windows-to-go.md b/windows/deployment/deploy-windows-to-go.md
index 61ec1640e1..873c456881 100644
--- a/windows/deployment/deploy-windows-to-go.md
+++ b/windows/deployment/deploy-windows-to-go.md
@@ -1,37 +1,36 @@
 ---
 title: Deploy Windows To Go in your organization (Windows 10)
-description: Learn how to deploy Windows To Go in your organization through a wizard in the user interface as well as programatically with Windows PowerShell.
+description: Learn how to deploy Windows To Go in your organization through a wizard in the user interface and programatically with Windows PowerShell.
 ms.reviewer: 
-manager: dougeby
-author: aczechowski
-ms.author: aaroncz
+manager: aaroncz
+author: frankroj
+ms.author: frankroj
 ms.prod: windows-client
 ms.topic: article
 ms.custom: seo-marvel-apr2020
+ms.date: 10/31/2022
 ---
 
 # Deploy Windows To Go in your organization
 
-
-
 **Applies to**
 
 -   Windows 10
 
-This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment.
+This article helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the articles [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this article to start your Windows To Go deployment.
 
 > [!IMPORTANT]
 > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
 
 ## Deployment tips
 
-The following is a list of items that you should be aware of before you start the deployment process:
+The below list is items that you should be aware of before you start the deployment process:
 
 * Only use recommended USB drives for Windows To Go. Use of other drives isn't supported. Check the list at [Windows To Go: feature overview](planning/windows-to-go-overview.md) for the latest USB drives certified for use as Windows To Go drives.
 
 * After you provision a new workspace, always eject a Windows To Go drive using the **Safely Remove Hardware and Eject Media** control that can be found in the notification area or in Windows Explorer. Removing the drive from the USB port without ejecting it first can cause the drive to become corrupted.
 
-* When running a Windows To Go workspace, always shutdown the workspace before unplugging the drive.
+* When running a Windows To Go workspace, always shut down the workspace before unplugging the drive.
 
 * Configuration Manager SP1 and later includes support for user self-provisioning of Windows To Go drives. For more information on this deployment option, see [How to Provision Windows To Go in Configuration Manager](/previous-versions/system-center/system-center-2012-R2/jj651035(v=technet.10)).
 
@@ -39,7 +38,7 @@ The following is a list of items that you should be aware of before you start th
 
 ## Basic deployment steps
 
-Unless you're using a customized operating system image, your initial Windows To Go workspace won't be domain joined and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The following steps are used in both small-scale and large-scale Windows To Go deployment scenarios.
+Unless you're using a customized operating system image, your initial Windows To Go workspace won't be domain joined, and won't contain applications. This is exactly like a new installation of Windows on a desktop or laptop computer. When planning your deployment, you should develop methods to join Windows to Go drives to the domain, and install the standard applications that users in your organization require. These methods probably will be similar to the ones used for setting up desktop and laptop computers with domain privileges and applications. This section describes the instructions for creating the correct disk layout on the USB drive, applying the operating system image and the core Windows To Go specific configurations to the drive. The steps that follow are used in both small-scale and large-scale Windows To Go deployment scenarios.
 
 Completing these steps will give you a generic Windows To Go drive that can be distributed to your users and then customized for their usage as needed. This drive is also appropriate for use with USB drive duplicators. Your specific deployment scenarios will involve more than just these basic steps but these additional deployment considerations are similar to traditional PC deployment and can be incorporated into your Windows To Go deployment plan. For more information, see [Windows Deployment Options](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825230(v=win.10)).
 
@@ -59,18 +58,18 @@ In this step we're creating the operating system image that will be used on the
 
 2. Insert the USB drive that you want to use as your Windows To Go drive into your PC.
 
-3. Verify that the .wim file location (which can be a network share, a DVD , or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
+3. Verify that the .wim file location (which can be a network share, a DVD, or a USB drive) is accessible and that it contains a valid Windows 10 Enterprise or Windows 10 Education image that has been generalized using sysprep. Many environments can use the same image for both Windows To Go and desktop deployments.
 
     >[!NOTE]
     >For more information about .wim files, see [Windows System Image Manager (Windows SIM) Technical Reference](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824929(v=win.10)). For more information about using sysprep, see [Sysprep Overview](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825209(v=win.10)).
 
-4. Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then click **Yes**. The **Windows To Go Creator Wizard** opens.
+4. Using Cortana, search for **Windows To Go** and then press **Enter**. If the **User Account Control** dialog box appears, confirm that the action it displays is what you want, and then select **Yes**. The **Windows To Go Creator Wizard** opens.
 
-5. On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then click **Next.**
+5. On the **Choose the drive you want to use** page select the drive that represents the USB drive you inserted previously, then select **Next.**
 
-6. On the **Choose a Windows image** page, click **Add Search Location** and then navigate to the .wim file location and click select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then click **Next**.
+6. On the **Choose a Windows image** page, select **Add Search Location** and then navigate to the .wim file location and select select folder. The wizard will display the installable images present in the folder; select the Windows 10 Enterprise or Windows 10 Education image you wish to use and then select **Next**.
 
-7.  (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you don't wish to encrypt the drive at this time, click **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
+7.  (Optional) On the **Set a BitLocker password (optional)** page, you can select **Use BitLocker with my Windows To Go Workspace** to encrypt your Windows To Go drive. If you don't wish to encrypt the drive at this time, select **Skip**. If you decide you want to add BitLocker protection later, see [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) for instructions.
 r
 
     >[!WARNING]
@@ -86,12 +85,12 @@ r
     >The BitLocker recovery password will be saved in the documents library of the computer used to create the workspace automatically. If your organization is using Active Directory Domain Services (AD DS) to store recovery passwords it will also be saved in AD DS under the computer account of the computer used to create the workspace. This password will be used only if you need to recover access to the drive because the BitLocker password specified in the previous step is not available, such as if a password is lost or forgotten. For more information about BitLocker and AD DS, see [Active Directory Domain Services considerations](/previous-versions/windows/it-pro/windows-8.1-and-8/jj592683(v=ws.11)).    
 ~~~
 
-8. Verify that the USB drive inserted is the one you want to provision for Windows To Go and then click **Create** to start the Windows To Go workspace creation process.
+8. Verify that the USB drive inserted is the one you want to provision for Windows To Go and then select **Create** to start the Windows To Go workspace creation process.
 
     >[!WARNING]
     >The USB drive identified will be reformatted as part of the Windows To Go provisioning process and any data on the drive will be erased.  
 
-9. Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
+9. Wait for the creation process to complete, which can take 20 to 30 minutes. A completion page will be displayed that tells you when your Windows To Go workspace is ready to use. From the completion page, you can configure the Windows To Go startup options to configure the current computer as a Windows To Go host computer.
 
 Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using the Windows To Go startup options and boot your Windows To Go drive.
 
@@ -110,22 +109,22 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
 
    #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
    #
-   # To skip the confirmation prompt, append –confirm:$False
-    Clear-Disk –InputObject $Disk[0] -RemoveData
+   # To skip the confirmation prompt, append -confirm:$False
+    Clear-Disk -InputObject $Disk[0] -RemoveData
 
    # This command initializes a new MBR disk
-    Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
+    Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
 
    # This command creates a 350 MB system partition
-    $SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive
+    $SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
 
    # This formats the volume with a FAT32 Filesystem
-   # To skip the confirmation dialog, append –Confirm:$False
+   # To skip the confirmation dialog, append -Confirm:$False
     Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
     -Partition $SystemPartition
 
    # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
-    $OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
+    $OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
     Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
     -Partition $OSPartition
 
@@ -137,7 +136,7 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
     Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
     ```
 
-3. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
+3. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
 
     >[!TIP]
     >The index number must be set correctly to a valid Enterprise image in the .WIM file.
@@ -149,7 +148,6 @@ The following Windows PowerShell cmdlet or cmdlets perform the same function as
 
 4.  Now use the [bcdboot](/previous-versions/windows/it-pro/windows-8.1-and-8/hh824874(v=win.10)) command line tool to move the necessary boot components to the system partition on the disk. This helps ensure that the boot components, operating system versions, and architectures match. The `/f ALL` parameter indicates that boot components for UEFI and BIOS should be placed on the system partition of the disk. The following example illustrates this step:
 
-
 ~~~
 ``` 
 W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
@@ -225,62 +223,58 @@ W:\Windows\System32\bcdboot W:\Windows /f ALL /s S:
     >[!IMPORTANT]
     >Setup unattend files are processed based on their location. Setup will place a temporary unattend file into the **%systemroot%\\panther** folder which is the first location that setup will check for installation information. You should make sure that folder does not contain a previous version of an unattend.xml file to ensure that the one you just created is used.
 
-    If you do not wish to boot your Windows To Go device on this computer and want to remove it to boot it on another PC, be sure to use the **Safely Remove Hardware and Eject Media** option to safely disconnect the drive before physically removing it from the PC.
-
+    If you don't wish to boot your Windows To Go device on this computer and want to remove it to boot it on another PC, be sure to use the **Safely Remove Hardware and Eject Media** option to safely disconnect the drive before physically removing it from the PC.
 
 Your Windows To Go workspace is now ready to be started. You can now [prepare a host computer](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) using the Windows To Go startup options to test your workspace configuration, [configure the workspace for offline domain join](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)), or [enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)).
 
-
 ### To prepare a host computer
 
-Computers running Windows 8 and later can be configured as host computers that use Windows To Go automatically whenever a Windows To Go workspace is available at startup. When the Windows To Go startup options are enabled on a host computer, Windows will divert startup to the Windows To Go drive whenever it is attached to the computer. This makes it easy to switch from using the host computer to using the Windows To Go workspace.
+Computers running Windows 8 and later can be configured as host computers that use Windows To Go automatically whenever a Windows To Go workspace is available at startup. When the Windows To Go startup options are enabled on a host computer, Windows will divert startup to the Windows To Go drive whenever it's attached to the computer. This makes it easy to switch from using the host computer to using the Windows To Go workspace.
 
 >[!TIP]
 >If you will be using a PC running Windows 7 as your host computer, see [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkId=618951) for information to help you prepare the host computer.
 
-
-If you want to use the Windows To Go workspace, simply shut down the computer, plug in the Windows To Go drive, and turn on the computer. To use the host computer, shut down the Windows To Go workspace, unplug the Windows To Go drive, and turn on the computer.
+If you want to use the Windows To Go workspace, shut down the computer, plug in the Windows To Go drive, and turn on the computer. To use the host computer, shut down the Windows To Go workspace, unplug the Windows To Go drive, and turn on the computer.
 
 To set the Windows To Go Startup options for host computers running Windows 10:
 
 1. Using Cortana, search for **Windows To Go startup options** and then press **Enter**.
 
-2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB
+2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then select **Save Changes** to configure the computer to boot from USB
 
 For host computers running Windows 8 or Windows 8.1:
 
 1. Press **Windows logo key+W**, search for **Windows To Go startup options**, and then press **Enter**.
 
-2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
+2. In the **Windows To Go Startup Options** dialog box, select **Yes**, and then select **Save Changes** to configure the computer to boot from USB.
 
 You can configure your organization's computers to automatically start from the USB drive by enabling the following Group Policy setting:
 
 **\\\\Computer Configuration\\Administrative Templates\\Windows Components\\Portable Operating System\\Windows To Go Default Startup Options**
 
-After this policy setting is enabled, automatic starting of a Windows To Go workspace will be attempted when a USB drive is connected to the computer when it is started. Users will not be able to use the Windows To Go Startup Options to change this behavior. If you disable this policy setting, booting to Windows To Go when a USB drive is connected will not occur unless a user configures the option manually in the firmware. If you do not configure this policy setting, users who are members of the Administrators group can enable or disable booting from a USB drive using the Windows To Go Startup Options.
+After this policy setting is enabled, automatic starting of a Windows To Go workspace will be attempted when a USB drive is connected to the computer when it's started. Users won't be able to use the Windows To Go Startup Options to change this behavior. If you disable this policy setting, booting to Windows To Go when a USB drive is connected won't occur unless a user configures the option manually in the firmware. If you don't configure this policy setting, users who are members of the Administrators group can enable or disable booting from a USB drive using the Windows To Go Startup Options.
 
-Your host computer is now ready to boot directly into Windows To Go workspace when it is inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) and [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)).
+Your host computer is now ready to boot directly into Windows To Go workspace when it's inserted prior to starting the computer. Optionally you can perform [Configure Windows To Go workspace for offline domain join](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)) and [Enable BitLocker protection for your Windows To Go drive](/previous-versions/windows/it-pro/windows-8.1-and-8/jj721578(v=ws.11)).
 
 ### Booting your Windows To Go workspace
 
-After you have configured your host PC to boot from USB, you can use the following procedure to boot your Windows To Go workspace:
+After you've configured your host PC to boot from USB, you can use the following procedure to boot your Windows To Go workspace:
 
 **To boot your workspace**
 
-1.  Make sure that the host PC is not in a sleep state. If the computer is in a sleep state, either shut it down or hibernate it.
+1.  Make sure that the host PC isn't in a sleep state. If the computer is in a sleep state, either shut it down or hibernate it.
 
-2.  Insert the Windows To Go USB drive directly into a USB 3.0 or USB 2.0 port on the PC. Do not use a USB hub or extender.
+2.  Insert the Windows To Go USB drive directly into a USB 3.0 or USB 2.0 port on the PC. Don't use a USB hub or extender.
 
-3.  Turn on the PC. If your Windows To Go drive is protected with BitLocker you will be asked to type the password, otherwise the workspace will boot directly into the Windows To Go workspace.
+3.  Turn on the PC. If your Windows To Go drive is protected with BitLocker you'll be asked to type the password, otherwise the workspace will boot directly into the Windows To Go workspace.
 
 ## Advanced deployment steps
 
-
-The following steps are used for more advanced deployments where you want to have further control over the configuration of the Windows To Go drives, ensure that they are correctly configured for remote access to your organizational resources, and have been protected with BitLocker Drive Encryption.
+The following steps are used for more advanced deployments where you want to have further control over the configuration of the Windows To Go drives, ensure that they're correctly configured for remote access to your organizational resources, and have been protected with BitLocker Drive Encryption.
 
 ### Configure Windows To Go workspace for remote access
 
-Making sure that Windows To Go workspaces are effective when used off premises is essential to a successful deployment. One of the key benefits of Windows To Go is the ability for your users to use the enterprise managed domain joined workspace on an unmanaged computer which is outside your corporate network. To enable this usage, typically you would provision the USB drive as described in the basic deployment instructions and then add the configuration to support domain joining of the workspace, installation of any line-of-business applications, and configuration of your chosen remote connectivity solution such as a virtual private network client or DirectAccess. Once these configurations have been performed the user can work from the workspace using a computer that is off-premises. The following procedure allows you to provision domain joined Windows To Go workspaces for workers that do not have physical access to your corporate network.
+Making sure that Windows To Go workspaces are effective when used off premises is essential to a successful deployment. One of the key benefits of Windows To Go is the ability for your users to use the enterprise managed domain joined workspace on an unmanaged computer that is outside your corporate network. To enable this usage, typically you would provision the USB drive as described in the basic deployment instructions and then add the configuration to support domain joining of the workspace, installation of any line-of-business applications, and configuration of your chosen remote connectivity solution such as a virtual private network client or DirectAccess. Once these configurations have been performed the user can work from the workspace using a computer that is off-premises. The following procedure allows you to provision domain joined Windows To Go workspaces for workers that don't have physical access to your corporate network.
 
 **Prerequisites for remote access scenario**
 
@@ -301,7 +295,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i
     ```
 
     >[!NOTE]
-    >The **/certtemplate** parameter supports the use of certificate templates for distributing certificates for DirectAccess, if your organization is not using certificate templates you can omit this parameter. Additionally, if are using djoin.exe with Windows Server 2008-based Domain Controllers, append the /downlevel switch during provisioning. For more information see the [Offline Domain Join Step-by-Step guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd392267(v=ws.10)).
+    >The **/certtemplate** parameter supports the use of certificate templates for distributing certificates for DirectAccess, if your organization is not using certificate templates you can omit this parameter. Additionally, if are using djoin.exe with Windows Server 2008-based Domain Controllers, append the /downlevel switch during provisioning. For more information, see the [Offline Domain Join Step-by-Step guide](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd392267(v=ws.10)).
 
 2. Insert the Windows To Go drive.
 
@@ -316,22 +310,22 @@ Making sure that Windows To Go workspaces are effective when used off premises i
 
    #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
    #
-   # To skip the confirmation prompt, append –confirm:$False
-    Clear-Disk –InputObject $Disk[0] -RemoveData
+   # To skip the confirmation prompt, append -confirm:$False
+    Clear-Disk -InputObject $Disk[0] -RemoveData
 
    # This command initializes a new MBR disk
-    Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
+    Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
 
    # This command creates a 350 MB system partition
-    $SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive
+    $SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
 
    # This formats the volume with a FAT32 Filesystem
-   # To skip the confirmation dialog, append –Confirm:$False
+   # To skip the confirmation dialog, append -Confirm:$False
     Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
     -Partition $SystemPartition
 
    # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
-    $OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
+    $OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
     Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
     -Partition $OSPartition
 
@@ -343,8 +337,7 @@ Making sure that Windows To Go workspaces are effective when used off premises i
     Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
     ```
 
-5. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
-
+5. Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
 
 ~~~
 >[!TIP]
@@ -362,7 +355,7 @@ dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /ind
    djoin /requestodj /loadfile C:\example\path\domainmetadatafile /windowspath W:\Windows
    ```
 
-7. Next, we will need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we are hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you have configured for your organization if desired. For more information about the OOBE settings, see [OOBE](/previous-versions/windows/it-pro/windows-8.1-and-8/ff716016(v=win.10)):
+7. Next, we'll need to edit the unattend.xml file to configure the first run (OOBE) settings. In this example we're hiding the Microsoft Software License Terms (EULA) page, configuring automatic updates to install important and recommended updates automatically, and identifying this workspace as part of a private office network. You can use other OOBE settings that you've configured for your organization if desired. For more information about the OOBE settings, see [OOBE](/previous-versions/windows/it-pro/windows-8.1-and-8/ff716016(v=win.10)):
 
    ``` 
    <?xml version="1.0" encoding="utf-8"?>
@@ -413,7 +406,7 @@ You should now be able to access your organization's network resources and work
 
 ### Enable BitLocker protection for your Windows To Go drive
 
-Enabling BitLocker on your Windows To Go drive will help ensure that your data is protected from unauthorized use and that if your Windows To Go drive is lost or stolen it will not be easy for an unauthorized person to obtain confidential data or use the workspace to gain access to protected resources in your organization. When BitLocker is enabled, each time you boot your Windows To Go drive, you will be asked to provide the BitLocker password to unlock the drive. The following procedure provides the steps for enabling BitLocker on your Windows To Go drive:
+Enabling BitLocker on your Windows To Go drive will help ensure that your data is protected from unauthorized use and that if your Windows To Go drive is lost or stolen it will not be easy for an unauthorized person to obtain confidential data or use the workspace to gain access to protected resources in your organization. When BitLocker is enabled, each time you boot your Windows To Go drive, you'll be asked to provide the BitLocker password to unlock the drive. The following procedure provides the steps for enabling BitLocker on your Windows To Go drive:
 
 #### Prerequisites for enabling BitLocker scenario
 
@@ -423,26 +416,26 @@ Enabling BitLocker on your Windows To Go drive will help ensure that your data i
 
 * Review the following Group Policy settings for BitLocker Drive Encryption and modify the configuration as necessary:
 
-    **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup**. This policy allows the use of a password key protector with an operating system drive; this policy must be enabled to configure BitLocker from within the Windows To Go workspace. This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you are using BitLocker with or without a Trusted Platform Module (TPM). You must enable this setting and select the **Allow BitLocker without a compatible TPM** check box and then enable the **Configure use of passwords for operating system drives** setting.
+    **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Require additional authentication at startup**. This policy allows the use of a password key protector with an operating system drive; this policy must be enabled to configure BitLocker from within the Windows To Go workspace. This policy setting allows you to configure whether BitLocker requires additional authentication each time the computer starts and whether you're using BitLocker with or without a Trusted Platform Module (TPM). You must enable this setting and select the **Allow BitLocker without a compatible TPM** check box and then enable the **Configure use of passwords for operating system drives** setting.
 
     **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Configure use of passwords for operating system drives**. This policy setting enables passwords to be used to unlock BitLocker-protected operating system drives and provides the means to configure complexity and length requirements on passwords for Windows To Go workspaces. For the complexity requirement setting to be effective the Group Policy setting **Password must meet complexity requirements** located in **Computer Configuration\\Windows Settings\\Security Settings\\Account Policies\\Password Policy\\** must be also enabled.
 
-    **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Enable use of BitLocker authentication requiring preboot keyboard input on slates**. This policy setting allows users to enable authentication options that require user input from the preboot environment even if the platform indicates a lack of preboot input capability. If this setting is not enabled, passwords cannot be used to unlock BitLocker-protected operating system drives.
+    **\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives\\Enable use of BitLocker authentication requiring preboot keyboard input on slates**. This policy setting allows users to enable authentication options that require user input from the preboot environment even if the platform indicates a lack of preboot input capability. If this setting isn't enabled, passwords can't be used to unlock BitLocker-protected operating system drives.
 
 You can choose to enable BitLocker protection on Windows To Go drives before distributing them to users as part of your provisioning process or you can allow your end-users to apply BitLocker protection to them after they have taken possession of the drive. A step-by-step procedure is provided for both scenarios.
 
-Enabling BitLocker during provisioning ensures that your operating system image is always protected by BitLocker. When enabling BitLocker during the provisioning process you can significantly reduce the time required for encrypting the drive by enabling BitLocker after configuring the disk and just prior to applying the image. If you use this method, you will need to give users their BitLocker password when you give then their Windows To Go workspace. Also, you should instruct your users to boot their workspace and change their BitLocker password as soon as possible (this can be done with standard user privileges).
+Enabling BitLocker during provisioning ensures that your operating system image is always protected by BitLocker. When enabling BitLocker during the provisioning process you can significantly reduce the time required for encrypting the drive by enabling BitLocker after configuring the disk and just prior to applying the image. If you use this method, you'll need to give users their BitLocker password when you give then their Windows To Go workspace. Also, you should instruct your users to boot their workspace and change their BitLocker password as soon as possible (this can be done with standard user privileges).
 
-Enabling BitLocker after distribution requires that your users turn on BitLocker. This means that your Windows To Go workspaces are unprotected until the user enables BitLocker. Administrative rights on the Windows To Go workspace are required to enable BitLocker. For more information about BitLocker see the [BitLocker Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831713(v=ws.11)).
+Enabling BitLocker after distribution requires that your users turn on BitLocker. This means that your Windows To Go workspaces are unprotected until the user enables BitLocker. Administrative rights on the Windows To Go workspace are required to enable BitLocker. For more information about BitLocker, see the [BitLocker Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831713(v=ws.11)).
 
 #### BitLocker recovery keys
 
-BitLocker recovery keys are the keys that can be used to unlock a BitLocker protected drive if the standard unlock method fails. It is recommended that your BitLocker recovery keys be backed up to Active Directory Domain Services (AD DS). If you do not want to use AD DS to store recovery keys you can save recovery keys to a file or print them. How BitLocker recovery keys are managed differs depending on when BitLocker is enabled.
+BitLocker recovery keys are the keys that can be used to unlock a BitLocker protected drive if the standard unlock method fails. It's recommended that your BitLocker recovery keys be backed up to Active Directory Domain Services (AD DS). If you don't want to use AD DS to store recovery keys you can save recovery keys to a file or print them. How BitLocker recovery keys are managed differs depending on when BitLocker is enabled.
 
--   If BitLocker protection is enabled during provisioning, the BitLocker recovery keys will be stored under the computer account of the computer used for provisioning the drives. If backing up recovery keys to AD DS is not used, the recovery keys will need to be printed or saved to a file for each drive. The IT administrator must track which keys were assigned to which Windows To Go drive.
+-   If BitLocker protection is enabled during provisioning, the BitLocker recovery keys will be stored under the computer account of the computer used for provisioning the drives. If backing up recovery keys to AD DS isn't used, the recovery keys will need to be printed or saved to a file for each drive. The IT administrator must track which keys were assigned to which Windows To Go drive.
 
 -   **Warning**  
-    If BitLocker is enabled after distribution, the recovery key will be backed up to AD DS under the computer account of the workspace. If backing up recovery keys to AD DS is not used, they can be printed or saved to a file by the user. If the IT administrator wants a central record of recovery keys, a process by which the user provides the key to the IT department must be put in place.
+    If BitLocker is enabled after distribution, the recovery key will be backed up to AD DS under the computer account of the workspace. If backing up recovery keys to AD DS isn't used, they can be printed or saved to a file by the user. If the IT administrator wants a central record of recovery keys, a process by which the user provides the key to the IT department must be put in place.
 
 #### To enable BitLocker during provisioning
 
@@ -464,22 +457,22 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
 
    #Clear the disk. This will delete any data on the disk. (and will fail if the disk is not yet initialized. If that happens, simply continue with 'New-Partition…) Validate that this is the correct disk that you want to completely erase.
    #
-   # To skip the confirmation prompt, append –confirm:$False
-    Clear-Disk –InputObject $Disk[0] -RemoveData
+   # To skip the confirmation prompt, append -confirm:$False
+    Clear-Disk -InputObject $Disk[0] -RemoveData
 
    # This command initializes a new MBR disk
-    Initialize-Disk –InputObject $Disk[0] -PartitionStyle MBR
+    Initialize-Disk -InputObject $Disk[0] -PartitionStyle MBR
 
    # This command creates a 350 MB system partition
-    $SystemPartition = New-Partition –InputObject $Disk[0] -Size (350MB) -IsActive
+    $SystemPartition = New-Partition -InputObject $Disk[0] -Size (350MB) -IsActive
 
    # This formats the volume with a FAT32 Filesystem
-   # To skip the confirmation dialog, append –Confirm:$False
+   # To skip the confirmation dialog, append -Confirm:$False
     Format-Volume -NewFileSystemLabel "UFD-System" -FileSystem FAT32 `
     -Partition $SystemPartition
 
    # This command creates the Windows volume using the maximum space available on the drive. The Windows To Go drive should not be used for other file storage.
-    $OSPartition = New-Partition –InputObject $Disk[0] -UseMaximumSize
+    $OSPartition = New-Partition -InputObject $Disk[0] -UseMaximumSize
     Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS `
     -Partition $OSPartition
 
@@ -491,7 +484,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
     Set-Partition -InputObject $OSPartition -NoDefaultDriveLetter $TRUE
     ```
 
-   Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you just created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
+   Next you need to apply the operating system image that you want to use with Windows To Go to the operating system partition you created on the disk (this may take 30 minutes or longer, depending on the size of the image and the speed of your USB connection). The following command shows how this can be accomplished using the [Deployment Image Servicing and Management](/windows-hardware/manufacture/desktop/dism---deployment-image-servicing-and-management-technical-reference-for-windows) command-line tool (DISM):
 
    >[!TIP]
    >The index number must be set correctly to a valid Enterprise image in the .WIM file.
@@ -501,7 +494,7 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
    dism /apply-image /imagefile:n:\imagefolder\deploymentimages\mywtgimage.wim /index:1 /applydir:W:\
    ```
 
-5. In the same PowerShell session use the following cmdlet to add a recovery key to the drive:
+5. In the same PowerShell session, use the following cmdlet to add a recovery key to the drive:
 
    ``` 
    $BitlockerRecoveryProtector = Add-BitLockerKeyProtector W: -RecoveryPasswordProtector
@@ -521,31 +514,31 @@ BitLocker recovery keys are the keys that can be used to unlock a BitLocker prot
 
    ``` 
    # Create a variable to store the password
-   $spwd = ConvertTo-SecureString -String <password> -AsplainText –Force
+   $spwd = ConvertTo-SecureString -String <password> -AsplainText -Force
    Enable-BitLocker W: -PasswordProtector $spwd
    ```
 
    >[!WARNING]
-   >To have BitLocker only encrypt used space on the disk append the parameter `–UsedSpaceOnly` to the `Enable-BitLocker` cmdlet. As data is added to the drive BitLocker will encrypt additional space. Using this parameter will speed up the preparation process as a smaller percentage of the disk will require encryption. If you are in a time critical situation where you cannot wait for encryption to complete you can also safely remove the Windows To Go drive during the encryption process. The next time the drive is inserted in a computer it will request the BitLocker password. Once the password is supplied, the encryption process will continue. If you do this, make sure your users know that BitLocker encryption is still in process and that they will be able to use the workspace while the encryption completes in the background.
+   >To have BitLocker only encrypt used space on the disk append the parameter `-UsedSpaceOnly` to the `Enable-BitLocker` cmdlet. As data is added to the drive BitLocker will encrypt additional space. Using this parameter will speed up the preparation process as a smaller percentage of the disk will require encryption. If you are in a time critical situation where you cannot wait for encryption to complete you can also safely remove the Windows To Go drive during the encryption process. The next time the drive is inserted in a computer it will request the BitLocker password. Once the password is supplied, the encryption process will continue. If you do this, make sure your users know that BitLocker encryption is still in process and that they will be able to use the workspace while the encryption completes in the background.
 
 8. Copy the numerical recovery password and save it to a file in a safe location. The recovery password will be required if the password is lost or forgotten.
 
    >[!WARNING]
    >If the **Choose how BitLocker-protected removable data drives can be recovered** Group Policy setting has been configured to back up recovery information to Active Directory Domain Services, the recovery information for the drive will be stored under the account of the host computer used to apply the recovery key.
 
-   If you want to have the recovery information stored under the account of the Windows To Go workspace you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker). 
+   If you want to have the recovery information stored under the account of the Windows To Go workspace, you can turn BitLocker from within the Windows To Go workspace using the BitLocker Setup Wizard from the BitLocker Control Panel item as described in [To enable BitLocker after distribution](#enable-bitlocker). 
 
 9. Safely remove the Windows To Go drive.
 
-The Windows To Go drives are now ready to be distributed to users and are protected by BitLocker. When you distribute the drives, make sure the users know the following:
+The Windows To Go drives are now ready to be distributed to users and are protected by BitLocker. When you distribute the drives, make sure the users know the following information:
 
-* Initial BitLocker password that they will need to boot the drives.
+* Initial BitLocker password that they'll need to boot the drives.
 
 * Current encryption status.
 
 * Instructions to change the BitLocker password after the initial boot.
 
-* Instructions for how to retrieve the recovery password if necessary. This may be a help desk process, an automated password retrieval site, or a person to contact.
+* Instructions for how to retrieve the recovery password if necessary. These instructions may be a help desk process, an automated password retrieval site, or a person to contact.
 
 <a href="" id="enable-bitlocker"></a>
 #### To enable BitLocker after distribution
@@ -554,7 +547,7 @@ The Windows To Go drives are now ready to be distributed to users and are protec
 
 2. Press **Windows logo key+W** to open **Search Settings**, type BitLocker and then select the item for BitLocker Drive Encryption.
 
-3. The drives on the workspace are displayed, click **Turn BitLocker On** for the C: drive. The **BitLocker Setup Wizard** appears.
+3. The drives on the workspace are displayed, select **Turn BitLocker On** for the C: drive. The **BitLocker Setup Wizard** appears.
 
 4. Complete the steps in the **BitLocker Setup Wizard** selecting the password protection option.
 
@@ -565,13 +558,13 @@ The Windows To Go drives are now ready to be distributed to users and are protec
 
 The following sample script supports the provisioning of multiple Windows To Go drives and the configuration of offline domain join.
 
-The sample script creates an unattend file that streamlines the deployment process so that the initial use of the Windows To Go drive does not prompt the end user for any additional configuration information before starting up.
+The sample script creates an unattend file that streamlines the deployment process so that the initial use of the Windows To Go drive doesn't prompt the end user for any additional configuration information before starting up.
 
 #### Prerequisites for running the advanced deployment sample script
 
-* To run this sample script you must open a Windows PowerShell session as an administrator from a domain-joined computer using an account that has permission to create domain accounts.
+* To run this sample script, you must open a Windows PowerShell session as an administrator from a domain-joined computer using an account that has permission to create domain accounts.
 
-* Using offline domain join is required by this script, since the script does not create a local administrator user account. However, domain membership will automatically put "Domain admins" into the local administrators group. Review your domain policies. If you are using DirectAccess you will need to modify the djoin.exe command to include the `policynames` and potentially the `certtemplate` parameters.
+* Using offline domain join is required by this script, since the script doesn't create a local administrator user account. However, domain membership will automatically put "Domain admins" into the local administrators group. Review your domain policies. If you're using DirectAccess, you'll need to modify the djoin.exe command to include the `policynames` and potentially the `certtemplate` parameters.
 
 * The script needs to use drive letters, so you can only provision half as many drives as you have free drive letters.
 
@@ -837,7 +830,7 @@ if ($Disks -eq $null)
 #We want to make sure that all non-boot connected USB drives are online, writeable and cleaned.
 #This command will erase all data from all USB drives larger than 20Gb connected to your machine
 #To automate this step you can add: -confirm:$False
-Clear-Disk –InputObject $Disks -RemoveData -erroraction SilentlyContinue
+Clear-Disk -InputObject $Disks -RemoveData -erroraction SilentlyContinue
 
 # Currently the provisioning script needs drive letters (for dism and bcdboot.exe) and the script is more
 # reliable when the main process determines all of the free drives and provides them to the sub-processes.
@@ -863,15 +856,15 @@ foreach ($disk in $Disks)
             $policyFilePath = $args[6]
 
 #For compatibility between UEFI and legacy BIOS we use MBR for the disk.
-            Initialize-Disk –InputObject $Disk -PartitionStyle MBR
+            Initialize-Disk -InputObject $Disk -PartitionStyle MBR
 
 #A short sleep between creating a new partition and formatting helps ensure the partition
 #is ready before formatting.
-            $SystemPartition = New-Partition –InputObject $Disk -Size (350MB) -IsActive
+            $SystemPartition = New-Partition -InputObject $Disk -Size (350MB) -IsActive
             Sleep 1
             Format-Volume -Partition $SystemPartition -FileSystem FAT32 -NewFileSystemLabel "UFD-System" -confirm:$False | Out-Null
 
-            $OSPartition = New-Partition –InputObject $Disk -UseMaximumSize
+            $OSPartition = New-Partition -InputObject $Disk -UseMaximumSize
             Sleep 1
             Format-Volume -NewFileSystemLabel "UFD-Windows" -FileSystem NTFS -Partition $OSPartition -confirm:$False | Out-Null
 
@@ -979,7 +972,7 @@ In the PowerShell provisioning script, after the image has been applied, you can
             reg unload HKLM\WTG-Keyboard
 ```
 
-## Related topics
+## Related articles
 
 
 [Windows To Go: feature overview](planning/windows-to-go-overview.md)
diff --git a/windows/deployment/deploy.md b/windows/deployment/deploy.md
index 0f6da37406..51982b85d2 100644
--- a/windows/deployment/deploy.md
+++ b/windows/deployment/deploy.md
@@ -2,34 +2,35 @@
 title: Deploy Windows 10 (Windows 10)
 description: Learn about Windows 10 upgrade options for planning, testing, and managing your production deployment.
 ms.reviewer: 
-manager: dougeby
-author: aczechowski
-ms.author: aaroncz
+manager: aaroncz
+author: frankroj
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
 ms.topic: article
 ms.custom: seo-marvel-apr2020
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # Deploy Windows 10
 
-Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment. Procedures are provided to help you with a new deployment of the Windows 10 operating system, or to upgrade from a previous version of Windows to Windows 10. The following sections and topics are available.
+Windows 10 upgrade options are discussed and information is provided about planning, testing, and managing your production deployment. Procedures are provided to help you with a new deployment of the Windows 10 operating system, or to upgrade from a previous version of Windows to Windows 10. The following sections and articles are available.
 
-
-|Topic |Description |
+|Article |Description |
 |------|------------|
-|[Overview of Windows Autopilot](/mem/autopilot/windows-autopilot) |This topic provides an overview of Windows Autopilot deployment, a new zero-touch method for deploying Windows 10 in the enterprise. |
-|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This topic provides information about support for upgrading directly to Windows 10 from a previous operating system. |
-|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This topic provides information about support for upgrading from one edition of Windows 10 to another. |
-|[Windows 10 volume license media](windows-10-media.md) |This topic provides information about updates to volume licensing media in the current version of Windows 10. |
-|[Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
-|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, additional guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md). |
-|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to assist in Windows 10 deployment planning. |
-|[Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
-|[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) |If you have Microsoft Endpoint Manager in your environment, you will most likely want to use it to deploy Windows 10. This topic will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT) or. |
-|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
-|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install additional fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
+|[Overview of Windows Autopilot](/mem/autopilot/windows-autopilot) |This article provides an overview of Windows Autopilot deployment, a new zero-touch method for deploying Windows 10 in the enterprise. |
+|[Windows 10 upgrade paths](upgrade/windows-10-upgrade-paths.md) |This article provides information about support for upgrading directly to Windows 10 from a previous operating system. |
+|[Windows 10 edition upgrade](upgrade/windows-10-edition-upgrades.md) |This article provides information about support for upgrading from one edition of Windows 10 to another. |
+|[Windows 10 volume license media](windows-10-media.md) |This article provides information about updates to volume licensing media in the current version of Windows 10. |
+|[Manage Windows upgrades with Upgrade Readiness](/mem/configmgr/desktop-analytics/overview) |With Upgrade Readiness, enterprises now have the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With Windows diagnostic data enabled, Upgrade Readiness collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they're known to Microsoft. The Upgrade Readiness workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded. | 
+|[Windows 10 deployment test lab](windows-10-poc.md) |This guide contains instructions to configure a proof of concept (PoC) environment requiring a minimum amount of resources. The guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After you complete this guide, more guides are provided to  deploy Windows 10 in the test lab using [Microsoft Deployment Toolkit](windows-10-poc-mdt.md) or [Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md). |
+|[Plan for Windows 10 deployment](planning/index.md) | This section describes Windows 10 deployment considerations and provides information to help Windows 10 deployment planning. |
+|[Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md) |This guide will walk you through the process of deploying Windows 10 in an enterprise environment using the Microsoft Deployment Toolkit (MDT). |
+|[Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) |If you have Microsoft Configuration Manager in your environment, you'll most likely want to use it to deploy Windows 10. This article will show you how to set up Configuration Manager for operating system deployment and how to integrate Configuration Manager with the Microsoft Deployment Toolkit (MDT). |
+|[Windows 10 deployment tools](windows-10-deployment-tools-reference.md) |Learn about available tools to deploy Windows 10, such as the Windows ADK, DISM, USMT, WDS, MDT, Windows PE and more. |
+|[How to install fonts that are missing after upgrading to Windows 10](windows-10-missing-fonts.md)|Windows 10 introduced changes to the fonts that are included in the image by default. Learn how to install more fonts from **Optional features** after you install Windows 10 or upgrade from a previous version.|
 
-## Related topics
+## Related articles
 
 [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home)
diff --git a/windows/deployment/do/delivery-optimization-endpoints.md b/windows/deployment/do/delivery-optimization-endpoints.md
index 98615239e4..8de2e95ad4 100644
--- a/windows/deployment/do/delivery-optimization-endpoints.md
+++ b/windows/deployment/do/delivery-optimization-endpoints.md
@@ -26,12 +26,12 @@ This article lists the endpoints that need to be allowed through the firewall to
 
 |Domain Name  |Protocol/Port(s)  | Content Type | Additional Information | Version |
 |---------|---------|---------------|-------------------|-----------------|
-| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com   |  HTTP / 80  | Windows Update </br> Windows Defender </br> Windows Drivers | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Microsoft Endpoint Configuration Manager Distribution Point |
-| *.delivery.mp.microsoft.com  |  HTTP / 80  | Edge Browser | [Complete list](/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Microsoft Endpoint Configuration Manager Distribution Point |
-| *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net |  HTTP / 80  | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Microsoft Endpoint Configuration Manager Distribution Point |
-| *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com |  HTTP / 80 </br> HTTPs / 443  | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Microsoft Endpoint Configuration Manager Distribution Point |
-| *.statics.teams.cdn.office.net |  HTTP / 80 </br> HTTPs / 443  | Teams | | Microsoft Endpoint Configuration Manager Distribution Point |
-| *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com |  HTTP / 80 | Xbox | | Microsoft Endpoint Configuration Manager Distribution Point |
-| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com |  HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates.  | Microsoft Endpoint Configuration Manager Distribution Point |
+| *.b1.download.windowsupdate.com, *.dl.delivery.mp.microsoft.com, *.download.windowsupdate.com, *.au.download.windowsupdate.com, *.au.b1.download.windowsupdate.com, *.tlu.dl.delivery.mp.microsoft.com, *.emdl.ws.microsoft.com, *.ctldl.windowsupdate.com   |  HTTP / 80  | Windows Update </br> Windows Defender </br> Windows Drivers | [Complete list](/windows/privacy/manage-windows-2004-endpoints) of endpoints for Windows Update services and payload. | Microsoft Configuration Manager Distribution Point |
+| *.delivery.mp.microsoft.com  |  HTTP / 80  | Edge Browser | [Complete list](/deployedge/microsoft-edge-security-endpoints) of endpoints for Edge Browser. | Microsoft Configuration Manager Distribution Point |
+| *.officecdn.microsoft.com.edgesuite.net, *.officecdn.microsoft.com, *.cdn.office.net |  HTTP / 80  | Office CDN updates | [Complete list](/office365/enterprise/office-365-endpoints) of endpoints for Office CDN updates. | Microsoft Configuration Manager Distribution Point |
+| *.manage.microsoft.com, *.swda01.manage.microsoft.com, *.swda02.manage.microsoft.com, *.swdb01.manage.microsoft.com, *.swdb02.manage.microsoft.com, *.swdc01.manage.microsoft.com, *.swdc02.manage.microsoft.com, *.swdd01.manage.microsoft.com, *.swdd02.manage.microsoft.com, *.swda01-mscdn.manage.microsoft.com, *.swda02-mscdn.manage.microsoft.com, *.swdb01-mscdn.manage.microsoft.com, *.swdb02-mscdn.manage.microsoft.com, *.swdc01-mscdn.manage.microsoft.com, *.swdc02-mscdn.manage.microsoft.com, *.swdd01-mscdn.manage.microsoft.com, *.swdd02-mscdn.manage.microsoft.com |  HTTP / 80 </br> HTTPs / 443  | Intune Win32 Apps | [Complete list](/mem/intune/fundamentals/intune-endpoints) of endpoints for Intune Win32 Apps updates. | Microsoft Configuration Manager Distribution Point |
+| *.statics.teams.cdn.office.net |  HTTP / 80 </br> HTTPs / 443  | Teams | | Microsoft Configuration Manager Distribution Point |
+| *.assets1.xboxlive.com, *.assets2.xboxlive.com, *.dlassets.xboxlive.com, *.dlassets2.xboxlive.com, *.d1.xboxlive.com, *.d2.xboxlive.com, *.assets.xbox.com, *.xbl-dlassets-origin.xboxlive.com, *.assets-origin.xboxlive.com, *.xvcb1.xboxlive.com, *.xvcb2.xboxlive.com, *.xvcf1.xboxlive.com, *.xvcf2.xboxlive.com |  HTTP / 80 | Xbox | | Microsoft Configuration Manager Distribution Point |
+| *.tlu.dl.adu.microsoft.com, *.nlu.dl.adu.microsoft.com, *.dcsfe.prod.adu.microsoft.com |  HTTP / 80 | Device Update | [Complete list](/azure/iot-hub-device-update/) of endpoints for Device Update updates.  | Microsoft Configuration Manager Distribution Point |
 | *.do.dsp.mp.microsoft.com |  HTTP / 80 </br> HTTPs / 443 | Microsoft Connected Cache -> Delivery Optimization Services communication | [Complete list](../do/waas-delivery-optimization-faq.yml) of endpoints for Delivery Optimization only.  | Microsoft Connected Cache Managed in Azure |
 | *.azure-devices.net, *.global.azure-devices-provisioning.net, *.azurecr.io, *.blob.core.windows.net, *.mcr.microsoft.com |  AMQP / 5671 </br>  MQTT / 8883 </br> HTTPs / 443 | IoT Edge / IoT Hub communication| [Complete list](/azure/iot-hub/iot-hub-devguide-protocols) of Azure IoT Hub communication protocols and ports. [Azure IoT Guide](/azure/iot-hub/iot-hub-devguide-endpoints) to understanding Azure IoT Hub endpoints. | Microsoft Connected Cache Managed in Azure |
diff --git a/windows/deployment/do/index.yml b/windows/deployment/do/index.yml
index 225ed1997b..af455b76b1 100644
--- a/windows/deployment/do/index.yml
+++ b/windows/deployment/do/index.yml
@@ -54,7 +54,7 @@ landingContent:
             url: https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332
 
   # Card (optional)
-  - title: Configure Delivery Optimization on Microsoft Endpoint Manager
+  - title: Configure Delivery Optimization on Microsoft Intune or Configuration Manager
     linkLists:
       - linkListType: how-to-guide
         links:
diff --git a/windows/deployment/do/mcc-enterprise.md b/windows/deployment/do/mcc-enterprise.md
index dda18b7a2d..c06114a22e 100644
--- a/windows/deployment/do/mcc-enterprise.md
+++ b/windows/deployment/do/mcc-enterprise.md
@@ -241,7 +241,7 @@ Files contained in the mccinstaller.zip file:
 1. Enable Nested Virtualization
 
   ```powershell
-  Set -VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true
+  Set-VMProcessor -VMName "VM name" -ExposeVirtualizationExtensions $true
   ```
 2. Enable Mac Spoofing
   ```powershell
diff --git a/windows/deployment/do/waas-delivery-optimization.md b/windows/deployment/do/waas-delivery-optimization.md
index 9c019a611b..d22068202b 100644
--- a/windows/deployment/do/waas-delivery-optimization.md
+++ b/windows/deployment/do/waas-delivery-optimization.md
@@ -24,7 +24,7 @@ ms.technology: itpro-updates
 
 > **Looking for Group Policy objects?** See [Delivery Optimization reference](waas-delivery-optimization-reference.md) or the master spreadsheet available at the [Download Center](https://www.microsoft.com/download/details.aspx?id=102158).
 
-Windows updates, upgrades, and applications can contain packages with large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization is a cloud-managed solution that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or Microsoft Endpoint Manager (when installation of Express Updates is enabled).  
+Windows updates, upgrades, and applications can contain packages with large files. Downloading and distributing updates can consume quite a bit of network resources on the devices receiving them. You can use Delivery Optimization to reduce bandwidth consumption by sharing the work of downloading these packages among multiple devices in your deployment. Delivery Optimization is a cloud-managed solution that allows clients to download those packages from alternate sources (such as other peers on the network) in addition to the traditional Internet-based servers. You can use Delivery Optimization with Windows Update, Windows Server Update Services (WSUS), Windows Update for Business, or Microsoft Configuration Manager (when installation of Express Updates is enabled).  
 
 Access to the Delivery Optimization cloud services and the Internet, are both requirements for using the peer-to-peer functionality of Delivery Optimization.
 
@@ -96,7 +96,7 @@ To gain a deeper understanding of the Delivery Optimization client-service commu
 
 ## Set up Delivery Optimization for Windows
 
-[Learn more](waas-delivery-optimization-setup.md) about the Delivery Optimization settings to ensure proper set up in your environment.
+[Learn more](waas-delivery-optimization-setup.md) about the Delivery Optimization settings to ensure proper setup in your environment.
 
 ## Delivery Optimization reference
 
diff --git a/windows/deployment/do/waas-optimize-windows-10-updates.md b/windows/deployment/do/waas-optimize-windows-10-updates.md
index fc5b9d2841..75f5fb76b3 100644
--- a/windows/deployment/do/waas-optimize-windows-10-updates.md
+++ b/windows/deployment/do/waas-optimize-windows-10-updates.md
@@ -27,14 +27,14 @@ Two methods of peer-to-peer content distribution are available.
 
 - [Delivery Optimization](waas-delivery-optimization.md) is a peer-to-peer distribution method in Windows. Windows clients can source content from other devices on their local network that have already downloaded the updates or from peers over the internet. Using the settings available for Delivery Optimization, clients can be configured into groups, allowing organizations to identify devices that are possibly the best candidates to fulfill peer-to-peer requests.
 
-    Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources as well as the time it takes for clients to retrieve the updates.
+    Windows Update, Windows Update for Business, and Windows Server Update Services (WSUS) can use Delivery Optimization. Delivery Optimization can significantly reduce the amount of network traffic to external Windows Update sources and the time it takes for clients to retrieve the updates.
 
 - [BranchCache](../update/waas-branchcache.md) is a bandwidth optimization technology that is included in some editions of Windows Server 2016 and Windows operating systems, as well as in some editions of Windows Server 2012 R2, Windows 8.1, Windows Server 2012, Windows 8, Windows Server 2008 R2, and Windows 7.
 
     >[!NOTE]
     >Full BranchCache functionality is supported in Windows 10 Enterprise and Education; Windows 10 Pro supports some BranchCache functionality, including BITS transfers used for servicing operations.
 
-    Windows Server Update Services (WSUS) and Microsoft Endpoint Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
+    Windows Server Update Services (WSUS) and Microsoft Configuration Manager can use BranchCache to allow peers to source content from each other versus always having to contact a server. Using BranchCache, files are cached on each individual client, and other clients can retrieve them as needed. This approach distributes the cache rather than having a single point of retrieval, saving a significant amount of bandwidth while drastically reducing the time that it takes for clients to receive the requested content.
 
 <br/><br/>
 
@@ -44,9 +44,9 @@ Two methods of peer-to-peer content distribution are available.
 | BranchCache | ![no.](images/crossmark.png) | ![no](images/crossmark.png) |![yes](images/checkmark.png) | ![yes](images/checkmark.png) |
 
 > [!NOTE]
-> Microsoft Endpoint Manager has an additional feature called Client Peer Cache that allows peer-to-peer content sharing between clients you use Microsoft Endpoint Manager to manage, in the same Configuration Manager boundary Group. For more information, see [Client Peer Cache](/configmgr/core/plan-design/hierarchy/client-peer-cache).
+> Microsoft Configuration Manager has an additional feature called Client Peer Cache that allows peer-to-peer content sharing between clients you use Configuration Manager to manage, in the same Configuration Manager boundary Group. For more information, see [Client Peer Cache](/configmgr/core/plan-design/hierarchy/client-peer-cache).
 >
-> In addition to Client Peer Cache, similar functionality is available in the Windows Preinstallation Environment (Windows PE) for imaging-related content. Using this technology, clients imaging with Microsoft Endpoint Manager task sequences can source operating system images, driver packages, boot images, packages, and programs from peers instead of distribution points. For detailed information about how Windows PE Peer Cache works and how to configure it, see [Prepare Windows PE peer cache to reduce WAN traffic in Microsoft Endpoint Configuration Manager](/configmgr/osd/get-started/prepare-windows-pe-peer-cache-to-reduce-wan-traffic).
+> In addition to Client Peer Cache, similar functionality is available in the Windows Preinstallation Environment (Windows PE) for imaging-related content. Using this technology, clients imaging with Configuration Manager task sequences can source operating system images, driver packages, boot images, packages, and programs from peers instead of distribution points. For detailed information about how Windows PE Peer Cache works and how to configure it, see [Prepare Windows PE peer cache to reduce WAN traffic in Microsoft Configuration Manager](/configmgr/osd/get-started/prepare-windows-pe-peer-cache-to-reduce-wan-traffic).
 
 ## Express update delivery
 
@@ -56,7 +56,7 @@ Windows client quality update downloads can be large because every package conta
 > Express update delivery applies to quality update downloads. Starting with Windows 10, version 1709, Express update delivery also applies to feature update downloads for clients connected to Windows Update and Windows Update for Business.
 
 ### How Microsoft supports Express
-- **Express on Microsoft Endpoint Configuration Manager** starting with version 1702 of Configuration Manager and Windows 10, version 1703 or later, or Windows 10, version 1607 with the April 2017 cumulative update.
+- **Express on Microsoft Configuration Manager** starting with version 1702 of Configuration Manager and Windows 10, version 1703 or later, or Windows 10, version 1607 with the April 2017 cumulative update.
 - **Express on WSUS Standalone**
 
   Express update delivery is available on [all support versions of WSUS](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc708456(v=ws.10)).
@@ -78,7 +78,7 @@ The Windows Update client will try to download Express first, and under certain
 1. When the Windows Update client initiates an Express download, **Windows Update first downloads a stub**, which is part of the Express package.
 2. **The Windows Update client passes this stub to the Windows installer**, which uses the stub to do a local inventory, comparing the deltas of the file on the device with what is needed to get to the latest version of the file being offered.
 3. **The Windows installer then requests the Windows Update client to download the ranges**, which have been determined to be required.
-4. **The client downloads these ranges and passes them to the Windows Installer**, which applies the ranges and then determines if additional ranges are needed. This repeats until the Windows installer tells the Windows Update client that all necessary ranges have been downloaded.
+4. **The client downloads these ranges and passes them to the Windows Installer**, which applies the ranges and then determines if more ranges are needed. This step repeats until the Windows installer tells the Windows Update client that all necessary ranges have been downloaded.
 
 At this point, the download is complete and the update is ready to be installed.
 
@@ -93,5 +93,5 @@ At this point, the download is complete and the update is ready to be installed.
 | ![done.](images/checklistdone.png) | [Prepare servicing strategy for Windows client updates](../update/waas-servicing-strategy-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | [Build deployment rings for Windows client updates](../update/waas-deployment-rings-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows client updates](../update/waas-servicing-channels-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | Optimize update delivery for Windows 10 updates (this topic) |
-| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](../update/waas-manage-updates-wufb.md)<br/>or [Deploy Windows client updates using Windows Server Update Services](../update/waas-manage-updates-wsus.md)<br/>or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
+| ![done.](images/checklistdone.png) | Optimize update delivery for Windows 10 updates (this article) |
+| ![to do.](images/checklistbox.gif) | [Deploy updates using Windows Update for Business](../update/waas-manage-updates-wufb.md)<br/>or [Deploy Windows client updates using Windows Server Update Services](../update/waas-manage-updates-wsus.md)<br/>or [Deploy Windows client updates using Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
diff --git a/windows/deployment/index.yml b/windows/deployment/index.yml
index a7dbbcc6f0..7c6b7cb6ed 100644
--- a/windows/deployment/index.yml
+++ b/windows/deployment/index.yml
@@ -13,10 +13,10 @@ metadata:
   ms.collection:
     - windows-10
     - highpri
-  author: aczechowski
-  ms.author: aaroncz
-  manager: dougeby
-  ms.date: 02/08/2022 #Required; mm/dd/yyyy format.
+  author: frankroj
+  ms.author: frankroj
+  manager: aaroncz
+  ms.date: 10/31/2022 #Required; mm/dd/yyyy format.
   localization_priority: medium
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
diff --git a/windows/deployment/mbr-to-gpt.md b/windows/deployment/mbr-to-gpt.md
index a7c2e3e203..5bae3977a7 100644
--- a/windows/deployment/mbr-to-gpt.md
+++ b/windows/deployment/mbr-to-gpt.md
@@ -2,14 +2,15 @@
 title: MBR2GPT
 description: Use MBR2GPT.EXE to convert a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk.
 ms.prod: windows-client
-author: aczechowski
-ms.author: aaroncz
-ms.date: 02/13/2018
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+ms.date: 10/31/2022
+manager: aaroncz
 ms.localizationpriority: high
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.collection: highpri
+ms.technology: itpro-deploy
 ---
 
 # MBR2GPT.EXE
@@ -17,7 +18,7 @@ ms.collection: highpri
 **Applies to**
 -   Windows 10
 
-**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool is designed to be run from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option.
+**MBR2GPT.EXE** converts a disk from the Master Boot Record (MBR) to the GUID Partition Table (GPT) partition style without modifying or deleting data on the disk. The tool runs from a Windows Preinstallation Environment (Windows PE) command prompt, but can also be run from the full Windows 10 operating system (OS) by using the **/allowFullOS** option.
 
 MBR2GPT.EXE is located in the **Windows\\System32** directory on a computer running Windows 10 version 1703 (also known as the Creator's Update) or later.
 
@@ -29,12 +30,12 @@ See the following video for a detailed description and demonstration of MBR2GPT.
 
 You can use MBR2GPT to:
 
-- Convert any attached MBR-formatted system disk to the GPT partition format. You cannot use the tool to convert non-system disks from MBR to GPT.
-- Convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you will need to delete the existing protectors and recreate them.
+- Convert any attached MBR-formatted system disk to the GPT partition format. You can't use the tool to convert non-system disks from MBR to GPT.
+- Convert an MBR disk with BitLocker-encrypted volumes as long as protection has been suspended. To resume BitLocker after conversion, you'll need to delete the existing protectors and recreate them.
 - Convert operating system disks that have earlier versions of Windows 10 installed, such as versions 1507, 1511, and 1607. However, you must run the tool while booted into Windows 10 version 1703 or later, and perform an offline conversion.
-- Convert an operating system disk from MBR to GPT using Configuration Manager or MDT provided that your task sequence uses Windows PE version 1703 or later.
+- Convert an operating system disk from MBR to GPT using Configuration Manager or MDT if your task sequence uses Windows PE version 1703 or later.
 
-Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 are not officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion.
+Offline conversion of system disks with earlier versions of Windows installed, such as Windows 7, 8, or 8.1 aren't officially supported. The recommended method to convert these disks is to upgrade the operating system to Windows 10 first, then perform the MBR to GPT conversion.
 
 > [!IMPORTANT]
 > After the disk has been converted to GPT partition style, the firmware must be reconfigured to boot in UEFI mode.
@@ -45,17 +46,17 @@ Offline conversion of system disks with earlier versions of Windows installed, s
 
 Before any change to the disk is made, MBR2GPT validates the layout and geometry of the selected disk to ensure that:
 - The disk is currently using MBR
-- There is enough space not occupied by partitions to store the primary and secondary GPTs:
-  - 16KB + 2 sectors at the front of the disk
-  - 16KB + 1 sector at the end of the disk
-- There are at most 3 primary partitions in the MBR partition table
+- There's enough space not occupied by partitions to store the primary and secondary GPTs:
+  - 16 KB + 2 sectors at the front of the disk
+  - 16 KB + 1 sector at the end of the disk
+- There are at most three primary partitions in the MBR partition table
 - One of the partitions is set as active and is the system partition
-- The disk does not have any extended/logical partition
+- The disk doesn't have any extended/logical partition
 - The BCD store on the system partition contains a default OS entry pointing to an OS partition
-- The volume IDs can be retrieved for each volume which has a drive letter assigned
+- The volume IDs can be retrieved for each volume that has a drive letter assigned
 - All partitions on the disk are of MBR types recognized by Windows or has a mapping specified using the /map command-line option
 
-If any of these checks fails, the conversion will not proceed and an error will be returned.
+If any of these checks fails, the conversion won't proceed, and an error will be returned.
 
 ## Syntax
 
@@ -67,10 +68,10 @@ If any of these checks fails, the conversion will not proceed and an error will
 |----|-------------|
 |/validate| Instructs MBR2GPT.exe to perform only the disk validation steps and report whether the disk is eligible for conversion. |
 |/convert| Instructs MBR2GPT.exe to perform the disk validation and to proceed with the conversion if all validation tests pass. |
-|/disk:\<diskNumber\>| Specifies the disk number of the disk to be converted to GPT. If not specified, the system disk is used. The mechanism used is the same as that used by the diskpart.exe tool **SELECT DISK SYSTEM** command.|
+|/disk:\<diskNumber\>| Specifies the disk number of the disk to be converted to GPT. If not specified, the system disk is used. The mechanism used is the same as used by the diskpart.exe tool **SELECT DISK SYSTEM** command.|
 |/logs:\<logDirectory\>| Specifies the directory where MBR2GPT.exe logs should be written. If not specified, **%windir%** is used. If specified, the directory must already exist, it will not be automatically created or overwritten.|
-|/map:\<source\>=\<destination\>| Specifies additional partition type mappings between MBR and GPT. The MBR partition number is specified in decimal notation, not hexadecimal. The GPT GUID can contain brackets, for example: **/map:42={af9b60a0-1431-4f62-bc68-3311714a69ad}**. Multiple /map options can be specified if multiple mappings are required. |
-|/allowFullOS| By default, MBR2GPT.exe is blocked unless it is run from Windows PE. This option overrides this block and enables disk conversion while running in the full Windows environment. <br>**Note**: Since the existing MBR system partition is in use while running the full Windows environment, it cannot be reused. In this case, a new ESP is created by shrinking the OS partition.|
+|/map:\<source\>=\<destination\>| Specifies other partition type mappings between MBR and GPT. The MBR partition number is specified in decimal notation, not hexadecimal. The GPT GUID can contain brackets, for example: **/map:42={af9b60a0-1431-4f62-bc68-3311714a69ad}**. Multiple /map options can be specified if multiple mappings are required. |
+|/allowFullOS| By default, MBR2GPT.exe is blocked unless it's run from Windows PE. This option overrides this block and enables disk conversion while running in the full Windows environment. <br>**Note**: Since the existing MBR system partition is in use while running the full Windows environment, it can't be reused. In this case, a new ESP is created by shrinking the OS partition.|
 
 ## Examples
 
@@ -225,9 +226,9 @@ Offset in Bytes: 524288000
 The following steps illustrate high-level phases of the MBR-to-GPT conversion process:
 
 1. Disk validation is performed.
-2. The disk is repartitioned to create an EFI system partition (ESP) if one does not already exist.
+2. The disk is repartitioned to create an EFI system partition (ESP) if one doesn't already exist.
 3. UEFI boot files are installed to the ESP.
-4. GPT metadata and layout information is applied.
+4. GPT metadata and layout information are applied.
 5. The boot configuration data (BCD) store is updated.
 6. Drive letter assignments are restored.
 
@@ -236,14 +237,14 @@ The following steps illustrate high-level phases of the MBR-to-GPT conversion pr
 For Windows to remain bootable after the conversion, an EFI system partition (ESP) must be in place. MBR2GPT creates the ESP using the following rules:
 
 1. The existing MBR system partition is reused if it meets these requirements:
-   1. It is not also the OS or Windows Recovery Environment partition.
-   1. It is at least 100MB (or 260MB for 4K sector size disks) in size.
-   1. It is less than or equal to 1GB in size. This is a safety precaution to ensure it is not a data partition.
-   1. The conversion is not being performed from the full OS. In this case, the existing MBR system partition is in use and cannot be repurposed.
+   1. It isn't also the OS or Windows Recovery Environment partition.
+   1. It is at least 100 MB (or 260 MB for 4K sector size disks) in size.
+   1. It's less than or equal to 1 GB in size. This size is a safety precaution to ensure it isn't a data partition.
+   1. The conversion isn't being performed from the full OS. In this case, the existing MBR system partition is in use and can't be repurposed.
 
-2. If the existing MBR system partition cannot be reused, a new ESP is created by shrinking the OS partition. This new partition has a size of 100MB (or 260MB for 4K sector size disks) and is formatted FAT32.
+2. If the existing MBR system partition can't be reused, a new ESP is created by shrinking the OS partition. This new partition has a size of 100 MB (or 260 MB for 4K sector size disks) and is formatted FAT32.
 
-If the existing MBR system partition is not reused for the ESP, it is no longer used by the boot process after the conversion. Other partitions are not modified.
+If the existing MBR system partition isn't reused for the ESP, it's no longer used by the boot process after the conversion. Other partitions aren't modified.
 
 >[!IMPORTANT]
 >If the existing MBR system partition is not reused for the ESP, it might be assigned a drive letter. If you do not wish to use this small partition, you must manually hide the drive letter.
@@ -268,7 +269,7 @@ For more information about partition types, see:
 
 ### Persisting drive letter assignments
 
-The conversion tool will attempt to remap all drive letter assignment information contained in the registry that correspond to the volumes of the converted disk. If a drive letter assignment cannot be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. 
+The conversion tool will attempt to remap all drive letter assignment information contained in the registry that corresponds to the volumes of the converted disk. If a drive letter assignment can't be restored, an error will be displayed at the console and in the log, so that you can manually perform the correct assignment of the drive letter. 
 
 > [!IMPORTANT]
 > This code runs after the layout conversion has taken place, so the operation cannot be undone at this stage.
@@ -277,11 +278,11 @@ The conversion tool will obtain volume unique ID data before and after the layou
 
 1. Check if the unique ID corresponds to any of the unique IDs for any of the volumes that are part of the converted disk.
 2. If found, set the value to be the new unique ID, obtained after the layout conversion.
-3. If the new unique ID cannot be set and the value name starts with \DosDevices, issue a console and log warning about the need for manual intervention in properly restoring the drive letter assignment.
+3. If the new unique ID can't be set and the value name starts with \DosDevices, issue a console and log warning about the need for manual intervention in properly restoring the drive letter assignment.
 
 ## Troubleshooting
 
-The tool will display status information in its output. Both validation and conversion are clear if any errors are encountered. For example, if one or more partitions do not translate properly, this is displayed and the conversion not performed. To view more detail about any errors that are encountered, see the associated [log files](#logs).
+The tool will display status information in its output. Both validation and conversion are clear if any errors are encountered. For example, if one or more partitions don't translate properly, this is displayed and the conversion not performed. To view more detail about any errors that are encountered, see the associated [log files](#logs).
 
 ### Logs
 
@@ -354,18 +355,17 @@ MBR2GPT has the following associated return codes:
 |4| Conversion failed due to invalid command-line parameters. |
 |5| Conversion failed due to error reading the geometry and layout of the selected disk.|
 |6| Conversion failed because one or more volumes on the disk is encrypted.|
-|7| Conversion failed because the geometry and layout of the selected disk do not meet requirements.|
+|7| Conversion failed because the geometry and layout of the selected disk don't meet requirements.|
 |8| Conversion failed due to error while creating the EFI system partition.|
 |9| Conversion failed due to error installing boot files.|
 |10| Conversion failed due to error while applying GPT layout.|
-|100| Conversion to GPT layout succeeded, but some boot configuration data entries could not be restored.|
+|100| Conversion to GPT layout succeeded, but some boot configuration data entries couldn't be restored.|
 
 
 ### Determining the partition type
 
 You can type the following command at a Windows PowerShell prompt to display the disk number and partition type. Example output is also shown:
 
-
 ```powershell
 PS C:\> Get-Disk | ft -Auto
 
@@ -379,8 +379,7 @@ You can also view the partition type of a disk by opening the Disk Management to
 
 :::image type="content" alt-text="Volumes." source="images/mbr2gpt-volume.png":::
 
-
-If Windows PowerShell and Disk Management are not available, such as when you are using Windows PE, you can determine the partition type at a command prompt with the DiskPart tool. To determine the partition style from a command line, type **diskpart** and then type **list disk**. See the following example:
+If Windows PowerShell and Disk Management aren't available, such as when you're using Windows PE, you can determine the partition type at a command prompt with the DiskPart tool. To determine the partition style from a command line, type **diskpart** and then type **list disk**. See the following example:
 
 ```console
 X:\>DiskPart
@@ -400,18 +399,17 @@ DISKPART> list disk
 
 In this example, Disk 0 is formatted with the MBR partition style, and Disk 1 is formatted using GPT.
 
-
 ## Known issue
 
-### MBR2GPT.exe cannot run in Windows PE
+### MBR2GPT.exe can't run in Windows PE
 
 When you start a Windows 10, version 1903-based computer in the Windows Preinstallation Environment (Windows PE), you encounter the following issues:
 
 **Issue 1** When you run the MBR2GPT.exe command, the process exits without converting the drive.
 
-**Issue 2** When you manually run the MBR2GPT.exe command in a Command Prompt window, there is no output from the tool.
+**Issue 2** When you manually run the MBR2GPT.exe command in a Command Prompt window, there's no output from the tool.
 
-**Issue 3** When MBR2GPT.exe runs inside an imaging process such as a Microsoft Endpoint Manager task sequence, an MDT task sequence, or by using a script, you receive the following exit code: 0xC0000135/3221225781.
+**Issue 3** When MBR2GPT.exe runs inside an imaging process such as a Microsoft Configuration Manager task sequence, an MDT task sequence, or by using a script, you receive the following exit code: 0xC0000135/3221225781.
 
 #### Cause
 
@@ -419,7 +417,7 @@ This issue occurs because in Windows 10, version 1903 and later versions, MBR2GP
 
 #### Workaround
 
-To fix this issue, mount the Windows PE image (WIM), copy the missing file from the [Windows 10, version 1903 Assessment and Development Kit (ADK)](https://go.microsoft.com/fwlink/?linkid=2086042) source, and then commit the changes to the WIM. To do this, follow these steps:
+To fix this issue, mount the Windows PE image (WIM), copy the missing file from the [Windows 10, version 1903 Assessment and Development Kit (ADK)](https://go.microsoft.com/fwlink/?linkid=2086042) source, and then commit the changes to the WIM. Use follow these steps:
 
 1. Mount the Windows PE WIM to a path (for example, C:\WinPE_Mount). For more information about how to mount WIM files, see [Mount an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#mount-an-image).
 
@@ -458,8 +456,7 @@ To fix this issue, mount the Windows PE image (WIM), copy the missing file from
 
 3. After you copy all the files, commit the changes and unmount the Windows PE WIM. MBR2GPT.exe now functions as expected in Windows PE. For information about how to unmount WIM files while committing changes, see [Unmounting an image](/windows-hardware/manufacture/desktop/mount-and-modify-a-windows-image-using-dism#unmounting-an-image).
 
-
-## Related topics
+## Related articles
 
 [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
 <BR>[Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)
diff --git a/windows/deployment/planning/act-technical-reference.md b/windows/deployment/planning/act-technical-reference.md
index 49e84cc536..4a758fcbc4 100644
--- a/windows/deployment/planning/act-technical-reference.md
+++ b/windows/deployment/planning/act-technical-reference.md
@@ -2,12 +2,13 @@
 title: Application Compatibility Toolkit (ACT) Technical Reference (Windows 10)
 description: The Microsoft Application Compatibility Toolkit (ACT) helps you see if the apps and devices in your org are compatible with different versions of Windows.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Application Compatibility Toolkit (ACT) Technical Reference
@@ -18,11 +19,11 @@ ms.technology: itpro-deploy
  
 >[!IMPORTANT]
 >We've replaced the majority of functionality included in the Application Compatibility Toolkit (ACT) with [Windows Analytics](/mem/configmgr/desktop-analytics/overview), a solution in the Microsoft Operations Management Suite. Windows Analytics gives enterprises the tools to plan and manage the upgrade process end to end, allowing them to adopt new Windows releases more quickly. With new Windows versions being released multiple times a year, ensuring application and driver compatibility on an ongoing basis is key to adopting new Windows versions as they are released.
- 
-Microsoft developed Windows Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Windows Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft’s experience upgrading millions of devices to Windows 10. 
- 
+
+Microsoft developed Windows Analytics in response to demand from enterprise customers looking for additional direction and details about upgrading to Windows 10. Windows Analytics was built taking into account multiple channels of customer feedback, testing, and Microsoft's experience upgrading millions of devices to Windows 10. 
+
 With Windows diagnostic data enabled, Windows Analytics collects system, application, and driver data for analysis. We then identify compatibility issues that can block an upgrade and suggest fixes when they are known to Microsoft. 
- 
+
 Use Windows Analytics to get:
 - A visual workflow that guides you from pilot to production
 - Detailed computer and application inventory
@@ -30,7 +31,7 @@ Use Windows Analytics to get:
 - Guidance and insights into application and driver compatibility issues, with suggested fixes 
 - Data driven application rationalization tools
 - Application usage information, allowing targeted validation; workflow to track validation progress and decisions
-- Data export to commonly used software deployment tools, including Microsoft Endpoint Configuration Manager
+- Data export to commonly used software deployment tools, including Microsoft Configuration Manager
 
 The Windows Analytics workflow steps you through the discovery and rationalization process until you have a list of computers that are ready to be upgraded.
 
diff --git a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
index 4475629792..a66f84e71b 100644
--- a/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
+++ b/windows/deployment/planning/applying-filters-to-data-in-the-sua-tool.md
@@ -2,26 +2,25 @@
 title: Applying Filters to Data in the SUA Tool (Windows 10)
 description: Learn how to apply filters to results from the Standard User Analyzer (SUA) tool while testing your application.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Applying Filters to Data in the SUA Tool
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 On the user interface for the Standard User Analyzer (SUA) tool, you can apply filters to the issues that the tool has found so that you can view only the information that interests you.
 
diff --git a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
index 3a16dfed66..1d00068f16 100644
--- a/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
+++ b/windows/deployment/planning/available-data-types-and-operators-in-compatibility-administrator.md
@@ -2,18 +2,17 @@
 title: Available Data Types and Operators in Compatibility Administrator (Windows 10)
 description: The Compatibility Administrator tool provides a way to query your custom-compatibility databases.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Available Data Types and Operators in Compatibility Administrator
 
-
 **Applies to**
 
 -   Windows 10
@@ -27,7 +26,6 @@ The Compatibility Administrator tool provides a way to query your custom-compati
 
 ## Available Data Types
 
-
 Customized-compatibility databases in Compatibility Administrator contain the following data types.
 
 -   **Integer**. A numerical value with no fractional part. All integers are unsigned because none of the attributes can have a negative value.
@@ -38,7 +36,6 @@ Customized-compatibility databases in Compatibility Administrator contain the fo
 
 ## Available Attributes
 
-
 The following table shows the attributes you can use for querying your customized-compatibility databases in Compatibility Administrator.
 
 |Attribute|Description|Data type|
@@ -78,4 +75,3 @@ The following table shows the operators that you can use for querying your custo
 ## Related topics
 
 [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md)
-
diff --git a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
index dcc8f11756..64b214e0e5 100644
--- a/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
+++ b/windows/deployment/planning/best-practice-recommendations-for-windows-to-go.md
@@ -2,12 +2,13 @@
 title: Best practice recommendations for Windows To Go (Windows 10)
 description: Learn about best practice recommendations for using Windows To Go, like using a USB 3.0 port with Windows to Go if it's available.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Best practice recommendations for Windows To Go
@@ -15,7 +16,7 @@ ms.technology: itpro-deploy
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
 > [!IMPORTANT]
 > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@@ -40,9 +41,9 @@ Additionally, we recommend that when you plan your deployment you should also pl
 [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
 [Windows To Go: frequently asked questions](windows-to-go-frequently-asked-questions.yml)<br>
 
- 
+ 
 
- 
+ 
 
 
 
diff --git a/windows/deployment/planning/compatibility-administrator-users-guide.md b/windows/deployment/planning/compatibility-administrator-users-guide.md
index 8ce6413f47..57500f6608 100644
--- a/windows/deployment/planning/compatibility-administrator-users-guide.md
+++ b/windows/deployment/planning/compatibility-administrator-users-guide.md
@@ -1,27 +1,27 @@
 ---
 title: Compatibility Administrator User's Guide (Windows 10)
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows.
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-mar2020
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Compatibility Administrator User's Guide
 
-
 **Applies to**
 
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012
-- Windows Server 2008 R2
+- Windows 10
+- Windows 8.1
+- Windows 8
+- Windows 7
+- Windows Server 2012
+- Windows Server 2008 R2
 
 The Compatibility Administrator tool helps you resolve potential application-compatibility issues before deploying a new version of Windows to your organization. Compatibility Administrator provides:
 
diff --git a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
index e40a09cd6f..e6aa979948 100644
--- a/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
+++ b/windows/deployment/planning/compatibility-fix-database-management-strategies-and-deployment.md
@@ -1,12 +1,12 @@
 ---
 title: Compatibility Fix Database Management Strategies and Deployment (Windows 10)
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: Learn how to deploy your compatibility fixes into an application-installation package or through a centralized compatibility-fix database.
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.custom: seo-marvel-mar2020
 ms.technology: itpro-deploy
@@ -14,7 +14,6 @@ ms.technology: itpro-deploy
 
 # Compatibility Fix Database Management Strategies and Deployment
 
-
 **Applies to**
 
 -   Windows 10
diff --git a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
index 6305150422..36d1893c70 100644
--- a/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
+++ b/windows/deployment/planning/compatibility-fixes-for-windows-8-windows-7-and-windows-vista.md
@@ -2,11 +2,11 @@
 title: Compatibility Fixes for Windows 10, Windows 8, Windows 7, & Windows Vista
 description: Find compatibility fixes for all Windows operating systems that have been released from Windows Vista through Windows 10.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
@@ -14,7 +14,6 @@ ms.technology: itpro-deploy
 
 # Compatibility Fixes for Windows 10, Windows 8, Windows 7, and Windows Vista
 
-
 **Applies to**
 
 -   Windows 10
diff --git a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
index 44dd222bf6..82a1bae472 100644
--- a/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-a-custom-compatibility-fix-in-compatibility-administrator.md
@@ -2,17 +2,17 @@
 title: Creating a Custom Compatibility Fix in Compatibility Administrator (Windows 10)
 description: The Compatibility Administrator tool uses the term fix to describe the combination of compatibility information added to a customized database for a specific application.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Creating a Custom Compatibility Fix in Compatibility Administrator
 
-
 **Applies to**
 
 -   Windows 10
@@ -45,7 +45,6 @@ The Compatibility Administrator tool has preloaded fixes for many common applica
 
 ## Creating a New Compatibility Fix
 
-
 If you are unable to find a preloaded compatibility fix for your application, you can create a new one for use by your customized database.
 
 **To create a new compatibility fix**
diff --git a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
index 205f34d0ce..01691fdc5d 100644
--- a/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-a-custom-compatibility-mode-in-compatibility-administrator.md
@@ -2,18 +2,17 @@
 title: Create a Custom Compatibility Mode (Windows 10)
 description: Windows® provides several compatibility modes, groups of compatibility fixes found to resolve many common application-compatibility issues.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Creating a Custom Compatibility Mode in Compatibility Administrator
 
-
 **Applies to**
 
 -   Windows 10
@@ -27,19 +26,15 @@ Windows® provides several *compatibility modes*, groups of compatibility fixes
 
 ## What Is a Compatibility Mode?
 
-
 A compatibility mode is a group of compatibility fixes. A compatibility fix, previously known as a shim, is a small piece of code that intercepts API calls from applications. The fix transforms the API calls so that the current version of the operating system supports the application in the same way as previous versions of the operating system. This can be anything from disabling a new feature in Windows to emulating a particular behavior of an older version of the Windows API.
 
 ## Searching for Existing Compatibility Modes
 
-
 The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new compatibility mode, you can search for an existing application and then copy and paste the known fixes into your custom database.
 
 > [!IMPORTANT]
 > Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications.
 
-
-
 **To search for an existing application**
 
 1.  In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name.
@@ -48,14 +43,11 @@ The Compatibility Administrator tool has preloaded fixes for many common applica
 
 ## Creating a New Compatibility Mode
 
-
 If you are unable to find a preloaded compatibility mode for your application, you can create a new one for use by your custom database.
 
 > [!IMPORTANT]  
 > A compatibility mode includes a set of compatibility fixes and must be deployed as a group. Therefore, you should include only fixes that you intend to deploy together to the database.
 
-
-
 **To create a new compatibility mode**
 
 1.  In the left-side pane of Compatibility Administrator, underneath the **Custom Databases** heading, right-click the name of the database to which you will apply the compatibility mode, click **Create New**, and then click **Compatibility Mode**.
@@ -73,13 +65,4 @@ If you are unable to find a preloaded compatibility mode for your application, y
    The compatibility mode is added to your custom database.
 
 ## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-
-
-
-
-
-
-
-
-
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
index f6cc6a2e5f..78bd540870 100644
--- a/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
+++ b/windows/deployment/planning/creating-an-apphelp-message-in-compatibility-administrator.md
@@ -2,46 +2,41 @@
 title: Create AppHelp Message in Compatibility Administrator (Windows 10)
 description: Create an AppHelp text message with Compatibility Administrator; a message that appears upon starting an app with major issues on the Windows® operating system.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Creating an AppHelp Message in Compatibility Administrator
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.
 
 ## Blocking Versus Non-Blocking AppHelp Messages
 
-
 A blocking AppHelp message prevents the application from starting and displays a message to the user. You can define a specific URL where the user can download an updated driver or other fix to resolve the issue. When using a blocking AppHelp message, you must also define the file-matching information to identify the version of the application and enable the corrected version to continue.
 
 A non-blocking AppHelp message doesn't prevent the application from starting, but provides a message to the user that includes information such as security issues, updates to the application, or changes to the location of network resources.
 
 ## Searching for Existing Compatibility Fixes
 
-
 The Compatibility Administrator tool has preloaded fixes for many common applications, including known compatibility fixes, compatibility modes, and AppHelp messages. Before you create a new AppHelp message, you can search for an existing application and then copy and paste the known fixes into your custom database.
 
 > [!IMPORTANT]
 > Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to create custom databases for 32-bit applications and the 64-bit version to create custom databases for 64-bit applications.
 
- 
-
 **To search for an existing application**
 
 1.  In the left-side pane of Compatibility Administrator, expand the **Applications** folder and search for your application name.
@@ -50,7 +45,6 @@ The Compatibility Administrator tool has preloaded fixes for many common applica
 
 ## Creating a New AppHelp Message
 
-
 If you're unable to find a preloaded AppHelp message for your application, you can create a new one for use by your custom database.
 
 **To create a new AppHelp message**
@@ -79,10 +73,9 @@ If you're unable to find a preloaded AppHelp message for your application, you c
 
 6.  Type the website URL and the message text to appear when the user starts the application, and then click **Finish**.
 
-## Issues with AppHelp Messages and Computers Running Windows 2000
+## Issues with AppHelp Messages and Computers Running Windows 2000
 
-
-The following issues might occur with computers running Windows 2000:
+The following issues might occur with computers running Windows 2000:
 
 -   You might be unable to create a custom AppHelp message.
 
diff --git a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
index add79decef..45096f66f5 100644
--- a/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/deployment-considerations-for-windows-to-go.md
@@ -2,13 +2,14 @@
 title: Deployment considerations for Windows To Go (Windows 10)
 description: Learn about deployment considerations for Windows To Go, such as the boot experience, deployment methods, and tools that you can use with Windows To Go.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Deployment considerations for Windows To Go
diff --git a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
index 5e9da01e3f..6be90716a2 100644
--- a/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
+++ b/windows/deployment/planning/enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md
@@ -2,26 +2,26 @@
 title: Enabling and Disabling Compatibility Fixes in Compatibility Administrator
 description: You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Enabling and Disabling Compatibility Fixes in Compatibility Administrator
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.
 
@@ -32,8 +32,6 @@ Customized compatibility databases can become quite complex as you add your fixe
 >[!IMPORTANT]
 >Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications.
 
- 
-
 **To disable a compatibility fix within a database**
 
 1.  In the left-sde pane of Compatibility Administrator, expand the custom database that includes the compatibility fix that you want to disable, and then select the specific compatibility fix.
@@ -42,14 +40,11 @@ Customized compatibility databases can become quite complex as you add your fixe
 
 2.  On the **Database** menu, click **Disable Entry**.
 
-    **Important**  
+    **Important**  
     When you disable an entry, it will remain disabled even if you do not save the database file.
 
-     
-
 ## Enabling Compatibility Fixes
 
-
 You can enable your disabled compatibility fixes at any time.
 
 **To enable a compatibility fix within a database**
diff --git a/windows/deployment/planning/features-lifecycle.md b/windows/deployment/planning/features-lifecycle.md
index be6a881a78..18da27cab7 100644
--- a/windows/deployment/planning/features-lifecycle.md
+++ b/windows/deployment/planning/features-lifecycle.md
@@ -3,12 +3,13 @@ title: Windows client features lifecycle
 description: Learn about the lifecycle of Windows 10 features, as well as features that are no longer developed, removed features, and terminology assigned to a feature.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
-manager: dougeby
-ms.author: aaroncz
+author: frankroj
+manager: aaroncz
+ms.author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-fundamentals
+ms.date: 10/28/2022
 ---
 # Windows client features lifecycle
 
diff --git a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
index 2e8d5bfcb7..8f65a9df75 100644
--- a/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
+++ b/windows/deployment/planning/fixing-applications-by-using-the-sua-tool.md
@@ -2,26 +2,25 @@
 title: Fixing Applications by Using the SUA Tool (Windows 10)
 description: On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Fixing Applications by Using the SUA Tool
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 On the user interface for the Standard User Analyzer (SUA) tool, you can apply fixes to an application.
 
@@ -37,15 +36,4 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can apply f
     |--- |--- |
     |**Apply Mitigations**|Opens the **Mitigate AppCompat Issues** dialog box, in which you can select the fixes that you intend to apply to the application.|
     |**Undo Mitigations**|Removes the application fixes that you just applied.<p>This option is available only after you apply an application fix and before you close the SUA tool. Alternatively, you can manually remove application fixes by using **Programs and Features** in Control Panel.|
-    |**Export Mitigations as Windows Installer file**|Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.|
-
-     
-
- 
-
- 
-
-
-
-
-
+    |**Export Mitigations as Windows Installer file**|Exports your application fixes as a Windows® Installer (.msi) file, which can then be deployed to other computers that are running the application.|
\ No newline at end of file
diff --git a/windows/deployment/planning/index.md b/windows/deployment/planning/index.md
index 3daa880c61..cb2208b86e 100644
--- a/windows/deployment/planning/index.md
+++ b/windows/deployment/planning/index.md
@@ -3,23 +3,24 @@ title: Plan for Windows 10 deployment (Windows 10)
 description: Find resources for your Windows 10 deployment. Windows 10 provides new deployment capabilities and tools, and introduces new ways to keep the OS up to date.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Plan for Windows 10 deployment
-Windows 10 provides new deployment capabilities, scenarios, and tools by building on technologies introduced in Windows 7, and Windows 8.1, while at the same time introducing new Windows as a service concepts to keep the operating system up to date. Together, these changes require that you rethink the traditional deployment process.
+Windows 10 provides new deployment capabilities, scenarios, and tools by building on technologies introduced in Windows 7, and Windows 8.1, while at the same time introducing new Windows as a service concepts to keep the operating system up to date. Together, these changes require that you rethink the traditional deployment process.
 
 ## In this section
 |Topic |Description |
 |------|------------|
 |[Windows 10 Enterprise: FAQ for IT professionals](windows-10-enterprise-faq-itpro.yml) | Get answers to common questions around compatibility, installation, and support for Windows 10 Enterprise. |
-|[Windows 10 deployment considerations](windows-10-deployment-considerations.md) |There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. |
-|[Windows 10 compatibility](windows-10-compatibility.md) |Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. |
-|[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) |There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. |
+|[Windows 10 deployment considerations](windows-10-deployment-considerations.md) |There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications. |
+|[Windows 10 compatibility](windows-10-compatibility.md) |Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10. |
+|[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md) |There are specific infrastructure requirements to deploy and manage Windows 10 that should be in place prior to significant Windows 10 deployments within your organization. |
 |[Features removed or planned for replacement](features-lifecycle.md) |Information is provided about Windows 10 features and functionality that are removed or planned for replacement. |
 |[Application Compatibility Toolkit (ACT) Technical Reference](act-technical-reference.md) |The Microsoft® Application Compatibility Toolkit (ACT) helps you determine whether the applications, devices, and computers in your organization are compatible with versions of the Windows® operating system. |
 
@@ -30,4 +31,4 @@ Windows 10 provides new deployment capabilities, scenarios, and tools by buildi
 - [Upgrade to Windows 10 with MDT](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
 - [Upgrade to Windows 10 with Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md)
 - [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
- 
+ 
diff --git a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
index 4e9863f473..4744b0559a 100644
--- a/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
+++ b/windows/deployment/planning/installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md
@@ -2,11 +2,11 @@
 title: Install/Uninstall Custom Databases (Windows 10)
 description: The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
@@ -16,21 +16,21 @@ ms.technology: itpro-deploy
 
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.
 
-By default, the Windows® operating system installs a System Application Fix database for use with the Compatibility Administrator. This database can be updated through Windows Update, and is stored in the %WINDIR% \\AppPatch directory. Your custom databases are automatically stored in the %WINDIR% \\AppPatch\\Custom directory and are installed by using the Sdbinst.exe tool provided with the Compatibility Administrator.
+By default, the Windows® operating system installs a System Application Fix database for use with the Compatibility Administrator. This database can be updated through Windows Update, and is stored in the %WINDIR% \\AppPatch directory. Your custom databases are automatically stored in the %WINDIR% \\AppPatch\\Custom directory and are installed by using the Sdbinst.exe tool provided with the Compatibility Administrator.
 
 > [!IMPORTANT]
 > Application Compatibility Toolkit (ACT) installs a 32-bit and a 64-bit version of the Compatibility Administrator tool. You must use the 32-bit version to work with custom databases for 32-bit applications and the 64-bit version to work with custom databases for 64-bit applications.
 
-In addition, you must deploy your databases to your organization’s computers before the included fixes will have any effect on the application issue. For more information about deploying your database, see [Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md).
+In addition, you must deploy your databases to your organization's computers before the included fixes will have any effect on the application issue. For more information about deploying your database, see [Using the Sdbinst.exe Command-Line Tool](using-the-sdbinstexe-command-line-tool.md).
 
  
 
diff --git a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
index ce88e24a2d..99aae19234 100644
--- a/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
+++ b/windows/deployment/planning/managing-application-compatibility-fixes-and-custom-fix-databases.md
@@ -2,26 +2,25 @@
 title: Managing Application-Compatibility Fixes and Custom Fix Databases (Windows 10)
 description: Learn why you should use compatibility fixes, and how to deploy and manage custom-compatibility fix databases.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Managing Application-Compatibility Fixes and Custom Fix Databases
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 This section provides information about managing your application-compatibility fixes and custom-compatibility fix databases. This section explains the reasons for using compatibility fixes and how to deploy custom-compatibility fix databases.
 
diff --git a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
index c361e02f2d..a1328a53ce 100644
--- a/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
+++ b/windows/deployment/planning/prepare-your-organization-for-windows-to-go.md
@@ -1,21 +1,22 @@
 ---
 title: Prepare your organization for Windows To Go (Windows 10)
-description: Though Windows To Go is no longer being developed, you can find info here about the “what”, “why”, and “when” of deployment.
+description: Though Windows To Go is no longer being developed, you can find info here about the "what", "why", and "when" of deployment.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Prepare your organization for Windows To Go
 
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
 > [!IMPORTANT]
 > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@@ -24,7 +25,7 @@ The following information is provided to help you plan and design a new deployme
 
 ## What is Windows To Go?
 
-Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education that enables users to boot Windows from a USB-connected external drive. Windows To Go drives can use the same image that enterprises use for their desktops and laptops, and can be managed the same way. Offering a new mobility option, a Windows To Go workspace isn't intended to replace desktops or laptops, or supplant other mobility offerings.
+Windows To Go is a feature of Windows 10 Enterprise and Windows 10 Education that enables users to boot Windows from a USB-connected external drive. Windows To Go drives can use the same image that enterprises use for their desktops and laptops, and can be managed the same way. A Windows To Go workspace isn't intended to replace desktops or laptops, or supplant other mobility offerings.
 
 Enterprise customers utilizing Volume Activation Windows licensing will be able to deploy USB drives provisioned with Windows To Go workspace. These drives will be bootable on multiple compatible host computers. Compatible host computers are computers that are:
 
@@ -34,24 +35,24 @@ Enterprise customers utilizing Volume Activation Windows licensing will be able
 -   Have compatible processor architectures (for example, x86 or AMD64) as the image used to create the Windows To Go workspace. ARM isn't a supported processor for Windows To Go.
 -   Have firmware architecture that is compatible with the architecture of the image used for the Windows To Go workspace
 
-Booting a Windows To Go workspace requires no specific software on the host computer. PCs certified for Windows 7 and later can host Windows To Go.
+Booting a Windows To Go workspace requires no specific software on the host computer. PCs certified for Windows 7 and later can host Windows To Go.
 
-The following topics will familiarize you with how you can use a Windows To Go workspace and give you an overview of some of the things you should consider in your design.
+The following articles will familiarize you with how you can use a Windows To Go workspace. They also give you an overview of some of the things you should consider in your design.
 
 ## Usage scenarios
 
 
 The following scenarios are examples of situations in which Windows To Go workspaces provide a solution for an IT implementer:
 
--   **Continuance of operations (COO).** In this scenario, selected employees receive a USB drive with a Windows To Go workspace, which includes all of the applications that the employees use at work. The employees can keep the device at home, in a briefcase, or wherever they want to store it until needed. When the users boot their home computer from the USB drive, it will create a corporate desktop experience so that they can quickly start working. On the very first boot, the employee sees that Windows is installing devices; after that one time, the Windows To Go drive boots like a normal computer. If they have enterprise network access, employees can use a virtual private network (VPN) connection or DirectAccess to access corporate resources. If the enterprise network is available, the Windows To Go workspace will automatically be updated using your standard client management processes.
+-   **Continuance of operations (COO).** In this scenario, selected employees receive a USB drive with a Windows To Go workspace, which includes all of the applications that the employees use at work. The employees can keep the device at home, in a briefcase, or wherever they want to store it until needed. When the users boot their home computer from the USB drive, it will create a corporate desktop experience so that they can quickly start working. On the first boot, the employee sees that Windows is installing devices; after that one time, the Windows To Go drive boots like a normal computer. If they have enterprise network access, employees can use a virtual private network (VPN) connection, or DirectAccess to access corporate resources. If the enterprise network is available, the Windows To Go workspace will automatically be updated using your standard client management processes.
 
--   **Contractors and temporary workers.** In this situation, an enterprise IT pro or manager would distribute the Windows To Go drive directly to the worker where they can be assisted with any necessary other user education needs or address any possible compatibility issues. While the worker is on assignment, they can boot their computer exclusively from the Windows To Go drive and run all applications in that environment until the end of the assignment when the device is returned. No installation of software is required on the worker's personal computer.
+-   **Contractors and temporary workers.** In this situation, an enterprise IT pro or manager would distribute the Windows To Go drive directly to the worker. Then they can be assisted with any necessary other user education needs or address any possible compatibility issues. While the worker is on assignment, they can boot their computer exclusively from the Windows To Go drive. And run all applications in that environment until the end of the assignment when the device is returned. No installation of software is required on the worker's personal computer.
 
--   **Managed free seating.** The employee is issued a Windows To Go drive that is then used with the host computer assigned to that employee for a given session (this could be a vehicle, workspace, or standalone laptop). When the employee leaves the session, the next time they return they use the same USB flash drive but use a different host computer.
+-   **Managed free seating.** The employee is issued a Windows To Go drive. This drive is then used with the host computer assigned to that employee for a given session (this could be a vehicle, workspace, or standalone laptop). When the employee leaves the session, the next time they return, they use the same USB flash drive but use a different host computer.
 
--   **Work from home.** In this situation, the Windows To Go drive can be provisioned for employees using various methods including Microsoft Endpoint Manager or other deployment tools and then distributed to employees. The employee is instructed to boot the Windows To Go drive initially at work, which caches the employee's credentials on the Windows To Go workspace and allows the initial data synchronization between the enterprise network and the Windows To Go workspace. The user can then bring the Windows To Go drive home where it can be used with their home computer, with or without enterprise network connectivity.
+-   **Work from home.** In this situation, the Windows To Go drive can be provisioned for employees using various methods including Microsoft Configuration Manager or other deployment tools and then distributed to employees. The employee is instructed to boot the Windows To Go drive initially at work. This boot caches the employee's credentials on the Windows To Go workspace and allows the initial data synchronization between the enterprise network and the Windows To Go workspace. The user can then bring the Windows To Go drive home where it can be used with their home computer, with or without enterprise network connectivity.
 
--   **Travel lightly.** In this situation you have employees who are moving from site to site, but who always will have access to a compatible host computer on site. Using Windows To Go workspaces allows them to travel without the need to pack their PC.
+-   **Travel lightly.** In this situation, you have employees who are moving from site to site, but who always will have access to a compatible host computer on site. Using Windows To Go workspaces allows them to travel without the need to pack their PC.
 
 > [!NOTE]
 > If the employee wants to work offline for the majority of the time, but still maintain the ability to use the drive on the enterprise network, they should be informed of how often the Windows To Go workspace needs to be connected to the enterprise network. Doing so will ensure that the drive retains its access privileges and the workspace's computer object isn't potentially deleted from Active Directory Domain Services (AD DS).
@@ -64,14 +65,14 @@ Because Windows To Go requires no other software and minimal configuration, the
 
 Windows To Go uses volume activation. You can use either Active Directory-based activation or KMS activation with Windows To Go. The Windows To Go workspace counts as another installation when assessing compliance with application licensing agreements.
 
-Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Please note, due to the retail subscription activation method associated with Microsoft 365 Apps for enterprise, Microsoft 365 Apps for enterprise subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This is available to organizations who purchase Microsoft 365 Apps for enterprise or Office 365 Enterprise SKUs containing Microsoft 365 Apps for enterprise via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](/DeployOffice/vlactivation/plan-volume-activation-of-office).
+Microsoft software, such as Microsoft Office, distributed to a Windows To Go workspace must also be activated. Office deployment is fully supported on Windows To Go. Due to the retail subscription activation method associated with Microsoft 365 Apps for enterprise, Microsoft 365 Apps for enterprise subscribers are provided volume licensing activation rights for Office Professional Plus 2013 MSI for local installation on the Windows To Go drive. This method is available to organizations who purchase Microsoft 365 Apps for enterprise or Office 365 Enterprise SKUs containing Microsoft 365 Apps for enterprise via volume licensing channels. For more information about activating Microsoft Office, see [Volume activation methods in Office 2013](/DeployOffice/vlactivation/plan-volume-activation-of-office).
 
 You should investigate other software manufacturer's licensing requirements to ensure they're compatible with roaming usage before deploying them to a Windows To Go workspace.
 
 > [!NOTE]
 > Using Multiple Activation Key (MAK) activation isn't a supported activation method for Windows To Go as each different PC-host would require separate activation. MAK activation should not be used for activating Windows, Office, or any other application on a Windows To Go drive.
 
- See [Plan for Volume Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134042(v=ws.11)) for more information about these activation methods and how they can be used in your organization.
+ For more information about these activation methods and how they can be used in your organization, see [Plan for Volume Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj134042(v=ws.11)).
 
 ## Organizational unit structure and use of Group Policy Objects
 
@@ -83,19 +84,19 @@ For more information about Group Policy settings that can be used with Windows T
 
 ## Computer account management
 
-If you configure Windows To Go drives for scenarios where drives may remain unused for extended periods of time such as used in continuance of operations scenarios, the AD DS computer account objects that correspond to Windows To Go drives have the potential to become stale and be pruned during maintenance operations. To address this issue, you should either have users log on regularly according to a schedule or modify any maintenance scripts to not clean computer accounts in the Windows To Go device organizational unit.
+If you configure Windows To Go drives for scenarios where drives may remain unused for extended periods of time such as used in continuance of operations scenarios, the AD DS computer account objects that correspond to Windows To Go drives have the potential to become stale and be pruned during maintenance operations. To address this issue, you should either have users log on regularly according to a schedule, or modify any maintenance scripts to not clean computer accounts in the Windows To Go device organizational unit.
 
 ## User account and data management
 
-People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to be able to get to the data that they work with and to keep it accessible when the workspace isn't being used. For this reason we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
+People use computers to work with data and consume content - that is their core function. The data must be stored and retrievable for it to be useful. When users are working in a Windows To Go workspace, they need to be able to get to the data that they work with, and to keep it accessible when the workspace isn't being used. For this reason, we recommend that you use folder redirection and offline files to redirect the path of local folders (such as the Documents folder) to a network location, while caching the contents locally for increased speed and availability. We also recommend that you use roaming user profiles to synchronize user specific settings so that users receive the same operating system and application settings when using their Windows To Go workspace and their desktop computer. When a user signs in using a domain account that is set up with a file share as the profile path, the user's profile is downloaded to the local computer and merged with the local profile (if present). When the user logs off the computer, the local copy of their profile, including any changes, is merged with the server copy of the profile. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
 
 Windows To Go is fully integrated with your Microsoft account. Setting synchronization is accomplished by connecting a Microsoft account to a user account. Windows To Go devices fully support this feature and can be managed by Group Policy so that the customization and configurations you prefer will be applied to your Windows To Go workspace.
 
 ## Remote connectivity
 
-If you want Windows To Go to be able to connect back to organizational resources when it is being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636119(v=ws.11)).
+If you want Windows To Go to be able to connect back to organizational resources when it's being used off-premises a remote connectivity solution must be enabled. Windows Server 2012 DirectAccess can be used as can a virtual private network (VPN) solution. For more information about configuring a remote access solution, see the [Remote Access (DirectAccess, Routing and Remote Access) Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn636119(v=ws.11)).
 
-## Related topics
+## Related articles
 
 
 [Windows To Go: feature overview](windows-to-go-overview.md)
diff --git a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
index d862948938..05272344a0 100644
--- a/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-fixed-applications-in-compatibility-administrator.md
@@ -2,26 +2,25 @@
 title: Searching for Fixed Applications in Compatibility Administrator (Windows 10)
 description: Compatibility Administrator can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Searching for Fixed Applications in Compatibility Administrator
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 With the search functionality in Compatibility Administrator, you can locate specific executable (.exe) files with previously applied compatibility fixes, compatibility modes, or AppHelp messages. This is particularly useful if you are trying to identify applications with a specific compatibility fix or identifying which fixes are applied to a specific application.
 
@@ -32,8 +31,6 @@ The **Query Compatibility Databases** tool provides additional search options. F
 > [!IMPORTANT]
 > You must perform your search with the correct version of the Compatibility Administrator tool. If you are searching for a 32-bit custom database, you must use the 32-bit version of Compatibility Administrator. If you are searching for a 64-bit custom database, you must use the 64-bit version of Compatibility Administrator.
 
- 
-
 **To search for previous fixes**
 
 1.  On the Compatibility Administrator toolbar, click **Search**.
@@ -48,12 +45,10 @@ The **Query Compatibility Databases** tool provides additional search options. F
 
 ## Viewing Your Query Results
 
-
 Your query results display the affected files, the application location, the application name, the type of compatibility fix, and the custom database that provided the fix.
 
 ## Exporting Your Query Results
 
-
 You can export your search results to a text (.txt) file for later review or archival.
 
 **To export your search results**
@@ -63,13 +58,4 @@ You can export your search results to a text (.txt) file for later review or arc
 2.  Browse to the location where you want to store your search result file, and then click **Save**.
 
 ## Related topics
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
-
- 
-
- 
-
-
-
-
-
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
index 0d5d121f1f..5d49ad0b11 100644
--- a/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
+++ b/windows/deployment/planning/searching-for-installed-compatibility-fixes-with-the-query-tool-in-compatibility-administrator.md
@@ -2,17 +2,17 @@
 title: Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator (Windows 10)
 description: You can access the Query tool from within Compatibility Administrator. The Query tool provides the same functionality as using the Search feature.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Searching for Installed Compatibility Fixes with the Query Tool in Compatibility Administrator
 
-
 **Applies to**
 
 -   Windows 10
@@ -103,7 +103,7 @@ You can use the **Fix Description** tab of the Query tool to add parameters that
 
 ## Querying by Using the Advanced Tab
 
-You can use the **Fix Description** tab of the Query tool to add additional SQL Server SELECT and WHERE clauses to your search criteria.
+You can use the **Fix Description** tab of the Query tool to add additional SQL Server SELECT and WHERE clauses to your search criteria.
 
 **To query by using the Advanced tab**
 
diff --git a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
index 262e45f5d2..f99d187140 100644
--- a/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
+++ b/windows/deployment/planning/security-and-data-protection-considerations-for-windows-to-go.md
@@ -2,20 +2,19 @@
 title: Security and data protection considerations for Windows To Go (Windows 10)
 description: Ensure that the data, content, and resources you work with in the Windows To Go workspace are protected and secure.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Security and data protection considerations for Windows To Go
 
-
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
 > [!IMPORTANT]
 > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature does not support feature updates and therefore does not enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@@ -24,38 +23,32 @@ One of the most important requirements to consider when you plan your Windows To
 
 ## Backup and restore
 
-
 When you don't save data on the Windows To Go drive, you don't need for a backup and restore solution for Windows To Go. If you're saving data on the drive and aren't using folder redirection and offline files, you should back up all of your data to a network location such as cloud storage or a network share, after each work session. Review the new and improved features described in [Supporting Information Workers with Reliable File Services and Storage](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831495(v=ws.11)) for different solutions you could implement.
 
 If the USB drive fails for any reason, the standard process to restore the drive to working condition is to reformat and reprovision the drive with Windows To Go, so all data and customization on the drive will be lost. This result is another reason why using roaming user profiles, folder redirection, and offline files with Windows To Go is recommended. For more information, see [Folder Redirection, Offline Files, and Roaming User Profiles overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh848267(v=ws.11)).
 
 ## BitLocker
 
-
 We recommend that you use BitLocker with your Windows To Go drives to protect the drive from being compromised if the drive is lost or stolen. When BitLocker is enabled, the user must provide a password to unlock the drive and boot the Windows To Go workspace. This password requirement helps prevent unauthorized users from booting the drive and using it to gain access to your network resources and confidential data. Because Windows To Go drives are meant to be roamed between computers, the Trusted Platform Module (TPM) can't be used by BitLocker to protect the drive. Instead, you'll be specifying a password that BitLocker will use for disk encryption and decryption. By default, this password must be eight characters in length and can enforce more strict requirements depending on the password complexity requirements defined by your organizations domain controller.
 
 You can enable BitLocker while using the Windows To Go Creator wizard as part of the drive provisioning process before first use; or it can be enabled afterward by the user from within the Windows To Go workspace.
 
-**Tip**  
-If the Windows To Go Creator wizard isn't able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.yml#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
+> [!Tip]
+> If the Windows To Go Creator wizard isn't able to enable BitLocker, see [Why can't I enable BitLocker from Windows To Go Creator?](windows-to-go-frequently-asked-questions.yml#why-can-t-i-enable-bitlocker-from-windows-to-go-creator-)
 
- 
-
-When you use a host computer running Windows 7 that has BitLocker enabled, suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker isn't suspended first, the next boot of the computer is in recovery mode.
+When you use a host computer running Windows 7 that has BitLocker enabled, suspend BitLocker before changing the BIOS settings to boot from USB and then resume BitLocker protection. If BitLocker isn't suspended first, the next boot of the computer is in recovery mode.
 
 ## Disk discovery and data leakage
 
-
 We recommend that you use the **NoDefaultDriveLetter** attribute when provisioning the USB drive to help prevent accidental data leakage. **NoDefaultDriveLetter** will prevent the host operating system from assigning a drive letter if a user inserts it into a running computer. This prevention means the drive won't appear in Windows Explorer and an Auto-Play prompt won't be displayed to the user. This non-display of the drive and the prompt reduces the likelihood that an end user will access the offline Windows To Go disk directly from another computer. If you use the Windows To Go Creator to provision a workspace, this attribute will automatically be set for you.
 
-To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - “4” to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It's recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
+To prevent accidental data leakage between Windows To Go and the host system Windows 8 has a new SAN policy—OFFLINE\_INTERNAL - "4" to prevent the operating system from automatically bringing online any internally connected disk. The default configuration for Windows To Go has this policy enabled. It's recommended you do not change this policy to allow mounting of internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 operating system, mounting the drive will lead to loss of hibernation state and, therefore, user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
 
 For more information, see [How to Configure Storage Area Network (SAN) Policy in Windows PE](/previous-versions/windows/it-pro/windows-8.1-and-8/hh825063(v=win.10)).
 
 ## Security certifications for Windows To Go
 
-
-Windows to Go is a core capability of Windows when it's deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider’s specific hardware environment. For more information about Windows security certifications, see the following articles.
+Windows to Go is a core capability of Windows when it's deployed on the drive and is configured following the guidance for the applicable security certification. Solutions built using Windows To Go can be submitted for more certifications by the solution provider that cover the solution provider's specific hardware environment. For more information about Windows security certifications, see the following articles.
 
 -   [Windows Platform Common Criteria Certification](/windows/security/threat-protection/windows-platform-common-criteria)
 
@@ -63,7 +56,6 @@ Windows to Go is a core capability of Windows when it's deployed on the drive an
 
 ## Related articles
 
-
 [Windows To Go: feature overview](windows-to-go-overview.md)
 
 [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)
diff --git a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
index 8d24639654..e08401cc6b 100644
--- a/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
+++ b/windows/deployment/planning/showing-messages-generated-by-the-sua-tool.md
@@ -2,26 +2,25 @@
 title: Showing Messages Generated by the SUA Tool (Windows 10)
 description: On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Showing Messages Generated by the SUA Tool
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 On the user interface for the Standard User Analyzer (SUA) tool, you can show the messages that the tool has generated.
 
@@ -38,11 +37,4 @@ On the user interface for the Standard User Analyzer (SUA) tool, you can show th
 |**Error Messages**|When this command is selected, the user interface shows error messages that the SUA tool has generated. Error messages are highlighted in pink.<p>This command is selected by default.|
 |**Warning Messages**|When this command is selected, the user interface shows warning messages that the SUA tool has generated. Warning messages are highlighted in yellow.|
 |**Information Messages**|When this command is selected, the user interface shows informational messages that the SUA tool has generated. Informational messages are highlighted in green.|
-|**Detailed Information**|When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.|
-
- 
-
-
-
-
-
+|**Detailed Information**|When this command is selected, the user interface shows information that the SUA tool has generated, such as debug, stack trace, stop code, and severity information.|
\ No newline at end of file
diff --git a/windows/deployment/planning/sua-users-guide.md b/windows/deployment/planning/sua-users-guide.md
index 780b444b4b..2da3a82f9e 100644
--- a/windows/deployment/planning/sua-users-guide.md
+++ b/windows/deployment/planning/sua-users-guide.md
@@ -3,26 +3,25 @@ title: SUA User's Guide (Windows 10)
 description: Learn how to use Standard User Analyzer (SUA). SUA can test your apps and monitor API calls to detect compatibility issues related to the Windows User Account Control (UAC) feature.
 ms.custom: seo-marvel-apr2020
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # SUA User's Guide
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 You can use Standard User Analyzer (SUA) to test your applications and monitor API calls to detect compatibility issues related to the User Account Control (UAC) feature in Windows.
 
@@ -37,6 +36,4 @@ You can use SUA in either of the following ways:
 |Topic|Description|
 |--- |--- |
 |[Using the SUA wizard](using-the-sua-wizard.md)|The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard doesn't offer detailed analysis, and it can't disable virtualization or elevate your permissions.|
-|[Using the SUA Tool](using-the-sua-tool.md)|By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.|
-
-
+|[Using the SUA Tool](using-the-sua-tool.md)|By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.|
\ No newline at end of file
diff --git a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
index 228c89c471..4b809cd144 100644
--- a/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
+++ b/windows/deployment/planning/tabs-on-the-sua-tool-interface.md
@@ -2,26 +2,25 @@
 title: Tabs on the SUA Tool Interface (Windows 10)
 description: The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Tabs on the SUA Tool Interface
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 The tabs in the Standard User Analyzer (SUA) tool show the User Account Control (UAC) issues for the applications that you analyze.
 
@@ -32,7 +31,7 @@ The following table provides a description of each tab on the user interface for
 |App Info|Provides the following information for the selected application:<li>Debugging information<li>Error, warning, and informational messages (if they are enabled)<li>Options for running the application|
 |File|Provides information about access to the file system.<p>For example, this tab might show an attempt to write to a file that only administrators can typically access.|
 |Registry|Provides information about access to the system registry.<p>For example, this tab might show an attempt to write to a registry key that only administrators can typically access.|
-|INI|Provides information about WriteProfile API issues.<p>For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from **Standard** to **Scientific**, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.|
+|INI|Provides information about WriteProfile API issues.<p>For example, in the Calculator tool (Calc.exe) in Windows® XP, when you change the view from **Standard** to **Scientific**, Calc.exe calls the WriteProfile API to write to the Windows\Win.ini file. The Win.ini file is writable only for administrators.|
 |Token|Provides information about access-token checking.<p>For example, this tab might show an explicit check for the Builtin\Administrators security identifier (SID) in the user's access token. This operation may not work for a standard user.|
 |Privilege|Provides information about permissions.<p>For example, this tab might show an attempt to explicitly enable permissions that do not work for a standard user.|
 |Name Space|Provides information about creation of system objects.<p>For example, this tab might show an attempt to create a new system object, such as an event or a memory map, in a restricted namespace. Applications that attempt this kind of operation do not function for a standard user.|
diff --git a/windows/deployment/planning/testing-your-application-mitigation-packages.md b/windows/deployment/planning/testing-your-application-mitigation-packages.md
index eef79892fa..28f0233990 100644
--- a/windows/deployment/planning/testing-your-application-mitigation-packages.md
+++ b/windows/deployment/planning/testing-your-application-mitigation-packages.md
@@ -2,32 +2,30 @@
 title: Testing Your Application Mitigation Packages (Windows 10)
 description: Learn how to test your application-mitigation packages, including how to report your information and how to resolve any outstanding issues.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Testing Your Application Mitigation Packages
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 This topic provides details about testing your application-mitigation packages, including recommendations about how to report your information and how to resolve any outstanding issues.
 
 ## Testing Your Application Mitigation Packages
 
-
 Testing your application mitigation package strategies is an iterative process, whereby the mitigation strategies that prove unsuccessful will need to be revised and retested. The testing process includes a series of tests in the test environment and one or more pilot deployments in the production environment.
 
 **To test your mitigation strategies**
@@ -50,7 +48,6 @@ Testing your application mitigation package strategies is an iterative process,
 
 ## Reporting the Compatibility Mitigation Status to Stakeholders
 
-
 After testing your application mitigation package, you must communicate your status to the appropriate stakeholders before deployment begins. We recommend that you perform this communication by using the following status ratings.
 
 -   **Resolved application compatibility issues**. This status indicates that the application compatibility issues are resolved and that these applications represent no risk to your environment.
@@ -63,7 +60,6 @@ After testing your application mitigation package, you must communicate your sta
 
 ## Resolving Outstanding Compatibility Issues
 
-
 At this point, you probably cannot resolve any unresolved application compatibility issues by automated mitigation methods or by modifying the application. Resolve any outstanding application compatibility issues by using one of the following methods.
 
 -   Apply specific compatibility modes, or run the program as an Administrator, by using the Compatibility Administrator tool.
@@ -71,8 +67,6 @@ At this point, you probably cannot resolve any unresolved application compatibil
     > [!NOTE]
     > For more information about using Compatibility Administrator to apply compatibility fixes and compatibility modes, see [Using the Compatibility Administrator Tool](using-the-compatibility-administrator-tool.md).
 
-     
-
 -   Run the application in a virtual environment.
 
     Run the application in a version of Windows supported by the application in a virtualized environment. This method ensures application compatibility, because the application is running on a supported operating system.
diff --git a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
index 3b79838534..fe304771ef 100644
--- a/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
+++ b/windows/deployment/planning/understanding-and-using-compatibility-fixes.md
@@ -2,12 +2,13 @@
 title: Understanding and Using Compatibility Fixes (Windows 10)
 description: As the Windows operating system evolves to support new technology and functionality, the implementations of some functions may change.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Understanding and Using Compatibility Fixes
@@ -38,8 +39,6 @@ Specifically, the process modifies the address of the affected Windows function
 >[!NOTE]
 >For statically linked DLLs, the code redirection occurs as the application loads. You can also fix dynamically linked DLLs by hooking into the GetProcAddress API.
 
- 
-
 ## Design Implications of the Compatibility Fix Infrastructure
 
 There are important considerations to keep in mind when determining your application fix strategy, due to certain characteristics of the Compatibility Fix infrastructure.
diff --git a/windows/deployment/planning/using-the-compatibility-administrator-tool.md b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
index cb42ec980b..586884be61 100644
--- a/windows/deployment/planning/using-the-compatibility-administrator-tool.md
+++ b/windows/deployment/planning/using-the-compatibility-administrator-tool.md
@@ -2,32 +2,30 @@
 title: Using the Compatibility Administrator Tool (Windows 10)
 description: This section provides information about using the Compatibility Administrator tool.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Using the Compatibility Administrator Tool
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 This section provides information about using the Compatibility Administrator tool.
 
 ## In this section
 
-
 |Topic|Description|
 |--- |--- |
 |[Available Data Types and Operators in Compatibility Administrator](available-data-types-and-operators-in-compatibility-administrator.md)|The Compatibility Administrator tool provides a way to query your custom-compatibility databases.|
@@ -38,8 +36,4 @@ This section provides information about using the Compatibility Administrator to
 |[Creating an AppHelp Message in Compatibility Administrator](creating-an-apphelp-message-in-compatibility-administrator.md)|The Compatibility Administrator tool enables you to create an AppHelp text message. This is a blocking or non-blocking message that appears when a user starts an application that you know has major functionality issues on the Windows® operating system.|
 |[Viewing the Events Screen in Compatibility Administrator](viewing-the-events-screen-in-compatibility-administrator.md)|The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.|
 |[Enabling and Disabling Compatibility Fixes in Compatibility Administrator](enabling-and-disabling-compatibility-fixes-in-compatibility-administrator.md)|You can disable and enable individual compatibility fixes in your customized databases for testing and troubleshooting purposes.|
-|[Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)|The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.|
-
-
-
-
+|[Installing and Uninstalling Custom Compatibility Databases in Compatibility Administrator](installing-and-uninstalling-custom-compatibility-databases-in-compatibility-administrator.md)|The Compatibility Administrator tool enables the creation and the use of custom-compatibility and standard-compatibility databases. Both the custom databases and the standard databases store the known compatibility fixes, compatibility modes, and AppHelp messages. They also store the required application-matching information for installation on your local computers.|
\ No newline at end of file
diff --git a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
index 32f652ea98..9ce7891647 100644
--- a/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
+++ b/windows/deployment/planning/using-the-sdbinstexe-command-line-tool.md
@@ -2,27 +2,26 @@
 title: Using the Sdbinst.exe Command-Line Tool (Windows 10)
 description: Learn how to deploy customized database (.sdb) files using the Sdbinst.exe Command-Line Tool. Review a list of command-line options.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Using the Sdbinst.exe Command-Line Tool
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2016
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2016
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 Deploy your customized database (.sdb) files to other computers in your organization. That is, before your compatibility fixes, compatibility modes, and AppHelp messages are applied. You can deploy your customized database files in several ways. By using a logon script, by using Group Policy, or by performing file copy operations.
 
@@ -67,4 +66,4 @@ The following table describes the available command-line options.
 
 ## Related articles
 
-[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
+[Compatibility Administrator User's Guide](compatibility-administrator-users-guide.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/using-the-sua-tool.md b/windows/deployment/planning/using-the-sua-tool.md
index 4cd150524a..6e2479ed22 100644
--- a/windows/deployment/planning/using-the-sua-tool.md
+++ b/windows/deployment/planning/using-the-sua-tool.md
@@ -2,26 +2,25 @@
 title: Using the SUA Tool (Windows 10)
 description: The Standard User Analyzer (SUA) tool can test applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Using the SUA Tool
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 By using the Standard User Analyzer (SUA) tool, you can test your applications and monitor API calls to detect compatibility issues with the User Account Control (UAC) feature.
 
@@ -33,7 +32,6 @@ In the SUA tool, you can choose to run the application as **Administrator** or a
 
 ## Testing an Application by Using the SUA Tool
 
-
 Before you can use the SUA tool, you must install Application Verifier. You must also install the Microsoft® .NET Framework 3.5 or later.
 
 The following flowchart shows the process of using the SUA tool.
@@ -77,13 +75,4 @@ The following flowchart shows the process of using the SUA tool.
 
 [Applying Filters to Data in the SUA Tool](applying-filters-to-data-in-the-sua-tool.md)
 
-[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)
-
- 
-
- 
-
-
-
-
-
+[Fixing Applications by Using the SUA Tool](fixing-applications-by-using-the-sua-tool.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/using-the-sua-wizard.md b/windows/deployment/planning/using-the-sua-wizard.md
index 8eac693142..5ce139085f 100644
--- a/windows/deployment/planning/using-the-sua-wizard.md
+++ b/windows/deployment/planning/using-the-sua-wizard.md
@@ -2,26 +2,25 @@
 title: Using the SUA wizard (Windows 10)
 description: The Standard User Analyzer (SUA) wizard, although it doesn't offer deep analysis, works much like the SUA tool to test for User Account Control (UAC) issues.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 10/28/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Using the SUA wizard
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 The Standard User Analyzer (SUA) wizard works much like the SUA tool to evaluate User Account Control (UAC) issues. However, the SUA wizard doesn't offer detailed analysis, and it can't disable virtualization or elevate your permissions.
 
@@ -29,7 +28,6 @@ For information about the SUA tool, see [Using the SUA Tool](using-the-sua-tool.
 
 ## Testing an Application by Using the SUA wizard
 
-
 Install Application Verifier before you can use the SUA wizard. If Application Verifier isn't installed on the computer that is running the SUA wizard, the SUA wizard notifies you. In addition, install the Microsoft® .NET Framework 3.5 or later before you can use the SUA wizard.
 
 The following flowchart shows the process of using the SUA wizard.
@@ -75,13 +73,4 @@ The following flowchart shows the process of using the SUA wizard.
     If the remedies don't fix the issue with the application, click **No** again, and the wizard may offer another remedies. If the other remedies don't fix the issue, the wizard informs you that there are no more remedies available. For information about how to run the SUA tool for more investigation, see [Using the SUA Tool](using-the-sua-tool.md).
 
 ## Related articles
-[SUA User's Guide](sua-users-guide.md)
-
- 
-
- 
-
-
-
-
-
+[SUA User's Guide](sua-users-guide.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
index 0d290a11fd..88e06925c5 100644
--- a/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
+++ b/windows/deployment/planning/viewing-the-events-screen-in-compatibility-administrator.md
@@ -2,40 +2,37 @@
 title: Viewing the Events Screen in Compatibility Administrator (Windows 10)
 description: You can use the Events screen to record and view activities in the Compatibility Administrator tool.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Viewing the Events Screen in Compatibility Administrator
 
-
 **Applies to**
 
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012
--   Windows Server 2008 R2
+-   Windows 10
+-   Windows 8.1
+-   Windows 8
+-   Windows 7
+-   Windows Server 2012
+-   Windows Server 2008 R2
 
 The **Events** screen enables you to record and to view your activities in the Compatibility Administrator tool, provided that the screen is open while you perform the activities.
 
 >[!IMPORTANT]
 >The **Events** screen only records your activities when the screen is open. If you perform an action before opening the **Events** screen, the action will not appear in the list.
 
- 
-
-**To open the Events screen**
+ **To open the Events screen**
 
 - On the **View** menu, click **Events**.
 
 ## Handling Multiple Copies of Compatibility Fixes
 
-
 Compatibility Administrator enables you to copy your compatibility fixes from one database to another, which can become confusing after adding multiple fixes, compatibility modes, and databases. For example, you can copy a fix called MyFix from Database 1 to Database 2. However, if there is already a fix called MyFix in Database 2, Compatibility Administrator renames the fix as MyFix (1) to avoid duplicate names.
 
 If you open the **Events** screen and then perform the copy operation, you can see a description of the action, along with the time stamp, which enables you to view your fix information without confusion.
diff --git a/windows/deployment/planning/windows-10-compatibility.md b/windows/deployment/planning/windows-10-compatibility.md
index 5b422fa9df..11fe1573d4 100644
--- a/windows/deployment/planning/windows-10-compatibility.md
+++ b/windows/deployment/planning/windows-10-compatibility.md
@@ -1,41 +1,40 @@
 ---
 title: Windows 10 compatibility (Windows 10)
-description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
+description: Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Windows 10 compatibility
 
-
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
+Windows 10 will be compatible with most existing PC hardware; most devices running Windows 7, Windows 8, or Windows 8.1 will meet the requirements for Windows 10.
 
-For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
+For full system requirements, see [Windows 10 specifications](https://go.microsoft.com/fwlink/p/?LinkId=625077). Some driver updates may be required for Windows 10.
 
 Existing desktop (Win32) application compatibility is also expected to be strong, with most existing applications working without any changes. Those applications that interface with Windows at a low level, those applications that use undocumented APIs, or those that do not follow recommended coding practices could experience issues.
 
-Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store.
+Existing Windows Store (WinRT) apps created for Windows 8 and Windows 8.1 should also continue to work, because compatibility can be validated against all the apps that have been submitted to the Windows Store.
 
-For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](/internet-explorer/ie11-deploy-guide/)
+For web apps and sites, modern HTML5-based sites should also have a high degree of compatibility and excellent performance through the new Microsoft Edge browser, while older web apps and sites can continue to use Internet Explorer 11 and the Enterprise Mode features that were first introduced in Windows 7 and Windows 8.1 and are still present in Windows 10. For more information about Internet Explorer and Enterprise Mode, see the [Internet Explorer 11 Deployment Guide for IT Pros.](/internet-explorer/ie11-deploy-guide/)
 
 ## Recommended application testing process
 
+Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to use more optimized testing processes, which reflect the higher levels of compatibility that are expected. At a high level:
 
-Historically, organizations have performed extensive, and often exhaustive, testing of the applications they use before deployment of a new Windows version, service pack, or any other significant update. With Windows 10, organizations are encouraged to use more optimized testing processes, which reflect the higher levels of compatibility that are expected. At a high level:
+-   Identify mission-critical applications and websites, those applications and websites that are essential to the organization's operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release.
 
--   Identify mission-critical applications and websites, those applications and websites that are essential to the organization’s operations. Focus testing efforts on this subset of applications, early in the Windows development cycle (for example, with Windows Insider Program builds) to identify potential issues. Report any issues you encounter with the Windows Feedback tool, so that these issues can be addressed prior to the next Windows release.
-
--   For less critical applications, apply an “internal flighting” or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines.
+-   For less critical applications, apply an "internal flighting" or pilot-based approach, by deploying new Windows upgrades to groups of machines, growing gradually in size and potential impact, to verify compatibility with hardware and software. Reactively address issues before you expand the pilot to more machines.
 
 ## Related articles
 
@@ -44,8 +43,4 @@ Historically, organizations have performed extensive, and often exhaustive, test
 
 [Windows 10 deployment considerations](windows-10-deployment-considerations.md)
 
-[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
-
- 
-
- 
+[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-10-deployment-considerations.md b/windows/deployment/planning/windows-10-deployment-considerations.md
index 7da1eb270e..09dbb881a7 100644
--- a/windows/deployment/planning/windows-10-deployment-considerations.md
+++ b/windows/deployment/planning/windows-10-deployment-considerations.md
@@ -1,32 +1,32 @@
 ---
 title: Windows 10 deployment considerations (Windows 10)
-description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
+description: There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Windows 10 deployment considerations
 
-
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
+There are new deployment options in Windows 10 that help you simplify the deployment process and automate migration of existing settings and applications.
 
-For many years, organizations have deployed new versions of Windows using a “wipe and load” deployment process. At a high level, this process captures existing data and settings from the existing device, deploys a new custom-built Windows image to a PC, injects hardware drivers, reinstalls applications, and finally restores the data and settings. With Windows 10, this process is still fully supported, and for some deployment scenarios is still necessary.
+For many years, organizations have deployed new versions of Windows using a "wipe and load" deployment process. At a high level, this process captures existing data and settings from the existing device, deploys a new custom-built Windows image to a PC, injects hardware drivers, reinstalls applications, and finally restores the data and settings. With Windows 10, this process is still fully supported, and for some deployment scenarios is still necessary.
 
-Windows 10 also introduces two additional scenarios that organizations should consider:
+Windows 10 also introduces two additional scenarios that organizations should consider:
 
 -   **In-place upgrade**, which provides a simple, automated process that leverages the Windows setup process to automatically upgrade from an earlier version of Windows. This process automatically migrates existing data, settings, drivers, and applications.
 
--   **Dynamic provisioning**, which enables organizations to configure new Windows 10 devices for organization use without having to deploy a new custom organization image to the device.
+-   **Dynamic provisioning**, which enables organizations to configure new Windows 10 devices for organization use without having to deploy a new custom organization image to the device.
 
     Both of these scenarios eliminate the image creation process altogether, which can greatly simplify the deployment process.
 
@@ -35,33 +35,32 @@ Windows 10 also introduces two additional scenarios that organizations should c
 | Consider ... | For these scenarios  |
 |---|---|
 | In-place upgrade  | - When you want to keep all (or at least most) existing applications<br/>- When you do not plan to significantly change the device configuration (for example, BIOS to UEFI) or operating system configuration (for example, x86 to x64, language changes, Administrators to non-Administrators, Active Directory domain consolidations)<br/>- To migrate from Windows 10 to a later Windows 10 release |
-| Traditional wipe-and-load | - When you upgrade significant numbers of applications along with the new Windows OS<br/>- When you make significant device or operating system configuration changes<br/>- When you “start clean”. For example, scenarios where it is not necessary to preserve existing apps or data (for example, call centers) or when you move from unmanaged to well-managed PCs<br/>- When you migrate from Windows Vista or other previous operating system versions |
-| Dynamic provisioning | - For new devices, especially in “choose your own device” scenarios when simple configuration (not reimaging) is all that is required. <br/>- When used in combination with a management tool (for example, an MDM service like Microsoft Intune) that enables self-service installation of user-specific or role-specific apps |
-
+| Traditional wipe-and-load | - When you upgrade significant numbers of applications along with the new Windows OS<br/>- When you make significant device or operating system configuration changes<br/>- When you "start clean". For example, scenarios where it is not necessary to preserve existing apps or data (for example, call centers) or when you move from unmanaged to well-managed PCs<br/>- When you migrate from Windows Vista or other previous operating system versions |
+| Dynamic provisioning | - For new devices, especially in "choose your own device" scenarios when simple configuration (not reimaging) is all that is required. <br/>- When used in combination with a management tool (for example, an MDM service like Microsoft Intune) that enables self-service installation of user-specific or role-specific apps |
 
 ## Migration from previous Windows versions
 
-For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
+For existing PCs running Windows 7 or Windows 8.1, in-place upgrade is the recommended method for Windows 10 deployment and should be used whenever possible. Although wipe-and-load (OS refresh) deployments are still fully supported (and necessary in some scenarios, as mentioned previously), in-place upgrade is simpler and faster, and enables a faster Windows 10 deployment overall.
 
-The original Windows 8 release was only supported until January 2016. For devices running Windows 8.0, you can update to Windows 8.1 and then upgrade to Windows 10.
+The original Windows 8 release was only supported until January 2016. For devices running Windows 8.0, you can update to Windows 8.1 and then upgrade to Windows 10.
 
 For PCs running operating systems older than Windows 7, you can perform wipe-and-load (OS refresh) deployments when you use compatible hardware.
 
 For organizations with Software Assurance for Windows, both in-place upgrade or wipe-and-load can be leveraged (with in-place upgrade being the preferred method, as previously discussed).
 
-For organizations that did not take advantage of the free upgrade offer and are not enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
+For organizations that did not take advantage of the free upgrade offer and are not enrolled in Software Assurance for Windows, Windows 10 upgrade licenses are available for purchase through existing Volume License (VL) agreements.
 
 ## Setting up new computers
 
-For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
+For new computers acquired with Windows 10 preinstalled, you can leverage dynamic provisioning scenarios to transform the device from its initial state into a fully-configured organization PC. There are two primary dynamic provisioning scenarios you can use:
 
--   **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their “work or school account” within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
+-   **User-driven, from the cloud.** By joining a device into Azure Active Directory and leveraging the automatic mobile device management (MDM) provisioning capabilities at the same time, an end user can initiate the provisioning process themselves just by entering the Azure Active Directory account and password (called their "work or school account" within Windows 10). The MDM service can then transform the device into a fully-configured organization PC. For more information, see [Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
 
 -   **IT admin-driven, using new tools.** Using the new Windows Imaging and Configuration Designer (ICD) tool, IT administrators can create provisioning packages that can be applied to a computer to transform it into a fully-configured organization PC. For more information, see [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd).
 
 In either of these scenarios, you can make a variety of configuration changes to the PC:
 
--   Transform the edition (SKU) of Windows 10 that is in use.
+-   Transform the edition (SKU) of Windows 10 that is in use.
 -   Apply configuration and settings to the device (for example, security settings, device restrictions, policies, Wi-Fi and VPN profiles, certificates, and so on).
 -   Install apps, language packs, and updates.
 -   Enroll the device in a management solution (applicable for IT admin-driven scenarios, configuring the device just enough to allow the management tool to take over configuration and ongoing management).
@@ -81,10 +80,5 @@ The upgrade process is also optimized to reduce the overall time and network ban
 
 ## Related topics
 
-
 [Windows 10 compatibility](windows-10-compatibility.md)<br>
-[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
-
- 
-
- 
+[Windows 10 infrastructure requirements](windows-10-infrastructure-requirements.md)
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-10-deprecated-features.md b/windows/deployment/planning/windows-10-deprecated-features.md
index b123079011..e2d52b176a 100644
--- a/windows/deployment/planning/windows-10-deprecated-features.md
+++ b/windows/deployment/planning/windows-10-deprecated-features.md
@@ -1,20 +1,20 @@
 ---
 title: Deprecated features in Windows client
 description: Review the list of features that Microsoft is no longer developing in Windows 10 and Windows 11.
-ms.date: 07/21/2022
+ms.date: 10/28/2022
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.reviewer: 
 ms.topic: article
 ---
 
 # Deprecated features for Windows client
 
-_Applies to:_
+**Applies to**
 
 - Windows 10
 - Windows 11
@@ -72,11 +72,11 @@ The features in this article are no longer being actively developed, and might b
 |Trusted Platform Module (TPM) Owner Password Management |This functionality within TPM.msc will be migrated to a new user interface.| 1709 |
 |Trusted Platform Module (TPM): TPM.msc and TPM Remote Management  | To be replaced by a new user interface in a future release. | 1709 |
 |Trusted Platform Module (TPM) Remote Management |This functionality within TPM.msc will be migrated to a new user interface. | 1709 |
-|Windows Hello for Business deployment that uses Microsoft Endpoint Manager   |Windows Server 2016 Active Directory Federation Services - Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. | 1709 |
+|Windows Hello for Business deployment that uses Microsoft Configuration Manager   |Windows Server 2016 Active Directory Federation Services - Registration Authority (ADFS RA) deployment is simpler and provides a better user experience and a more deterministic certificate enrollment experience. | 1709 |
 |Windows PowerShell 2.0  | Applications and components should be migrated to PowerShell 5.0+. | 1709 |
 |Apndatabase.xml | Apndatabase.xml is being replaced by the COSA database. Therefore, some constructs will no longer function. This replacement includes Hardware ID, incoming SMS messaging rules in mobile apps, a list of privileged apps in mobile apps, autoconnect order, APN parser, and CDMAProvider ID. | 1703 |
 |Tile Data Layer | The [Tile Data Layer](/windows/configuration/start-layout-troubleshoot#symptom-start-menu-issues-with-tile-data-layer-corruption) database stopped development in Windows 10, version 1703. | 1703 |
 |TLS DHE_DSS ciphers DisabledByDefault| [TLS RC4 Ciphers](/windows-server/security/tls/tls-schannel-ssp-changes-in-windows-10-and-windows-server) will be disabled by default in this release. | 1703 |
 |TCPChimney | TCP Chimney Offload is no longer being developed.  See [Performance Tuning Network Adapters](/windows-server/networking/technologies/network-subsystem/net-sub-performance-tuning-nics). | 1703 |
 |IPsec Task Offload| [IPsec Task Offload](/windows-hardware/drivers/network/task-offload) versions 1 and 2 are no longer being developed and shouldn't be used. | 1703 |
-|`wusa.exe /uninstall /kb:####### /quiet`|The `wusa` tool usage to quietly uninstall an update has been deprecated. The uninstall command with `/quiet` switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019.|
+|`wusa.exe /uninstall /kb:####### /quiet`|The `wusa` tool usage to quietly uninstall an update has been deprecated. The uninstall command with `/quiet` switch fails with event ID 8 in the Setup event log. Uninstalling updates quietly could be a security risk because malicious software could quietly uninstall an update in the background without user intervention.|1507 <br /> Applies to Windows Server 2016 and Windows Server 2019.|
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
index 4a695dc7b7..bf3c38f95e 100644
--- a/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
+++ b/windows/deployment/planning/windows-10-enterprise-faq-itpro.yml
@@ -7,11 +7,11 @@ metadata:
   ms.mktglfcycl: plan
   ms.localizationpriority: medium
   ms.sitesec: library
-  ms.date: 05/12/2022
+  ms.date: 10/28/2022
   ms.reviewer: 
-  author: aczechowski
-  ms.author: aaroncz
-  manager: dougeby
+  author: frankroj
+  ms.author: frankroj
+  manager: aaroncz
   audience: itpro
   ms.topic: faq
 title: 'Windows 10 Enterprise: FAQ for IT professionals'
@@ -49,7 +49,7 @@ sections:
           For many devices, drivers will be automatically installed in Windows 10 and there will be no need for further action.
           - For some devices, Windows 10 may be unable to install drivers that are required for operation. If your device drivers aren't automatically installed, visit the manufacturer's support website for your device to download and manually install the drivers. If Windows 10 drivers aren't available, the most up-to-date drivers for Windows 8.1 will often work in Windows 10.
           - For some devices, the manufacturer may provide more up-to-date drivers or drivers that enable more functionality than the drivers installed by Windows 10. Always follow the recommendations of the device manufacturer for optimal performance and stability.
-          - Some computer manufacturers provide packs of drivers for easy implementation in management and deployment solutions like the Microsoft Deployment Toolkit (MDT) or Microsoft Endpoint Configuration Manager. These driver packs contain all of the drivers needed for each device and can greatly simplify the process of deploying Windows to a new make or model of computer. Driver packs for some common manufacturers include:
+          - Some computer manufacturers provide packs of drivers for easy implementation in management and deployment solutions like the Microsoft Deployment Toolkit (MDT) or Microsoft Configuration Manager. These driver packs contain all of the drivers needed for each device and can greatly simplify the process of deploying Windows to a new make or model of computer. Driver packs for some common manufacturers include:
               - [HP driver pack](https://www.hp.com/us-en/solutions/client-management-solutions/drivers-pack.html)
               - [Dell driver packs for enterprise client OS deployment](https://www.dell.com/support/kbdoc/en-us/000124139/dell-command-deploy-driver-packs-for-enterprise-client-os-deployment)
               - [Lenovo Configuration Manager and MDT package index](https://support.lenovo.com/us/en/solutions/ht074984)
@@ -70,9 +70,9 @@ sections:
       - question: |
           Which deployment tools support Windows 10?
         answer: |
-          Updated versions of Microsoft deployment tools, including Microsoft Endpoint Configuration Manager, MDT, and the Windows Assessment and Deployment Kit (Windows ADK) support Windows 10.
+          Updated versions of Microsoft deployment tools, including Microsoft Configuration Manager, MDT, and the Windows Assessment and Deployment Kit (Windows ADK) support Windows 10.
 
-          - [Microsoft Endpoint Configuration Manager](/mem/configmgr) simplifies the deployment and management of Windows 10. If you aren't currently using it, download a free 180-day trial of [Microsoft Endpoint Configuration Manager (current branch)](https://www.microsoft.com/evalcenter/evaluate-microsoft-endpoint-configuration-manager).
+          - [Microsoft Configuration Manager](/mem/configmgr) simplifies the deployment and management of Windows 10. If you aren't currently using it, download a free 180-day trial of [Microsoft Configuration Manager (current branch)](https://www.microsoft.com/evalcenter/evaluate-microsoft-endpoint-configuration-manager).
 
           - [MDT](/mem/configmgr/mdt) is a collection of tools, processes, and guidance for automating desktop and server deployment.
 
@@ -81,7 +81,7 @@ sections:
       - question: |
           Can I upgrade computers from Windows 7 or Windows 8.1 without deploying a new image?
         answer: |
-          Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md).
+          Computers running Windows 7 or Windows 8.1 can be upgraded directly to Windows 10 through the in-place upgrade process without a need to reimage the device using MDT and/or Configuration Manager. For more information, see [Upgrade to Windows 10 with Microsoft Configuration Manager](../deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md) or [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](../deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md).
           
       - question: |
           Can I upgrade from Windows 7 Enterprise or Windows 8.1 Enterprise to Windows 10 Enterprise for free?
@@ -114,7 +114,7 @@ sections:
           - Windows Update
           - Windows Update for Business
           - Windows Server Update Services
-          - Microsoft Endpoint Configuration Manager
+          - Microsoft Configuration Manager
           
           For more information, see [Servicing Tools](../update/waas-overview.md#servicing-tools).
           
diff --git a/windows/deployment/planning/windows-10-infrastructure-requirements.md b/windows/deployment/planning/windows-10-infrastructure-requirements.md
index 213666e168..26aff43d39 100644
--- a/windows/deployment/planning/windows-10-infrastructure-requirements.md
+++ b/windows/deployment/planning/windows-10-infrastructure-requirements.md
@@ -2,27 +2,27 @@
 title: Windows 10 infrastructure requirements (Windows 10)
 description: Review the infrastructure requirements for deployment and management of Windows 10,  prior to significant Windows 10 deployments within your organization.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Windows 10 infrastructure requirements
 
-
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-There are specific infrastructure requirements that should be in place for the deployment and management of Windows 10. Fulfill these requirements before any Windows 10-related deployments take place.
+There are specific infrastructure requirements that should be in place for the deployment and management of Windows 10. Fulfill these requirements before any Windows 10-related deployments take place.
 
 ## High-level requirements
 
-For initial Windows 10 deployments, and for subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to leverage local server storage.
+For initial Windows 10 deployments, and for subsequent Windows 10 upgrades, ensure that sufficient disk space is available for distribution of the Windows 10 installation files (about 3 GB for Windows 10 x64 images, slightly smaller for x86). Also, be sure to take into account the network impact of moving these large images to each PC; you may need to use local server storage.
 
 For persistent VDI environments, carefully consider the I/O impact from upgrading large numbers of PCs in a short period of time. Ensure that upgrades are performed in smaller numbers, or during off-peak time periods. (For pooled VDI environments, a better approach is to replace the base image with a new version.)
 
@@ -30,21 +30,21 @@ For persistent VDI environments, carefully consider the I/O impact from upgradin
 
 The latest version of the Windows Assessment and Deployment Toolkit (ADK) is available for download [here](/windows-hardware/get-started/adk-install).
 
-Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which leverage the Windows Imaging and Configuration Designer (Windows ICD), as well as updated versions of existing deployment tools (DISM, USMT, Windows PE, and more).
+Significant enhancements in the ADK for Windows 10 include new runtime provisioning capabilities, which use the Windows Imaging and Configuration Designer (Windows ICD). There's also updated versions of existing deployment tools (DISM, USMT, Windows PE, and more).
 
 The latest version of the Microsoft Deployment Toolkit (MDT) is available for download [here](/mem/configmgr/mdt/release-notes).
 
-For Configuration Manager, Windows 10 version specific support is offered with [various releases](/mem/configmgr/core/plan-design/configs/support-for-windows-10).
+For Configuration Manager, Windows 10 version specific support is offered with [various releases](/mem/configmgr/core/plan-design/configs/support-for-windows-10).
 
-For more details about Microsoft Endpoint Manager support for Windows 10, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
+For more information about Microsoft Configuration Manager support for Windows 10, see [Prepare for Zero Touch Installation of Windows 10 with Configuration Manager](../deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
 
 ## Management tools
 
-In addition to Microsoft Endpoint Configuration Manager, Windows 10 also leverages other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you are using a central policy store, follow the steps outlined [here](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) to update the ADMX files stored in that central store.
+In addition to Microsoft Configuration Manager, Windows 10 also uses other tools for management. For Windows Server and Active Directory, existing supported versions are fully supported for Windows 10. New Group Policy templates will be needed to configure new settings available in Windows 10; these templates are available in the Windows 10 media images, and are available as a separate download [here](https://go.microsoft.com/fwlink/p/?LinkId=625081). See [Group Policy settings reference](https://go.microsoft.com/fwlink/p/?LinkId=625082) for a list of the new and modified policy settings. If you're using a central policy store, follow the steps outlined [here](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) to update the ADMX files stored in that central store.
 
-No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these to support new features.
+No new Active Directory schema updates or specific functional levels are currently required for core Windows 10 product functionality, although subsequent upgrades could require these schema updates to support new features.
 
-Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 10. The minimum versions required to support Windows 10 are as follows:
+Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 10. The minimum versions required to support Windows 10 are as follows:
 
 | Product                                                  | Required version         |
 |----------------------------------------------------------|--------------------------|
@@ -56,50 +56,46 @@ Microsoft Desktop Optimization Pack (MDOP) has been updated to support Windows 
 
 For more information, see the [MDOP TechCenter](/microsoft-desktop-optimization-pack/).
 
-For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10; new Windows 10 MDM settings and capabilities will require updates to the MDM services. See [Mobile device management](/windows/client-management/mdm/) for more information.
+For devices you manage with mobile device management (MDM) solutions such as Microsoft Intune, existing capabilities (provided initially in Windows 8.1) are fully supported in Windows 10. New Windows 10 MDM settings and capabilities will require updates to the MDM services. For more information, see [Mobile device management](/windows/client-management/mdm/).
 
-Windows Server Update Services (WSUS) requires some additional configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions:
+Windows Server Update Services (WSUS) requires some more configuration to receive updates for Windows 10. Use the Windows Server Update Services admin tool and follow these instructions:
 
-1.  Select the **Options** node, and then click **Products and Classifications**.
-2.  In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Click **OK**.
+1.  Select the **Options** node, and then select **Products and Classifications**.
+2.  In the **Products** tree, select the **Windows 10** and **Windows 10 LTSB** products and any other Windows 10-related items that you want. Select **OK**.
 3.  From the **Synchronizations** node, right-click and choose **Synchronize Now**.
 
 ![figure 1.](images/fig4-wsuslist.png)
 
-WSUS product list with Windows 10 choices
+WSUS product list with Windows 10 choices
 
-Because Windows 10 updates are cumulative in nature, each month’s new update will supersede the previous month's update. Consider using “express installation” packages to reduce the size of the payload that needs to be sent to each PC each month; see [Express installation files](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939908(v=ws.10)) for more information.
+Because Windows 10 updates are cumulative in nature, each month's new update will supersede the previous month's update. Consider using "express installation" packages to reduce the size of the payload that needs to be sent to each PC each month. For more information, see [Express installation files](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd939908(v=ws.10)).
 
 > [!NOTE]
 > The usage of "express installation" packages will increase the amount of disk storage needed by WSUS, and impacts all operating systems being managed with WSUS.
 
 ## Activation
 
-Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers:
+Windows 10 volume license editions of Windows 10 will continue to support all existing activation methods (KMS, MAK, and AD-based activation). An update will be required for existing KMS servers:
 
 | Product                                | Required update                                                                             |
 |----------------------------------------|---------------------------------------------------------------------------------------------|
-| Windows 10                             | None                                                                                        |
-| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
-| Windows Server 2012 and Windows 8      | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
-| Windows Server 2008 R2 and Windows 7   | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821)                                                                   |
+| Windows 10                             | None                                                                                        |
+| Windows Server 2012 R2 and Windows 8.1 | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
+| Windows Server 2012 and Windows 8      | [https://support.microsoft.com/kb/3058168](https://go.microsoft.com/fwlink/p/?LinkId=625087) |
+| Windows Server 2008 R2 and Windows 7   | [https://support.microsoft.com/kb/3079821](https://support.microsoft.com/kb/3079821)                                                                   |
 
 Also see: [Windows Server 2016 Volume Activation Tips](/archive/blogs/askcore/windows-server-2016-volume-activation-tips)
 
-Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation); these keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys:
+Additionally, new product keys will be needed for all types of volume license activation (KMS, MAK, and AD-based Activation). These keys are available on the Volume Licensing Service Center (VLSC) for customers with rights to the Windows 10 operating system. To find the needed keys:
 
 -   Sign into the [Volume Licensing Service Center (VLSC)](https://go.microsoft.com/fwlink/p/?LinkId=625088) at with a Microsoft account that has appropriate rights.
--   For KMS keys, click **Licenses** and then select **Relationship Summary**. Click the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key.
--   For MAK keys, click **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Click the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys will not work on Windows servers running KMS.)
+-   For KMS keys, select **Licenses** and then select **Relationship Summary**. Select the appropriate active license ID, and then select **Product Keys** near the right side of the page. For KMS running on Windows Server, find the **Windows Srv 2012R2 DataCtr/Std KMS for Windows 10** product key; for KMS running on client operating systems, find the **Windows 10** product key.
+-   For MAK keys, select **Downloads and Keys**, and then filter the list by using **Windows 10** as a product. Select the **Key** link next to an appropriate list entry (for example, **Windows 10 Enterprise** or **Windows 10 Enterprise LTSB**) to view the available MAK keys. (You can also find keys for KMS running on Windows 10 in this list. These keys won't work on Windows servers running KMS.)
 
-Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both.
+Windows 10 Enterprise and Windows 10 Enterprise LTSC installations use different MAK keys. But you can use the same KMS server or Active Directory-based activation environment for both; the KMS keys obtained from the Volume Licensing Service Center will work with both.
 
 ## Related articles
 
 [Windows 10 servicing options](../update/waas-servicing-strategy-windows-10-updates.md)<br>
 [Windows 10 deployment considerations](windows-10-deployment-considerations.md)<br>
-[Windows 10 compatibility](windows-10-compatibility.md)<br>
-
- 
-
- 
+[Windows 10 compatibility](windows-10-compatibility.md)<br>
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-10-removed-features.md b/windows/deployment/planning/windows-10-removed-features.md
index 56c68c37c0..3b686d66a9 100644
--- a/windows/deployment/planning/windows-10-removed-features.md
+++ b/windows/deployment/planning/windows-10-removed-features.md
@@ -3,17 +3,18 @@ title: Features and functionality removed in Windows client
 description: In this article, learn about the features and functionality that have been removed or replaced in Windows client.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-fundamentals
+ms.date: 10/28/2022
 ---
 
 # Features and functionality removed in Windows client
 
-_Applies to:_
+**Applies to**
 
 - Windows 10
 - Windows 11
@@ -52,7 +53,7 @@ The following features and functionalities have been removed from the installed
 |Hologram app|We've replaced the Hologram app with the [Mixed Reality Viewer](https://support.microsoft.com/help/4041156/windows-10-mixed-reality-help). If you would like to create 3D word art, you can still do that in Paint 3D and view your art in VR or HoloLens with the Mixed Reality Viewer.| 1809 |
 |limpet.exe|We're releasing the limpet.exe tool, used to access TPM for Azure connectivity, as open source.| 1809 |
 |Phone Companion|When you update to Windows 10, version 1809, the Phone Companion app will be removed from your PC. Use the **Phone** page in the Settings app to sync your mobile phone with your PC. It includes all the Phone Companion features.| 1809 |
-|Future updates through [Windows Embedded Developer Update](/previous-versions/windows/embedded/ff770079(v=winembedded.60)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We’re no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.| 1809 |
+|Future updates through [Windows Embedded Developer Update](/previous-versions/windows/embedded/ff770079(v=winembedded.60)) for Windows Embedded Standard 7-SP1 (WES7-SP1) and Windows Embedded Standard 8 (WES8)|We're no longer publishing new updates to the WEDU server. Instead, you may secure any new updates from the [Microsoft Update Catalog](https://www.catalog.update.microsoft.com/Home.aspx). [Learn how](https://techcommunity.microsoft.com/t5/Windows-Embedded/Change-to-the-Windows-Embedded-Developer-Update/ba-p/285704) to get updates from the catalog.| 1809 |
 |Groove Music Pass|[We ended the Groove streaming music service and music track sales through the Microsoft Store in 2017](https://support.microsoft.com/help/4046109/groove-music-and-spotify-faq). The Groove app is being updated to reflect this change. You can still use Groove Music to play the music on your PC. You can use Spotify or other music services to stream music on Windows 10, or to buy music to own.| 1803 |
 |People - Suggestions will no longer include unsaved contacts for non-Microsoft accounts|Manually save the contact details for people you send mail to or get mail from.| 1803 |
 |Language control in the Control Panel|    Use the Settings app to change your language settings.| 1803 |
@@ -75,4 +76,4 @@ The following features and functionalities have been removed from the installed
 |Microsoft Paint | This application won't be available for languages that aren't on the [full localization list](https://www.microsoft.com/windows/windows-10-specifications#Windows-10-localization). | 1703 |
 |NPN support in TLS | This feature is superseded by Application-Layer Protocol Negotiation (ALPN). | 1703 |
 |Windows Information Protection "AllowUserDecryption" policy | Starting in Windows 10, version 1703, AllowUserDecryption is no longer supported. | 1703 |
-|WSUS for Windows Mobile  | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 |
+|WSUS for Windows Mobile  | Updates are being transitioned to the new Unified Update Platform (UUP) | 1703 |
\ No newline at end of file
diff --git a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
index f57d4eedc3..848e407d94 100644
--- a/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
+++ b/windows/deployment/planning/windows-to-go-frequently-asked-questions.yml
@@ -4,9 +4,9 @@ metadata:
   description: Though Windows To Go is no longer being developed, these frequently asked questions (FAQ) can provide answers about the feature.
   ms.assetid: bfdfb824-4a19-4401-b369-22c5e6ca9d6e
   ms.reviewer: 
-  author: aczechowski
-  ms.author: aaroncz
-  manager: dougeby
+  author: frankroj
+  ms.author: frankroj
+  manager: aaroncz
   keywords: FAQ, mobile, device, USB
   ms.prod: w10
   ms.mktglfcycl: deploy
@@ -14,11 +14,12 @@ metadata:
   ms.sitesec: library
   audience: itpro
   ms.topic: faq
+  ms.date: 10/28/2022
 title: 'Windows To Go: frequently asked questions'
 summary: |
   **Applies to**
   
-  -   Windows 10
+  -   Windows 10
   
   > [!IMPORTANT]
   > Windows To Go is removed in Windows 10, version 2004 and later operating systems. The feature doesn't support feature updates and therefore doesn't enable you to stay current. It also requires a specific type of USB that is no longer supported by many OEMs.
@@ -114,12 +115,12 @@ sections:
       - question: |
           What is Windows To Go?
         answer: |
-          Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs.
+          Windows To Go is a feature for users of Windows 10 Enterprise and Windows 10 Education that enables users to boot a full version of Windows from external USB drives on host PCs.
 
       - question: |
           Does Windows To Go rely on virtualization?
         answer: |
-          No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It's just like a laptop hard drive with Windows 8 that has been put into a USB enclosure.
+          No. Windows To Go is a native instance of Windows 10 that runs from a USB device. It's just like a laptop hard drive with Windows 8 that has been put into a USB enclosure.
 
       - question: |
           Who should use Windows To Go?
@@ -133,9 +134,9 @@ sections:
           
           -   A Windows To Go recommended USB drive to provision; See the list of currently available USB drives at [Hardware considerations for Windows To Go](windows-to-go-overview.md#wtg-hardware)
           
-          -   A Windows 10 Enterprise or Windows 10 Education image
+          -   A Windows 10 Enterprise or Windows 10 Education image
           
-          -   A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys
+          -   A Windows 10 Enterprise, Windows 10 Education or Windows 10 Professional host PC that can be used to provision new USB keys
           
           You can use a Windows PowerShell script to target several drives and scale your deployment for a large number of Windows To Go drives. You can also use a USB duplicator to duplicate a Windows To Go drive after it has been provisioned if you're creating a large number of drives. See the [Windows To Go Step by Step](https://go.microsoft.com/fwlink/p/?LinkId=618950) article on the TechNet wiki for a walkthrough of the drive creation process.
           
@@ -147,7 +148,7 @@ sections:
       - question: |
           Is Windows To Go supported on USB 2.0 and USB 3.0 ports?
         answer: |
-          Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later.
+          Yes. Windows To Go is fully supported on either USB 2.0 ports or USB 3.0 ports on PCs certified for Windows 7 or later.
 
       - question: |
           How do I identify a USB 3.0 port?
@@ -162,22 +163,22 @@ sections:
       - question: |
           Can the user self-provision Windows To Go?
         answer: |
-          Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
+          Yes, if the user has administrator permissions they can self-provision a Windows To Go drive using the Windows To Go Creator wizard which is included in Windows 10 Enterprise, Windows 10 Education and Windows 10 Professional. Additionally, Configuration Manager SP1 and later releases includes support for user self-provisioning of Windows To Go drives. Configuration Manager can be downloaded for evaluation from the [Microsoft TechNet Evaluation Center](https://go.microsoft.com/fwlink/p/?LinkID=618746).
           
       - question: |
           How can Windows To Go be managed in an organization?
         answer: |
-          Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like Microsoft Endpoint Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network.
+          Windows To Go can be deployed and managed like a traditional desktop PC using standard Windows enterprise software distribution tools like Microsoft Configuration Manager. Computer and user settings for Windows To Go workspaces can be managed using Group Policy setting also in the same manner that you manage Group Policy settings for other PCs in your organization. Windows To Go workspaces can be configured to connect to the organizational resources remotely using DirectAccess or a virtual private network connection so that they can connect securely to your network.
 
       - question: |
           How do I make my computer boot from USB?
         answer: |
-          For host computers running Windows 10
+          For host computers running Windows 10
           
           -   Using Cortana, search for **Windows To Go startup options**, and then press Enter.
           -   In the **Windows To Go Startup Options** dialog box, select **Yes**, and then click **Save Changes** to configure the computer to boot from USB.
           
-          For host computers running Windows 8 or Windows 8.1:
+          For host computers running Windows 8 or Windows 8.1:
           
           Press **Windows logo key+W** and then search for **Windows To Go startup options** and then press Enter.
           
@@ -198,7 +199,7 @@ sections:
           
           For more detailed instructions, see the wiki article, [Tips for configuring your BIOS settings to work with Windows To Go](https://go.microsoft.com/fwlink/p/?LinkID=618951).
           
-          **Warning**  
+          **Warning**  
           Configuring a computer to boot from USB will cause your computer to attempt to boot from any bootable USB device connected to your computer. This potentially includes malicious devices. Users should be informed of this risk and instructed to not have any bootable USB storage devices plugged in to their computers except for their Windows To Go drive.
           
            
@@ -206,7 +207,7 @@ sections:
       - question: |
           Why isn't my computer booting from USB?
         answer: |
-          Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation:
+          Computers certified for Windows 7 and later are required to have support for USB boot. Check to see if any of the following items apply to your situation:
           
           1.  Ensure that your computer has the latest BIOS installed and the BIOS is configured to boot from a USB device.
           
@@ -221,7 +222,7 @@ sections:
         answer: |
           If the Windows To Go drive is removed, the computer will freeze and the user will have 60 seconds to reinsert the Windows To Go drive. If the Windows To Go drive is reinserted into the same port it was removed from, Windows will resume at the point where the drive was removed. If the USB drive isn't reinserted, or is reinserted into a different port, the host computer will turn off after 60 seconds.
           
-          **Warning**  
+          **Warning**  
           You should never remove your Windows To Go drive when your workspace is running. The computer freeze is a safety measure to help mitigate the risk of accidental removal. Removing the Windows To Go drive without shutting down the Windows To Go workspace could result in corruption of the Windows To Go drive.
           
            
@@ -229,7 +230,7 @@ sections:
       - question: |
           Can I use BitLocker to protect my Windows To Go drive?
         answer: |
-          Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you'll be prompted to enter this password every time you use the Windows To Go workspace.
+          Yes. In Windows 8 and later, BitLocker has added support for using a password to protect operating system drives. This means that you can use a password to secure your Windows To Go workspace and you'll be prompted to enter this password every time you use the Windows To Go workspace.
 
       - question: |
           Why can't I enable BitLocker from Windows To Go Creator?
@@ -265,12 +266,12 @@ sections:
       - question: |
           Does Windows To Go support crash dump analysis?
         answer: |
-          Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0.
+          Yes. Windows 8 and later support crash dump stack analysis for both USB 2.0 and 3.0.
 
       - question: |
           Do "Windows To Go Startup Options" work with dual boot computers?
         answer: |
-          Yes, if both operating systems are running the Windows 8 operating system. Enabling "Windows To Go Startup Options" should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on.
+          Yes, if both operating systems are running the Windows 8 operating system. Enabling "Windows To Go Startup Options" should cause the computer to boot from the Windows To Go workspace when the drive is plugged in before the computer is turned on.
           
           If you have configured a dual boot computer with a Windows operating system and another operating system, it might work occasionally and fail occasionally. Using this configuration is unsupported.
           
@@ -279,7 +280,7 @@ sections:
         answer: |
           Windows To Go Creator and the recommended deployment steps for Windows To Go set the NO\_DEFAULT\_DRIVE\_LETTER flag on the Windows To Go drive. This flag prevents Windows from automatically assigning drive letters to the partitions on the Windows To Go drive. That's why you can't see the partitions on the drive when you plug your Windows To Go drive into a running computer. This helps prevent accidental data leakage between the Windows To Go drive and the host computer. If you really need to access the files on the Windows To Go drive from a running computer, you can use diskmgmt.msc or diskpart to assign a drive letter.
           
-          **Warning**  
+          **Warning**  
           It's strongly recommended that you don't plug your Windows To Go drive into a running computer. If the computer is compromised, your Windows To Go workspace can also be compromised.
           
            
@@ -289,8 +290,8 @@ sections:
         answer: |
           Windows To Go Creator and the recommended deployment steps for Windows To Go set SAN Policy 4 on Windows To Go drive. This policy prevents Windows from automatically mounting internal disk drives. That's why you can't see the internal hard drives of the host computer when you're booted into Windows To Go. This is done to prevent accidental data leakage between Windows To Go and the host system. This policy also prevents potential corruption on the host drives or data loss if the host operating system is in a hibernation state. If you really need to access the files on the internal hard drive, you can use diskmgmt.msc to mount the internal drive.
           
-          **Warning**  
-          It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
+          **Warning**  
+          It is strongly recommended that you do not mount internal hard drives when booted into the Windows To Go workspace. If the internal drive contains a hibernated Windows 8 or later operating system, mounting the drive will lead to loss of hibernation state and therefor user state or any unsaved user data when the host operating system is booted. If the internal drive contains a hibernated Windows 7 or earlier operating system, mounting the drive will lead to corruption when the host operating system is booted.
           
            
           
@@ -307,7 +308,7 @@ sections:
       - question: |
           Does Windows To Go work with ARM processors?
         answer: |
-          No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors.
+          No. Windows RT is a specialized version of Windows designed for ARM processors. Windows To Go is currently only supported on PCs with x86 or x64-based processors.
 
       - question: |
           Can I synchronize data from Windows To Go with my other computer?
@@ -332,7 +333,7 @@ sections:
       - question: |
           Can I use all my applications on Windows To Go?
         answer: |
-          Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time.
+          Yes. Because your Windows To Go workspace is a full Windows 10 environment, all applications that work with Windows 10 should work in your Windows To Go workspace. However, any applications that use hardware binding (usually for licensing and/or digital rights management reasons) may not run when you roam your Windows To Go drive between different host computers, and you may have to use those applications on the same host computer every time.
 
       - question: |
           Does Windows To Go work slower than standard Windows?
@@ -347,14 +348,14 @@ sections:
       - question: |
           Can I boot Windows To Go on a Mac?
         answer: |
-          We're committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers aren't certified for use with Windows 7 or later, using Windows To Go isn't supported on a Mac.
+          We're committed to give customers a consistent and quality Windows 10 experience with Windows To Go. Windows To Go supports host devices certified for use with Windows 7 or later. Because Mac computers aren't certified for use with Windows 7 or later, using Windows To Go isn't supported on a Mac.
 
       - question: |
           Are there any APIs that allow applications to identify a Windows To Go workspace?
         answer: |
           Yes. You can use a combination of identifiers to determine if the currently running operating system is a Windows To Go workspace. First, check if the **PortableOperatingSystem** property is true. When that value is true, it means that the operating system was booted from an external USB device.
           
-          Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment.
+          Next, check if the **OperatingSystemSKU** property is equal to **4** (for Windows 10 Enterprise) or **121** (for Windows 10 Education). The combination of those two properties represents a Windows To Go workspace environment.
           
           For more information, see the MSDN article on the [Win32\_OperatingSystem class](/windows/win32/cimwin32prov/win32-operatingsystem).
           
@@ -371,17 +372,17 @@ sections:
       - question: |
           Why won't Windows To Go work on a computer running Windows XP or Windows Vista?
         answer: |
-          Actually it might. If you've purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you've configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports.
+          Actually it might. If you've purchased a computer certified for Windows 7 or later and then installed an older operating system, Windows To Go will boot and run as expected as long as you've configured the firmware to boot from USB. However, if the computer was certified for Windows XP or Windows Vista, it might not meet the hardware requirements for Windows To Go to run. Typically computers certified for Windows Vista and earlier operating systems have less memory, less processing power, reduced video rendering, and slower USB ports.
 
       - question: |
           Why does the operating system on the host computer matter?
         answer: |
-          It doesn't other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer can't boot from USB there's no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected.
+          It doesn't other than to help visually identify if the PC has compatible hardware. For a PC to be certified for Windows 7 or later it had to support booting from USB. If a computer can't boot from USB there's no way that it can be used with Windows To Go. The Windows To Go workspace is a full Windows 10 environment, so all of the hardware requirements of Windows 10 with respect to processing speed, memory usage, and graphics rendering need to be supported to be assured that it will work as expected.
 
       - question: |
-          My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?
+          My host computer running Windows 7 is protected by BitLocker Drive Encryption. Why did I need to use the recovery key to unlock and reboot my host computer after using Windows To Go?
         answer: |
-          The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary.
+          The default BitLocker protection profile in Windows 7 monitors the host computer for changes to the boot order as part of protecting the computer from tampering. When you change the boot order of the host computer to enable it to boot from the Windows To Go drive, the BitLocker system measurements will reflect that change and boot into recovery mode so that the computer can be inspected if necessary.
           
           You can reset the BitLocker system measurements to incorporate the new boot order using the following steps:
           
@@ -404,7 +405,7 @@ sections:
           The host computer will now be able to be booted from a USB drive without triggering recovery mode.
           
           > [!NOTE]
-          > The default BitLocker protection profile in Windows 8 or later doesn't monitor the boot order.
+          > The default BitLocker protection profile in Windows 8 or later doesn't monitor the boot order.
           
            
           
@@ -429,7 +430,7 @@ sections:
       - question: |
           Why do I keep on getting the message "Installing devices…" when I boot Windows To Go?
         answer: |
-          One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers that aren't present on the new configuration. In general, this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations.
+          One of the challenges involved in moving the Windows To Go drive between PCs while seamlessly booting Windows with access to all of their applications and data is that for Windows to be fully functional, specific drivers need to be installed for the hardware in each machine that runs Windows. Windows 8 or later has a process called respecialize which will identify new drivers that need to be loaded for the new PC and disable drivers that aren't present on the new configuration. In general, this feature is reliable and efficient when roaming between PCs of widely varying hardware configurations.
           
           In certain cases, third-party drivers for different hardware models or versions can reuse device ID's, driver file names, registry keys (or any other operating system constructs that don't  support side-by-side storage) for similar hardware. For example, Touchpad drivers on different laptops often reuse the same device ID's, and video cards from the same manufacturer may often reuse service names. Windows handles these situations by marking the non-present device node with a flag that indicates the existing driver needs to be reinstalled before continuing to install the new driver.
           
diff --git a/windows/deployment/planning/windows-to-go-overview.md b/windows/deployment/planning/windows-to-go-overview.md
index b0805659aa..5465e73df5 100644
--- a/windows/deployment/planning/windows-to-go-overview.md
+++ b/windows/deployment/planning/windows-to-go-overview.md
@@ -2,19 +2,19 @@
 title: Windows To Go feature overview (Windows 10)
 description: Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that lets you create a workspace that can be booted from a USB-connected drive.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
 ms.collection: 
   - highpri
+ms.date: 10/28/2022
 ---
 
 # Windows To Go: feature overview
 
-
 **Applies to**
 
 - Windows 10
@@ -24,12 +24,15 @@ ms.collection:
 
 Windows To Go is a feature in Windows 10 Enterprise and Windows 10 Education that enables the creation of a Windows To Go workspace that can be booted from a USB-connected external drive on PCs.
 
-PCs that meet the Windows 7 or later [certification requirements](/previous-versions/windows/hardware/cert-program/) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
+PCs that meet the Windows 7 or later [certification requirements](/previous-versions/windows/hardware/cert-program/) can run Windows 10 in a Windows To Go workspace, regardless of the operating system running on the PC. Windows To Go workspaces can use the same image enterprises use for their desktops and laptops and can be managed the same way. Windows To Go is not intended to replace desktops, laptops or supplant other mobility offerings. Rather, it provides support for efficient use of resources for alternative workplace scenarios. There are some additional considerations that you should keep in mind before you start to use Windows To Go:
 
-- [Differences between Windows To Go and a typical installation of Windows](#bkmk-wtgdif)
-- [Roaming with Windows To Go](#bkmk-wtgroam)
-- [Prepare for Windows To Go](#wtg-prep-intro)
-- [Hardware considerations for Windows To Go](#wtg-hardware)
+- [Windows To Go: feature overview](#windows-to-go-feature-overview)
+  - [<a href="" id="bkmk-wtgdif"></a>Differences between Windows To Go and a typical installation of Windows](#differences-between-windows-to-go-and-a-typical-installation-of-windows)
+  - [<a href="" id="bkmk-wtgroam"></a>Roaming with Windows To Go](#roaming-with-windows-to-go)
+  - [<a href="" id="wtg-prep-intro"></a>Prepare for Windows To Go](#prepare-for-windows-to-go)
+  - [<a href="" id="wtg-hardware"></a>Hardware considerations for Windows To Go](#hardware-considerations-for-windows-to-go)
+  - [Additional resources](#additional-resources)
+  - [Related topics](#related-topics)
 
 > [!NOTE]
 > Windows To Go is not supported on Windows RT.
@@ -38,12 +41,12 @@ PCs that meet the Windows 7 or later [certification requirements](/previous-vers
 
 Windows To Go workspace operates just like any other installation of Windows with a few exceptions. These exceptions are:
 
-- **Internal disks are offline.** To ensure data isn’t accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer.
+- **Internal disks are offline.** To ensure data isn't accidentally disclosed, internal hard disks on the host computer are offline by default when booted into a Windows To Go workspace. Similarly if a Windows To Go drive is inserted into a running system, the Windows To Go drive will not be listed in Windows Explorer.
 - **Trusted Platform Module (TPM) is not used.** When using BitLocker Drive Encryption a pre-operating system boot password will be used for security rather than the TPM since the TPM is tied to a specific computer and Windows To Go drives will move between computers.
 - **Hibernate is disabled by default.** To ensure that the Windows To Go workspace is able to move between computers easily, hibernation is disabled by default. Hibernation can be re-enabled by using Group Policy settings.
 - **Windows Recovery Environment is not available.** In the rare case that you need to recover your Windows To Go drive, you should re-image it with a fresh image of Windows.
-- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer’s standard for the computer doesn’t apply when running a Windows To Go workspace, so the feature was disabled.
-- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows.
+- **Refreshing or resetting a Windows To Go workspace is not supported.** Resetting to the manufacturer's standard for the computer doesn't apply when running a Windows To Go workspace, so the feature was disabled.
+- **Upgrading a Windows To Go workspace is not supported.** Older Windows 8 or Windows 8.1 Windows To Go workspaces cannot be upgraded to Windows 10 workspaces, nor can Windows 10 Windows To Go workspaces be upgraded to future versions of Windows 10. For new versions, the workspace needs to be re-imaged with a fresh image of Windows.
 
 ## <a href="" id="bkmk-wtgroam"></a>Roaming with Windows To Go
 
@@ -53,7 +56,7 @@ The applications that you want to use from the Windows To Go workspace should be
 
 ## <a href="" id="wtg-prep-intro"></a>Prepare for Windows To Go
 
-Enterprises install Windows on a large group of computers either by using configuration management software (such as Microsoft Endpoint Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
+Enterprises install Windows on a large group of computers either by using configuration management software (such as Microsoft Configuration Manager), or by using standard Windows deployment tools such as DiskPart and the Deployment Image Servicing and Management (DISM) tool.
 
 These same tools can be used to provision Windows To Go drive, just as you would if you were planning for provisioning a new class of mobile PCs. You can use the [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) to review deployment tools available.
 
@@ -120,7 +123,7 @@ As of the date of publication, the following are the USB drives currently certif
 
 -   Western Digital My Passport Enterprise ([http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722))
 
-    We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go.  For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)
+    We recommend that you run the WD Compass utility to prepare the Western Digital My Passport Enterprise drive for provisioning with Windows To Go.  For more information about the WD Compass utility please refer to [http://www.wd.com/wtg](https://go.microsoft.com/fwlink/p/?LinkId=618722)
 
 **For host computers**
 
@@ -167,4 +170,4 @@ In addition to the USB boot support in the BIOS, the Windows 10 image on your Wi
 [Prepare your organization for Windows To Go](prepare-your-organization-for-windows-to-go.md)<br>
 [Deployment considerations for Windows To Go](deployment-considerations-for-windows-to-go.md)<br>
 [Security and data protection considerations for Windows To Go](security-and-data-protection-considerations-for-windows-to-go.md)<br>
-[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
+[Best practice recommendations for Windows To Go](best-practice-recommendations-for-windows-to-go.md)
\ No newline at end of file
diff --git a/windows/deployment/s-mode.md b/windows/deployment/s-mode.md
index 6f18b26897..eaba8cdb52 100644
--- a/windows/deployment/s-mode.md
+++ b/windows/deployment/s-mode.md
@@ -3,11 +3,13 @@ title: Windows 10 Pro in S mode
 description: Overview of Windows 10 Pro/Enterprise in S mode. What is S mode for Enterprise customers?
 ms.localizationpriority: high
 ms.prod: windows-client
-manager: dougeby
-author: aczechowski
-ms.author: aaroncz
+manager: aaroncz
+author: frankroj
+ms.author: frankroj
 ms.topic: article
 ms.custom: seo-marvel-apr2020
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # Windows 10 in S mode - What is it?
@@ -20,22 +22,21 @@ S mode is an evolution of the S SKU introduced with Windows 10 April 2018 Update
 
 **Microsoft-verified security**
 
-With Windows 10 in S mode, you’ll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where they’re Microsoft-verified for security. You can also feel secure when you’re online. Microsoft Edge, your default browser, gives you protection against phishing and socially engineered malware.
+With Windows 10 in S mode, you'll find your favorite applications, such as Office, Evernote, and Spotify in the Microsoft Store where they're Microsoft-verified for security. You can also feel secure when you're online. Microsoft Edge, your default browser, gives you protection against phishing and socially engineered malware.
 
 **Performance that lasts**
 
-Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. Plus, you’ll enjoy a smooth, responsive experience, whether you’re streaming HD video, opening apps, or being productive on the go.
+Start-ups are quick, and S mode is built to keep them that way. With Microsoft Edge as your browser, your online experience is fast and secure. Plus, you'll enjoy a smooth, responsive experience, whether you're streaming HD video, opening apps, or being productive on the go.
 
 **Choice and flexibility**
 
-Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don’t find exactly what you want, you can easily [switch out of S mode](./windows-10-pro-in-s-mode.md) to Windows 10 Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below.
+Save your files to your favorite cloud, like OneDrive or Dropbox, and access them from any device you choose. Browse the Microsoft Store for thousands of apps, and if you don't find exactly what you want, you can easily [switch out of S mode](./windows-10-pro-in-s-mode.md) to Windows 10 Home, Pro, or Enterprise editions at any time and search the web for more choices, as shown below.
 
 ![Switching out of S mode flow chart.](images/s-mode-flow-chart.png)
 
-
 ## Deployment
 
-Windows 10 in S mode is built for [modern management](/windows/client-management/manage-windows-10-in-your-organization-modern-management) which means using [Windows Autopilot](/mem/autopilot/windows-autopilot). Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic PC that can only be used to join the company domain; policies are then deployed automatically through mobile device management to customize the device to the user and the desired environment. Devices are shipped in S mode; you can either keep them in S mode or use Windows Autopilot to switch the device out of S mode during the first run process or later using mobile device management, if desired.
+Windows 10 in S mode is built for [modern management](/windows/client-management/manage-windows-10-in-your-organization-modern-management), which means using [Windows Autopilot](/mem/autopilot/windows-autopilot). Windows Autopilot lets you deploy the device directly to a user without IT having to touch the physical device. Instead of manually deploying a custom image, Windows Autopilot will start with a generic PC that can only be used to join the company domain; policies are then deployed automatically through mobile device management to customize the device to the user and the desired environment. Devices are shipped in S mode; you can either keep them in S mode or use Windows Autopilot to switch the device out of S mode during the first run process or later using mobile device management, if desired.
 
 ## Keep line of business apps functioning with Desktop Bridge
 
@@ -43,8 +44,7 @@ Worried about your line of business apps not working in S mode? [Desktop Bridge]
 
 ## Repackage Win32 apps into the MSIX format
 
-The [MSIX Packaging Tool](/windows/application-management/msix-app-packaging-tool), available from the Microsoft Store, enables you to repackage existing Win32 applications to the MSIX format. You can run your desktop installers through this tool interactively and obtain an MSIX package that you can install on your device and upload to the Microsoft Store. This is another way to get your apps ready to run on Windows 10 in S mode.
-
+The [MSIX Packaging Tool](/windows/application-management/msix-app-packaging-tool), available from the Microsoft Store, enables you to repackage existing Win32 applications to the MSIX format. You can run your desktop installers through the MSIX Packaging Tool interactively and obtain an MSIX package that you can install on your device and upload to the Microsoft Store. The MSIX Packaging Tool is another way to get your apps ready to run on Windows 10 in S mode.
 
 ## Related links
 
diff --git a/windows/deployment/update/PSFxWhitepaper.md b/windows/deployment/update/PSFxWhitepaper.md
index 5c1d53cd63..7d41b154fe 100644
--- a/windows/deployment/update/PSFxWhitepaper.md
+++ b/windows/deployment/update/PSFxWhitepaper.md
@@ -68,7 +68,7 @@ numerous advantages:
 
 Historically, download sizes of Windows 10 quality updates (Windows 10, version 1803 and older supported versions of Windows 10) are optimized by using express download. Express download is optimized such that updating Windows 10 systems will download the minimum number of bytes. This is achieved by generating differentials for every updated file based on selected historical base revisions of the same file + its base or RTM version.
 
-For example, if the October monthly quality update has updated Notepad.exe, differentials for Notepad.exe file changes from September to October, August to October, July to October, June to October, and from the original feature release to October are generated. All these differentials are stored in a Patch Storage File (PSF, also referred to as “express download files”) and hosted or cached on Windows Update or other update management or distribution servers (for example, Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or a non-Microsoft update management or distribution server that supports express updates). A device leveraging express updates uses network protocol to determine optimal differentials, then downloads only what is needed from the update distribution endpoints.
+For example, if the October monthly quality update has updated Notepad.exe, differentials for Notepad.exe file changes from September to October, August to October, July to October, June to October, and from the original feature release to October are generated. All these differentials are stored in a Patch Storage File (PSF, also referred to as “express download files”) and hosted or cached on Windows Update or other update management or distribution servers (for example, Windows Server Update Services (WSUS), Microsoft Configuration Manager, or a non-Microsoft update management or distribution server that supports express updates). A device leveraging express updates uses network protocol to determine optimal differentials, then downloads only what is needed from the update distribution endpoints.
 
 The flip side of express download is that the size of PSF files can be very large depending on the number of historical baselines against which differentials were calculated. Downloading and caching large PSF files to on-premises or remote update distribution servers is problematic for most organizations, hence they are unable to leverage express updates to keep their fleet of devices running Windows 10 up to date. Secondly, due to the complexity of generating differentials and size of the express files that need to be cached on update distribution servers, it is only feasible to generate express download files for the most common baselines, thus express updates are only applicable to selected baselines. Finally, calculation of optimal differentials is expensive in terms of system memory utilization, especially for low-cost systems, impacting their ability to download and apply an update seamlessly.
 
diff --git a/windows/deployment/update/create-deployment-plan.md b/windows/deployment/update/create-deployment-plan.md
index 17dc7028a8..5263372cb3 100644
--- a/windows/deployment/update/create-deployment-plan.md
+++ b/windows/deployment/update/create-deployment-plan.md
@@ -20,7 +20,7 @@ ms.technology: itpro-updates
 
 A "service management" mindset means that the devices in your organization fall into a continuum, with the software update process being constantly planned, deployed, monitored, and optimized. And once you use this process for feature updates, quality updates become a lightweight procedure that is simple and fast to execute, ultimately increasing velocity.
 
-When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We’ve found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They are simply a method to separate devices into a deployment timeline.
+When you move to a service management model, you need effective ways of rolling out updates to representative groups of devices. We’ve found that a ring-based deployment works well for us at Microsoft and many other organizations across the globe. Deployment rings in Windows client are similar to the deployment groups most organizations constructed for previous major revision upgrades. They're simply a method to separate devices into a deployment timeline.
 
 At the highest level, each “ring” comprises a group of users or devices that receive a particular update concurrently. For each ring, IT administrators set criteria to control deferral time or adoption (completion) that should be met before deployment to the next broader ring of devices or users can occur.
 
@@ -39,7 +39,7 @@ A common ring structure uses three deployment groups:
 
 ## How many rings should I have?
 
-There are no definite rules for exactly how many rings to have for your deployments. As mentioned previously, you might want to ensure zero downtime for mission-critical devices by putting them in their own ring. If you have a large organization, you might want to consider assigning devices to rings based on geographic location or the size of rings so that helpdesk resources are more available. Consider the needs of your business and introduce rings that make sense for your organization.
+There are no definite rules for exactly how many rings to have for your deployments. As mentioned previously, you might want to ensure zero downtime for mission-critical devices by putting them in their own ring. If you have a large organization, you might want to consider assigning devices to rings based on geographic location. Or assign based on the size of rings so that helpdesk resources are more available. Consider the needs of your business and introduce rings that make sense for your organization.
 
 ## Advancing between rings
 
@@ -60,17 +60,17 @@ The purpose of the Preview ring is to evaluate the new features of the update. I
 
 ### Who goes in the Preview ring?
 
-The Preview ring users are the most tech savvy and resilient people, who will not lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
+The Preview ring users are the most tech savvy and resilient people, who won't lose productivity if something goes wrong. In general, these users are IT pros, and perhaps a few people in the business organization.
 
 During your plan and prepare phases, you should focus on the following activities:
 
 - Work with Windows Insider Preview builds.
 - Identify the features and functionality your organization can or wants to use.
-- Establish who will use the features and how they will benefit.
-- Understand why you are putting out the update.
+- Establish who will use the features and how they'll benefit.
+- Understand why you're putting out the update.
 - Plan for usage feedback.
 
-Remember, you are working with pre-release software in the Preview ring and you will be evaluating features and testing the update for a targeted release.
+Remember, you're working with pre-release software in the Preview ring and you'll be evaluating features and testing the update for a targeted release.
 
 > [!IMPORTANT]
 > If you are using Windows Insider (pre-release) releases for your preview ring and you are using WSUS or Windows Update for Business, be sure to set the following policies to allow for Preview builds:
@@ -80,11 +80,11 @@ Remember, you are working with pre-release software in the Preview ring and you
 ## Limited ring
 
 The purpose of the Limited ring is to validate the update on representative devices across the network. During this period, data, and feedback are generated to enable the decision to move forward to broader deployment. Desktop
-Analytics can help with defining a good Limited ring of representative devices and assist in monitoring the deployment.
+Analytics can help with defining a good Limited ring of representative devices and help monitor the deployment.
 
 ### Who goes in the Limited ring?
 
-The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented, and it's important that the people selected for this ring are using their devices regularly in order to generate the data you will need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don’t have the applications or device drivers that are truly a representative sample of your network.
+The most important part of this phase is finding a representative sample of devices and applications across your network. If possible, all hardware and all applications should be represented. It's important that the people selected for this ring are using their devices regularly to generate the data you'll need to make a decision for broader deployment across your organization. The IT department, lab devices, and users with the most cutting-edge hardware usually don’t have the applications or device drivers that are truly a representative sample of your network.
 
 
 During your pilot and validate phases, you should focus on the following activities:
@@ -93,7 +93,7 @@ During your pilot and validate phases, you should focus on the following activit
 - Assess and act if issues are encountered.
 - Move forward unless blocked.
 
-When you deploy to the Limited ring, you’ll be able to gather data and react to incidents happening in the environment, quickly addressing any issues that might arise. Ensure you monitor for sufficient adoption within this ring, because your Limited ring represents your organization across the board, and when you achieve sufficient adoption, you can have confidence that your broader deployment will run more smoothly.
+When you deploy to the Limited ring, you’ll be able to gather data and react to incidents happening in the environment, quickly addressing any issues that might arise. Ensure you monitor for sufficient adoption within this ring. Your Limited ring represents your organization across the board. When you achieve sufficient adoption, you can have confidence that your broader deployment will run more smoothly.
 
 ## Broad deployment
 
@@ -101,7 +101,7 @@ Once the devices in the Limited ring have had a sufficient stabilization period,
 
 ### Who goes in the Broad deployment ring?
 
-In most businesses, the Broad ring includes the rest of your organization. Because of the work in the previous ring to vet stability and minimize disruption (with diagnostic data to support your decision) broad deployment can occur relatively quickly.
+In most businesses, the Broad ring includes the rest of your organization. Because of the work in the previous ring to vet stability and minimize disruption (with diagnostic data to support your decision), a broad deployment can occur relatively quickly.
 
 > [!NOTE]
 > In some instances, you might hold back on mission-critical devices (such as medical devices) until deployment in the Broad ring is complete. Get best practices and recommendations for deploying Windows client feature updates to mission critical-devices.
@@ -109,19 +109,19 @@ In most businesses, the Broad ring includes the rest of your organization. Becau
 During the broad deployment phase, you should focus on the following activities:
 
 - Deploy to all devices in the organization.
-- Work through any final unusual issues that were not detected in your Limited ring.
+- Work through any final unusual issues that weren't detected in your Limited ring.
 
 
 ## Ring deployment planning
 
-Previously, we have provided methods for analyzing your deployments, but these have been standalone tools to assess, manage and execute deployments. In other words, you would generate an analysis, make a deployment strategy, and then move to your console for implementation, repeating these steps for each deployment. We have combined many of these tasks, and more, into a single interface with Desktop Analytics.
+Previously, we have provided methods for analyzing your deployments, but these have been standalone tools to assess, manage and execute deployments. In other words, you would generate an analysis, make a deployment strategy, and then move to your console for implementation, repeating these steps for each deployment. We've combined many of these tasks, and more, into a single interface with Desktop Analytics.
 
 
-[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a cloud-based service and a key tool in [Microsoft Endpoint Manager](/mem/configmgr/core/understand/microsoft-endpoint-manager-faq). Using artificial intelligence and machine learning, Desktop Analytics is a powerful tool to give you insights and intelligence to
+[Desktop Analytics](/mem/configmgr/desktop-analytics/overview) is a cloud-based service and a key tool in [Configuration Manager](/mem/configmgr/core/understand/microsoft-endpoint-manager-faq). Using artificial intelligence and machine learning, Desktop Analytics is a powerful tool to give you insights and intelligence to
 make informed decisions about the readiness of your Windows devices.
 
-In Windows client deployments, we have seen compatibility issues on < 0.5% of apps when using Desktop Analytics. Using Desktop Analytics with Microsoft Endpoint Manager can help you assess app compatibility with the latest
-feature update and create groups that represent the broadest number of hardware and software configurations on the smallest set of devices across your organization. In addition, Desktop Analytics can provide you with a device and software inventory and identify issues, giving you data that equate to actionable decisions.
+In Windows client deployments, we have seen compatibility issues on < 0.5% of apps when using Desktop Analytics. Using Desktop Analytics with Configuration Manager can help you assess app compatibility with the latest
+feature update. You can create groups that represent the broadest number of hardware and software configurations on the smallest set of devices across your organization. In addition, Desktop Analytics can provide you with a device and software inventory and identify issues, giving you data that equate to actionable decisions.
 
 > [!IMPORTANT]
 > Desktop Analytics does not support preview (Windows Insider) builds; use Configuration Manager to deploy to your Preview ring. As noted previously, the Preview ring is a small group of devices represents your ecosystem very well in terms of app, driver, and hardware diversity.
@@ -130,8 +130,8 @@ feature update and create groups that represent the broadest number of hardware
 
 There are two ways to implement a ring deployment plan, depending on how you manage your devices:
 
-- If you are using Configuration Manager: Desktop Analytics provides end-to-end deployment plan integration so that you can also kick off phased deployments within a ring. Learn more about [deployment plans in Desktop Analytics](/mem/configmgr/desktop-analytics/about-deployment-plans).
-- If you are using Microsoft Intune, see [Create deployment plans directly in Intune](/mem/intune/fundamentals/planning-guide).
+- If you're using Configuration Manager: Desktop Analytics provides end-to-end deployment plan integration so that you can also kick off phased deployments within a ring. Learn more about [deployment plans in Desktop Analytics](/mem/configmgr/desktop-analytics/about-deployment-plans).
+- If you're using Microsoft Intune, see [Create deployment plans directly in Intune](/mem/intune/fundamentals/planning-guide).
 
 For more about Desktop Analytics, see these articles:
 
diff --git a/windows/deployment/update/deploy-updates-configmgr.md b/windows/deployment/update/deploy-updates-configmgr.md
index 9fcf8d8e67..a7aa23afba 100644
--- a/windows/deployment/update/deploy-updates-configmgr.md
+++ b/windows/deployment/update/deploy-updates-configmgr.md
@@ -18,4 +18,4 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
-See the Microsoft Endpoint Manager [documentation](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) for details about using Configuration Manager to deploy and manage Windows 10 updates.
+See the [Microsoft Configuration Manager documentation](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) for details about using Configuration Manager to deploy and manage Windows 10 updates.
diff --git a/windows/deployment/update/deployment-service-overview.md b/windows/deployment/update/deployment-service-overview.md
index fbb54dd2d2..5ae667d595 100644
--- a/windows/deployment/update/deployment-service-overview.md
+++ b/windows/deployment/update/deployment-service-overview.md
@@ -44,16 +44,16 @@ Windows Update for Business comprises three elements:
 - Deployment service APIs to approve and schedule specific updates – available through the Microsoft Graph and associated SDKs (including PowerShell)
 - Update Compliance to monitor update deployment – available through the Azure Marketplace
 
-Unlike existing client policy, the deployment service does not interact with devices directly. The service is native to the cloud and all operations take place between various Microsoft services. It creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an IT Pro.
+Unlike existing client policy, the deployment service doesn't interact with devices directly. The service is native to the cloud and all operations take place between various Microsoft services. It creates a direct communication channel between a management tool (including scripting tools such as Windows PowerShell) and the Windows Update service so that the approval and offering of content can be directly controlled by an IT Pro.
 
 :::image type="content" source="media/wufbds-interaction-small.png" alt-text="Process described in following text.":::
 
 Using the deployment service typically follows a common pattern:
-1. IT Pro uses a management tool to select devices and approve content to be deployed. This tool could be PowerShell, a Microsoft Graph app or a more complete management solution such as Microsoft Endpoint Manager.
+1. IT Pro uses a management tool to select devices and approve content to be deployed. This tool could be PowerShell, a Microsoft Graph app or a more complete management solution such as Microsoft Intune.
 2. The chosen tool conveys your approval, scheduling, and device selection information to the deployment service.
 3. The deployment service processes the content approval and compares it with previously approved content. Final update applicability is determined and conveyed to Windows Update, which then offers approved content to devices on their next check for updates.
 
-The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Endpoint Manager.
+The deployment service exposes these capabilities through Microsoft [Graph REST APIs](/graph/overview). You can call the APIs directly, through a Graph SDK, or integrate them with a management tool such as Microsoft Intune.
 
 ## Prerequisites
 
@@ -78,9 +78,9 @@ Additionally, your organization must have one of the following subscriptions:
 
 To use the deployment service, you use a management tool built on the platform, script common actions using PowerShell, or build your own application.
 
-### Using Microsoft Endpoint Manager
+### Using Microsoft Intune
 
-Microsoft Endpoint Manager integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates).
+Intune integrates with the deployment service to provide Windows client update management capabilities. For more information, see [Feature updates for Windows 10 and later policy in Intune](/mem/intune/protect/windows-10-feature-updates).
 
 ### Scripting common actions using PowerShell
 
@@ -92,7 +92,7 @@ Microsoft Graph makes deployment service APIs available through. Get started wit
 - Learning path: [Microsoft Graph Fundamentals](/training/paths/m365-msgraph-fundamentals/)
 - Learning path: [Build apps with Microsoft Graph](/training/paths/m365-msgraph-associate/)
 
-Once you are familiar with Microsoft Graph development, see [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) for more.
+Once you're familiar with Microsoft Graph development, see [Windows updates API overview in Microsoft Graph](/graph/windowsupdates-concept-overview) for more.
 
 ## Deployment protections
 
@@ -107,9 +107,9 @@ The deployment service allows any update to be deployed over a period of days or
 3. Start deploying to earlier waves to build coverage of device attributes present in the population.
 4. Continue deploying at a uniform rate until all waves are complete and all devices are updated.
 
-This built-in piloting capability complements your existing ring structure and provides another support for reducing and managing risk during an update. Unlike tools such as Desktop Analytics, this capability is intended to operate within each ring. The deployment service does not provide a workflow for creating rings themselves.
+This built-in piloting capability complements your existing ring structure and provides another support for reducing and managing risk during an update. Unlike tools such as Desktop Analytics, this capability is intended to operate within each ring. The deployment service doesn't provide a workflow for creating rings themselves.
 
-You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and additional protections within each ring.
+You should continue to use deployment rings as part of the servicing strategy for your organization, but use gradual rollouts to add scheduling convenience and other protections within each ring.
 
 ### Safeguard holds against likely and known issues
 
@@ -139,9 +139,9 @@ To enroll devices in Windows Update for Business cloud processing, set the **All
 | GPO for Windows 10, version 1809 or later: Computer Configuration > Administrative Templates > Windows Components > Data Collection and Preview Builds > **Allow WUfB Cloud Processing** | `\Policies\Microsoft\Windows\DataCollection\AllowWUfBCloudProcessing` |
 | MDM for Windows 10, version 1809 or later: ../Vendor/MSFT/ Policy/Config/System/**AllowWUfBCloudProcessing** | `\Microsoft\PolicyManager\current\device\System\AllowWUfBCloudProcessing` |
 
-Following is an example of setting the policy using Microsoft Endpoint Manager:
+Following is an example of setting the policy using Intune:
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
+1. Sign in to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
 2. Select **Devices** > **Configuration profiles** > **Create profile**.
 
@@ -175,7 +175,7 @@ Follow these suggestions for the best results with the service.
 
 ### General
 
-Avoid using different channels to manage the same resources. If you use Microsoft Endpoint Manager along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it.
+Avoid using different channels to manage the same resources. If you use Microsoft Intune along with Microsoft Graph APIs or PowerShell, aspects of resources (such as devices, deployments, updatable asset groups) might be overwritten if you use both channels to manage the same resources. Instead, only manage each resource through the channel that created it.
 
 
 ## Next steps
diff --git a/windows/deployment/update/get-started-updates-channels-tools.md b/windows/deployment/update/get-started-updates-channels-tools.md
index d5467cc27c..d53be32342 100644
--- a/windows/deployment/update/get-started-updates-channels-tools.md
+++ b/windows/deployment/update/get-started-updates-channels-tools.md
@@ -44,7 +44,7 @@ We include information here about many different update types you'll hear about,
 
 There are three servicing channels, each of which offers you a different level of flexibility with how and when updates are delivered to devices. Using the different servicing channels allows you to deploy Windows "as a service," which conceives of deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process.
 
-The first step of controlling when and how devices install updates is assigning them to the appropriate servicing channel. You can assign devices to a particular channel with any of several tools, including Microsoft Endpoint Configuration Manager, Windows Server Update Services (WSUS), and Group Policy settings applied by any of several means. By dividing devices into different populations ("deployment groups" or "rings") you can use servicing channel assignment, followed by other management features such as update deferral policies, to create a phased deployment of any update that allows you to start with a limited pilot deployment for testing before moving to a broad deployment throughout your organization.
+The first step of controlling when and how devices install updates is assigning them to the appropriate servicing channel. You can assign devices to a particular channel with any of several tools, including Microsoft Configuration Manager, Windows Server Update Services (WSUS), and Group Policy settings applied by any of several means. By dividing devices into different populations ("deployment groups" or "rings") you can use servicing channel assignment, followed by other management features such as update deferral policies, to create a phased deployment of any update that allows you to start with a limited pilot deployment for testing before moving to a broad deployment throughout your organization.
 
 
 ### General Availability Channel
diff --git a/windows/deployment/update/includes/update-compliance-admin-center-permissions.md b/windows/deployment/update/includes/update-compliance-admin-center-permissions.md
deleted file mode 100644
index 01f67b2713..0000000000
--- a/windows/deployment/update/includes/update-compliance-admin-center-permissions.md
+++ /dev/null
@@ -1,22 +0,0 @@
----
-author: mestew
-ms.author: mstewart
-manager: dougeby
-ms.prod: w10
-ms.collection: M365-modern-desktop
-ms.topic: include
-ms.date: 08/18/2022
-ms.localizationpriority: medium
----
-<!--This file is shared by updates/update-compliance-v2-enable.md and the update/update-status-admin-center.md articles. Headings may be driven by article context.  -->
-[Enabling Update Compliance](../update-compliance-v2-enable.md) requires access to the [Microsoft admin center software updates (preview) page](../update-status-admin-center.md) as does displaying Update Compliance data in the admin center. The following permissions are needed for access to the [Microsoft 365 admin center](https://admin.microsoft.com):
-
-
-- To enable Update Compliance, edit Update Compliance configuration settings, and view the **Windows** tab in the **Software Updates** page: 
-  - [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
-  - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
-- To view the **Windows** tab in the **Software Updates** page:
-  - [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
-
-> [!NOTE]
-> These permissions for the Microsoft 365 admin center apply specifically to the **Windows** tab of the **Software Updates** page. For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/DeployOffice/updates/software-update-status).
diff --git a/windows/deployment/update/includes/update-compliance-onboard-admin-center.md b/windows/deployment/update/includes/update-compliance-onboard-admin-center.md
deleted file mode 100644
index 13183b46dd..0000000000
--- a/windows/deployment/update/includes/update-compliance-onboard-admin-center.md
+++ /dev/null
@@ -1,23 +0,0 @@
----
-author: mestew
-ms.author: mstewart
-manager: dougeby
-ms.prod: w10
-ms.collection: M365-modern-desktop
-ms.topic: include
-ms.date: 08/18/2022
-ms.localizationpriority: medium
----
-<!--This file is shared by updates/update-compliance-v2-enable.md and the update/update-status-admin-center.md articles. Headings are driven by article context.  -->
-1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
-1. Expand **Health**, then select **Software Updates**. You may need to use the **Show all** option to display **Health** in the navigation menu.
-1. In the **Software Updates** page, select the **Windows** tab.
-1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](../update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance:
-
-    - The Azure subscription
-    - The Log Analytics workspace
-1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**.
-1. After the initial setup is complete, the **Windows** tab will display your Update Compliance data in the charts.
-
-> [!Tip]
-> If you don't see an entry for **Software updates (preview)** in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates).
diff --git a/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md b/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
new file mode 100644
index 0000000000..3dc65fd476
--- /dev/null
+++ b/windows/deployment/update/includes/wufb-reports-admin-center-permissions.md
@@ -0,0 +1,21 @@
+---
+author: mestew
+ms.author: mstewart
+manager: dougeby
+ms.prod: w10
+ms.collection: M365-modern-desktop
+ms.topic: include
+ms.date: 08/18/2022
+ms.localizationpriority: medium
+---
+<!--This file is shared by updates/wufb-reports-enable.md and the update/wufb-reports-admin-center.md articles. Headings may be driven by article context.  -->
+
+To enroll into Windows Update for Business reports, edit configuration settings, display and edit the workbook, and view the **Windows** tab in the **Software Updates** page from the [Microsoft 365 admin center](https://admin.microsoft.com) use one of the following roles:
+
+- [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
+- [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
+- [Windows Update deployment administrator](/azure/active-directory/roles/permissions-reference#windows-update-deployment-administrator)
+   - This role allows enrollment through the [workbook](../wufb-reports-enable.md#bkmk_enroll-workbook) but not the Microsoft 365 admin center
+
+To display the workbook and view the **Windows** tab in the **Software Updates** page [Microsoft 365 admin center](https://admin.microsoft.com) use the following role:
+  - [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
diff --git a/windows/deployment/update/includes/update-compliance-endpoints.md b/windows/deployment/update/includes/wufb-reports-endpoints.md
similarity index 88%
rename from windows/deployment/update/includes/update-compliance-endpoints.md
rename to windows/deployment/update/includes/wufb-reports-endpoints.md
index ebb1b35eb2..727f6eec4b 100644
--- a/windows/deployment/update/includes/update-compliance-endpoints.md
+++ b/windows/deployment/update/includes/wufb-reports-endpoints.md
@@ -8,13 +8,13 @@ ms.topic: include
 ms.date: 04/06/2022
 ms.localizationpriority: medium
 ---
-<!--This file is shared by updates/update-compliance-v2-prerequisites.md and the update/update-compliance-configuration-manual.md articles. Headings are driven by article context.  -->
+<!--This file is shared by updates/wufb-reports-prerequisites.md and the update/update-compliance-configuration-manual.md articles. Headings are driven by article context.  -->
 
 Devices must be able to contact the following endpoints in order to authenticate and send diagnostic data: 
 
 | **Endpoint**  | **Function**  |
 |---------------------------------------------------------|-----------|
-| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most information for Update Compliance. |
+| `https://v10c.events.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1803 and later. DeviceCensus.exe must run on a regular cadence and contact this endpoint in order to receive most information for Windows Update for Business reports. |
 | `https://v10.vortex-win.data.microsoft.com` | Connected User Experience and Diagnostic component endpoint for Windows 10, version 1709 or earlier. |
 | `https://settings-win.data.microsoft.com` | Required for Windows Update functionality. |
 | `https://adl.windows.com` | Required for Windows Update functionality. |
diff --git a/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md b/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
new file mode 100644
index 0000000000..4a9b61242e
--- /dev/null
+++ b/windows/deployment/update/includes/wufb-reports-onboard-admin-center.md
@@ -0,0 +1,23 @@
+---
+author: mestew
+ms.author: mstewart
+manager: dougeby
+ms.prod: w10
+ms.collection: M365-modern-desktop
+ms.topic: include
+ms.date: 08/18/2022
+ms.localizationpriority: medium
+---
+<!--This file is shared by updates/wufb-reports-enable.md and the update/wufb-reports-admin-center.md articles. Headings are driven by article context.  -->
+1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
+1. Expand **Health**, then select **Software Updates**. You may need to use the **Show all** option to display **Health** in the navigation menu.
+   - If you don't see an entry for **Software updates** in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates).
+1. In the **Software Updates** page, select the **Windows** tab.
+1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Windows Update for Business reports](../wufb-reports-overview.md). Verify or supply the following information about the settings for Windows Update for Business reports:
+
+    - The Azure subscription
+    - The Log Analytics workspace
+1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Windows Update for Business reports data**.
+1. After the initial setup is complete, the **Windows** tab will display your Windows Update for Business reports data in the charts.
+   > [!Note]
+   > The device counts in the **Windows** tab may vary from the **Microsoft 365 Apps** tab since their requirements are different.  
diff --git a/windows/deployment/update/includes/wufb-reports-recommend.md b/windows/deployment/update/includes/wufb-reports-recommend.md
new file mode 100644
index 0000000000..7a8c702ba0
--- /dev/null
+++ b/windows/deployment/update/includes/wufb-reports-recommend.md
@@ -0,0 +1,14 @@
+---
+author: mestew
+ms.author: mstewart
+manager: aaroncz
+ms.prod: w10
+ms.collection: M365-modern-desktop
+ms.topic: include
+ms.date: 11/04/2022
+ms.localizationpriority: medium
+---
+<!--This file is shared by all Update Compliance v1 articles.  -->
+
+> [!Important]
+> If you're using Update Compliance, it's highly recommended that you start transitioning to Windows Update for Business reports. For more information, see [Windows Update for Business reports overview](..\wufb-reports-overview.md).
diff --git a/windows/deployment/update/includes/update-compliance-script-error-codes.md b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
similarity index 90%
rename from windows/deployment/update/includes/update-compliance-script-error-codes.md
rename to windows/deployment/update/includes/wufb-reports-script-error-codes.md
index fa70e9df8b..6d4248cbb0 100644
--- a/windows/deployment/update/includes/update-compliance-script-error-codes.md
+++ b/windows/deployment/update/includes/wufb-reports-script-error-codes.md
@@ -8,7 +8,7 @@ ms.topic: include
 ms.date: 08/18/2022
 ms.localizationpriority: medium
 ---
-<!--This file is shared by updates/update-compliance-v2-configuration-script.md and the update/update-compliance-configuration-script.md articles. Headings are driven by article context.  -->
+<!--This file is shared by updates/wufb-reports-configuration-script.md and the update/update-compliance-configuration-script.md articles. Headings are driven by article context.  -->
 |Error  |Description  |
 |---------|---------|
 | 1    | General unexpected error|
@@ -58,5 +58,5 @@ ms.localizationpriority: medium
 | 97 | Failed to update value for EnableAllowCommercialDataPipeline |
 | 98 | Unexpected exception in EnableAllowCommercialDataPipeline |
 | 99    | Device isn't Windows 10.|
-| 100 | Device must be AADJ or hybrid AADJ to use Update Compliance |
+| 100 | Device must be AADJ or hybrid AADJ to use Windows Update for Business reports or Update Compliance |
 | 101 | Check AADJ failed with unexpected exception |
\ No newline at end of file
diff --git a/windows/deployment/update/includes/update-compliance-verify-device-configuration.md b/windows/deployment/update/includes/wufb-reports-verify-device-configuration.md
similarity index 83%
rename from windows/deployment/update/includes/update-compliance-verify-device-configuration.md
rename to windows/deployment/update/includes/wufb-reports-verify-device-configuration.md
index d3fdaa9c05..1b22ab60cd 100644
--- a/windows/deployment/update/includes/update-compliance-verify-device-configuration.md
+++ b/windows/deployment/update/includes/wufb-reports-verify-device-configuration.md
@@ -8,7 +8,7 @@ ms.topic: include
 ms.date: 08/10/2022
 ms.localizationpriority: medium
 ---
-<!--This file is shared by updates/update-compliance-v2-help.md and the update/update-compliance-v2-configuration-script.md articles. Headings are driven by article context.  -->
+<!--This file is shared by updates/wufb-reports-help.md and the update/wufb-reports-configuration-script.md articles. Headings are driven by article context.  -->
 
 In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps:
 
@@ -35,9 +35,9 @@ In some cases, you may need to manually verify the device configuration has the
    1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
    1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**.
 1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items:
-   - The **EnrolledTenantID** field under **m365a** should equal the `CommercialID` of your Log Analytics workspace for Update Compliance. `CommercialID` is no longer required for the [preview version of Updates Compliance](../update-compliance-v2-overview.md), but the value may still be listed in this field.
+   - The **EnrolledTenantID** field under **m365a** should equal the `CommercialID` of your Log Analytics workspace for Update Compliance. `CommercialID` is no longer required for [Windows Update for Business reports](../wufb-reports-overview.md), but the value may still be listed in this field.
    - The **MSP** field value under **protocol** should be either `16` or `18`.
    - If you need to send this data to Microsoft Support, select **Export data**.  
 
-   :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="../media/update-compliance-diagnostic-data-viewer.png" lightbox="../media/update-compliance-diagnostic-data-viewer.png"::: 
+   :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="../media/wufb-reports-diagnostic-data-viewer.png" lightbox="../media/wufb-reports-diagnostic-data-viewer.png"::: 
 
diff --git a/windows/deployment/update/index.md b/windows/deployment/update/index.md
index c2470f7d69..352013a1ea 100644
--- a/windows/deployment/update/index.md
+++ b/windows/deployment/update/index.md
@@ -20,14 +20,14 @@ ms.technology: itpro-updates
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
-Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly, and spreads the required effort out into a continuous updating process, reducing the overall effort required to maintain Windows client devices in your environment. In addition, with the Windows client operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them. 
+Windows as a service provides a new way to think about building, deploying, and servicing the Windows operating system. The Windows as a service model is focused on continually providing new capabilities and updates while maintaining a high level of hardware and software compatibility. Deploying new versions of Windows is simpler than ever before: Microsoft releases new features two to three times per year rather than the traditional upgrade cycle where new features are only made available every few years. Ultimately, this model replaces the need for traditional Windows deployment projects, which can be disruptive and costly. It spreads out the required effort into a continuous updating process, reducing the overall effort required to maintain Windows client devices in your environment. In addition, with the Windows client operating system, organizations have the chance to try out “flighted” builds of Windows as Microsoft develops them, gaining insight into new features and the ability to provide continual feedback about them. 
 
 
  
 
 ## In this section
 
-| Topic | Description|
+| Article | Description|
 | --- | --- |
 | [Quick guide to Windows as a service](waas-quick-start.md) | Provides a brief summary of the key points for the servicing model for Windows client. |
 | [Overview of Windows as a service](waas-overview.md) | Explains the differences in building, deploying, and servicing Windows client; introduces feature updates, quality updates, and the different servicing branches; compares servicing tools. |
@@ -37,10 +37,10 @@ Windows as a service provides a new way to think about building, deploying, and
 | [Optimize update delivery](../do/waas-optimize-windows-10-updates.md) | Explains the benefits of using Delivery Optimization or BranchCache for update distribution.  |
 | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md) | Explains how to use Windows Update for Business to manage when devices receive updates directly from Windows Update. Includes walkthroughs for configuring Windows Update for Business using Group Policy and Microsoft Intune.  |
 | [Deploy Windows client updates using Windows Server Update Services (WSUS)](waas-manage-updates-wsus.md) | Explains how to use WSUS to manage Windows client updates. |
-| [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows client updates.  |
+| [Deploy Windows client updates using Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) | Explains how to use Configuration Manager to manage Windows client updates.  |
 | [Manage device restarts after updates](waas-restart.md) | Explains how to manage update related device restarts. |
-| [Manage additional Windows Update settings](waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
+| [Manage more Windows Update settings](waas-wu-settings.md) | Provides details about settings available to control and configure Windows Update |
 | [Windows Insider Program for Business](/windows-insider/business/register) | Explains how the Windows Insider Program for Business works and how to become an insider. |
 
 >[!TIP]
->For disaster recovery scenarios and bare-metal deployments of Windows client, you still can use traditional imaging software such as Microsoft Endpoint Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows client images is similar to deploying previous versions of Windows.
+>For disaster recovery scenarios and bare-metal deployments of Windows client, you still can use traditional imaging software such as Microsoft Configuration Manager or the Microsoft Deployment Toolkit. Using these tools to deploy Windows client images is similar to deploying previous versions of Windows.
diff --git a/windows/deployment/update/media/33771278-update-compliance-workbook-summary.png b/windows/deployment/update/media/33771278-update-compliance-workbook-summary.png
deleted file mode 100644
index bf5f0272ac..0000000000
Binary files a/windows/deployment/update/media/33771278-update-compliance-workbook-summary.png and /dev/null differ
diff --git a/windows/deployment/update/media/33771278-update-deployment-status-table.png b/windows/deployment/update/media/33771278-update-deployment-status-table.png
index dd070d8e21..858e340f73 100644
Binary files a/windows/deployment/update/media/33771278-update-deployment-status-table.png and b/windows/deployment/update/media/33771278-update-deployment-status-table.png differ
diff --git a/windows/deployment/update/media/33771278-update-compliance-feedback.png b/windows/deployment/update/media/33771278-wufb-reports-feedback.png
similarity index 100%
rename from windows/deployment/update/media/33771278-update-compliance-feedback.png
rename to windows/deployment/update/media/33771278-wufb-reports-feedback.png
diff --git a/windows/deployment/update/media/33771278-wufb-reports-workbook-summary.png b/windows/deployment/update/media/33771278-wufb-reports-workbook-summary.png
new file mode 100644
index 0000000000..87e3fd1ea4
Binary files /dev/null and b/windows/deployment/update/media/33771278-wufb-reports-workbook-summary.png differ
diff --git a/windows/deployment/update/media/37063317-admin-center-software-updates.png b/windows/deployment/update/media/37063317-admin-center-software-updates.png
index 978ef1b476..f31988b83d 100644
Binary files a/windows/deployment/update/media/37063317-admin-center-software-updates.png and b/windows/deployment/update/media/37063317-admin-center-software-updates.png differ
diff --git a/windows/deployment/update/media/update-compliance-v2-query-table.png b/windows/deployment/update/media/update-compliance-v2-query-table.png
deleted file mode 100644
index f48e6dc074..0000000000
Binary files a/windows/deployment/update/media/update-compliance-v2-query-table.png and /dev/null differ
diff --git a/windows/deployment/update/media/update-compliance-diagnostic-data-viewer.png b/windows/deployment/update/media/wufb-reports-diagnostic-data-viewer.png
similarity index 100%
rename from windows/deployment/update/media/update-compliance-diagnostic-data-viewer.png
rename to windows/deployment/update/media/wufb-reports-diagnostic-data-viewer.png
diff --git a/windows/deployment/update/media/wufb-reports-query-table.png b/windows/deployment/update/media/wufb-reports-query-table.png
new file mode 100644
index 0000000000..3cd58928fa
Binary files /dev/null and b/windows/deployment/update/media/wufb-reports-query-table.png differ
diff --git a/windows/deployment/update/plan-define-strategy.md b/windows/deployment/update/plan-define-strategy.md
index 1b47a96842..cacb1535bc 100644
--- a/windows/deployment/update/plan-define-strategy.md
+++ b/windows/deployment/update/plan-define-strategy.md
@@ -22,13 +22,13 @@ Traditionally, organizations treated the deployment of operating system updates
 
 Today, more organizations are treating deployment as a continual process of updates that roll out across the organization in waves. In this approach, an update is plugged into this process and while it runs, you monitor for anomalies, errors, or user impact and respond as issues arise--without interrupting the entire process. Microsoft has been evolving its Windows 10 release cycles, update mechanisms, and relevant tools to support this model. Feature updates are released twice per year, around March and September. All releases of Windows 10 have 18 months of servicing for all editions. Fall releases of the Enterprise and Education editions have an extra 12 months of servicing for specific Windows 10 releases, for a total of 30 months from initial release.
 
-Though we encourage you to deploy every available release and maintain a fast cadence for some portion of your environment, we also recognize that you might have a large number of devices, and a need for little or no disruption, and so you might choose to update annually. The 18/30 month lifecycle cadence lets you allow some portion of your environment to move faster while a majority can move less quickly.
+We encourage you to deploy every available release and maintain a fast cadence for some portion of your environment. We also recognize that you might have a large number of devices, and a need for little or no disruption. So, you might choose to update annually. The 18/30 month lifecycle cadence lets you allow some portion of your environment to move faster while a majority can move less quickly.
 
 ## Calendar approaches
-You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they will stop receiving the monthly security updates.
+You can use a calendar approach for either a faster twice-per-year cadence or an annual cadence. Depending on company size, installing feature updates less often than once annually risks devices going out of service and becoming vulnerable to security threats, because they'll stop receiving the monthly security updates.
 
 ### Annual
-Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Endpoint Manager and Microsoft 365 Apps release cycles:
+Here's a calendar showing an example schedule that applies one Windows 10 feature update per calendar year, aligned with Microsoft Configuration Manager and Microsoft 365 Apps release cycles:
 
 [ ![Calendar showing an annual update cadence.](images/annual-calendar.png) ](images/annual-calendar.png#lightbox)
 
@@ -36,7 +36,7 @@ This approach provides approximately 12 months of use from each feature update b
 
 This cadence might be most suitable for you if any of these conditions apply:
 
-- You are just starting your journey with the Windows 10 servicing process. If you are unfamiliar with new processes that support Windows 10 servicing, moving from a project happening once every three to five years to a twice-a-year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
+- You're just starting your journey with the Windows 10 servicing process. If you're unfamiliar with new processes that support Windows 10 servicing, moving from a project happening once every three to five years to a twice-a-year feature update process can be daunting. This approach gives you time to learn new approaches and tools to reduce effort and cost.
 
 - You want to wait and see how successful other companies are at adopting a Windows 10 feature update.
 
diff --git a/windows/deployment/update/update-compliance-configuration-manual.md b/windows/deployment/update/update-compliance-configuration-manual.md
index d030495b3b..14b086ba49 100644
--- a/windows/deployment/update/update-compliance-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-configuration-manual.md
@@ -19,6 +19,10 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
+
 There are a number of requirements to consider when manually configuring devices for Update Compliance. These can potentially change with newer versions of Windows client. The [Update Compliance Configuration Script](update-compliance-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
 
 The requirements are separated into different categories:
@@ -68,7 +72,7 @@ All Group policies that need to be configured for Update Compliance are under **
 To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints.
 
 <!--Using include for endpoint access requirements-->
-[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-endpoints.md)]
+[!INCLUDE [Endpoints for Update Compliance](./includes/wufb-reports-endpoints.md)]
 
 ## Required services
 
diff --git a/windows/deployment/update/update-compliance-configuration-mem.md b/windows/deployment/update/update-compliance-configuration-mem.md
index 7bc1ee3016..c43640a133 100644
--- a/windows/deployment/update/update-compliance-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-configuration-mem.md
@@ -1,8 +1,8 @@
 ---
-title: Configuring Microsoft Endpoint Manager devices for Update Compliance
+title: Configuring Microsoft Intune devices for Update Compliance
 ms.reviewer: 
 manager: aczechowski
-description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance
+description: Configuring devices that are enrolled in Intune for Update Compliance
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
@@ -12,17 +12,20 @@ ms.topic: article
 ms.technology: itpro-updates
 ---
 
-# Configuring Microsoft Endpoint Manager devices for Update Compliance
+# Configuring Microsoft Intune devices for Update Compliance
 
 **Applies to**
 
 - Windows 10
 - Windows 11
 
-This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps:
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
+This article is specifically targeted at configuring devices enrolled to [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) for Update Compliance, within Microsoft Intune itself. Configuring devices for Update Compliance in Microsoft Intune breaks down to the following steps:
 
 1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll, that contains settings for all the MDM policies that must be configured.
-1. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. You can learn more about this in the broad section on [enrolling devices to Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance).
+1. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. You can learn more in the broad section on [enrolling devices to Update Compliance](update-compliance-get-started.md#enroll-devices-in-update-compliance).
 
 > [!TIP]
 > If you need to troubleshoot client enrollment, consider deploying the [configuration script](#deploy-the-configuration-script) as a Win32 app to a few devices and reviewing the logs it creates. Additional checks are performed with the script to ensure devices are correctly configured.
@@ -31,26 +34,26 @@ This article is specifically targeted at configuring devices enrolled to [Micros
 
 Take the following steps to create a configuration profile that will set required policies for Update Compliance:
 
-1. Go to the Admin portal in Endpoint Manager and navigate to **Devices/Windows/Configuration profiles**.
+1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices/Windows/Configuration profiles**.
 1. On the **Configuration profiles** view, select **Create a profile**.
 1. Select **Platform**="Windows 10 and later" and **Profile type**="Templates".
 1. For **Template name**, select **Custom**, and then press **Create**.
-1. You are now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
-1. On the **Configuration settings** page, you will be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
+1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
+1. On the **Configuration settings** page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
     1. If you don't already have it, get your Commercial ID. For steps, see [Get your CommmercialID](update-compliance-get-started.md#get-your-commercialid).
     1. Add a setting for **Commercial ID** with the following values:
         - **Name**: Commercial ID
         - **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace.
         - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID`
         - **Data type**: String
-        - **Value**: *Set this to your Commercial ID*
+        - **Value**: *Set this value to your Commercial ID*
     1. Add a setting configuring the **Windows Diagnostic Data level** for devices:
         - **Name**: Allow Telemetry
         - **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowTelemetry`
         - **Data type**: Integer
         - **Value**: 1 (*all that is required is 1, but it can be safely set to a higher value*).
-    1. (*Recommended, but not required*) Add a setting for **disabling devices' Diagnostic Data opt-in settings interface**. If this is not disabled, users of each device can potentially override the diagnostic data level of devices such that data will not be available for those devices in Update Compliance:
+    1. (*Recommended, but not required*) Add a setting for **disabling devices' Diagnostic Data opt-in settings interface**. If this setting isn't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance:
         - **Name**: Disable Telemetry opt-in interface
         - **Description**: Disables the ability for end-users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx`
@@ -82,4 +85,4 @@ Take the following steps to create a configuration profile that will set require
 
 The [Update Compliance Configuration Script](update-compliance-configuration-script.md) is a useful tool for properly enrolling devices in Update Compliance, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
 
-When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in Pilot mode to a set of devices that you do have access to, or have a way to access the resultant log output the script provides, with as similar of a configuration profile as other devices which will be enrolled to Update Compliance, and analyzing the logs for any potential issues. Following this, you can deploy the configuration script in Deployment mode as a Win32 app to all Update Compliance devices.
+When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in Pilot mode to a set of devices that you do have access to, or have a way to access the resultant log output the script provides, with as similar of a configuration profile as other devices that will be enrolled to Update Compliance, and analyzing the logs for any potential issues. Following this, you can deploy the configuration script in Deployment mode as a Win32 app to all Update Compliance devices.
diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
index 8b80fe8716..5895bd3235 100644
--- a/windows/deployment/update/update-compliance-configuration-script.md
+++ b/windows/deployment/update/update-compliance-configuration-script.md
@@ -20,6 +20,8 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
 
 The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured. 
 
@@ -50,9 +52,9 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru
 ## Script errors
 
 <!--Using include for script errors-->
-[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-script-error-codes.md)]
+[!INCLUDE [Update Compliance script error codes](./includes/wufb-reports-script-error-codes.md)]
 
 ## Verify device configuration
 <!--Using include for verifying device configuration-->
-[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-verify-device-configuration.md)]:
+[!INCLUDE [Endpoints for Update Compliance](./includes/wufb-reports-verify-device-configuration.md)]:
 
diff --git a/windows/deployment/update/update-compliance-delivery-optimization.md b/windows/deployment/update/update-compliance-delivery-optimization.md
index 004686f454..d58e554f1e 100644
--- a/windows/deployment/update/update-compliance-delivery-optimization.md
+++ b/windows/deployment/update/update-compliance-delivery-optimization.md
@@ -20,6 +20,9 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 :::image type="content" alt-text="Screenshot of Delivery Optimization information in Update Compliance." source="images/UC_workspace_DO_status.png" lightbox="images/UC_workspace_DO_status.png":::
 
 The Update Compliance solution provides you with information about your Delivery Optimization configuration, including the observed bandwidth savings across all devices that used peer-to-peer distribution over the past 28 days.
diff --git a/windows/deployment/update/update-compliance-feature-update-status.md b/windows/deployment/update/update-compliance-feature-update-status.md
index ac9e1d6963..8fdb433a95 100644
--- a/windows/deployment/update/update-compliance-feature-update-status.md
+++ b/windows/deployment/update/update-compliance-feature-update-status.md
@@ -19,6 +19,9 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 [ ![The Feature Update Status report.](images/UC_workspace_FU_status.png) ](images/UC_workspace_FU_status.png#lightbox)
 
 The Feature Update Status section provides information about the status of [feature updates](waas-quick-start.md#definitions) across all devices. This section tile in the [Overview Blade](update-compliance-using.md#overview-blade) gives a percentage of devices that are on the latest applicable feature update; [Servicing Channel](waas-overview.md#servicing-channels) is considered in determining applicability. Within this section are two blades; one providing a holistic view of feature updates, the other containing three **Deployment Status** tiles, each charged with tracking the deployment for a different [Servicing Channel](waas-overview.md#servicing-channels). 
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index c8bd25539d..7adaefb575 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -21,13 +21,16 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
-This topic introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow.
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
+This article introduces the high-level steps required to enroll to the Update Compliance solution and configure devices to send data to it. The following steps cover the enrollment and device configuration workflow.
 
 1. Ensure you can [meet the requirements](#update-compliance-prerequisites) to use Update Compliance.
 2. [Add Update Compliance](#add-update-compliance-to-your-azure-subscription) to your Azure subscription.
 3. [Configure devices](#enroll-devices-in-update-compliance)  to send data to Update Compliance.
 
-After adding the solution to Azure and configuring devices, it can take some time before all devices appear. For more information, see the [enrollment section](#enroll-devices-in-update-compliance). Before or as devices appear, you can learn how to [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and Delivery Optimization.
+After you add the solution to Azure and configuring devices, it can take some time before all devices appear. For more information, see the [enrollment section](#enroll-devices-in-update-compliance). Before or as devices appear, you can learn how to [Use Update Compliance](update-compliance-using.md) to monitor Windows Updates and Delivery Optimization.
 
 ## Update Compliance prerequisites
 
@@ -36,30 +39,30 @@ After adding the solution to Azure and configuring devices, it can take some tim
 
 Before you begin the process to add Update Compliance to your Azure subscription, first ensure you can meet the prerequisites:
 
-- **Compatible operating systems and editions**: Update Compliance works only with Windows 10 or Windows 11 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 or Windows 11 Enterprise edition, as well as [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows client version and is not currently compatible with Windows Server, Surface Hub, IoT, or other versions.
-- **Compatible Windows client servicing channels**: Update Compliance supports Windows client devices on the General Availability Channel and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview devices, but does not currently provide detailed deployment insights for them.
+- **Compatible operating systems and editions**: Update Compliance works only with Windows 10 or Windows 11 Professional, Education, and Enterprise editions. Update Compliance supports both the typical Windows 10 or Windows 11 Enterprise edition, and [Windows 10 Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq). Update Compliance only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
+- **Compatible Windows client servicing channels**: Update Compliance supports Windows client devices on the General Availability Channel and the Long-term Servicing Channel (LTSC). Update Compliance *counts* Windows Insider Preview devices, but doesn't currently provide detailed deployment insights for them.
 - **Diagnostic data requirements**: Update Compliance requires devices to send diagnostic data at *Required* level (previously *Basic*). Some queries in Update Compliance require devices to send diagnostic data at *Optional* level (previously *Full*) for Windows 11 devices or *Enhanced* level for Windows 10 devices. To learn more about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319).
-- **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
-- **Showing device names in Update Compliance**: For Windows 10, version 1803 or later, device names will not appear in Update Compliance unless you individually opt-in devices by using policy. The steps to accomplish this is outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
+- **Data transmission requirements**: Devices must be able to contact specific endpoints required to authenticate and send diagnostic data. These endpoints are enumerated in detail at [Configuring Devices for Update Compliance manually](update-compliance-configuration-manual.md).
+- **Showing device names in Update Compliance**: For Windows 10, version 1803 or later, device names won't appear in Update Compliance unless you individually opt-in devices by using policy. The steps are outlined in [Configuring Devices for Update Compliance](update-compliance-configuration-manual.md).
 - **Azure AD device join** or **hybrid Azure AD join**: All devices enrolled in Update Compliance must meet all prerequisites for enabling Windows diagnostic data processor configuration, including the Azure AD join requirement. This prerequisite will be enforced for Update Compliance starting on October 15, 2022.
 
 ## Add Update Compliance to your Azure subscription
 
-Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. Note that, for the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution.
+Update Compliance is offered as an Azure Marketplace application that is linked to a new or existing [Azure Log Analytics](/azure/log-analytics/query-language/get-started-analytics-portal) workspace within your Azure subscription. For the following steps, you must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the solution.
 
-To configure this, follow these steps:
-1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to login to your Azure subscription to access this.
+Use the following steps:
+1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign in to your Azure subscription to access this page.
 2. Select **Get it now**.
 3. Choose an existing or configure a new Log Analytics Workspace, ensuring it is in a **Compatible Log Analytics region** from the following table. Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
    - [Desktop Analytics](/sccm/desktop-analytics/overview) users should use the same workspace for Update Compliance.
    - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance.
 4. After your workspace is configured and selected, select **Create**. You'll receive a notification when the solution has been successfully created.
 
-Once the solution is in place, you can leverage one of the following Azure roles with Update Compliance:
+Once the solution is in place, you can use one of the following Azure roles with Update Compliance:
 
-- To edit and write queries we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role.
+- To edit and write queries, we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role.
 
-- To read and only view data we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role.
+- To read and only view data, we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role.
 
 |Compatible Log Analytics regions |
 | ------------------------------- |
@@ -115,8 +118,8 @@ A `CommercialID` is a globally unique identifier assigned to a specific Log Anal
 Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. There are a few steps to follow when enrolling devices to Update Compliance:
 
 1. Check the policies, services, and other device enrollment requirements in [Manually configuring devices for Update Compliance](update-compliance-configuration-manual.md).
-2. If you use [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), you can follow the enrollment process documented at [Configuring devices for Update Compliance in Microsoft Endpoint Manager](update-compliance-configuration-mem.md).
-3. Finally, you should run the [Update Compliance Configuration Script](update-compliance-configuration-script.md) on all devices to ensure they are appropriately configured and troubleshoot any enrollment issues.
+2. If you use [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), you can follow the enrollment process documented at [Configuring devices for Update Compliance in Microsoft Intune](update-compliance-configuration-mem.md).
+3. Finally, you should run the [Update Compliance Configuration Script](update-compliance-configuration-script.md) on all devices to ensure they're appropriately configured and troubleshoot any enrollment issues.
 
 After you configure devices, diagnostic data they send will begin to be associated with your Azure AD organization ("tenant"). However, enrolling to Update Compliance doesn't influence the rate at which required data is uploaded from devices. Device connectivity to the internet and generally how active the device is highly influences how long it will take before the device appears in Update Compliance. Devices that are active and connected to the internet daily can expect to be fully uploaded within one week (usually less than 72 hours). Devices that are less active can take up to two weeks before data is fully available. 
 
diff --git a/windows/deployment/update/update-compliance-monitor.md b/windows/deployment/update/update-compliance-monitor.md
index dc6c997629..699a32f76f 100644
--- a/windows/deployment/update/update-compliance-monitor.md
+++ b/windows/deployment/update/update-compliance-monitor.md
@@ -20,6 +20,8 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
 ## Introduction
 
 Update Compliance enables organizations to:
diff --git a/windows/deployment/update/update-compliance-need-attention.md b/windows/deployment/update/update-compliance-need-attention.md
index 605dac80ba..328e1da5de 100644
--- a/windows/deployment/update/update-compliance-need-attention.md
+++ b/windows/deployment/update/update-compliance-need-attention.md
@@ -17,6 +17,9 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 ![Needs attention section.](images/UC_workspace_needs_attention.png)
 
 The **Needs attention!** section provides a breakdown of all Windows client device and update issues detected by Update Compliance. The summary tile for this section counts the number of devices that have issues, while the blades within break down the issues encountered. Finally, a [list of queries](#list-of-queries) blade in this section contains queries that provide values but do not fit within any other main section. 
diff --git a/windows/deployment/update/update-compliance-privacy.md b/windows/deployment/update/update-compliance-privacy.md
index d94edc14cb..9c144da544 100644
--- a/windows/deployment/update/update-compliance-privacy.md
+++ b/windows/deployment/update/update-compliance-privacy.md
@@ -15,7 +15,7 @@ ms.technology: itpro-updates
 
 **Applies to**
 
-- Windows 10
+- Windows 10
 - Windows 11
 
 Update Compliance is fully committed to privacy, centering on these tenets:
@@ -55,6 +55,6 @@ See related topics for additional background information on privacy and treatmen
 - [Windows 10 and the GDPR for IT Decision Makers](/windows/privacy/gdpr-it-guidance)
 - [Configure Windows diagnostic data in your organization](/windows/configuration/configure-windows-diagnostic-data-in-your-organization)
 - [Diagnostic Data Viewer Overview](/windows/configuration/diagnostic-data-viewer-overview)
-- [Licensing Terms and Documentation](https://www.microsoftvolumelicensing.com/DocumentSearch.aspx?Mode=3&DocumentTypeId=31)
+- [Licensing Terms and Documentation](https://www.microsoft.com/licensing/docs/)
 - [Confidence in the trusted cloud](https://azure.microsoft.com/support/trust-center/)
 - [Trust Center](https://www.microsoft.com/trustcenter)
diff --git a/windows/deployment/update/update-compliance-safeguard-holds.md b/windows/deployment/update/update-compliance-safeguard-holds.md
index 7b0585abc2..09af30da57 100644
--- a/windows/deployment/update/update-compliance-safeguard-holds.md
+++ b/windows/deployment/update/update-compliance-safeguard-holds.md
@@ -19,6 +19,9 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 The Safeguard Holds report provides information about devices in your population that are affected by a [safeguard hold](/windows/deployment/update/safeguard-holds). 
 
 Microsoft uses diagnostic data to determine whether devices that use Windows Update are ready for a feature update in order to ensure a smooth experience. When Microsoft determines a device is not ready to update due to a known issue, a *safeguard hold* is generated to delay the device's upgrade and protect the end-user experience. Safeguard holds are released over time as diagnostic data is analyzed and fixes are addressed. Details are provided on some, but not all safeguard holds on the Windows client release information pages for any given release.
diff --git a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
index b70b5faa97..71b6715fcc 100644
--- a/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasdeploymentstatus.md
@@ -13,6 +13,9 @@ ms.technology: itpro-updates
 
 # WaaSDeploymentStatus
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 
 WaaSDeploymentStatus records track a specific update's installation progress on a specific device. Multiple WaaSDeploymentStatus records can exist simultaneously for a given device, as each record is specific to a given update and its type. For example, a device can have both a WaaSDeploymentStatus tracking a Windows Feature Update, and one tracking a Windows Quality Update, at the same time.
 
diff --git a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
index 5bba7c81e5..645fc9d551 100644
--- a/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasinsiderstatus.md
@@ -13,6 +13,9 @@ ms.technology: itpro-updates
 
 # WaaSInsiderStatus
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 WaaSInsiderStatus records contain device-centric data and acts as the device record for devices on Windows Insider Program builds in Update Compliance. Each record provided in daily snapshots maps to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention. Insider devices have fewer fields than [WaaSUpdateStatus](update-compliance-schema-waasupdatestatus.md).
 
 
diff --git a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
index 1905d4fc7f..e6a798932f 100644
--- a/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
+++ b/windows/deployment/update/update-compliance-schema-waasupdatestatus.md
@@ -13,6 +13,9 @@ ms.technology: itpro-updates
 
 # WaaSUpdateStatus
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 WaaSUpdateStatus records contain device-centric data and acts as the device record for Update Compliance. Each record provided in daily snapshots maps to a single device in a single tenant. This table has data such as the current device's installed version of Windows, whether it is on the latest available updates, and whether the device needs attention.
 
 |Field |Type |Example |Description |
diff --git a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
index 5adc3a632d..95e7fa7f84 100644
--- a/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
+++ b/windows/deployment/update/update-compliance-schema-wudoaggregatedstatus.md
@@ -13,6 +13,10 @@ ms.technology: itpro-updates
 
 # WUDOAggregatedStatus
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
+
 WUDOAggregatedStatus records provide information, across all devices, on their bandwidth utilization for a specific content type in the event they use [Delivery Optimization](https://support.microsoft.com/help/4468254/windows-update-delivery-optimization-faq), over the past 28 days.
 
 These fields are briefly described in this article, to learn more about Delivery Optimization in general, check out the [Delivery Optimization Reference](../do/waas-delivery-optimization-reference.md).
diff --git a/windows/deployment/update/update-compliance-schema-wudostatus.md b/windows/deployment/update/update-compliance-schema-wudostatus.md
index 1a53d374d6..5e944ba263 100644
--- a/windows/deployment/update/update-compliance-schema-wudostatus.md
+++ b/windows/deployment/update/update-compliance-schema-wudostatus.md
@@ -13,6 +13,9 @@ ms.technology: itpro-updates
 
 # WUDOStatus
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 > [!NOTE]
 > Currently all location-based fields are not working properly. This is a known issue.
 
diff --git a/windows/deployment/update/update-compliance-schema.md b/windows/deployment/update/update-compliance-schema.md
index 8e9f98413b..af79627add 100644
--- a/windows/deployment/update/update-compliance-schema.md
+++ b/windows/deployment/update/update-compliance-schema.md
@@ -13,6 +13,10 @@ ms.technology: itpro-updates
 
 # Update Compliance Schema
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
+
 When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more.
 
 The table below summarizes the different tables that are part of the Update Compliance solution. To learn how to navigate Azure Monitor Logs to find this data, see [Get started with log queries in Azure Monitor](/azure/azure-monitor/log-query/get-started-queries).
diff --git a/windows/deployment/update/update-compliance-security-update-status.md b/windows/deployment/update/update-compliance-security-update-status.md
index e5a93b0a32..308992e24d 100644
--- a/windows/deployment/update/update-compliance-security-update-status.md
+++ b/windows/deployment/update/update-compliance-security-update-status.md
@@ -19,6 +19,9 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 ![The Security Update Status report.](images/UC_workspace_SU_status.png)
 
 The Security Update Status section provides information about [security updates](waas-quick-start.md#definitions) across all devices. The section tile within the [Overview Blade](update-compliance-using.md#overview-blade) lists the percentage of devices on the latest security update available. Meanwhile, the blades within show the percentage of devices on the latest security update for each Windows client version and the deployment progress toward the latest two security updates.  
diff --git a/windows/deployment/update/update-compliance-using.md b/windows/deployment/update/update-compliance-using.md
index 78966cf0b4..89d56d1c49 100644
--- a/windows/deployment/update/update-compliance-using.md
+++ b/windows/deployment/update/update-compliance-using.md
@@ -20,6 +20,9 @@ ms.technology: itpro-updates
 - Windows 10
 - Windows 11
 
+<!--Using include for recommending Windows Update for Business reports for all Update Compliance v1 docs-->
+[!INCLUDE [Recommend Windows Update for Business reports](./includes/wufb-reports-recommend.md)]
+
 In this section you'll learn how to use Update Compliance to monitor your device's Windows updates and Microsoft Defender Antivirus status. To configure your environment for use with Update Compliance, refer to [Get started with Update Compliance](update-compliance-get-started.md).
 
 
diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md
deleted file mode 100644
index 5cfd3e874b..0000000000
--- a/windows/deployment/update/update-compliance-v2-enable.md
+++ /dev/null
@@ -1,88 +0,0 @@
----
-title: Enable the Update Compliance solution
-ms.reviewer: 
-manager: dougeby
-description: How to enable the Update Compliance through the Azure portal
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.collection: M365-analytics
-ms.topic: article
-ms.date: 06/06/2022
-ms.technology: itpro-updates
----
-
-# Enable Update Compliance
-<!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
-> [!Important]
-> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](#bkmk_admin-center).
-> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
-After verifying the [prerequisites](update-compliance-v2-prerequisites.md) are met, you can start to set up Update Compliance. The two main steps for setting up the Update Compliance solution are:
-
-1. [Add Update Compliance](#bkmk_add) to your Azure subscription. This step has the following two phases:
-   1. [Select or create a new Log Analytics workspace](#bkmk_workspace) for use with Update Compliance.
-   1. [Add the Update Compliance solution](#bkmk_solution) to the Log Analytics workspace.
-   1. [Configure Update Compliance](#bkmk_admin-center) from the Microsoft 365 admin center.
-
-1. Configure the clients to send data to Update compliance. You can configure clients in the following three ways:
-    - Use a [script](update-compliance-v2-configuration-script.md)
-    - Use [Microsoft Endpoint Manager](update-compliance-v2-configuration-mem.md)
-    - Configure [manually](update-compliance-v2-configuration-manual.md)
-
-> [!IMPORTANT]
-> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
-## <a name="bkmk_add"></a> Add Update Compliance to your Azure subscription
-
-Before you configure clients to send data, you'll need to add the Update Compliance solution to your Azure subscription so the data can be received. First, you'll select or create a new Log Analytics workspace to use. Second, you'll add the Update Compliance solution to the workspace.
-
-### <a name="bkmk_workspace"></a> Select or create a new Log Analytics workspace for Update Compliance
-
-Update Compliance uses an [Azure Log Analytics workspaces](/azure/azure-monitor/logs/log-analytics-overview) that you own for storing the client diagnostic data. Identify an existing workspace or create a new one using the following steps:
-
-1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com).
-   - Although an Azure subscription is required, you won't be charged for ingestion of Update Compliance data.
-1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input.
-1. Select **Log Analytics workspaces**.
-1. If you already have a Log Analytics workspace, determine which Log Analytics workspace you'd like to use for Update Compliance. Ensure the workspace is in a **Compatible Log Analytics region** from the table listed in the [prerequisites](update-compliance-v2-prerequisites.md#log-analytics-regions).
-   - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Update Compliance.
-1. If you don't have an existing Log Analytics workspace or you don't want to use a current workspace, [create a new workspace](/azure/azure-monitor/logs/quick-create-workspace) in a [compatible region](update-compliance-v2-prerequisites.md#log-analytics-regions).
-
-
-
-### <a name="bkmk_solution"></a> Add the Update Compliance solution to the Log Analytics workspace
-
-Update Compliance is offered as an Azure Marketplace application that's linked to a new or existing Azure Log Analytics workspace within your Azure subscription. Follow the steps below to add the solution, to the workspace:
-
-1. Go to the [Update Compliance page in the Azure Marketplace](https://azuremarketplace.microsoft.com/marketplace/apps/Microsoft.WaaSUpdateInsights?tab=Overview). You might need to sign into your Azure subscription to access this page.
-1. Select **Get it now**.
-1. Select **Continue** to agree to the [terms of use](https://azure.microsoft.com/support/legal/) and the [privacy policy](https://privacy.microsoft.com/en-us/privacystatement) to create the app in Azure.
-1. Sign into the [Azure portal](https://portal.azure.com) to finish creating the Update Compliance solution.
-1. Select the following settings:
-   - **Subscription**: The Azure subscription to use.
-   - **Resource group**: Select or [create a resource group](/azure/azure-resource-manager/management/manage-resource-groups-portal) for the Update Compliance solution.
-   - **Azure Log Analytics Workspace**: The Log Analytics workspace you created or identified for use with Update Compliance.
-1. Select **Review + create** to review your settings.
-1. Select **Create** to add the solution. You'll receive a notification when the Updates Compliance solution has been successfully created.
-
-> [!Note]
-> - You can only map one tenant to one Log Analytics workspace. Mapping one tenant to multiple workspaces isn't supported.
-> - If you change the Log Analytics workspace for Update Compliance, stale data will be displayed for about 24 hours until the new workspace is fully onboarded. You will also need to reconfigure the Update Compliance settings in the Microsoft 365 admin center.
-
-### <a name="bkmk_admin-center"></a> Configure Update Compliance settings through the Microsoft 365 admin center
-
-Finish enabling Updates Compliance by configuring its settings through the Microsoft 365 admin center. Completing the Update Compliance configuration through the admin center removes needing to specify [`CommercialID`](update-compliance-get-started.md#get-your-commercialid), which was needed by the earlier version of Updates Compliance. This step is needed even if you enabled earlier previews of Update Compliance.  
-
-<!--Using include for onboarding Update Compliance through the Microsoft 365 admin center-->
-[!INCLUDE [Onboarding Update Compliance through the Microsoft 365 admin center](./includes/update-compliance-onboard-admin-center.md)]
-
-
-## Next steps
-
-Once you've added Update Compliance to a workspace in your Azure subscription and configured the settings through the Microsoft 365 admin center, you'll need to configure any devices you want to monitor. Enroll devices into Update Compliance using any of the following methods:
-
-- [Configure clients with a script](update-compliance-v2-configuration-script.md)
-- [Configure clients manually](update-compliance-v2-configuration-manual.md)
-- [Configure clients with Microsoft Endpoint Manager](update-compliance-v2-configuration-mem.md)
diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md
deleted file mode 100644
index 62fd39dd31..0000000000
--- a/windows/deployment/update/update-compliance-v2-overview.md
+++ /dev/null
@@ -1,85 +0,0 @@
----
-title: Update Compliance overview
-ms.reviewer: 
-manager: dougeby
-description: Overview of Update Compliance to explain what it's used for and the cloud services it relies on.
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.collection: M365-analytics
-ms.topic: article
-ms.date: 08/09/2022
-ms.technology: itpro-updates
----
-
-# Update Compliance overview
-<!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
-> [!Important]
-> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
-> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
-Update Compliance is a cloud-based solution that provides information about the compliance of your Azure Active Directory-joined devices with Windows updates. Update Compliance is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Update Compliance helps you:
-
-- Monitor security, quality, and feature updates for Windows 11 and Windows 10 devices
-- Report on devices with update compliance issues
-- Analyze and display your data in multiple ways
-
-
-## Preview information for Update Compliance
-
-The new version of Update Compliance is in preview. Some of the benefits of this new version include:
-
-- Integration with [Windows Update for Business deployment service](deployment-service-overview.md) to enable per deployment reporting, monitoring, and troubleshooting.
-- Compatibility with [Feature updates](/mem/intune/protect/windows-10-feature-updates) and [Expedite Windows quality updates](/mem/intune/protect/windows-10-expedite-updates) policies in Intune.
-- A new **Alerts** data type to assist you with identifying devices that encounter issues during the update process. Error code information is provided to help troubleshoot update issues.
-
-Currently, the preview contains the following features:
-
-- [Update Compliance workbook](update-compliance-v2-workbook.md)
-- Update Compliance status [charts in the Microsoft 365 admin](update-status-admin-center.md)
-- Access to the following new [Update Compliance tables](update-compliance-v2-schema.md):
-    - UCClient
-    - UCClientReadinessStatus
-    - UCClientUpdateStatus
-    - UCDeviceAlert
-    - UCServiceUpdateStatus
-    - UCUpdateAlert
-- Client data collection to populate the new Update Compliance tables
-
-Currently, these new tables are available to all Updates Compliance users. They will be displayed along with the original Updates Compliance tables.
-
-:::image type="content" source="media/update-compliance-v2-query-table.png" alt-text="Screenshot of using a custom Kusto (KQL) query on Update Compliance data in Log Analytics." lightbox="media/update-compliance-v2-query-table.png":::
-
-## Limitations
-
-Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
-
-
-## How Update Compliance works
-
-You'll set up Update Compliance by enrolling into the solution from the Azure portal. Then you'll configure your Azure AD-joined devices to send Windows client diagnostic data to the solution. Update Compliance uses [Log Analytics in Azure Monitor](/azure/azure-monitor/logs/log-analytics-overview) to store the diagnostic data the clients send. You can use this data for reporting on updates for your devices. Update Compliance collects system data such as:
-
-- Update deployment progress
-- Delivery Optimization usage data
-- Windows Update for Business configuration data
-
-The Azure Log Analytics ingestion and retention charges aren't incurred on your Azure subscription for Update Compliance data. You also choose an [Azure Log Analytics workspaces](/azure/azure-monitor/logs/log-analytics-overview) that you own for your client diagnostic data. The collected diagnostic data populates the Update Compliance tables so you can easily query your data.
-
-## Use your Update Compliance data
-
-Since the data from your clients is stored in a Log Analytics workspace, you can go beyond the standard reports to analyze and display your data in multiple ways. Some of the ways you could display your data include:
-
-- Using the data in [custom workbooks](/azure/azure-monitor/visualize/workbooks-overview) that you create
-- Building [custom Kusto (KQL) queries](/azure/azure-monitor/logs/log-query-overview)
-- Developing your own custom views by integrating the [Log Analytics data](/azure/azure-monitor/visualize/tutorial-logs-dashboards) into other tools such as:
-   - [Operations Management Suite](/azure/azure-monitor/agents/om-agents)
-   - [Power BI](/azure/azure-monitor/logs/log-powerbi)
-   - Other tools for [querying the data](/azure/azure-monitor/logs/log-query-overview)
-
-
-
-## Next steps
-
-- Review the [Update Compliance prerequisites](update-compliance-v2-prerequisites.md)
diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md
deleted file mode 100644
index eb116f4caf..0000000000
--- a/windows/deployment/update/update-compliance-v2-prerequisites.md
+++ /dev/null
@@ -1,118 +0,0 @@
----
-title: Update Compliance prerequisites
-ms.reviewer: 
-manager: dougeby
-description: Prerequisites for Update Compliance
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.collection: M365-analytics
-ms.topic: article
-ms.date: 06/30/2022
-ms.technology: itpro-updates
----
-
-# Update Compliance prerequisites
-<!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
-> [!Important]
-> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the CommercialID is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
-> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
-## Update Compliance prerequisites
-
-Before you begin the process of adding Update Compliance to your Azure subscription, ensure you meet the prerequisites.
-
-### Azure and Azure Active Directory
-
-- An Azure subscription with [Azure Active Directory](/azure/active-directory/)
-- You must have either an Owner or Contributor [Azure role](/azure/role-based-access-control/rbac-and-directory-admin-roles#azure-roles) as a minimum in order to add the Update Compliance solution.
-- Devices must be Azure Active Directory-joined and meet the below OS, diagnostic, and endpoint access requirements.
-- Devices that are Workplace joined only (Azure AD registered) aren't supported with Update Compliance.
-
-### Operating systems and editions
-
-- Windows 11 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
-- Windows 10 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
-
-Update Compliance only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
-
-### Windows client servicing channels
-
-Update Compliance supports Windows client devices on the following channels:
-
-- General Availability Channel
-- Update Compliance *counts* Windows Insider Preview devices, but doesn't currently provide detailed deployment insights for them.
-
-### Diagnostic data requirements
-
-At minimum, Update Compliance requires devices to send diagnostic data at *Required* level (previously *Basic*). Some queries in Update Compliance require devices to send diagnostic data at the following levels:
-
-- *Optional* level (previously *Full*) for Windows 11 devices
-- *Enhanced* level for Windows 10 devices
-
-    > [!Note]
-    > Device names don't appear in Update Compliance unless you individually opt-in devices by using policy. The configuration script does this for you, but when using other client configuration methods, set one of the following to display device names:
-    > - CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
-    > - Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
-
-For more information about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319).
-
-### Data transmission requirements
-
-<!--Using include for endpoint access requirements-->
-[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-endpoints.md)]
-
-> [!NOTE]
-> Enrolling into Update Compliance from the [Azure CLI](/cli/azure) or enrolling programmatically another way currently isn't supported. You must manually add Update Compliance to your Azure subscription.
-
-## Microsoft 365 admin center permissions
-<!--Using include Microsoft 365 admin center permissions-->
-[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-admin-center-permissions.md)]
-
-## Log Analytics prerequisites
-
-### Log Analytics permissions
-
-- To edit and write queries, we recommend the [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role.
-- To read and only view data, we recommend the [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role.
-
-
-### Log Analytics regions
-
-Update Compliance can use a Log Analytics workspace in the following regions:
-
-|Compatible Log Analytics regions |
-| ------------------------------- |
-|Australia Central |
-|Australia East |
-|Australia Southeast |
-|Brazil South |
-|Canada Central |
-|Central India |
-|Central US |
-|East Asia |
-|East US |
-|East US 2 |
-|Eastus2euap(canary) |
-|France Central |
-|Japan East |
-|Korea Central |
-|North Central US |
-|North Europe |
-|South Africa North |
-|South Central US |
-|Southeast Asia |
-|Switzerland North |
-|Switzerland West |
-|UK West |
-|UK south |
-|West Central US |
-|West Europe |
-|West US |
-|West US 2 |
-
-## Next steps
-
-- [Enable the Update Compliance solution](update-compliance-v2-enable.md) in the Azure portal
diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md
deleted file mode 100644
index d66c88eced..0000000000
--- a/windows/deployment/update/update-compliance-v2-schema.md
+++ /dev/null
@@ -1,39 +0,0 @@
----
-title: Update Compliance (preview) data schema
-ms.reviewer: 
-manager: dougeby
-description: An overview of Update Compliance (preview) data schema
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.collection: M365-analytics
-ms.topic: reference
-ms.date: 06/06/2022
-ms.technology: itpro-updates
----
-
-# Update Compliance version 2 schema 
-<!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
-> [!Important]
-> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
-> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
-When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more.
-
-## Schema
-
-The table below summarizes the different tables that are part of the Update Compliance solution. To learn how to navigate Azure Monitor Logs to find this data, see [Get started with log queries in Azure Monitor](/azure/azure-monitor/log-query/get-started-queries).
-
-> [!NOTE]
-> Data is collected daily. The TimeGenerated field shows the time data was collected. It's added by Log Analytics when data is collected. Device data from the past 28 days is collected, even if no new data has been generated since the last time. LastScan is a clearer indicator of data freshness (that is, the last time the values were updated), while TimeGenerated indicates the freshness of data within Log Analytics.
-
-|Table |Category |Description |
-|--|--|--|
-| [**UCClient**](update-compliance-v2-schema-ucclient.md) | Device record | UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the operating system edition, and active hours (quantitative). |
-|[**UCClientReadinessStatus**](update-compliance-v2-schema-ucclientreadinessstatus.md) | Device record | UCClientReadinessStatus is an individual device's record about its readiness for updating to Windows 11. If the device isn't capable of running Windows 11, the record includes which Windows 11 hardware requirements the device doesn't meet.|
-| [**UCClientUpdateStatus**](update-compliance-v2-schema-ucclientupdatestatus.md) |  Device record |  Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update. |
-| [**UCDeviceAlert**](update-compliance-v2-schema-ucdevicealert.md)| Service and device record  |  These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from such as a ServiceDeviceAlert or ClientDeviceAlert. |
-| [**UCServiceUpdateStatus**](update-compliance-v2-schema-ucserviceupdatestatus.md) | Service record  | Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. |
-| [**UCUpdateAlert**](update-compliance-v2-schema-ucupdatealert.md) | Service and device records  |  Alert for both client and service update. Contains information that needs attention, relative to one device (client), one update, and one deployment, if relevant. Certain fields may be blank depending on the UpdateAlert's AlertType field. For example, ServiceUpdateAlert won't necessarily contain client-side statuses and may be blank.  |
diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md
deleted file mode 100644
index 99eb436b52..0000000000
--- a/windows/deployment/update/update-compliance-v2-use.md
+++ /dev/null
@@ -1,64 +0,0 @@
----
-title: Use the Update Compliance (preview) data
-ms.reviewer: 
-manager: dougeby
-description: How to use the Update Compliance (preview) data.
-ms.prod: windows-client
-author: mestew
-ms.author: mstewart
-ms.collection: M365-analytics
-ms.topic: article
-ms.date: 06/06/2022
-ms.technology: itpro-updates
----
-
-# Use Update Compliance (preview)
-<!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10)***
-
-> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
-In this article, you'll learn how to use Update Compliance to monitor Windows updates for your devices. To configure your environment for use with Update Compliance, see [Enable Update Compliance](update-compliance-v2-enable.md).
-
-## Display Update Compliance data
-
-1. Sign into the [Azure portal](https://portal.azure.com). 
-1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input.
-1. Select **Log Analytics workspaces**.
-1. Select the workspace that you use for Updates Compliance.
-1. Select **Logs** under the **General** group in your workspace.
-1. If the **Always show Queries** option is enabled in Log Analytics, close the query window to access the schema.
-1. Under **Schemas and filter**, select **Group by: Solution** and then expand the **Update Compliance** schema. If the **Group by: Category** is selected, the **Update Compliance** schema is listed under the **Other** category.
-1. Use the [Update Compliance schema](update-compliance-v2-schema.md) for [custom Kusto (KQL) queries](/azure/data-explorer/kusto/query/), to build [custom workbooks](/azure/azure-monitor/visualize/workbooks-overview), or to build your own solution to display the Update Compliance data. For example, you might query the data to review information for different types of alerts in the past 7 days and how many times each alert occurred.
-
-```kusto
-UCUpdateAlert
-| summarize count=count() by AlertClassification, AlertSubtype, ErrorCode, Description
-```
-
-:::image type="content" source="media/update-compliance-v2-query-table.png" alt-text="Screenshot of using a custom Kusto (KQL) query on Update Compliance data in Log Analytics." lightbox="media/update-compliance-v2-query-table.png":::
-
-## Update Compliance data latency
-
-Update Compliance uses Windows client diagnostic data as its data source. After you add Update Compliance and appropriately configure your devices, it could take 48-72 hours before they first appear.
-
-The data powering Update Compliance is refreshed every 24 hours, and refreshes with the latest data from all of your organization's devices that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be ingested again even if no new data actually arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. Device connectivity to the internet and generally how active the device is influences how long it will take before it appears in Update Compliance.
-
-| Data Type | Data upload rate from device | Data Latency |
-|--|--|--|
-| UCClient | Once per day |4 hours |
-| UCClientUpdateStatus|Every update event (Download, install, etc.)|24-36 hours |
-| UCServiceUpdateStatus| Every update event (Download, install, etc.)|24-36 hours |
-| UCUpdateAlert | Every event | 24-36 hours |
-| UCDeviceAlert | Every event | 24-36 hours |
-| UCClientReadinessStatus | After Windows 11 readiness assessment |24-36 hours |
-
-## Using Log Analytics
-
-Update Compliance is built on the Log Analytics platform that is integrated into Operations Management Suite. All data in the workspace is the direct result of a query. Understanding the tools and features at your disposal, all integrated within Azure portal, can deeply enhance your experience and complement Update Compliance.
-
-See below for a few articles related to Log Analytics:
-- Learn how to effectively execute custom Log Searches by referring to Microsoft Azure's excellent documentation on [querying data in Log Analytics](/azure/log-analytics/log-analytics-log-searches).
-- Review the documentation on [analyzing data for use in Log Analytics](/azure/log-analytics/log-analytics-dashboards) to develop your own custom data views in Operations Management Suite or [Power BI](https://powerbi.microsoft.com/).
-- [Gain an overview of alerts for Log Analytics](/azure/log-analytics/log-analytics-alerts) and learn how to use it to always stay informed about the most critical issues you care about.
diff --git a/windows/deployment/update/waas-branchcache.md b/windows/deployment/update/waas-branchcache.md
index 4440295877..9ab24e12bd 100644
--- a/windows/deployment/update/waas-branchcache.md
+++ b/windows/deployment/update/waas-branchcache.md
@@ -22,7 +22,7 @@ ms.technology: itpro-updates
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
-BranchCache is a bandwidth-optimization feature that has been available since the Windows Server 2008 R2 and Windows 7 operating systems. Each client has a cache and acts as an alternate source for content that devices on its own network request. Windows Server Update Services (WSUS) and Microsoft Endpoint Manager can use BranchCache to optimize network bandwidth during update deployment, and it's easy to configure for either of them. BranchCache has two operating modes: Distributed Cache mode and Hosted Cache mode. 
+BranchCache is a bandwidth-optimization feature that has been available since the Windows Server 2008 R2 and Windows 7 operating systems. Each client has a cache and acts as an alternate source for content that devices on its own network request. Windows Server Update Services (WSUS) and Microsoft Configuration Manager can use BranchCache to optimize network bandwidth during update deployment, and it's easy to configure for either of them. BranchCache has two operating modes: Distributed Cache mode and Hosted Cache mode. 
 
 - Distributed Cache mode operates like the [Delivery Optimization](../do/waas-delivery-optimization.md) feature in Windows client: each client contains a cached version of the BranchCache-enabled files it requests and acts as a distributed cache for other clients requesting that same file. 
 
@@ -41,7 +41,7 @@ In Windows 10, version 1607, the Windows Update Agent uses Delivery Optimization
 
 ## Configure servers for BranchCache
 
-You can use WSUS and Configuration Manager with BranchCache in Distributed Cache mode. BranchCache in Distributed Cache mode is easy to configure for both WSUS and Microsoft Endpoint Configuration Manager. 
+You can use WSUS and Configuration Manager with BranchCache in Distributed Cache mode. BranchCache in Distributed Cache mode is easy to configure for both WSUS and Microsoft Configuration Manager. 
 
 For a step-by-step guide to configuring BranchCache on Windows Server devices, see the [BranchCache Deployment Guide (Windows Server 2012)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj572990(v=ws.11)) or [BranchCache Deployment Guide (Windows Server 2016)](/windows-server/networking/branchcache/deploy/branchcache-deployment-guide).
 
diff --git a/windows/deployment/update/waas-configure-wufb.md b/windows/deployment/update/waas-configure-wufb.md
index af886bbfe3..0565315cf2 100644
--- a/windows/deployment/update/waas-configure-wufb.md
+++ b/windows/deployment/update/waas-configure-wufb.md
@@ -189,7 +189,7 @@ Starting with Windows 10, version 1709, you can set policies to manage preview b
 The **Manage preview builds** setting gives administrators control over enabling or disabling preview build installation on a device. You can also decide to stop preview builds once the release is public.
 * Group Policy: **Computer Configuration/Administrative Templates/Windows Components/Windows Update/Windows Update for Business** - *Manage preview builds*
 * MDM: **Update/ManagePreviewBuilds**
-* Microsoft Endpoint Configuration Manager: **Enable dual scan, manage through Windows Update for Business policy**
+* Microsoft Configuration Manager: **Enable dual scan, manage through Windows Update for Business policy**
 
 >[!IMPORTANT]
 >This policy replaces the "Toggle user control over Insider builds" policy under that is only supported up to Windows 10, version 1703. You can find the older policy here:
diff --git a/windows/deployment/update/waas-integrate-wufb.md b/windows/deployment/update/waas-integrate-wufb.md
index b7708a85de..1018e89ac2 100644
--- a/windows/deployment/update/waas-integrate-wufb.md
+++ b/windows/deployment/update/waas-integrate-wufb.md
@@ -1,6 +1,6 @@
 ---
 title: Integrate Windows Update for Business
-description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
+description: Use Windows Update for Business deployments with management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager.
 ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
@@ -21,7 +21,7 @@ ms.technology: itpro-updates
 
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
-You can integrate Windows Update for Business deployments with existing management tools such as Windows Server Update Services (WSUS) and Microsoft Endpoint Configuration Manager.
+You can integrate Windows Update for Business deployments with existing management tools such as Windows Server Update Services (WSUS) and Microsoft Configuration Manager.
 
 ## Integrate Windows Update for Business with Windows Server Update Services
 
@@ -88,7 +88,7 @@ In this example, the deferral behavior for updates to Office and other non-Windo
 >[!NOTE]
 > Because the admin enabled **Update/AllowMUUpdateService**, placing the content on WSUS was not needed for the particular device, as the device will always receive Microsoft Update content from Microsoft when configured in this manner.
 
-## Integrate Windows Update for Business with Microsoft Endpoint Configuration Manager
+## Integrate Windows Update for Business with Microsoft Configuration Manager
 
 For Windows 10, version 1607, organizations already managing their systems with a Configuration Manager solution can also have their devices configured for Windows Update for Business (that is, setting deferral policies on those devices). Such devices will be visible in the Configuration Manager console, however they will appear with a detection state of **Unknown**.
 
diff --git a/windows/deployment/update/waas-manage-updates-wsus.md b/windows/deployment/update/waas-manage-updates-wsus.md
index 5ae4fcf47b..3fbea85a1b 100644
--- a/windows/deployment/update/waas-manage-updates-wsus.md
+++ b/windows/deployment/update/waas-manage-updates-wsus.md
@@ -22,7 +22,7 @@ ms.technology: itpro-updates
 > **Looking for consumer information?** See [Windows Update: FAQ](https://support.microsoft.com/help/12373/windows-update-faq) 
 
 
-WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that Microsoft Endpoint Manager provides.
+WSUS is a Windows Server role available in the Windows Server operating systems. It provides a single hub for Windows updates within an organization. WSUS allows companies not only to defer updates but also to selectively approve them, choose when they’re delivered, and determine which individual devices or groups of devices receive them. WSUS provides additional control over Windows Update for Business but does not provide all the scheduling options and deployment flexibility that Microsoft Configuration Manager provides.
 
 When you choose WSUS as your source for Windows updates, you use Group Policy to point Windows client devices to the WSUS server for their updates. From there, updates are periodically downloaded to the WSUS server and managed, approved, and deployed through the WSUS administration console or Group Policy, streamlining enterprise update management. If you’re currently using WSUS to manage Windows updates in your environment, you can continue to do so in Windows 11. 
 
@@ -337,7 +337,7 @@ Now that you have the **All Windows 10 Upgrades** view, complete the following s
 | ![done.](images/checklistdone.png) | [Build deployment rings for Windows client updates](waas-deployment-rings-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | [Assign devices to servicing channels for Windows client updates](waas-servicing-channels-windows-10-updates.md) |
 | ![done.](images/checklistdone.png) | [Optimize update delivery for Windows client updates](../do/waas-optimize-windows-10-updates.md) |
-| ![done.](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or Deploy Windows client updates using Windows Server Update Services (this topic)</br>or [Deploy Windows client updates using Microsoft Endpoint Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
+| ![done.](images/checklistdone.png) | [Deploy updates using Windows Update for Business](waas-manage-updates-wufb.md)</br>or Deploy Windows client updates using Windows Server Update Services (this topic)</br>or [Deploy Windows client updates using Microsoft Configuration Manager](/mem/configmgr/osd/deploy-use/manage-windows-as-a-service) |
 
 
 
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index a8c8b81afd..f2ed2acdde 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -91,7 +91,7 @@ There are three servicing channels. The [Windows Insider Program](#windows-insid
 
 In the General Availability Channel, feature updates are available annually. This servicing model is ideal for pilot deployments and testing of feature updates and for users such as developers who need to work with the latest features. Once the latest release has gone through pilot deployment and testing, you will be able to choose the timing at which it goes into broad deployment.
 
-When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Endpoint Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the General Availability Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about servicing tools, see [Servicing tools](#servicing-tools).
+When Microsoft officially releases a feature update, we make it available to any device not configured to defer feature updates so that those devices can immediately install it. Organizations that use Windows Server Update Services (WSUS), Microsoft Configuration Manager, or Windows Update for Business, however, can defer feature updates to selective devices by withholding their approval and deployment. In this scenario, the content available for the General Availability Channel will be available but not necessarily immediately mandatory, depending on the policy of the management system. For more details about servicing tools, see [Servicing tools](#servicing-tools).
 
 
 > [!NOTE]
@@ -132,7 +132,7 @@ There are many tools you can use to service Windows as a service. Each option ha
 - **Windows Update (stand-alone)** provides limited control over feature updates, with IT pros manually configuring the device to be in the General Availability Channel. Organizations can target which devices defer updates by selecting the **Defer upgrades** check box in **Start\Settings\Update & Security\Advanced Options** on a Windows client device.
 - **Windows Update for Business** includes control over update deferment and provides centralized management using Group Policy or MDM. Windows Update for Business can be used to defer updates by up to 365 days, depending on the version. These deployment options are available to clients in the General Availability Channel. In addition to being able to use Group Policy to manage Windows Update for Business, either option can be configured without requiring any on-premises infrastructure by using Microsoft Intune.
 - **Windows Server Update Services (WSUS)** provides extensive control over updates and is natively available in the Windows Server operating system. In addition to the ability to defer updates, organizations can add an approval layer for updates and choose to deploy them to specific computers or groups of computers whenever ready. 
-- **Microsoft Endpoint Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. 
+- **Microsoft Configuration Manager** provides the greatest control over servicing Windows as a service. IT pros can defer updates, approve them, and have multiple options for targeting deployments and managing bandwidth usage and deployment times. 
 
 **Servicing tools comparison**
 
diff --git a/windows/deployment/update/waas-quick-start.md b/windows/deployment/update/waas-quick-start.md
index e96a0fe78c..baa37b5307 100644
--- a/windows/deployment/update/waas-quick-start.md
+++ b/windows/deployment/update/waas-quick-start.md
@@ -46,7 +46,7 @@ For more information, see [Assign devices to servicing channels for Windows clie
 
 ## Staying up to date
 
-To stay up to date, deploy feature updates at an appropriate time after their release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Endpoint Configuration Manager, and non-Microsoft products) to help with this process. [Upgrade Readiness](/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
+To stay up to date, deploy feature updates at an appropriate time after their release. You can use various management and update tools such as Windows Update, Windows Update for Business, Windows Server Update Services, Microsoft Configuration Manager, and non-Microsoft products) to help with this process. [Upgrade Readiness](/windows/deployment/upgrade/upgrade-readiness-get-started), a free tool to streamline Windows upgrade projects, is another important tool to help.
 
 Extensive advanced testing isn’t required. Instead, only business-critical apps need to be tested, with the remaining apps validated through a series of pilot deployment rings. Once these pilot deployments have validated most apps, broad deployment can begin.
 
diff --git a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
index 043aeee54a..b5be3068c1 100644
--- a/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
+++ b/windows/deployment/update/waas-servicing-strategy-windows-10-updates.md
@@ -1,5 +1,5 @@
 ---
-title: Prepare servicing strategy for Windows client updates
+title: Prepare a servicing strategy for Windows client updates
 description: A strong Windows client deployment strategy begins with establishing a simple, repeatable process for testing and deploying each feature update.
 ms.prod: windows-client
 author: aczechowski
@@ -12,7 +12,7 @@ ms.collection: m365initiative-coredeploy
 ms.technology: itpro-updates
 ---
 
-# Prepare servicing strategy for Windows client updates
+# Prepare a servicing strategy for Windows client updates
 
 
 **Applies to**
@@ -26,10 +26,10 @@ ms.technology: itpro-updates
 Here’s an example of what this process might look like:
 
 - **Configure test devices.** Configure test devices in the Windows Insider Program so that Insiders can test feature updates before they’re available to the General Availability Channel. Typically, this population would be a few test devices that IT staff members use to evaluate pre-release builds of Windows. Microsoft provides current development builds to Windows Insider members approximately every week so that interested users can see the functionality Microsoft is adding. See the section Windows Insider for details on how to enroll in the Windows Insider Program for Business.
-- **Identify excluded devices.** For some organizations, special-purpose devices such as those used to control factory or medical equipment or run ATMs require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. 
+- **Identify excluded devices.** For some organizations, special-purpose devices, like devices that control factory or medical equipment or run ATMs, require a stricter, less frequent feature update cycle than the General Availability Channel can offer. For those devices, install the Enterprise LTSC edition to avoid feature updates for up to 10 years. Identify these devices, and separate them from the phased deployment and servicing cycles to help remove confusion for your administrators and ensure that devices are handled correctly. 
 - **Recruit volunteers.** The purpose of testing a deployment is to receive feedback. One effective way to recruit pilot users is to request volunteers. When doing so, clearly state that you’re looking for feedback rather than people to just “try it out” and that there could be occasional issues involved with accepting feature updates right away. With Windows as a service, the expectation is that there should be few issues, but if an issue does arise, you want testers to let you know as soon as possible. When considering whom to recruit for pilot groups, be sure to include members who provide the broadest set of applications and devices to validate the largest number of apps and devices possible.
 - **Update Group Policy.** Each feature update includes new group policies to manage new features. If you use Group Policy to manage devices, the Group Policy Admin for the Active Directory domain will need to download an .admx package and copy it to their [Central Store](/troubleshoot/windows-server/group-policy/create-central-store-domain-controller) (or to the [PolicyDefinitions](/previous-versions/dotnet/articles/bb530196(v=msdn.10)) directory in the SYSVOL folder of a domain controller if not using a Central Store). You can manage new group policies from the latest release of Windows by using Remote Server Administration Tools. The ADMX download package is created at the end of each development cycle and then posted for download. To find the ADMX download package for a given Windows build, search for “ADMX download for Windows build xxxx”. For details about Group Policy management, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store)
-- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Endpoint Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
+- **Choose a servicing tool.** Decide which product you’ll use to manage the Windows updates in your environment. If you’re currently using Windows Server Update Services (WSUS) or Microsoft Configuration Manager to manage your Windows updates, you can continue using those products to manage Windows 10 or Windows 11 updates. Alternatively, you can use Windows Update for Business. In addition to which product you’ll use, consider how you’ll deliver the updates. Multiple peer-to-peer options are available to make update distribution faster. For a comparison of tools, see [Servicing tools](waas-overview.md#servicing-tools).
 - **Prioritize applications.** First, create an application portfolio. This list should include everything installed in your organization and any webpages your organization hosts. Next, prioritize this list to identify those apps that are the most business critical. Because the expectation is that application compatibility with new versions of Windows will be high, only the most business-critical applications should be tested before the pilot phase; everything else can be tested afterwards. For more information about identifying compatibility issues withe applications, see [Manage Windows upgrades with Upgrade Analytics](/mem/configmgr/desktop-analytics/overview). 
 
 
diff --git a/windows/deployment/update/windows-update-security.md b/windows/deployment/update/windows-update-security.md
new file mode 100644
index 0000000000..333be3151a
--- /dev/null
+++ b/windows/deployment/update/windows-update-security.md
@@ -0,0 +1,77 @@
+---
+title: Windows Update security
+ms.reviewer: 
+manager: aaroncz
+description: Overview of the security for Windows Update.
+ms.prod: windows-client
+author: mestew
+ms.author: mstewart
+ms.collection: M365-analytics
+ms.topic: article
+ms.date: 10/25/2022
+ms.technology: itpro-updates
+---
+
+# Windows Update security
+
+The Windows Update (WU) system ensures devices are updated securely. Its end-to-end protection prevents manipulation of protocol exchanges and ensures only approved content is installed. Some protected environments may need to update firewall and proxy rules to ensure that Windows updates can be properly accessed. This article provides an overview of the security features of Windows Update.
+
+## Windows Update security overview
+
+The Windows Update system distributes a multitude of content. Some examples of this content include:
+
+- Updates to the Windows operating system
+- Microsoft 365 Apps updates (Office updates)
+- Hardware drivers
+- Antivirus definitions
+- Microsoft Store apps
+
+This system is initiated when a user interacts with the Windows Update settings page or when an application makes a call into the [WU client service API](/windows/win32/api/_wua/). These calls may be made at various times by Microsoft applications and different parts of Windows, such as [Microsoft 365 Apps](/officeupdates/update-history-microsoft365-apps-by-date), [Microsoft Defender](/microsoft-365/security/defender-endpoint/manage-updates-baselines-microsoft-defender-antivirus), and [Plug and Play (PnP)](/windows-hardware/drivers/kernel/introduction-to-plug-and-play).
+
+When such interactions occur, the Windows Update service running on the device will trigger a series of exchanges over the internet with Microsoft's Windows Update servers. The general workflow is:
+
+1. A Windows device makes multiple connections to Windows Update services using HTTPS (HTTP over TLS, TCP port 443).
+1. Update metadata is exchanged over these connections and results in a list of updates, apps, drivers, and other updates.
+1. The device decides whether and when to download items from the resulting list.
+
+Once the list of downloads has been decided, the actual update binary files are then downloaded. The download is done via the [Delivery Optimization](/windows/deployment/do/waas-delivery-optimization) component over a mix of standard HTTP calls (TCP port 80) and secure peer-to-peer network calls (TCP port 7680). Which method used is based on the device's configuration/group policies.
+
+When downloading updates using Delivery Optimization's peer-to-peer (P2P) networking, the content is integrity validated upon receipt from each peer. If the requested content is unavailable on the P2P network, then the Delivery Optimization component will download it using HTTP.
+
+Regardless of which method is used to download the content, the resulting files are then validated through digital signatures and file hashes before they're installed. The validation confirms that the download is what was intended, is verified as authentic, and hasn't been tampered with.
+
+## Securing metadata connections
+
+When Windows Update scans for updates, it goes through a series of metadata exchanges between the device and Windows Update servers. This exchange is done using HTTPS (HTTP over TLS). These secured connections are certificate-pinned, ensuring that:
+
+- The TLS connection's server certificate is validated (certificate trust, expiry, revocation, SAN entries, etc.)  
+- The certificate's issuer is validated as genuine Microsoft Windows Update
+
+The connection fails if the issuer is unexpected, or not a valid Windows Update intermediate certificate. Certificate pinning ensures that the device is connecting to legitimate Microsoft servers and prevents man-in-the-middle attacks.
+
+Since Windows Update TLS connections are certificate-pinned, it's important that TLS proxies pass these connections without interception. The full list of DNS names that require proxy/firewall exceptions can be found in the [Windows Update troubleshooting](/troubleshoot/windows-client/deployment/windows-update-issues-troubleshooting?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#device-cannot-access-update-files) article.
+
+Microsoft doesn't provide IP addresses or IP ranges for these exceptions because they may differ over time as changes are made for purposes such as traffic load balancing.
+
+## Expected Windows Update server usage
+
+The Windows Update service's servers are used solely by WU components. There's no expectation that end users will be interacting with these remote endpoints. Therefore, these service endpoints may not resolve as expected in a web browser. A user casually browsing to these endpoints may notice a lack of adherence to the latest web browser expectations such as publicly trusted PKI, certificate transparency logging, or TLS requirements. This behavior is expected and doesn't limit or otherwise impact the safety and security of the Windows Update system.
+
+Users attempting to browse to the service endpoints may see security warnings and even content access failures. Again, this behavior is expected as the service endpoints aren't designed for web browser access or casual user consumption.
+
+## Securing content delivery
+
+The process of downloading update binaries is secured at a layer above the transport. Even though content may be downloaded through standard HTTP (TCP port 80), the content goes through a rigorous security validation process.
+
+Downloads are load balanced through Content Delivery Networks (CDN), so using TLS would break their Microsoft chain-of-custody. Because a TLS connection to a caching CDN terminates at the CDN, not Microsoft, TLS certificates aren't Microsoft specific. This means that the WU client can't prove the trustworthiness of the CDN as Microsoft doesn't control CDN TLS certificates. Additionally, a TLS connection to a CDN doesn't prove content hasn't been manipulated within the CDN's caching network. Therefore, TLS doesn't offer any of the security promises to the end-to-end Windows Update workflow that it otherwise provides.
+
+Regardless of how the content is delivered, once it has been downloaded, it's properly validated. Content is validated for trust, integrity, and intention using various techniques such as digital signature validation and file hash checks. This level of content validation provides even more layers of security than TLS alone.
+
+## Windows Server Update Services (WSUS)
+
+Enterprises using WSUS have a similar workflow. However, the client devices connect to their enterprise's WSUS server instead of over the internet to Microsoft's servers. It's up to the enterprise to decide whether to use HTTP or TLS (HTTPS) connections for the metadata exchange. Microsoft strongly advises using TLS connections and configuring client devices with appropriate TLS certificate pinning configurations for metadata exchange with WSUS. For more information about WSUS TLS certificate-pinning, see:
+
+- [Windows IT Pro Blog: Changes to improve security for Windows devices scanning WSUS](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/changes-to-improve-security-for-windows-devices-scanning-wsus/ba-p/1645547)
+- [Windows IT Pro Blog: Scan changes and certificates add security for Windows devices using WSUS for updates](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/scan-changes-and-certificates-add-security-for-windows-devices/ba-p/2053668)
+
+When a WSUS server [updates its own update catalog](/windows-server/administration/windows-server-update-services/manage/setting-up-update-synchronizations), it connects to Microsoft's server sync services and scans for updates. The WSUS server synchronization process is similar to the [metadata exchange process](#securing-metadata-connections) for client devices connecting to Windows Update. The WSUS-to-Microsoft connection is over TLS and is verified by Microsoft certificate, similar to the WU client's TLS certificate-pinning.
diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/wufb-reports-admin-center.md
similarity index 55%
rename from windows/deployment/update/update-status-admin-center.md
rename to windows/deployment/update/wufb-reports-admin-center.md
index 3ff051356d..e8b2322c33 100644
--- a/windows/deployment/update/update-status-admin-center.md
+++ b/windows/deployment/update/wufb-reports-admin-center.md
@@ -1,7 +1,7 @@
 ---
-title: Microsoft admin center software updates (preview) page
+title: Microsoft 365 admin center software updates page
 manager: dougeby
-description: Microsoft admin center populates Update Compliance data into the software updates page.
+description: Microsoft admin center populates Windows Update for Business reports data into the software updates page.
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
@@ -13,12 +13,9 @@ ms.date: 06/20/2022
 ms.technology: itpro-updates
 ---
 
-# Microsoft admin center software updates (preview) page
+# Microsoft 365 admin center software updates page
 <!--37063317, 30141258, 37063041, ID2616577, ID2582518 -->
-***(Applies to: Windows 11 & Windows 10 using [Update Compliance](update-compliance-v2-overview.md) and the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview))***
-
-> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+***(Applies to: Windows 11 & Windows 10 using [Windows Update for Business reports](wufb-reports-overview.md) and the [Microsoft 365 admin center](/microsoft-365/admin/admin-overview/admin-center-overview))***
 
 The **Software updates** page in the [Microsoft 365 admin center](https://admin.microsoft.com) displays a high-level overview of the installation status for Microsoft 365 Apps and Windows updates in your environment. [Quality updates](quality-updates.md) that contain security fixes are typically released on the second Tuesday of each month. Ensuring these updates are installed is important because they help protect you from known vulnerabilities. The **Software updates** page allows you to easily determine the overall update compliance for your devices.
 
@@ -28,26 +25,28 @@ The **Software updates** page has following tabs to assist you in monitoring upd
    - For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/DeployOffice/updates/software-update-status).
 - **Windows**: Displays compliance charts for cumulative updates and feature updates for Windows clients. This article contains information about the **Windows** tab.
 
-:::image type="content" source="media/37063317-admin-center-software-updates.png" alt-text="Screenshot of the Microsoft 365 admin center displaying the software updates page with the Windows tab selected." lightbox="media/37063317-admin-center-software-updates.png":::
+  :::image type="content" source="media/37063317-admin-center-software-updates.png" alt-text="Screenshot of the Microsoft 365 admin center displaying the software updates page with the Windows tab selected." lightbox="media/37063317-admin-center-software-updates.png":::
 
 ## Permissions
-<!--Using include Microsoft 365 admin center permissions-->
-[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-admin-center-permissions.md)]
 
+<!--Using include Microsoft 365 admin center permissions-->
+[!INCLUDE [Windows Update for Business reports permissions](./includes/wufb-reports-admin-center-permissions.md)]
+
+> [!NOTE]
+> These permissions for the Microsoft 365 admin center apply specifically to the **Windows** tab of the **Software Updates** page. For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/DeployOffice/updates/software-update-status).
 
 ## Limitations
 
-Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers since it doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
+Windows Update for Business reports is a Windows service hosted in Azure that uses Windows diagnostic data. Windows Update for Business reports is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers since it doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home).
 
 ## Get started
 
-
-<!--Using include for onboarding Update Compliance through the Microsoft 365 admin center-->
-[!INCLUDE [Onboarding Update Compliance through the Microsoft 365 admin center](./includes/update-compliance-onboard-admin-center.md)]
+<!--Using include for onboarding Windows Update for Business reports through the Microsoft 365 admin center-->
+[!INCLUDE [Onboarding Windows Update for Business reports through the Microsoft 365 admin center](./includes/wufb-reports-onboard-admin-center.md)]
 
 ## The Windows tab
 
-The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Update Compliance](update-compliance-v2-overview.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. The Update Compliance data that populates these charts refreshes every 24 hours. For more information, see [Update Compliance data latency](update-compliance-v2-use.md#update-compliance-data-latency).
+The **Windows** tab in the **Software updates** page in the Microsoft admin center is populated by data from [Windows Update for Business reports](wufb-reports-overview.md). The tab contains a high-level overview of update compliance for Windows clients in your environment. The tab displays two charts **Windows update status** and **End of service**. The Windows Update for Business reports data that populates these charts refreshes every 24 hours. For more information, see [Windows Update for Business reports data latency](wufb-reports-use.md#data-latency).
 
 ### Windows update status chart
 
@@ -69,4 +68,4 @@ The **End of service** chart list the number of devices running an operating sys
 
 ## Next steps
 
-Use [Update Compliance](update-compliance-v2-overview.md) to display additional data about the status of Windows updates.
+Use [Windows Update for Business reports](wufb-reports-overview.md) to display additional data about the status of Windows updates.
diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/wufb-reports-configuration-intune.md
similarity index 56%
rename from windows/deployment/update/update-compliance-v2-configuration-mem.md
rename to windows/deployment/update/wufb-reports-configuration-intune.md
index a5285184bd..571998d9b1 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-mem.md
+++ b/windows/deployment/update/wufb-reports-configuration-intune.md
@@ -1,8 +1,8 @@
 ---
-title: Configuring Microsoft Endpoint Manager devices for Update Compliance (preview)
+title: Configuring Microsoft Intune devices for Windows Update for Business reports
 ms.reviewer: 
-manager: dougeby
-description: Configuring devices that are enrolled in Endpoint Manager for Update Compliance (preview)
+manager: aaroncz
+description: Configuring devices that are enrolled in Microsoft Intune for Windows Update for Business reports
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
@@ -13,65 +13,57 @@ ms.date: 08/24/2022
 ms.technology: itpro-updates
 ---
 
-# Configuring Microsoft Endpoint Manager devices for Update Compliance (preview)
+# Configuring Microsoft Intune devices for Windows Update for Business reports (preview)
 <!--37063317, 30141258, 37063041-->
-***(Applies to: Windows 11 & Windows 10 managed by [Microsoft Endpoint Manager](/mem/endpoint-manager-overview))***
-
-> [!Important]
-> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
-> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+***(Applies to: Windows 11 & Windows 10 managed by [Microsoft Intune](/mem/intune/fundamentals/what-is-intune)***
 
 
-This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps:
+This article is targeted at configuring devices enrolled to [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) for Windows Update for Business reports, within Microsoft Intune itself. Configuring devices for Windows Update for Business reports in Microsoft Intune breaks down to the following steps:
 
 1. [Create a configuration profile](#create-a-configuration-profile) for devices you want to enroll. The configuration profile contains settings for all the Mobile Device Management (MDM) policies that must be configured.
-1. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. For more information, see [Use Update Compliance](update-compliance-v2-use.md).
+1. Wait for data to populate. The length of this process depends on the computer being on, connected to the internet, and correctly configured. Some data types take longer to appear than others. For more information, see [Use Windows Update for Business reports](wufb-reports-use.md).
 
 > [!TIP]
 > If you need to troubleshoot client enrollment, consider deploying the [configuration script](#deploy-the-configuration-script) as a Win32 app to a few devices and reviewing the logs it creates. Additional checks are performed with the script to ensure devices are correctly configured.
 
 ## Create a configuration profile
 
-Create a configuration profile that will set the required policies for Update Compliance. There are two profile types that can be used to create a configuration profile for Update Compliance:
+Create a configuration profile that will set the required policies for Windows Update for Business reports. There are two profile types that can be used to create a configuration profile for Windows Update for Business reports:
 - The [settings catalog](#settings-catalog)
-- [Template](#custom-oma-uri-based-profile) for a custom OMA URI based profile
+- [Template](#custom-oma-uri-based-profile) for a custom OMA URI-based profile
 
 ### Settings catalog
 
-1. Go to the Admin portal in Endpoint Manager and navigate to **Devices** > **Windows** > **Configuration profiles**.
+1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Windows** > **Configuration profiles**.
 1. On the **Configuration profiles** view, select **Create profile**.
 1. Select **Platform**="Windows 10 and later" and **Profile type**="Settings Catalog", and then select **Create**.
 1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
 1. On the **Configuration settings** page, you'll be adding multiple settings from the **System** category. Using the **Settings picker**, select the **System** category, then add the following settings and values:
-    1. Required settings for Update Compliance: 
+    1. Required settings for Windows Update for Business reports: 
         - **Setting**: Allow Commercial Data Pipeline
         - **Value**: Enabled
         - **Setting**: Allow Telemetry
         - **Value**: Basic (*Basic is the minimum value, but it can be safely set to a higher value*)
         - **Setting**: Allow Update Compliance Processing
         - **Value**: Enabled
-    1. (*Recommended, but not required*) Add settings for **disabling devices' Diagnostic Data opt-in settings interface**. If these aren't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance:
         - **Setting**: Configure Telemetry Opt In Change Notification
-        - **Value**: Disable telemetry change notifications
-        - **Setting**: Configure Telemetry Opt In Settings Ux
-        - **Value**: Disable Telemetry opt-in Settings
-    1. (*Recommended, but not required*) Allow device name to be sent in Windows Diagnostic Data. If this policy is disabled, the device name won't be sent and won't be visible in Update Compliance:
+    1. (*Recommended, but not required*) Allow device name to be sent in Windows Diagnostic Data. If this policy is disabled, the device name won't be sent and won't be visible in Windows Update for Business reports:
         - **Setting**: Allow device name to be sent in Windows diagnostic data
         - **Value**: Allowed
 
-1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
+1. Continue through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
 1. Review the settings and then select **Create**.
 
-### Custom OMA URI based profile
+### Custom OMA URI-based profile
 
-1. Go to the Admin portal in Endpoint Manager and navigate to **Devices** > **Windows** > **Configuration profiles**.
+1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), go to **Devices** > **Windows** > **Configuration profiles**.
 1. On the **Configuration profiles** view, select **Create profile**.
 1. Select **Platform**="Windows 10 and later" and **Profile type**="Templates".
 1. For **Template name**, select **Custom**, and then select **Create**.
 1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
-1. On the **Configuration settings** page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md).
+1. On the **Configuration settings** page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md).
 
-    1. Add a setting to **Allow commercial data pipeline**; this policy is required for Update Compliance:
+    1. Add a setting to **Allow commercial data pipeline**; this policy is required for Windows Update for Business reports:
         - **Name**: Allow commercial data pipeline
         - **Description**: Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowCommercialDataPipeline`
@@ -79,23 +71,23 @@ Create a configuration profile that will set the required policies for Update Co
         - **Value**: 1 
     1. Add a setting configuring the **Windows Diagnostic Data level** for devices:
         - **Name**: Allow Telemetry
-        - **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance.
+        - **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Windows Update for Business reports.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowTelemetry`
         - **Data type**: Integer
         - **Value**: 1 (*1 is the minimum value meaning basic, but it can be safely set to a higher value*).
-    1. Add a setting to **Allow Update Compliance processing**; this policy is required for Update Compliance:
+    1. Add a setting to **Allow Update Compliance processing**; this policy is required for Windows Update for Business reports:
         - **Name**: Allow Update Compliance Processing
         - **Description**: Opts device data into Update Compliance processing. Required to see data.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowUpdateComplianceProcessing`
         - **Data type**: Integer
         - **Value**: 16
-    1. (*Recommended, but not required*) Add settings for **disabling devices' Diagnostic Data opt-in settings interface**. If these aren't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Update Compliance: 
+    1. (*Recommended, but not required*) Add settings for **disabling devices' Diagnostic Data opt-in settings interface**. If these aren't disabled, users of each device can potentially override the diagnostic data level of devices such that data won't be available for those devices in Windows Update for Business reports: 
         - **Name**: Disable Telemetry opt-in interface
-        - **Description**: Disables the ability for end-users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
+        - **Description**: Disables the ability for end users of devices can adjust diagnostic data to levels lower than defined by the Allow Telemetry setting.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/ConfigureTelemetryOptInSettingsUx`
         - **Data type**: Integer
         - **Value**: 1
-    1. (*Recommended, but not required*) Add a setting to **Allow device name in diagnostic data**; otherwise, the device name won't be in Update Compliance:
+    1. (*Recommended, but not required*) Add a setting to **Allow device name in diagnostic data**; otherwise, the device name won't be in Windows Update for Business reports:
         - **Name**: Allow device name in Diagnostic Data
         - **Description**: Allows device name in Diagnostic Data.
         - **OMA-URI**: `./Vendor/MSFT/Policy/Config/System/AllowDeviceNameInDiagnosticData`
@@ -103,15 +95,15 @@ Create a configuration profile that will set the required policies for Update Co
         - **Value**: 1
 
 
-1. Proceed through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
+1. Continue through the next set of tabs **Scope tags**, **Assignments**, and **Applicability Rules** to assign the configuration profile to devices you wish to enroll.
 1. Review the settings and then select **Create**.
 
 ## Deploy the configuration script
 
-The [Update Compliance Configuration Script](update-compliance-v2-configuration-script.md) is a useful tool for properly enrolling devices in Update Compliance, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
+The [Windows Update for Business reports Configuration Script](wufb-reports-configuration-script.md) is a useful tool for properly enrolling devices in Windows Update for Business reports, though it isn't strictly necessary. It checks to ensure that devices have the required services running and checks connectivity to the endpoints detailed in the section on [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md). You can deploy the script as a Win32 app. For more information, see [Win32 app management in Microsoft Intune](/mem/intune/apps/apps-win32-app-management).
 
-When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in pilot mode to a set of devices that you do have access to, or have a way to access the resultant log output the script provides, with as similar of a configuration profile as other devices which will be enrolled to Update Compliance, and analyzing the logs for any potential issues. Following this, you can deploy the configuration script in deployment mode as a Win32 app to all Update Compliance devices.
+When you deploy the configuration script as a Win32 app, you won't be able to retrieve the results of logs on the device without having access to the device, or saving results of the logs to a shared filesystem. We recommend deploying the script in pilot mode to a subset of devices that you can access. After following this guidance, you can deploy the configuration script in deployment mode as a Win32 app to all Windows Update for Business reports devices.
 
 ## Next steps
 
-[Use Update Compliance](update-compliance-v2-use.md)
+[Use Windows Update for Business reports](wufb-reports-use.md)
diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/wufb-reports-configuration-manual.md
similarity index 57%
rename from windows/deployment/update/update-compliance-v2-configuration-manual.md
rename to windows/deployment/update/wufb-reports-configuration-manual.md
index 17d22404cd..7ce5722f77 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-manual.md
+++ b/windows/deployment/update/wufb-reports-configuration-manual.md
@@ -1,8 +1,8 @@
 ---
-title: Manually configuring devices for Update Compliance (preview)
+title: Manually configuring devices for Windows Update for Business reports
 ms.reviewer: 
 manager: dougeby
-description: Manually configuring devices for Update Compliance (preview)
+description: How to manually configure devices for Windows Update for Business reports
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
@@ -13,30 +13,26 @@ ms.date: 06/06/2022
 ms.technology: itpro-updates
 ---
 
-# Manually Configuring Devices for Update Compliance (preview)
+# Manually configuring devices for Windows Update for Business reports (preview)
 <!--37063317, 30141258, 37063041-->
 ***(Applies to: Windows 11 & Windows 10)***
 
-> [!Important]
-> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
-> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
-There are a number of requirements to consider when manually configuring devices for Update Compliance. These requirements can potentially change with newer versions of Windows client. The [Update Compliance configuration script](update-compliance-v2-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
+There are a number of requirements to consider when manually configuring devices for Windows Update for Business reports. These requirements can potentially change with newer versions of Windows client. The [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
 
 The requirements are separated into different categories:
 
-1. Ensuring the [**required policies**](#required-policies) for Update Compliance are correctly configured.
-2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Update Compliance. For example, devices in both main and satellite offices, which might have different network configurations, must be able to reach the endpoints.
+1. Ensuring the [**required policies**](#required-policies) for Windows Update for Business reports are correctly configured.
+2. Devices in every network topography must send data to the [**required endpoints**](#required-endpoints) for Windows Update for Business reports. For example, devices in both main and satellite offices, which might have different network configurations, must be able to reach the endpoints.
 3. Ensure [**Required Windows services**](#required-services) are running or are scheduled to run. It's recommended all Microsoft and Windows services are set to their out-of-box defaults to ensure proper functionality.
 
 
 ## Required policies
 
-Update Compliance has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Update Compliance. Thee policies are listed below, separated by whether the policies will be configured via [Mobile Device Management](/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
+Windows Update for Business reports has a number of policies that must be appropriately configured in order for devices to be processed by Microsoft and visible in Windows Update for Business reports. Thee policies are listed below, separated by whether the policies will be configured via [Mobile Device Management](/windows/client-management/mdm/) (MDM) or Group Policy. For both tables:
 
 - **Policy** corresponds to the location and name of the policy.
-- **Value** Indicates what value the policy must be set to. Update Compliance requires *at least* Basic (or Required) diagnostic data, but can function off Enhanced or Full (or Optional).
-- **Function** details why the policy is required and what function it serves for Update Compliance. It will also detail a minimum version the policy is required, if any.
+- **Value** Indicates what value the policy must be set to. Windows Update for Business reports requires *at least* Basic (or Required) diagnostic data, but can function off Enhanced or Full (or Optional).
+- **Function** details why the policy is required and what function it serves for Windows Update for Business reports. It will also detail a minimum version the policy is required, if any.
 
 ### Mobile Device Management policies
 
@@ -46,20 +42,20 @@ Each MDM Policy links to its documentation in the configuration service provider
 |--------------------------|-|-|------------------------------------------------------------|
 |**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |Integer | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. |
 |**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. |
-|**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and won't be visible in Update Compliance, showing `#` instead. |
-| **System/**[**AllowUpdateComplianceProcessing**](/windows/client-management/mdm/policy-csp-system#system-allowUpdateComplianceProcessing) |Integer | 16 - Allowed | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. |
+|**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name won't be sent and won't be visible in Windows Update for Business reports, showing `#` instead. |
+| **System/**[**AllowUpdateComplianceProcessing**](/windows/client-management/mdm/policy-csp-system#system-allowUpdateComplianceProcessing) |Integer | 16 - Allowed | Enables data flow through Windows Update for Business report's data processing system and indicates a device's explicit enrollment to the service. |
 | **System/**[AllowCommercialDataPipeline](/windows/client-management/mdm/policy-csp-system#system-allowcommercialdatapipeline) | Integer | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. |
 
 ### Group policies
 
-All Group policies that need to be configured for Update Compliance are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.  
+All Group policies that need to be configured for Windows Update for Business reports are under **Computer Configuration>Administrative Templates>Windows Components\Data Collection and Preview Builds**. All of these policies must be in the *Enabled* state and set to the defined *Value* below.  
 
 | Policy | Value | Function |
 |---------------------------|-|-----------------------------------------------------------|
 |**Allow Telemetry** | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the **Configure telemetry opt-in setting user interface**. |
 |**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. |
-|**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name won't be sent and won't be visible in Update Compliance, showing `#` instead. |
-|**Allow Update Compliance processing** | 16 - Enabled | Enables data flow through Update Compliance's data processing system and indicates a device's explicit enrollment to the service. |
+|**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name won't be sent and won't be visible in Windows Update for Business reports, showing `#` instead. |
+|**Allow Update Compliance processing** | 16 - Enabled | Enables data flow through Windows Update for Business report's data processing system and indicates a device's explicit enrollment to the service. |
 | **Allow commercial data pipeline** | 1 - Enabled | Configures Microsoft to be the processor of the Windows diagnostic data collected from an Azure Active Directory-joined device. |
 
 ## Required endpoints
@@ -67,12 +63,12 @@ All Group policies that need to be configured for Update Compliance are under **
 To enable data sharing between devices, your network, and Microsoft's Diagnostic Data Service, configure your proxy to allow devices to contact the below endpoints.
 
 <!--Using include for endpoint access requirements-->
-[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-endpoints.md)]
+[!INCLUDE [Endpoints for Windows Update for Business reports](./includes/wufb-reports-endpoints.md)]
 
 ## Required services
 
-Many Windows and Microsoft services are required to ensure that not only the device can function, but Update Compliance can see device data. It's recommended that you allow all default services from the out-of-box experience to remain running. The [Update Compliance Configuration Script](update-compliance-v2-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.
+Many Windows and Microsoft services are required to ensure that not only the device can function, but Windows Update for Business reports can see device data. It's recommended that you allow all default services from the out-of-box experience to remain running. The [Windows Update for Business reports Configuration Script](wufb-reports-configuration-script.md) checks whether the majority of these services are running or are allowed to run automatically.
 
 ## Next steps
 
-[Use Update Compliance](update-compliance-v2-use.md)
+[Use Windows Update for Business reports](wufb-reports-use.md)
diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/wufb-reports-configuration-script.md
similarity index 57%
rename from windows/deployment/update/update-compliance-v2-configuration-script.md
rename to windows/deployment/update/wufb-reports-configuration-script.md
index 5cde468cfc..56d4ccd30d 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-script.md
+++ b/windows/deployment/update/wufb-reports-configuration-script.md
@@ -1,8 +1,8 @@
 ---
-title: Update Compliance (preview) Configuration Script
+title: Windows Update for Business reports configuration script
 ms.reviewer: 
 manager: dougeby
-description: Downloading and using the Update Compliance (preview) Configuration Script
+description: Downloading and using the Windows Update for Business reports configuration script
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
@@ -13,19 +13,15 @@ ms.date: 06/16/2022
 ms.technology: itpro-updates
 ---
 
-# Configuring devices through the Update Compliance (preview) Configuration Script
+# Configuring devices through the Windows Update for Business reports (preview) configuration script
 <!--37063317, 30141258, 37063041-->
 ***(Applies to: Windows 11 & Windows 10)***
 
-> [!Important]
-> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
-> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
-The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-v2-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured.
+The Windows Update for Business reports configuration script is the recommended method of configuring devices to send data to Microsoft for use with Windows Update for Business reports. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configure devices for Windows Update for Business reports](wufb-reports-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured.
 
 ## About the script
 
-The configuration script configures registry keys directly. Be aware that registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script doesn't reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md), device data might not appear in Update Compliance correctly. 
+The configuration script configures registry keys directly. Be aware that registry keys can potentially be overwritten by policy settings like Group Policy or MDM. *Reconfiguring devices with the script doesn't reconfigure previously set policies, both in the case of Group Policy and MDM*. If there are conflicts between your Group Policy or MDM configurations and the required configurations listed in [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md), device data might not appear in Windows Update for Business reports correctly. 
 
 You can download the script from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=101086). Keep reading to learn how to configure the script and interpret error codes that are output in logs for troubleshooting.
 
@@ -44,7 +40,7 @@ This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You
 Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`):
 
 1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`.
-1. Don't modify the [Commercial ID](update-compliance-get-started.md#get-your-commercialid) values since they're used for the earlier version of Update Compliance. Leave `setCommercialID=false` and the `commercialIDValue=Unknown`.
+1. Don't modify the [Commercial ID](update-compliance-get-started.md#get-your-commercialid) values since they're used for the earlier version of Windows Update for Business reports (Update Compliance). Leave `setCommercialID=false` and the `commercialIDValue=Unknown`.
 1. Run the script.
 1. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`.
 1. If there are issues, gather the logs and provide them to Microsoft Support.
@@ -52,14 +48,14 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru
 ## Verify device configuration
 
 <!--Using include for verifying device configuration-->
-[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-verify-device-configuration.md)]
+[!INCLUDE [Endpoints for Windows Update for Business reports](./includes/wufb-reports-verify-device-configuration.md)]
 
 ## Script errors
 
 <!--Using include for script errors-->
-[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-script-error-codes.md)]
+[!INCLUDE [Windows Update for Business reports script error codes](./includes/wufb-reports-script-error-codes.md)]
 
 
 ## Next steps
 
-[Use Update Compliance](update-compliance-v2-use.md)
\ No newline at end of file
+[Use Windows Update for Business reports](wufb-reports-use.md)
\ No newline at end of file
diff --git a/windows/deployment/update/wufb-reports-enable.md b/windows/deployment/update/wufb-reports-enable.md
new file mode 100644
index 0000000000..6f1acf7aea
--- /dev/null
+++ b/windows/deployment/update/wufb-reports-enable.md
@@ -0,0 +1,85 @@
+---
+title: Enable Windows Update for Business reports
+ms.reviewer: 
+manager: dougeby
+description: How to enable Windows Update for Business reports through the Azure portal
+ms.prod: windows-client
+author: mestew
+ms.author: mstewart
+ms.collection: M365-analytics
+ms.topic: article
+ms.date: 06/06/2022
+ms.technology: itpro-updates
+---
+
+# Enable Windows Update for Business reports (preview)
+<!--37063317, 30141258, 37063041-->
+***(Applies to: Windows 11 & Windows 10)***
+
+After verifying the [prerequisites](wufb-reports-prerequisites.md) are met, you can start to set up Windows Update for Business reports. The two main steps for setting up  Windows Update for Business reports are:
+
+1. [Add Windows Update for Business reports](#bkmk_add) to your Azure subscription. This step has the following phases:
+   1. [Select or create a new Log Analytics workspace](#bkmk_workspace) for use with Windows Update for Business reports.
+   1. Enroll into Windows Update for Business reports using one of the following methods:
+      - Enroll through the [Azure Workbook](#bkmk_enroll) (preferred method)
+      - Enroll from the [Microsoft 365 admin center](#bkmk_admin-center).
+
+1. Configure the clients to send data to Windows Update for Business reports. You can configure clients in the following three ways:
+    - Use a [script](wufb-reports-configuration-script.md)
+    - Use [Microsoft Intune](wufb-reports-configuration-intune.md)
+    - Configure [manually](wufb-reports-configuration-manual.md)
+
+> [!IMPORTANT]
+> Windows Update for Business reports is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Windows Update for Business reports doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Windows Update for Business reports is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
+
+## <a name="bkmk_add"></a> Add Windows Update for Business reports to your Azure subscription
+
+Before you configure clients to send data, you'll need to add Windows Update for Business reports to your Azure subscription so the data can be received. First, you'll select or create a new Log Analytics workspace to use. Second, you'll enroll Windows Update for Business reports to the workspace.
+
+## <a name="bkmk_workspace"></a> Select or create a new Log Analytics workspace for Windows Update for Business reports
+
+Windows Update for Business reports uses an [Azure Log Analytics workspaces](/azure/azure-monitor/logs/log-analytics-overview) that you own for storing the client diagnostic data. Identify an existing workspace or create a new one using the following steps:
+
+1. Sign in to the Azure portal at [https://portal.azure.com](https://portal.azure.com).
+   - Although an Azure subscription is required, you won't be charged for ingestion of Windows Update for Business reports data.
+1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input.
+1. Select **Log Analytics workspaces**.
+1. If you already have a Log Analytics workspace, determine which Log Analytics workspace you'd like to use for Windows Update for Business reports. Ensure the workspace is in a **Compatible Log Analytics region** from the table listed in the [prerequisites](wufb-reports-prerequisites.md#log-analytics-regions).
+   - [Azure Update Management](/azure/automation/automation-intro#update-management) users should use the same workspace for Windows Update for Business reports.
+1. If you don't have an existing Log Analytics workspace or you don't want to use a current workspace, [create a new workspace](/azure/azure-monitor/logs/quick-create-workspace) in a [compatible region](wufb-reports-prerequisites.md#log-analytics-regions).
+
+> [!Note]
+> - You can only map one tenant to one Log Analytics workspace. Mapping one tenant to multiple workspaces isn't supported.
+> - If you change the Log Analytics workspace for Windows Update for Business reports, stale data will be displayed for about 24 hours until the new workspace is fully onboarded. You will also need to reconfigure the Windows Update for Business reports settings to enroll again.
+
+## <a name="bkmk_enroll"></a> Enroll into Windows Update for Business reports
+
+Enroll into Windows Update for Business reports by configuring its settings through either the Azure Workbook or from the Microsoft 365 admin center. Completing the Windows Update for Business reports configuration removes needing to specify [`CommercialID`](update-compliance-get-started.md#get-your-commercialid), which was needed by Update Compliance, the predecessor of Windows Update for Business reports.
+
+Use one of the following methods to enroll into Windows Update for Business reports:
+
+##### <a name="bkmk_enroll-workbook"></a> Enroll through the Azure Workbook (recommended method)
+
+1. In the [Azure portal](https://portal.azure.com), select **Monitor** > **Workbooks** from the menu bar.
+   - You can also type **Monitor** in the search bar. As you begin typing, the list filters based on your input.
+
+1. When the gallery opens, select the **Windows Update for Business reports** workbook. If needed, you can filter workbooks by name in the gallery.
+1. Select the **Get started** button when prompted by the workbook to open the **Windows Update for Business reports enrollment** flyout.
+1. In the flyout, specify which **Subscription** and **Azure Log Analytics Workspace** you want to use for Windows Update for Business reports.
+   - If you need to create a new Log Analytics workspace, select **Create new workspace** and follow the prompts to [create a new workspace](#bkmk_workspace).
+1. Select **Save settings** to save the settings and enroll into Windows Update for Business reports.
+   > [!Tip]
+   > If a `403 Forbidden` error occurs, verify the account you're using has [permissions](wufb-reports-prerequisites.md#permissions) to enroll into Windows Update for Business reports.
+1. The initial setup can take up to 24 hours. During this time, the workbook will display that it's **Waiting for Windows Update for Business reports data**.
+
+##### <a name="bkmk_admin-center"></a> Enroll through the Microsoft 365 admin center
+<!--Using include for onboarding Windows Update for Business reports through the Microsoft 365 admin center-->
+[!INCLUDE [Onboarding Windows Update for Business reports through the Microsoft 365 admin center](./includes/wufb-reports-onboard-admin-center.md)]
+
+## Next steps
+
+Once you've added Windows Update for Business reports to a workspace in your Azure subscription and configured the settings through the Microsoft 365 admin center, you'll need to configure any devices you want to monitor. Enroll devices into Windows Update for Business reports using any of the following methods:
+
+- [Configure clients with a script](wufb-reports-configuration-script.md)
+- [Configure clients manually](wufb-reports-configuration-manual.md)
+- [Configure clients with Microsoft Intune](wufb-reports-configuration-intune.md)
diff --git a/windows/deployment/update/update-compliance-v2-help.md b/windows/deployment/update/wufb-reports-help.md
similarity index 61%
rename from windows/deployment/update/update-compliance-v2-help.md
rename to windows/deployment/update/wufb-reports-help.md
index 313f95aa04..719cb3b0e4 100644
--- a/windows/deployment/update/update-compliance-v2-help.md
+++ b/windows/deployment/update/wufb-reports-help.md
@@ -1,8 +1,8 @@
 ---
-title: Update Compliance (preview) feedback, support, and troubleshooting
+title: Windows Update for Business reports feedback, support, and troubleshooting
 ms.reviewer: 
 manager: dougeby
-description: Update Compliance (preview) support information.
+description: Windows Update for Business reports support information.
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
@@ -12,48 +12,44 @@ ms.date: 08/10/2022
 ms.technology: itpro-updates
 ---
 
-# Update Compliance (preview) feedback, support, and troubleshooting
+# Windows Update for Business reports (preview) feedback, support, and troubleshooting
 
 <!-- MAX6325272, OS33771278 -->
 ***(Applies to: Windows 11 & Windows 10)***
 
-> [!IMPORTANT]
-> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
-> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+There are several resources that you can use to find help with Windows Update for Business reports. Whether you're just getting started or an experienced administrator, use the following resources when you need help with Windows Update for Business reports:
 
-There are several resources that you can use to find help with Update Compliance. Whether you're just getting started or an experienced administrator, use the following resources when you need help with Update Compliance:
-
-- Send [product feedback about Update Compliance](#send-product-feedback)
+- Send [product feedback about Windows Update for Business reports](#send-product-feedback)
 - Open a [Microsoft support case](#open-a-microsoft-support-case)
 
 - [Documentation feedback](#documentation-feedback)
-- [Troubleshooting tips](#troubleshooting-tips) for Update Compliance
-- Follow the [Windows IT Pro blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog) to learn about upcoming changes to Update Compliance
+- [Troubleshooting tips](#troubleshooting-tips) for Windows Update for Business reports
+- Follow the [Windows IT Pro blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog) to learn about upcoming changes to Windows Update for Business reports
 - Use Microsoft Q&A to [ask product questions](/answers/products/)
 
 ## Send product feedback
 
-Use the product feedback option to offer suggestions for new features and functionality, or for suggesting changes to the current Update Compliance features. You can share feedback directly to the Update Compliance product group. To provide product feedback:
+Use the product feedback option to offer suggestions for new features and functionality, or to suggest changes to the current Windows Update for Business reports features. You can share feedback directly to the Windows Update for Business reports product group. To provide product feedback:
 
 1. In the upper right corner of the Azure portal, select the feedback icon.
 1. Select either the smile or the frown to rate your satisfaction with your experience.
 1. In the text box, describe what you did or didn't like. When providing feedback about a problem, be sure to include enough detail in your description so it can be properly identified by the product group.
 1. Choose if you'd like to allow Microsoft to email you about your feedback.
 1. Select **Submit feedback** when you've completed the feedback form.
-:::image type="content" source="media/33771278-update-compliance-feedback.png" alt-text="Screenshot of the Azure portal showing the product feedback option flyout." lightbox="media/33771278-update-compliance-feedback.png":::
+:::image type="content" source="media/33771278-wufb-reports-feedback.png" alt-text="Screenshot of the Azure portal showing the product feedback option flyout." lightbox="media/33771278-wufb-reports-feedback.png":::
 
 ## Open a Microsoft support case
 
-You can open support requests directly from the Azure portal. If  the **Help + Support** page doesn't display, verify you have access to open support requests. For more information about role-based access controls for support requests, see [Create an Azure support request](/azure/azure-portal/supportability/how-to-create-azure-support-request). To create a new support request for Update Compliance:
+You can open support requests directly from the Azure portal. If  the **Help + Support** page doesn't display, verify you have access to open support requests. For more information about role-based access controls for support requests, see [Create an Azure support request](/azure/azure-portal/supportability/how-to-create-azure-support-request). To create a new support request for Windows Update for Business reports:
 
 1. Open the **Help + Support** page from the following locations: 
   - In the [Send product feedback](#send-product-feedback) flyout, select the **contact support** link.
   - From the Azure portal, select **New support request** under the **Support + Troubleshooting** heading.
-1. Select **Create a support request** which opens the new support request page. 
-1. On the **Problem description** tab, provide information about the issue. The below items in ***bold italics*** should be used to help ensure an Update Compliance engineer receives your support request: 
+1. Select **Create a support request**, which opens the new support request page. 
+1. On the **Problem description** tab, provide information about the issue. The following items in ***bold italics*** should be used to help ensure a Windows Update for Business reports engineer receives your support request: 
    - **Summary** - Brief description of the issue
    - **Issue type** - ***Technical***
-   - **Subscription** - Select the subscription used for Update Compliance
+   - **Subscription** - Select the subscription used for Windows Update for Business reports
    - **Service** - ***My services***
    - **Service type** - ***Log Analytics***
    - **Problem type** - ***Solutions or Insights***
@@ -83,29 +79,29 @@ Use GitHub Issues to submit the following types of feedback:
 
 If you create an issue for something not related to documentation, Microsoft will close the issue and redirect you to a better feedback channel. For example:
 
-- [Product feedback](#send-product-feedback) for Update Compliance
+- [Product feedback](#send-product-feedback) for Windows Update for Business reports
 - [Product questions (using Microsoft Q&A)](/answers/products/)
-- [Support requests](#open-a-microsoft-support-case) for Update Compliance
+- [Support requests](#open-a-microsoft-support-case) for Windows Update for Business reports
 
 To share feedback about the Microsoft Learn platform, see [Microsoft Learn feedback](https://aka.ms/sitefeedback). The platform includes all of the wrapper components such as the header, table of contents, and right menu. Also how the articles render in the browser, such as the font, alert boxes, and page anchors.
 
 ## Troubleshooting tips
 
-Use the troubleshooting tips below to resolve commonly encountered problems when using Update Compliance:
+Use the following troubleshooting tips to resolve the most common problems when using Windows Update for Business reports:
 
 ### Verify client configuration
 
 <!--Using include for verifying device configuration-->
-[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-verify-device-configuration.md)]
+[!INCLUDE [Endpoints for Windows Update for Business reports](./includes/wufb-reports-verify-device-configuration.md)]
 
 ### Ensuring devices are configured correctly to send data
 
-The first step in troubleshooting Update Compliance is ensuring that devices are configured. Review [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md) for the settings. We recommend using the [Update Compliance configuration script](update-compliance-v2-configuration-script.md) for troubleshooting and configuring devices.
+The first step in troubleshooting Windows Update for Business reports is ensuring that devices are configured. Review [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md) for the settings. We recommend using the [Windows Update for Business reports configuration script](wufb-reports-configuration-script.md) for troubleshooting and configuring devices.
 
-### Devices have been correctly configured but aren't showing up in Update Compliance
+### Devices have been correctly configured but aren't showing up in Windows Update for Business reports
 
-It takes some time for data to appear in Update Compliance for the first time or if you moved to a new Log Analytics workspace. To learn more about data latencies for Update Compliance, review [Update  Compliance data latency](update-compliance-v2-use.md#update-compliance-data-latency).
+It takes some time for data to appear in Windows Update for Business reports for the first time, or if you moved to a new Log Analytics workspace. To learn more about data latencies for Windows Update for Business reports, review [Windows Update for Business reports data latency](wufb-reports-use.md#data-latency).
 
 ### Devices are appearing, but without a device name
 
-Device Name is  an opt-in via policy starting in Windows 10 version 1803. Review the required policies for enabling device name in the [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md) article.
+Device Name is  an opt-in via policy. Review the required policies for enabling device name in the [Manually configuring devices for Windows Update for Business reports](wufb-reports-configuration-manual.md) article.
diff --git a/windows/deployment/update/wufb-reports-overview.md b/windows/deployment/update/wufb-reports-overview.md
new file mode 100644
index 0000000000..960d5ade58
--- /dev/null
+++ b/windows/deployment/update/wufb-reports-overview.md
@@ -0,0 +1,81 @@
+---
+title: Windows Update for Business reports overview
+ms.reviewer: 
+manager: dougeby
+description: Overview of Windows Update for Business reports to explain what it's used for and the cloud services it relies on.
+ms.prod: windows-client
+author: mestew
+ms.author: mstewart
+ms.collection: M365-analytics
+ms.topic: article
+ms.date: 08/09/2022
+ms.technology: itpro-updates
+---
+
+# Windows Update for Business reports (preview) overview
+<!--37063317, 30141258, 37063041-->
+***(Applies to: Windows 11 & Windows 10)***
+
+Windows Update for Business reports is a cloud-based solution that provides information about your Azure Active Directory-joined devices' compliance with Windows updates. Windows Update for Business reports is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Windows Update for Business reports helps you:
+
+- Monitor security, quality, and feature updates for Windows 11 and Windows 10 devices
+- Report on devices with update compliance issues
+- Analyze and display your data in multiple ways
+
+
+## Benefits of Windows Update for Business reports
+
+Some of the benefits of Windows Update for Business reports are:
+
+- Integration with [Windows Update for Business deployment service](deployment-service-overview.md) to enable per deployment reporting, monitoring, and troubleshooting.
+- Compatibility with [feature updates](/mem/intune/protect/windows-10-feature-updates) and [Expedite Windows quality updates](/mem/intune/protect/windows-10-expedite-updates) policies in Intune.
+- A new **Alerts** data type to assist you with identifying devices that encounter issues during the update process. Error code information is provided to help troubleshoot update issues.
+
+Currently, Windows Update for Business reports contains the following features:
+
+- [Windows Update for Business reports workbook](wufb-reports-workbook.md)
+- Compliance status [charts in the Microsoft 365 admin](wufb-reports-admin-center.md)
+- Access to the following [Windows Update for Business reports tables](wufb-reports-schema.md):
+    - UCClient
+    - UCClientReadinessStatus
+    - UCClientUpdateStatus
+    - UCDeviceAlert
+    - UCServiceUpdateStatus
+    - UCUpdateAlert
+    - UCDOStatus
+    - UCDOAggregatedStatus
+- Client data collection to populate the Windows Update for Business reports tables
+
+:::image type="content" source="media/wufb-reports-query-table.png" alt-text="Screenshot of using a custom Kusto (KQL) query on Windows Update for Business reports data in Log Analytics." lightbox="media/wufb-reports-query-table.png":::
+
+## Limitations
+
+Windows Update for Business reports is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Windows Update for Business reports doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Windows Update for Business reports is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
+
+
+## How Windows Update for Business reports works
+
+You'll set up Windows Update for Business reports by enrolling into the service from the Azure portal. Then you'll configure your Azure AD-joined devices to send Windows client diagnostic data to the service. Windows Update for Business reports uses [Log Analytics in Azure Monitor](/azure/azure-monitor/logs/log-analytics-overview) to store the diagnostic data the clients send. You can use this data for reporting on updates for your devices. Windows Update for Business reports collects system data such as:
+
+- Update deployment progress
+- Delivery Optimization usage data
+- Windows Update for Business configuration data
+
+The Azure Log Analytics ingestion and retention charges aren't incurred on your Azure subscription for Windows Update for Business reports data. You also choose an [Azure Log Analytics workspaces](/azure/azure-monitor/logs/log-analytics-overview) that you own for your client diagnostic data. The collected diagnostic data populates the Windows Update for Business reports tables so you can easily query your data.
+
+## Use your Windows Update for Business reports data
+
+Since the data from your clients is stored in a Log Analytics workspace, you can go beyond the standard reports to analyze and display your data in multiple ways. Some of the ways you could display your data include:
+
+- Using the data in [custom workbooks](/azure/azure-monitor/visualize/workbooks-overview) that you create
+- Building [custom Kusto (KQL) queries](/azure/azure-monitor/logs/log-query-overview)
+- Developing your own custom views by integrating the [Log Analytics data](/azure/azure-monitor/visualize/tutorial-logs-dashboards) into other tools such as:
+   - [Operations Management Suite](/azure/azure-monitor/agents/om-agents)
+   - [Power BI](/azure/azure-monitor/logs/log-powerbi)
+   - Other tools for [querying the data](/azure/azure-monitor/logs/log-query-overview)
+
+
+
+## Next steps
+
+- Review the [Windows Update for Business reports prerequisites](wufb-reports-prerequisites.md)
diff --git a/windows/deployment/update/wufb-reports-prerequisites.md b/windows/deployment/update/wufb-reports-prerequisites.md
new file mode 100644
index 0000000000..06347a1910
--- /dev/null
+++ b/windows/deployment/update/wufb-reports-prerequisites.md
@@ -0,0 +1,110 @@
+---
+title: Windows Update for Business reports prerequisites
+ms.reviewer: 
+manager: dougeby
+description: Prerequisites for Windows Update for Business reports
+ms.prod: windows-client
+author: mestew
+ms.author: mstewart
+ms.collection: M365-analytics
+ms.topic: article
+ms.date: 06/30/2022
+ms.technology: itpro-updates
+---
+
+# Windows Update for Business reports (preview) prerequisites
+<!--37063317, 30141258, 37063041-->
+***(Applies to: Windows 11 & Windows 10)***
+
+Before you begin the process of adding Windows Update for Business reports to your Azure subscription, ensure you meet the prerequisites.
+
+## Azure and Azure Active Directory
+
+- An Azure subscription with [Azure Active Directory](/azure/active-directory/)
+- Devices must be Azure Active Directory-joined and meet the below OS, diagnostic, and endpoint access requirements.
+  - Devices can be [Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join) or [hybrid Azure AD joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid).
+- Devices that are [Azure AD registered](/azure/active-directory/devices/concept-azure-ad-register) only (Workplace joined) aren't supported with Windows Update for Business reports.
+- The Log Analytics workspace must be in a [supported region](#log-analytics-regions)
+
+## Permissions
+
+[!INCLUDE [Windows Update for Business reports permissions](./includes/wufb-reports-admin-center-permissions.md)]
+
+**Log Analytics permissions**:
+
+- [Log Analytics Contributor](/azure/role-based-access-control/built-in-roles#log-analytics-contributor) role can be used to edit and write queries
+- [Log Analytics Reader](/azure/role-based-access-control/built-in-roles#log-analytics-reader) role can be used to read data
+
+## Operating systems and editions
+
+- Windows 11 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
+- Windows 10 Professional, Education, Enterprise, and [Enterprise multi-session](/azure/virtual-desktop/windows-10-multisession-faq) editions
+
+Windows Update for Business reports only provides data for the standard Desktop Windows client version and isn't currently compatible with Windows Server, Surface Hub, IoT, or other versions.
+
+## Windows client servicing channels
+
+Windows Update for Business reports supports Windows client devices on the following channels:
+
+- General Availability Channel
+- Windows Update for Business reports *counts* Windows Insider Preview devices, but doesn't currently provide detailed deployment insights for them.
+
+## Diagnostic data requirements
+
+At minimum, Windows Update for Business reports requires devices to send diagnostic data at the *Required* level (previously *Basic*). Some queries in Windows Update for Business reports require devices to send diagnostic data at the following levels:
+
+- *Optional* level (previously *Full*) for Windows 11 devices
+- *Enhanced* level for Windows 10 devices
+
+    > [!Note]
+    > Device names don't appear in Windows Update for Business reports unless you individually opt-in devices by using policy. The configuration script does this for you, but when using other client configuration methods, set one of the following to display device names:
+    > - CSP: System/[AllowDeviceNameInDiagnosticData](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata)
+    > - Group Policy: **Allow device name to be sent in Windows diagnostic data** under **Computer Configuration\Administrative Templates\Windows Components\Data Collection and Preview Builds**
+
+For more information about what's included in different diagnostic levels, see [Diagnostics, feedback, and privacy in Windows](https://support.microsoft.com/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319).
+
+## Data transmission requirements
+
+<!--Using include for endpoint access requirements-->
+[!INCLUDE [Endpoints for Windows Update for Business reports](./includes/wufb-reports-endpoints.md)]
+
+> [!NOTE]
+> Enrolling into Windows Update for Business reports from the [Azure CLI](/cli/azure) or enrolling programmatically another way currently isn't supported. You must manually add Windows Update for Business reports to your Azure subscription.
+
+## Log Analytics regions
+
+Windows Update for Business reports can use a Log Analytics workspace in the following regions:
+
+|Compatible Log Analytics regions |
+| ------------------------------- |
+|Australia Central |
+|Australia East |
+|Australia Southeast |
+|Brazil South |
+|Canada Central |
+|Central India |
+|Central US |
+|East Asia |
+|East US |
+|East US 2 |
+|Eastus2euap(canary) |
+|France Central |
+|Japan East |
+|Korea Central |
+|North Central US |
+|North Europe |
+|South Africa North |
+|South Central US |
+|Southeast Asia |
+|Switzerland North |
+|Switzerland West |
+|UK West |
+|UK south |
+|West Central US |
+|West Europe |
+|West US |
+|West US 2 |
+
+## Next steps
+
+- [Enable the Windows Update for Business reports solution](wufb-reports-enable.md) in the Azure portal
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclient.md b/windows/deployment/update/wufb-reports-schema-ucclient.md
similarity index 95%
rename from windows/deployment/update/update-compliance-v2-schema-ucclient.md
rename to windows/deployment/update/wufb-reports-schema-ucclient.md
index c7ab446d06..4b3720677c 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucclient.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclient.md
@@ -1,5 +1,5 @@
 ---
-title: Update Compliance Data Schema - UCClient
+title: Windows Update for Business reports Data Schema - UCClient
 ms.reviewer: 
 manager: dougeby
 description: UCClient schema
@@ -16,9 +16,6 @@ ms.technology: itpro-updates
 <!--37063317, 30141258, 37063041-->
 ***(Applies to: Windows 11 & Windows 10)***
 
-> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
 UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the OS edition, and active hours (quantitative).
 
 |Field |Type |Example |Description |
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
similarity index 93%
rename from windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md
rename to windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
index 83087d18b4..d625c2745e 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucclientreadinessstatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientreadinessstatus.md
@@ -1,5 +1,5 @@
 ---
-title: Update Compliance Data Schema - UCClientReadinessStatus
+title: Windows Update for Business reports Data Schema - UCClientReadinessStatus
 ms.reviewer: 
 manager: dougeby
 description: UCClientReadinessStatus schema
@@ -16,9 +16,6 @@ ms.technology: itpro-updates
 <!--37063317, 30141258, 37063041-->
 ***(Applies to: Windows 10)***
 
-> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
 UCClientReadinessStatus is an individual device's record about its readiness for updating to Windows 11. If the device isn't capable of running Windows 11, the record includes which Windows 11 [hardware requirements](/windows/whats-new/windows-11-requirements#hardware-requirements) the device doesn't meet.
 
 |Field |Type |Example |Description |
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
similarity index 93%
rename from windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md
rename to windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
index 68e1809d2f..534dabde67 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucclientupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucclientupdatestatus.md
@@ -1,5 +1,5 @@
 ---
-title: Update Compliance Data Schema - UCClientUpdateStatus
+title: Windows Update for Business reports Data Schema - UCClientUpdateStatus
 ms.reviewer: 
 manager: dougeby
 description: UCClientUpdateStatus schema
@@ -16,9 +16,6 @@ ms.technology: itpro-updates
 <!--37063317, 30141258, 37063041-->
 ***(Applies to: Windows 11 & Windows 10)***
 
-> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
 Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update.
 
 | Field | Type | Example | Description |
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
similarity index 93%
rename from windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md
rename to windows/deployment/update/wufb-reports-schema-ucdevicealert.md
index 18c9676b72..9c737aa85d 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucdevicealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucdevicealert.md
@@ -1,5 +1,5 @@
 ---
-title: Update Compliance Data Schema - UCDeviceAlert
+title: Windows Update for Business reports Data Schema - UCDeviceAlert
 ms.reviewer: 
 manager: dougeby
 description: UCDeviceAlert schema
@@ -16,14 +16,11 @@ ms.technology: itpro-updates
 <!--37063317, 30141258, 37063041-->
 ***(Applies to: Windows 11 & Windows 10)***
 
-> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
 These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from (ServiceDeviceAlert, ClientDeviceAlert). For example, an EndOfService alert is a ClientDeviceAlert, as a build no longer being serviced (EOS) is a client-wide state. Meanwhile, DeviceRegistrationIssues in the Windows Update for Business deployment service will be a ServiceDeviceAlert, as it's a device-wide state in the service to not be correctly registered.
 
 |Field |Type |Example |Description |
 |---|---|---|---|
-| **AlertClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Error` | Whether this alert is an Error, a Warning, or Informational. |
+| **AlertClassification** | [string](/azure/kusto/query/scalar-data-types/string) | `Error` | Whether this alert is an Error, a Warning, or Informational |
 | **AlertId** | [string](/azure/kusto/query/scalar-data-types/string) | `9e107d9d372bb6826bd81d3542a419d6` | The unique identifier of this alert |
 | **AlertRank** | [int](/azure/kusto/query/scalar-data-types/int) | `1000` | Integer ranking of alert for prioritization during troubleshooting |
 | **AlertStatus** | [string](/azure/kusto/query/scalar-data-types/string) | `Active` | Whether this alert is Active, Resolved, or Deleted |
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
similarity index 89%
rename from windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md
rename to windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
index 401602f0b0..8f9c85e225 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucserviceupdatestatus.md
+++ b/windows/deployment/update/wufb-reports-schema-ucserviceupdatestatus.md
@@ -1,5 +1,5 @@
 ---
-title: Update Compliance Data Schema - UCServiceUpdateStatus
+title: Windows Update for Business reports Data Schema - UCServiceUpdateStatus
 ms.reviewer: 
 manager: dougeby
 description: UCServiceUpdateStatus schema
@@ -16,10 +16,7 @@ ms.technology: itpro-updates
 <!--37063317, 30141258, 37063041-->
 ***(Applies to: Windows 11 & Windows 10)***
 
-> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
-Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. This event has certain fields removed from it in favor of being able to show data in near real-time.
+Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. This event has certain fields removed from it in favor of being able to show data in near real time.
 
 | Field | Type | Example | Description |
 |---|---|---|---|
diff --git a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
similarity index 94%
rename from windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md
rename to windows/deployment/update/wufb-reports-schema-ucupdatealert.md
index 85a29368e8..93487fbca2 100644
--- a/windows/deployment/update/update-compliance-v2-schema-ucupdatealert.md
+++ b/windows/deployment/update/wufb-reports-schema-ucupdatealert.md
@@ -1,5 +1,5 @@
 ---
-title: Update Compliance Data Schema - UCUpdateAlert
+title: Windows Update for Business reports Data Schema - UCUpdateAlert
 ms.reviewer: 
 manager: dougeby
 description: UCUpdateAlert schema
@@ -16,9 +16,6 @@ ms.technology: itpro-updates
 <!--37063317, 30141258, 37063041-->
 ***(Applies to: Windows 11 & Windows 10)***
 
-> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-
 Alert for both client and service updates. Contains information that needs attention, relative to one device (client), one update, and one deployment (if relevant). Certain fields may be blank depending on the UpdateAlert's AlertType field; for example, ServiceUpdateAlert won't necessarily contain client-side statuses.
 
 |Field |Type |Example |Description |
diff --git a/windows/deployment/update/wufb-reports-schema.md b/windows/deployment/update/wufb-reports-schema.md
new file mode 100644
index 0000000000..cf7eb1c89c
--- /dev/null
+++ b/windows/deployment/update/wufb-reports-schema.md
@@ -0,0 +1,35 @@
+---
+title: Windows Update for Business reports data schema
+ms.reviewer: 
+manager: dougeby
+description: An overview of Windows Update for Business reports data schema
+ms.prod: windows-client
+author: mestew
+ms.author: mstewart
+ms.collection: M365-analytics
+ms.topic: reference
+ms.date: 06/06/2022
+ms.technology: itpro-updates
+---
+
+# Windows Update for Business reports (preview)schema 
+<!--37063317, 30141258, 37063041-->
+***(Applies to: Windows 11 & Windows 10)***
+
+When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Windows Update for Business reports and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more.
+
+## Schema
+
+The following table summarizes the different tables that are part of the Windows Update for Business reports solution. To learn how to navigate Azure Monitor Logs to find this data, see [Get started with log queries in Azure Monitor](/azure/azure-monitor/log-query/get-started-queries).
+
+> [!NOTE]
+> Data is collected daily. The TimeGenerated field shows the time data was collected. It's added by Log Analytics when data is collected. Device data from the past 28 days is collected, even if no new data has been generated since the last time. LastScan is a clearer indicator of data freshness (that is, the last time the values were updated), while TimeGenerated indicates the freshness of data within Log Analytics.
+
+|Table |Category |Description |
+|--|--|--|
+| [**UCClient**](wufb-reports-schema-ucclient.md) | Device record | UCClient acts as an individual device's record. It contains data such as the currently installed build, the device's name, the operating system edition, and active hours (quantitative). |
+|[**UCClientReadinessStatus**](wufb-reports-schema-ucclientreadinessstatus.md) | Device record | UCClientReadinessStatus is an individual device's record about its readiness for updating to Windows 11. If the device isn't capable of running Windows 11, the record includes which Windows 11 hardware requirements the device doesn't meet.|
+| [**UCClientUpdateStatus**](wufb-reports-schema-ucclientupdatestatus.md) |  Device record |  Update Event that combines the latest client-based data with the latest service-based data to create a complete picture for one device (client) and one update. |
+| [**UCDeviceAlert**](wufb-reports-schema-ucdevicealert.md)| Service and device record  |  These alerts are activated as a result of an issue that is device-specific. It isn't specific to the combination of a specific update and a specific device. Like UpdateAlerts, the AlertType indicates where the Alert comes from such as a ServiceDeviceAlert or ClientDeviceAlert. |
+| [**UCServiceUpdateStatus**](wufb-reports-schema-ucserviceupdatestatus.md) | Service record  | Update Event that comes directly from the service-side. The event has only service-side information for one device (client), and one update, in one deployment. |
+| [**UCUpdateAlert**](wufb-reports-schema-ucupdatealert.md) | Service and device records  |  Alert for both client and service update. Contains information that needs attention, relative to one device (client), one update, and one deployment, if relevant. Certain fields may be blank depending on the UpdateAlert's AlertType field. For example, ServiceUpdateAlert won't necessarily contain client-side statuses and may be blank.  |
diff --git a/windows/deployment/update/wufb-reports-use.md b/windows/deployment/update/wufb-reports-use.md
new file mode 100644
index 0000000000..befe5a0d99
--- /dev/null
+++ b/windows/deployment/update/wufb-reports-use.md
@@ -0,0 +1,63 @@
+---
+title: Use the Windows Update for Business reports data
+ms.reviewer: 
+manager: dougeby
+description: How to use the Windows Update for Business reports data for custom solutions using tools like Azure Monitor Logs.
+ms.prod: windows-client
+author: mestew
+ms.author: mstewart
+ms.collection: M365-analytics
+ms.topic: article
+ms.date: 06/06/2022
+ms.technology: itpro-updates
+---
+
+# Use Windows Update for Business reports (preview)
+<!--37063317, 30141258, 37063041-->
+***(Applies to: Windows 11 & Windows 10)***
+
+In this article, you'll learn how to use Windows Update for Business reports to monitor Windows updates for your devices. To configure your environment for use with Windows Update for Business reports, see [Enable Windows Update for Business reports](wufb-reports-enable.md).
+
+## Display Windows Update for Business reports data
+
+1. Sign into the [Azure portal](https://portal.azure.com). 
+1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input.
+1. Select **Log Analytics workspaces**.
+1. Select the workspace that you use for Windows Update for Business reports.
+1. Select **Logs** under the **General** group in your workspace.
+1. If the **Always show Queries** option is enabled in Log Analytics, close the query window to access the schema.
+1. Under **Schemas and filter**, select **Group by: Solution** and then expand the **Log Management** schema. If the **Group by: Category** is selected, the schema is listed under the **Other** category.
+1. Use the [Windows Update for Business reports schema](wufb-reports-schema.md) for [custom Kusto (KQL) queries](/azure/data-explorer/kusto/query/), to build [custom workbooks](/azure/azure-monitor/visualize/workbooks-overview), or to build your own solution to display the Windows Update for Business reports data. For example, you might query the data to review information for different types of alerts in the past 7 days and how many times each alert occurred.
+
+```kusto
+UCUpdateAlert
+| summarize count=count() by AlertClassification, AlertSubtype, ErrorCode, Description
+```
+
+:::image type="content" source="media/wufb-reports-query-table.png" alt-text="Screenshot of using a custom Kusto (KQL) query on Windows Update for Business reports data in Log Analytics." lightbox="media/wufb-reports-query-table.png":::
+
+## Data latency
+
+Windows Update for Business reports uses Windows client diagnostic data as its data source. After you add Windows Update for Business reports and appropriately configure your devices, it could take 48-72 hours before they first appear.
+
+The data powering Windows Update for Business reports is refreshed every 24 hours, and refreshes with the latest data from all of your organization's devices that have been seen in the past 28 days. The entire set of data is refreshed in each daily snapshot, which means that the same data can be ingested again even if no new data arrived from the device since the last snapshot. Snapshot time can be determined by the TimeGenerated field for each record, while LastScan can be used to roughly determine the freshness of each record's data. Device connectivity to the internet and generally how active the device is influences how long it will take before it appears in Windows Update for Business reports.
+
+| Data Type | Data upload rate from device | Data Latency |
+|--|--|--|
+| UCClient | Once per day |4 hours |
+| UCClientUpdateStatus|Every update event (Download, install, etc.)|24-36 hours |
+| UCServiceUpdateStatus| Every update event (Download, install, etc.)|24-36 hours |
+| UCUpdateAlert | Every event | 24-36 hours |
+| UCDeviceAlert | Every event | 24-36 hours |
+| UCClientReadinessStatus | After Windows 11 readiness assessment |24-36 hours |
+| UCDOStatus | Download Events | 24-36 hours |
+| UCDOAggregatedStatus | Download Events | 24-36 hours |
+
+## Working with Azure Monitor Logs
+
+Windows Update for Business reports is built on the Azure Monitor Logs platform. All Windows Update for Business reports-related data is collected in a Log Analytics workspace, where the data is available for querying. Understanding the Azure Monitor Logs tools and features at your disposal, all integrated within Azure portal, can deeply enhance your experience and complement Windows Update for Business reports.
+
+See the following Azure Monitor Logs articles to learn how to:
+- [Query log data effectively in Azure Monitor Logs](/azure/log-analytics/log-analytics-log-searches).
+- [Create and share dashboards of data in a Log Analytics workspace](/azure/log-analytics/log-analytics-dashboards).
+- [Set up alerts in Azure Monitor](/azure/log-analytics/log-analytics-alerts) to always stay informed about the critical issues you care about most.
diff --git a/windows/deployment/update/update-compliance-v2-workbook.md b/windows/deployment/update/wufb-reports-workbook.md
similarity index 73%
rename from windows/deployment/update/update-compliance-v2-workbook.md
rename to windows/deployment/update/wufb-reports-workbook.md
index 3c93a2310c..e81b473707 100644
--- a/windows/deployment/update/update-compliance-v2-workbook.md
+++ b/windows/deployment/update/wufb-reports-workbook.md
@@ -1,8 +1,8 @@
 ---
-title: Use the workbook for Update Compliance (preview)
+title: Use the workbook for Windows Update for Business reports
 ms.reviewer: 
 manager: dougeby
-description: How to use the Update Compliance (preview) workbook.
+description: How to use the Windows Update for Business reports workbook.
 ms.prod: windows-client
 author: mestew
 ms.author: mstewart
@@ -12,45 +12,43 @@ ms.date: 10/24/2022
 ms.technology: itpro-updates
 ---
 
-# Update Compliance (preview) workbook
+# Windows Update for Business reports (preview) workbook
 <!-- MAX6325272, OS33771278 -->
 ***(Applies to: Windows 11 & Windows 10)***
 
-> [!IMPORTANT]
-> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center). 
-> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
 
-[Update Compliance](update-compliance-v2-overview.md) presents information commonly needed by updates administrators in an easy to use format. Update Compliance uses [Azure Workbooks](/azure/azure-monitor/visualize/workbooks-getting-started) to give you a visual representation of your compliance data. The workbook is broken down into three tab sections:
+[Windows Update for Business reports](wufb-reports-overview.md) presents information commonly needed by updates administrators in an easy-to-use format. Windows Update for Business reports uses [Azure Workbooks](/azure/azure-monitor/visualize/workbooks-getting-started) to give you a visual representation of your compliance data. The workbook is broken down into four tab sections:
 
 - [Summary](#summary-tab)
 - [Quality updates](#quality-updates-tab)
 - [Feature updates](#feature-updates-tab)
+- [Delivery Optimization](#bkmk_do)
 
-:::image type="content" source="media/33771278-update-compliance-workbook-summary.png" alt-text="Screenshot of the summary tab in the Update Compliance workbook with the three tabbed sections outlined in red." lightbox="media/33771278-update-compliance-workbook-summary.png":::
+:::image type="content" source="media/33771278-wufb-reports-workbook-summary.png" alt-text="Screenshot of the summary tab in the Windows Update for Business reports workbook with the three tabbed sections outlined in red." lightbox="media/33771278-wufb-reports-workbook-summary.png":::
 
-## Open the Update Compliance workbook
+## Open the Windows Update for Business reports workbook
 
-To access the Update Compliance workbook:
+To access the Windows Update for Business reports workbook:
 
 1. In the [Azure portal](https://portal.azure.com), select **Monitor** > **Workbooks** from the menu bar.
    - You can also type **Monitor** in the search bar. As you begin typing, the list filters based on your input.
 
-1. When the gallery opens, select the **Update Compliance** workbook. If needed, you can filter workbooks by name in the gallery.
-1. When the workbook opens, you may need to specify which **Subscription** and **Workspace** you used when [enabling Update Compliance](update-compliance-v2-enable.md).
+1. When the gallery opens, select the **Windows Update for Business reports** workbook. If needed, you can filter workbooks by name in the gallery.
+1. When the workbook opens, you may need to specify which **Subscription** and **Workspace** you used when [enabling Windows Update for Business reports](wufb-reports-enable.md).
 
 ## Summary tab
 
-The **Summary** tab gives you a brief high-level overview of the devices that you've enrolled into Update Compliance.  The **Summary** tab contains tiles above the **Overall security update status** chart.
+The **Summary** tab gives you a brief high-level overview of the devices that you've enrolled into Windows Update for Business reports.  The **Summary** tab contains tiles above the **Overall security update status** chart.
 
 ### Summary tab tiles
 
 Each of these tiles contains an option to **View details**. When **View details** is selected for a tile, a flyout appears with additional information.
 
-:::image type="content" source="media/33771278-workbook-summary-tab-tiles.png" alt-text="Screenshot of the summary tab tiles in the Update Compliance workbook":::
+:::image type="content" source="media/33771278-workbook-summary-tab-tiles.png" alt-text="Screenshot of the summary tab tiles in the Windows Update for Business reports workbook":::
 
 | Tile name | Description | View details description |
 |---|---|------|
-| **Enrolled devices** | Total number of devices that are enrolled into Update Compliance | Displays multiple charts about the operating systems (OS) for enrolled devices: </br> **OS Version** </br> **OS Edition** </br> **OS Servicing Channel** </br> **OS Architecture**|
+| **Enrolled devices** | Total number of devices that are enrolled into Windows Update for Business reports | Displays multiple charts about the operating systems (OS) for enrolled devices: </br> **OS Version** </br> **OS Edition** </br> **OS Servicing Channel** </br> **OS Architecture**|
 |**Active alerts** | Total number of active alerts on enrolled devices | Displays the top three active alert subtypes and the count of devices in each. </br> </br> Select the count of **Devices** to display a table of the devices. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). </br> </br> Select an **AlertSubtype** to display a list containing: </br> - Each **Error Code** in the alert subtype </br>- A **Description** of the error code </br> - A **Recommendation** to help you remediate the error code </br> - A count of **Devices** with the specific error code |
 |  **Windows 11 eligibility** | Percentage of devices that are capable of running Windows 11 | Displays the following items: </br> - **Windows 11 Readiness Status** chart </br> - **Readiness Reason(s) Breakdown** chart that displays  Windows 11 requirements that aren't met. </br> - A table for **Readiness reason**. Select a reason to display a list of devices that don't meet a specific requirement for Windows 11. |
 
@@ -76,7 +74,7 @@ The **Quality updates** tab displays generalized data at the top by using tiles.
 Selecting **View details** on any of the tiles displays a flyout with a chart that displays the first 250 items. Select `...` from the flyout to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
 
-Below the tiles, the **Quality updates** tab is subdivided into **Update status** and **Device status** groups. These different chart groups allow you to easily discover trends in compliance data. For instance, you may remember that about third of your devices were in the installing state yesterday, but this number didn't change as much as you were expecting. That unexpected trend may cause you to investigate and resolve a potential issue before end-users are impacted.
+Below the tiles, the **Quality updates** tab is subdivided into **Update status** and **Device status** groups. These different chart groups allow you to easily discover trends in compliance data. For instance, you may remember that about third of your devices were in the installing state yesterday, but this number didn't change as much as you were expecting. That unexpected trend may cause you to investigate and resolve a potential issue before end users are impacted.
 
 ### <a name="bkmk_update-group-quality"></a> Update status group for quality updates
 
@@ -132,7 +130,7 @@ The **Update status** group for feature updates contains the following items:
 |**Alerts**| Number of different error codes encountered by devices for the update. | Selecting this number lists the alert name for each error code and a count of devices with the error. Select the device count to display a list of devices that have an active alert for the error code.  |
 | **Total Devices** | Count of devices for each targeted operating system version that have been offered the update, or are installing, have installed, or canceled the feature update.| Selecting the device count opens a device list table. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
 
-### <a name="bkmk_device-group-feature"></a>Device status group for feature updates
+### <a name="bkmk_device-group-feature"></a> Device status group for feature updates
 
 The **Device status** group for feature updates contains the following items:
 
@@ -141,12 +139,28 @@ The **Device status** group for feature updates contains the following items:
 - **Device compliance status**: Table containing a list of devices getting a feature update and installation information including active alerts for the devices.
   - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
 
+## <a name="bkmk_do"></a> Delivery Optimization (preview tab)
+
+The **Delivery Optimization** tab provides a summarized view of bandwidth efficiencies. This new revised report also includes Microsoft Connected Cache (MCC) information.
+
+At the top of the report, tiles display the following information:
+
+- Total bandwidth savings percentage
+- The percentage of the saved bandwidth broken down by peer-to-peer and MCC
+- Device counts showing percentages of bytes delivered between peer-to-peer and MCC
+- The breakdown of total downloaded GBs.
+
+The Delivery Optimization tab is further divided into the following groups:
+
+- **Device Configuration**: A chart differentiating the number of devices with and without peer-to-peer. And, a table of Download Mode configuration breakdown between numbers of devices. When selected, the devices within that group can be viewed, filtered in a separate table.
+- **Content Distribution**: Includes charts showing percentage volumes and GB volumes by source by content types. All content types are linked to a table for deeper filtering by **ContentType**, **AzureADTenantId**, and **GroupID**.
+- **Efficiency By Group**: This view provides filters commonly used ways of grouping devices. The provided filters include: **GroupID**, **City**, **Country**, and **ISP**.
+
 ## Customize the workbook
 
-Since the Update Compliance workbook is an [Azure Workbook template](/azure/azure-monitor/visualize/workbooks-templates), it can be customized to suit your needs. If you open a template, make some adjustments, and save it, the template is saved as a workbook. This workbook appears in green. The original template is left untouched. For more information about workbooks, see [Get started with Azure Workbooks](/azure/azure-monitor/visualize/workbooks-getting-started).
-
+Since the Windows Update for Business reports workbook is an [Azure Workbook template](/azure/azure-monitor/visualize/workbooks-templates), it can be customized to suit your needs. If you open a template, make some adjustments, and save it, the template is saved as a workbook. This workbook appears in green. The original template is left untouched. For more information about workbooks, see [Get started with Azure Workbooks](/azure/azure-monitor/visualize/workbooks-getting-started).
 
 ## Next steps
 
-- Explore the [Update Compliance (preview) schema](update-compliance-v2-schema.md)
-- Review [Feedback, support, and troubleshooting](update-compliance-v2-help.md) information for Update Compliance
+- Explore the [Windows Update for Business reports schema](wufb-reports-schema.md)
+- Review [Feedback, support, and troubleshooting](wufb-reports-help.md) information for Windows Update for Business reports
diff --git a/windows/deployment/upgrade/log-files.md b/windows/deployment/upgrade/log-files.md
index fd1e49a901..2e9259fece 100644
--- a/windows/deployment/upgrade/log-files.md
+++ b/windows/deployment/upgrade/log-files.md
@@ -1,66 +1,73 @@
 ---
 title: Log files and resolving upgrade errors
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: Learn how to interpret and analyze the log files that are generated during the Windows 10 upgrade process.
 ms.custom: seo-marvel-apr2020
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
-# Log files
+# Windows upgrade log files
 
 **Applies to**
--   Windows 10
 
->[!NOTE]
->This is a 400 level topic (advanced).<br>
->See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
+- Windows 10
 
+> [!NOTE]
+> This is a 400-level topic (advanced).<br>
+
+> See [Resolve Windows 10 upgrade errors](resolve-windows-10-upgrade-errors.md) for a full list of topics in this article.
 
 Several log files are created during each phase of the upgrade process. These log files are essential for troubleshooting upgrade problems. By default, the folders that contain these log files are hidden on the upgrade target computer. To view the log files, configure Windows Explorer to view hidden items, or use a tool to automatically gather these logs. The most useful log is **setupact.log**. The log files are located in a different folder depending on the Windows Setup phase. Recall that you can determine the phase from the extend code. 
 
->[!NOTE]
->Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files.
+> [!NOTE]
+> Also see the [Windows Error Reporting](windows-error-reporting.md) section in this document for help locating error codes and log files.
+
+The following table describes some log files and how to use them for troubleshooting purposes: 
+
 
-The following table describes some log files and how to use them for troubleshooting purposes:<br>
 
 |Log file |Phase: Location |Description |When to use|
 |---|---|---|---|
-|setupact.log|Down-Level:<br>$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All down-level failures and starting point for rollback investigations.<br> This is the most important log for diagnosing setup issues.|
-|setupact.log|OOBE:<br>$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations – 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
+|setupact.log|Down-Level:<br>$Windows.~BT\Sources\Panther|Contains information about setup actions during the downlevel phase. |All down-level failures and starting point for rollback investigations.<br> Setup.act is the most important log for diagnosing setup issues.|
+|setupact.log|OOBE:<br>$Windows.~BT\Sources\Panther\UnattendGC|Contains information about actions during the OOBE phase.|Investigating rollbacks that failed during OOBE phase and operations - 0x4001C, 0x4001D, 0x4001E, 0x4001F.|
 |setupact.log|Rollback:<br>$Windows.~BT\Sources\Rollback|Contains information about actions during rollback.|Investigating generic rollbacks - 0xC1900101.|
 |setupact.log|Pre-initialization (prior to downlevel):<br>Windows|Contains information about initializing setup.|If setup fails to launch.|
 |setupact.log|Post-upgrade (after OOBE):<br>Windows\Panther|Contains information about setup actions during the installation.|Investigate post-upgrade related issues.|
 |setuperr.log|Same as setupact.log|Contains information about setup errors during the installation.|Review all errors encountered during the installation phase.|
 |miglog.xml|Post-upgrade (after OOBE):<br>Windows\Panther|Contains information about what was migrated during the installation.|Identify post upgrade data migration issues.|
-|BlueBox.log|Down-Level:<br>Windows\Logs\Mosetup|Contains information communication between setup.exe and Windows Update.|Use during WSUS and Windows Update down-level failures or for 0xC1900107.|
+|BlueBox.log|Down-Level:<br>Windows\Logs\Mosetup|Contains information communication between `setup.exe` and Windows Update.|Use during WSUS and Windows Update down-level failures or for 0xC1900107.|
 |Supplemental rollback logs:<br>Setupmem.dmp<br>setupapi.dev.log<br>Event logs (*.evtx)|$Windows.~BT\Sources\Rollback|Additional logs collected during rollback.|Setupmem.dmp: If OS bug checks during upgrade, setup will attempt to extract a mini-dump.<br>Setupapi: Device install issues - 0x30018<br>Event logs: Generic rollbacks (0xC1900101) or unexpected reboots.|
 
 ## Log entry structure
 
 A setupact.log or setuperr.log entry (files are located at C:\Windows) includes the following elements:
 
-1.  **The date and time** - 2016-09-08 09:20:05.
+1. **The date and time** - 2016-09-08 09:20:05
 
-2.  **The log level** - Info, Warning, Error, Fatal Error.
 
-3.  **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS.
+2. **The log level** - Info, Warning, Error, Fatal Error
 
-    The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are particularly useful for troubleshooting Windows Setup errors.
 
-4.  **The message** - Operation completed successfully.
+3. **The logging component** - CONX, MOUPG, PANTHR, SP, IBSLIB, MIG, DISM, CSI, CBS
+
+
+   The logging components SP (setup platform), MIG (migration engine), and CONX (compatibility information) are useful for troubleshooting Windows Setup errors.
+
+
+4. **The message** - Operation completed successfully.
 
 See the following example:
 
 | Date/Time | Log level | Component | Message |
 |------|------------|------------|------------|
-|2016-09-08 09:23:50,|  Warning |         MIG  |   Could not replace object C:\Users\name\Cookies. Target Object cannot be removed.|
-
+|2016-09-08 09:23:50,|  Warning |         MIG  |   Couldn't replace object C:\Users\name\Cookies. Target Object can't be removed.|
 
 ## Analyze log files
 
@@ -68,39 +75,43 @@ The following instructions are meant for IT professionals. Also see the [Upgrade
 
 To analyze Windows Setup log files:
 
-1.  Determine the Windows Setup error code. This code should be returned by Windows Setup if it is not successful with the upgrade process.
+1. Determine the Windows Setup error code. This code should be returned by Windows Setup if it isn't successful with the upgrade process.
 
-2.  Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a [log files](#log-files) to investigate.
+2. Based on the [extend code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#extend-codes) portion of the error code, determine the type and location of a log file to investigate.
 
-3.  Open the log file in a text editor, such as notepad.
+3. Open the log file in a text editor, such as notepad.
 
-4.  Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
+4. Using the [result code](/troubleshoot/windows-client/deployment/windows-10-upgrade-error-codes?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#result-codes) portion of the Windows Setup error code, search for the result code in the file and find the last occurrence of the code. Alternatively search for the "abort" and abandoning" text strings described in step 7 below.
 
-5.  To find the last occurrence of the result code:
+5. To find the last occurrence of the result code:
 
-    1.  Scroll to the bottom of the file and click after the last character.
-    2.  Click **Edit**.
-    3.  Click **Find**.
-    4.  Type the result code.
-    5.  Under **Direction** select **Up**.
-    6.  Click **Find Next**.
+    1. Scroll to the bottom of the file and select after the last character.
+    2. Select **Edit**.
+    3. Select **Find**.
+    4. Type the result code.
+    5. Under **Direction** select **Up**.
+    6. Select **Find Next**.
 
-6.  When you have located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed just prior to generating the result code.
+6. When you've located the last occurrence of the result code, scroll up a few lines from this location in the file and review the processes that failed prior to generating the result code.
 
-7.  Search for the following important text strings:
+7. Search for the following important text strings:
 
-    *   **Shell application requested abort**
-    *   **Abandoning apply due to error for object**
+   - `Shell application requested abort`
+   - `Abandoning apply due to error for object`
 
-8.  Decode Win32 errors that appear in this section.
+8. Decode Win32 errors that appear in this section.
 
-9.  Write down the timestamp for the observed errors in this section.
+9. Write down the timestamp for the observed errors in this section.
 
 10. Search other log files for additional information matching these timestamps or errors.
 
 For example, assume that the error code for an error is 0x8007042B - 0x2000D. Searching for "8007042B" reveals the following content from the setuperr.log file:
 
-Some lines in the text below are shortened to enhance readability. The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds, and the certificate file name which is a long text string is shortened to just "CN."
+> [!NOTE]
+> Some lines in the text below are shortened to enhance readability. For example
+> 
+> - The date and time at the start of each line (ex: 2016-10-05 15:27:08) is shortened to minutes and seconds
+> - The certificate file name, which is a long text string, is shortened to just "CN."
 
 **setuperr.log** content:
 
@@ -123,7 +134,7 @@ The first line indicates there was an error **0x00000570** with the file **C:\Pr
 
 The error 0x00000570 is a [Win32 error code](/openspecs/windows_protocols/ms-erref/18d8fbe8-a967-4f1c-ae50-99ca8e491d2d) corresponding to: ERROR_FILE_CORRUPT: The file or directory is corrupted and unreadable.
 
-Therefore, Windows Setup failed because it was not able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**.  This file is a local system certificate and can be safely deleted. Searching the setupact.log file for additional details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure:
+Therefore, Windows Setup failed because it wasn't able to migrate the corrupt file **C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\[CN]**.  This file is a local system certificate and can be safely deleted. Searching the setupact.log file for more details, the phrase "Shell application requested abort" is found in a location with the same timestamp as the lines in setuperr.log. This confirms our suspicion that this file is the cause of the upgrade failure:
 
 **setupact.log** content:
 
@@ -243,7 +254,7 @@ This analysis indicates that the Windows upgrade error can be resolved by deleti
 > [!NOTE]
 > In this example, the full, unshortened file name is  C:\ProgramData\Microsoft\Crypto\RSA\S-1-5-18\be8228fb2d3cb6c6b0ccd9ad51b320b4_a43d512c-69f2-42de-aef9-7a88fabdaa3f. 
 
-## Related topics
+## Related articles
 
 [Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
 <br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
diff --git a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
index d615c357e3..cf7359540a 100644
--- a/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
+++ b/windows/deployment/upgrade/resolve-windows-10-upgrade-errors.md
@@ -1,16 +1,17 @@
 ---
 title: Resolve Windows 10 upgrade errors - Windows IT Pro
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: Resolve Windows 10 upgrade errors for ITPros. Technical information for IT professionals to help diagnose Windows setup errors.
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
-# Resolve Windows 10 upgrade errors : Technical information for IT Pros
+# Resolve Windows 10 upgrade errors: Technical information for IT Pros
 
 **Applies to**
 -   Windows 10
@@ -20,7 +21,7 @@ ms.technology: itpro-deploy
 
 This article contains a brief introduction to Windows 10 installation processes, and provides resolution procedures that IT administrators can use to resolve issues with Windows 10 upgrade. 
 
-The article has been divided into sub-topics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
+The article has been divided into subtopics of different technical levels. Basic level provides common procedures that can resolve several types of upgrade errors. Advanced level requires some experience with detailed troubleshooting methods.
 
 The following four levels are assigned:
 
@@ -50,7 +51,7 @@ See the following topics in this article:
     - [Other error codes](/troubleshoot/windows-client/deployment/windows-10-upgrade-resolution-procedures?toc=/windows/deployment/toc.json&bc=/windows/deployment/breadcrumb/toc.json#other-error-codes): Additional causes and mitigation procedures are provided for some error codes.
 - [Submit Windows 10 upgrade errors](submit-errors.md): \Level 100\ Submit upgrade errors to Microsoft for analysis.
 
-## Related topics
+## Related articles
 
 [Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)
 <br>[Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)
diff --git a/windows/deployment/upgrade/setupdiag.md b/windows/deployment/upgrade/setupdiag.md
index 7dfd09f33f..6db2339eda 100644
--- a/windows/deployment/upgrade/setupdiag.md
+++ b/windows/deployment/upgrade/setupdiag.md
@@ -1,15 +1,16 @@
 ---
 title: SetupDiag
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: SetupDiag works by examining Windows Setup log files. This article shows how to use the SetupDiag tool to diagnose Windows Setup errors.
 ms.custom: seo-marvel-apr2020
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # SetupDiag
@@ -36,7 +37,7 @@ SetupDiag works by examining Windows Setup log files. It attempts to parse these
 
 With the release of Windows 10, version 2004, SetupDiag is included with [Windows Setup](/windows-hardware/manufacture/desktop/deployment-troubleshooting-and-log-files#windows-setup-scenario).
 
-During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there is an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.
+During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, **setupdiag.exe** is also installed to this directory. If there's an issue with the upgrade, SetupDiag will automatically run to determine the cause of the failure.
 
 When run by Windows Setup, the following [parameters](#parameters) are used:
 
@@ -45,7 +46,7 @@ When run by Windows Setup, the following [parameters](#parameters) are used:
 - /Output:%windir%\logs\SetupDiag\SetupDiagResults.xml
 - /RegPath:HKEY_LOCAL_MACHINE\SYSTEM\Setup\SetupDiag\Results
 
-The resulting SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\SYSTEM\Setup\SetupDiag\Results**.  Please note that this is not the same as the default registry path when SetupDiag is run manually. When SetupDiag is run manually, and the /RegPath parameter is not specified, data is stored in the registry at HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag.
+The resulting SetupDiag analysis can be found at **%WinDir%\Logs\SetupDiag\SetupDiagResults.xml** and in the registry under **HKLM\SYSTEM\Setup\SetupDiag\Results**.  Note that the registry path isn't the same as the default registry path when SetupDiag is run manually. When SetupDiag is run manually, and the /RegPath parameter isn't specified, data is stored in the registry at HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag.
 
 > [!IMPORTANT]
 > When SetupDiag indicates that there were multiple failures, the last failure in the log file is typically the fatal error, not the first one.
@@ -59,8 +60,8 @@ To quickly use SetupDiag on your current computer:
 2. [Download SetupDiag](https://go.microsoft.com/fwlink/?linkid=870142).
 3. If your web browser asks what to do with the file, choose **Save**. By default, the file will be saved to your **Downloads** folder. You can also save it to a different location if desired by using **Save As**.
 4. When SetupDiag has finished downloading, open the folder where you downloaded the file. By default, this folder is the **Downloads** folder, which is displayed in File Explorer under **Quick access** in the left navigation pane.
-5. Double-click the **SetupDiag** file to run it. Click **Yes** if you are asked to approve running the program.
-    - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You will need to change directories to the location of SetupDiag to run it this way.
+5. Double-click the **SetupDiag** file to run it. Select **Yes** if you're asked to approve running the program.
+    - Double-clicking the file to run it will automatically close the command window when SetupDiag has completed its analysis. If you wish to keep this window open instead, and review the messages that you see, run the program by typing **SetupDiag** at the command prompt instead of double-clicking it. You'll need to change directories to the location of SetupDiag to run it this way.
 6. A command window will open while SetupDiag diagnoses your computer. Wait for this process to finish.
 7. When SetupDiag finishes, two files will be created in the same folder where you double-clicked SetupDiag. One is a configuration file, the other is a log file.
 8. Use Notepad to open the log file: **SetupDiagResults.log**.
@@ -68,12 +69,12 @@ To quickly use SetupDiag on your current computer:
 
 For instructions on how to run the tool in offline mode and with more advanced options, see the [Parameters](#parameters) and [Examples](#examples) sections below.
 
-The [Release notes](#release-notes) section at the bottom of this topic has information about recent updates to this tool. 
+The [Release notes](#release-notes) section at the bottom of this article has information about recent updates to this tool. 
 
 ## Requirements
 
 1. The destination OS must be Windows 10.
-2. [.NET Framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137) must be installed. If you are not sure what version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed). You can also use the following command-line query to display the installed v4 versions:
+2. [.NET Framework 4.6](https://www.microsoft.com/download/details.aspx?id=48137) must be installed. If you aren't sure what version of .NET is currently installed, see [How to: Determine Which .NET Framework Versions Are Installed](/dotnet/framework/migration-guide/how-to-determine-which-versions-are-installed). You can also use the following command-line query to display the installed v4 versions:
 
     ```
     reg query "HKLM\SOFTWARE\Microsoft\Net Framework Setup\NDP\v4" /s
@@ -84,19 +85,19 @@ The [Release notes](#release-notes) section at the bottom of this topic has info
 | Parameter | Description |
 | --- | --- |
 | /? | <ul><li>Displays interactive help</ul> |
-| /Output:\<path to results file\> | <ul><li>This optional parameter enables you to specify the output file for results. This file is where you will find what SetupDiag was able to determine.  Only text format output is supported.  UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path.  If the path has a space in it, you must enclose the entire path in double quotes (see the example section below). <li>Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same  directory where SetupDiag.exe is run.</ul> |
+| /Output:\<path to results file\> | <ul><li>This optional parameter enables you to specify the output file for results. This file is where you'll find what SetupDiag was able to determine.  Only text format output is supported.  UNC paths will work, provided the context under which SetupDiag runs has access to the UNC path.  If the path has a space in it, you must enclose the entire path in double quotes (see the example section below). <li>Default: If not specified, SetupDiag will create the file **SetupDiagResults.log** in the same  directory where SetupDiag.exe is run.</ul> |
 | /LogsPath:\<Path to logs\> | <ul><li>This optional parameter tells SetupDiag.exe where to find the log files for an offline analysis. These log files can be in a flat folder format, or containing multiple subdirectories.  SetupDiag will recursively search all child directories.</ul> |
 | /ZipLogs:\<True \| False\> | <ul><li>This optional parameter tells SetupDiag.exe to create a zip file containing the results and all the log files it parsed.  The zip file is created in the same directory where SetupDiag.exe is run.<li>Default: If not specified, a value of 'true' is used.</ul> |
-| /Format:\<xml \| json\> | <ul><li>This optional parameter can be used to output log files in xml or JSON format.  If this parameter is not specified, text format is used by default.</ul> |
+| /Format:\<xml \| json\> | <ul><li>This optional parameter can be used to output log files in xml or JSON format.  If this parameter isn't specified, text format is used by default.</ul> |
 | /Scenario:\[Recovery\] | <ul><li>This optional parameter instructs SetupDiag.exe to look for and process reset and recovery logs and ignore setup/upgrade logs.</ul>|
 | /Verbose | <ul><li>This optional parameter will output much more data to a log file.  By default, SetupDiag will only produce a log file entry for serious errors.  Using **/Verbose** will cause SetupDiag to always produce another log file with debugging details. These details can be useful when reporting a problem with SetupDiag.</ul> |
 | /NoTel | <ul><li>This optional parameter tells SetupDiag.exe not to send diagnostic telemetry to Microsoft.</ul> |
 | /AddReg | <ul><li>This optional parameter instructs SetupDiag.exe to add failure information to the registry in offline mode. By default, SetupDiag will add failure information to the registry in online mode only. Registry data is added to the following location on the system where SetupDiag is run: **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.</ul> |
-| /RegPath | <ul><li>This optional parameter instructs SetupDiag.exe to add failure information to the registry using the specified path. If this parameter is not specified the default path is **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.
+| /RegPath | <ul><li>This optional parameter instructs SetupDiag.exe to add failure information to the registry using the specified path. If this parameter isn't specified the default path is **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**.
 </ul> |
 
 Note: The **/Mode** parameter is deprecated in version 1.4.0.0 of SetupDiag. 
-- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0, when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter is not needed.
+- In previous versions, this command was used with the LogsPath parameter to specify that SetupDiag should run in an offline manner to analyze a set of log files that were captured from a different computer. In version 1.4.0.0, when you specify /LogsPath then SetupDiag will automatically run in offline mode, therefore the /Mode parameter isn't needed.
 
 ### Examples:
 
@@ -106,7 +107,7 @@ In the following example, SetupDiag is run with default parameters (online mode,
 SetupDiag.exe
 ```
 
-In the following example, SetupDiag is run in online mode (this mode is the default).  It will know where to look for logs on the current (failing) system, so there is no need to gather logs ahead of time. A custom location for results is specified.
+In the following example, SetupDiag is run in online mode (this mode is the default).  It will know where to look for logs on the current (failing) system, so there's no need to gather logs ahead of time. A custom location for results is specified.
 
 ```
 SetupDiag.exe /Output:C:\SetupDiag\Results.log
@@ -150,12 +151,12 @@ If you copy the parent folder and all subfolders, SetupDiag will automatically s
 
 ## Setup bug check analysis
 
-When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It is also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error.
+When Microsoft Windows encounters a condition that compromises safe system operation, the system halts. This condition is called a bug check. It's also commonly referred to as a system crash, a kernel error, a Stop error, or BSOD. Typically a hardware device, hardware driver, or related software causes this error.
 
 If crash dumps [are enabled](/windows-hardware/drivers/debugger/enabling-a-kernel-mode-dump-file) on the system, a crash dump file is created. If the bug check occurs during an upgrade, Windows Setup will extract a minidump (setupmem.dmp) file. SetupDiag can also debug these setup-related minidumps.
 
 To debug a setup-related bug check, you must:
-- Specify the **/LogsPath** parameter. You cannot debug memory dumps in online mode. 
+- Specify the **/LogsPath** parameter. You can't debug memory dumps in online mode. 
 - Gather the setup memory dump file (setupmem.dmp) from the failing system. 
     - Setupmem.dmp will be created in either **%SystemDrive%\$Windows.~bt\Sources\Rollback**, or in **%WinDir%\Panther\NewOS\Rollback** depending on when the bug check occurs.
 - Install the [Windows Debugging Tools](/windows-hardware/drivers/debugger/debugger-download-tools) on the computer that runs SetupDiag.
@@ -211,34 +212,34 @@ Logs ZipFile created at: c:\setupdiag\Logs_14.zip
 
 ## Rules
 
-When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file which is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. See the [release notes](#release-notes) section for more information.
+When searching log files, SetupDiag uses a set of rules to match known issues. These rules are contained in the rules.xml file that is extracted when SetupDiag is run. The rules.xml file might be updated as new versions of SetupDiag are made available. For more information, see the [release notes](#release-notes) section.
 
 Each rule name and its associated unique rule identifier are listed with a description of the known upgrade-blocking issue. In the rule descriptions, the term "down-level" refers to the first phase of the upgrade process, which runs under the starting OS.
 
 1. CompatScanOnly - FFDAFD37-DB75-498A-A893-472D49A1311D
-    - This rule indicates that setup.exe was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade.
+    - This rule indicates that `setup.exe` was called with a specific command line parameter that indicated setup was to do a compat scan only, not an upgrade.
 2. BitLockerHardblock - C30152E2-938E-44B8-915B-D1181BA635AE
-    - This is an upgrade block when the target OS does not support BitLocker, yet the host OS has BitLocker enabled.
+    - This is an upgrade block when the target OS doesn't support BitLocker, yet the host OS has BitLocker enabled.
 3. VHDHardblock - D9ED1B82-4ED8-4DFD-8EC0-BE69048978CC
-    - This block happens when the host OS is booted to a VHD image.  Upgrade is not supported when the host OS is booted from a VHD image.
+    - This block happens when the host OS is booted to a VHD image.  Upgrade isn't supported when the host OS is booted from a VHD image.
 4. PortableWorkspaceHardblock - 5B0D3AB4-212A-4CE4-BDB9-37CA404BB280
-    - This indicates that the host OS is booted from a Windows To-Go device (USB key).  Upgrade is not supported in the Windows To-Go environment.
+    - This indicates that the host OS is booted from a Windows To-Go device (USB key).  Upgrade isn't supported in the Windows To-Go environment.
 5. AuditModeHardblock - A03BD71B-487B-4ACA-83A0-735B0F3F1A90
-    - This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state.  Upgrade is not supported from this state.
+    - This block indicates that the host OS is currently booted into Audit Mode, a special mode for modifying the Windows state.  Upgrade isn't supported from this state.
 6. SafeModeHardblock - 404D9523-B7A8-4203-90AF-5FBB05B6579B
-    - This block indicates that the host OS is booted to Safe Mode, where upgrade is not supported.
+    - This block indicates that the host OS is booted to Safe Mode, where upgrade isn't supported.
 7. InsufficientSystemPartitionDiskSpaceHardblock - 3789FBF8-E177-437D-B1E3-D38B4C4269D1
-    - This block is encountered when setup determines the system partition (where the boot loader files are stored) does not have enough space to be serviced with the newer boot files required during the upgrade process.
-8. CompatBlockedApplicationAutoUninstall – BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5
-    - This rule indicates there is an application that needs to be uninstalled before setup can continue.
+    - This block is encountered when setup determines the system partition (where the boot loader files are stored) doesn't have enough space to be serviced with the newer boot files required during the upgrade process.
+8. CompatBlockedApplicationAutoUninstall - BEBA5BC6-6150-413E-8ACE-5E1EC8D34DD5
+    - This rule indicates there's an application that needs to be uninstalled before setup can continue.
 9. CompatBlockedApplicationDismissable - EA52620B-E6A0-4BBC-882E-0686605736D9
-    - When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies “/compat ignorewarning”.  This rule indicates setup was executed in /quiet mode but there is an application dismissible block message that has prevented setup from continuing.
+    - When running setup in /quiet mode, there are dismissible application messages that turn into blocks unless the command line also specifies "/compat ignorewarning".  This rule indicates setup was executed in /quiet mode but there's an application dismissible block message that has prevented setup from continuing.
 10. CompatBlockedApplicationManualUninstall - 9E912E5F-25A5-4FC0-BEC1-CA0EA5432FF4
     - This rule indicates that an application without an Add/Remove Programs entry, is present on the system and blocking setup from continuing.  This typically requires manual removal of the files associated with this application to continue.
 11. HardblockDeviceOrDriver - ED3AEFA1-F3E2-4F33-8A21-184ADF215B1B
-    - This error indicates a device driver that is loaded on the host OS is not compatible with the newer OS version and needs to be removed prior to the upgrade.
+    - This error indicates a device driver that is loaded on the host OS isn't compatible with the newer OS version and needs to be removed prior to the upgrade.
 12. HardblockMismatchedLanguage - 60BA8449-CF23-4D92-A108-D6FCEFB95B45
-    - This rule indicates the host OS and the target OS language editions do not match.
+    - This rule indicates the host OS and the target OS language editions don't match.
 13. HardblockFlightSigning - 598F2802-3E7F-4697-BD18-7A6371C8B2F8
     - This rule indicates the target OS is a pre-release, Windows Insider build, and the target machine has Secure Boot enabled.  This will block the pre-release signed build from booting if installed on the machine.
 14. DiskSpaceBlockInDownLevel - 6080AFAC-892E-4903-94EA-7A17E69E549E
@@ -260,15 +261,15 @@ Each rule name and its associated unique rule identifier are listed with a descr
 22. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
     - Finds fatal advanced installer operations that cause setup failures.
 23. FindMigApplyUnitFailure - A4232E11-4043-4A37-9BF4-5901C46FD781
-    - Detects a migration unit failure that caused the update to fail.  This rule will output the name of the migration plug-in as well as the error code it produced for diagnostic purposes.
+    - Detects a migration unit failure that caused the update to fail.  This rule will output the name of the migration plug-in and the error code it produced for diagnostic purposes.
 24. FindMigGatherUnitFailure - D04C064B-CD77-4E64-96D6-D26F30B4EE29
-    - Detects a migration gather unit failure that caused the update to fail.  This rule will output the name of the gather unit/plug-in as well as the error code it produced for diagnostic purposes.
+    - Detects a migration gather unit failure that caused the update to fail.  This rule will output the name of the gather unit/plug-in and the error code it produced for diagnostic purposes.
 25. CriticalSafeOSDUFailure - 73566DF2-CA26-4073-B34C-C9BC70DBF043
     - This rule indicates a failure occurred while updating the SafeOS image with a critical dynamic update.  It will indicate the phase and error code that occurred while attempting to update the SafeOS image for diagnostic purposes.
 26. UserProfileCreationFailureDuringOnlineApply - 678117CE-F6A9-40C5-BC9F-A22575C78B14
     - Indicates there was a critical failure while creating or modifying a User Profile during the online apply phase of the update.  It will indicate the operation and error code associated with the failure for diagnostic purposes.
 27. WimMountFailure - BE6DF2F1-19A6-48C6-AEF8-D3B0CE3D4549
-    - This rule indicates the update failed to mount a wim file.  It will show the name of the wim file as well as the error message and error code associated with the failure for diagnostic purposes.
+    - This rule indicates the update failed to mount a WIM file.  It will show the name of the WIM file and the error message and error code associated with the failure for diagnostic purposes.
 28. FindSuccessfulUpgrade - 8A0824C8-A56D-4C55-95A0-22751AB62F3E
     - Determines if the given setup was a success or not based off the logs.
 29. FindSetupHostReportedFailure - 6253C04F-2E4E-4F7A-B88E-95A69702F7EC
@@ -281,21 +282,21 @@ Each rule name and its associated unique rule identifier are listed with a descr
     - Gives last phase and error information when SetupPlatform indicates a critical failure.  This rule will indicate the operation and error associated with the failure for diagnostic purposes.
 33. FindRollbackFailure - 3A43C9B5-05B3-4F7C-A955-88F991BB5A48
     - Gives last operation, failure phase and error information when a rollback occurs.
-34. AdvancedInstallerGenericFailure – 4019550D-4CAA-45B0-A222-349C48E86F71
+34. AdvancedInstallerGenericFailure - 4019550D-4CAA-45B0-A222-349C48E86F71
     - A rule to match AdvancedInstaller read/write failures in a generic sense.  Will output the executable being called as well as the error code and exit code reported.
-35. OptionalComponentFailedToGetOCsFromPackage – D012E2A2-99D8-4A8C-BBB2-088B92083D78  (NOTE:  This rule replaces the OptionalComponentInstallFailure rule present in v1.10.
+35. OptionalComponentFailedToGetOCsFromPackage - D012E2A2-99D8-4A8C-BBB2-088B92083D78  (NOTE:  This rule replaces the OptionalComponentInstallFailure rule present in v1.10.
     - This matches a specific Optional Component failure when attempting to enumerate components in a package.  Will output the package name and error code.
-36. OptionalComponentOpenPackageFailed – 22952520-EC89-4FBD-94E0-B67DF88347F6
+36. OptionalComponentOpenPackageFailed - 22952520-EC89-4FBD-94E0-B67DF88347F6
     - Matches a specific Optional Component failure when attempting to open an OC package.  Will output the package name and error code.
-37. OptionalComponentInitCBSSessionFailed – 63340812-9252-45F3-A0F2-B2A4CA5E9317
-    - Matches a specific failure where the advanced installer service or components aren’t operating or started on the system.  Will output the error code.
-38. UserProfileCreationFailureDuringFinalize – C6677BA6-2E53-4A88-B528-336D15ED1A64
+37. OptionalComponentInitCBSSessionFailed - 63340812-9252-45F3-A0F2-B2A4CA5E9317
+    - Matches a specific failure where the advanced installer service or components aren't operating or started on the system.  Will output the error code.
+38. UserProfileCreationFailureDuringFinalize - C6677BA6-2E53-4A88-B528-336D15ED1A64
     - Matches a specific User Profile creation error during the finalize phase of setup.  Will output the failure code.
-39. WimApplyExtractFailure – 746879E9-C9C5-488C-8D4B-0C811FF3A9A8
-    - Matches a wim apply failure during wim extraction phases of setup.  Will output the extension, path and error code.
-40. UpdateAgentExpanderFailure – 66E496B3-7D19-47FA-B19B-4040B9FD17E2
+39. WimApplyExtractFailure - 746879E9-C9C5-488C-8D4B-0C811FF3A9A8
+    - Matches a WIM apply failure during WIM extraction phases of setup.  Will output the extension, path and error code.
+40. UpdateAgentExpanderFailure - 66E496B3-7D19-47FA-B19B-4040B9FD17E2
     - Matches DPX expander failures in the down-level phase of update from Windows Update.  Will output the package name, function, expression and error code.
-41. FindFatalPluginFailure – E48E3F1C-26F6-4AFB-859B-BF637DA49636
+41. FindFatalPluginFailure - E48E3F1C-26F6-4AFB-859B-BF637DA49636
     - Matches any plug-in failure that setupplatform decides is fatal to setup.  Will output the plugin name, operation and error code.
 42. AdvancedInstallerFailed - 77D36C96-32BE-42A2-BB9C-AAFFE64FCADC
     - Indicates critical failure in the AdvancedInstaller while running an installer package, includes the .exe being called, the phase, mode, component and error codes.
@@ -351,16 +352,16 @@ Each rule name and its associated unique rule identifier are listed with a descr
 - Fixed an issue with registry output in which the "no match found" result caused a corrupted REG_SZ value.
 
 08/08/2019 - SetupDiag v1.6.0.42 is released with 60 rules, as a standalone tool available from the Download Center.
- - Log detection performance is improved.  What used to take up to a minute should take around 10 seconds or less.
+ - Log detection performance is improved.  Log detection takes around 10 seconds or less where before it could take up to a minute.
  - Added Setup Operation and Setup Phase information to both the results log and the registry information.
      - This is the last Operation and Phase that Setup was in when the failure occurred.
  - Added detailed Setup Operation and Setup Phase information (and timing) to output log when /verbose is specified.
-     - Note, if the issue found is a compat block, no Setup Operation or Phase info exists yet and therefore won’t be available.
+     - Note, if the issue found is a compat block, no Setup Operation or Phase info exists yet and therefore won't be available.
  - Added more info to the Registry output. 
-     - Detailed ‘FailureData’ info where available.  Example: “AppName = MyBlockedApplication” or “DiskSpace = 6603” (in MB)
-         - “Key = Value” data specific to the failure found.
-     - Added ‘UpgradeStartTime’, ‘UpgradeEndTime’ and ‘UpgradeElapsedTime’
-     - Added ‘SetupDiagVersion’, ‘DateTime’ (to indicate when SetupDiag was executed on the system), ‘TargetOSVersion’, ‘HostOSVersion’ and more…
+     - Detailed 'FailureData' info where available.  Example: "AppName = MyBlockedApplication" or "DiskSpace = 6603" (in MB)
+         - "Key = Value" data specific to the failure found.
+     - Added 'UpgradeStartTime', 'UpgradeEndTime' and 'UpgradeElapsedTime'
+     - Added 'SetupDiagVersion', 'DateTime' (to indicate when SetupDiag was executed on the system), 'TargetOSVersion', 'HostOSVersion' and more…
 
 
 06/19/2019 - SetupDiag v1.5.0.0 is released with 60 rules, as a standalone tool available from the Download Center.
@@ -372,10 +373,10 @@ Each rule name and its associated unique rule identifier are listed with a descr
 - Added "no match" reports for xml and json per user request.
 - Formatted Json output for easy readability.
 - Performance improvements when searching for setup logs; this should be much faster now.
-- Added 7 new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information.
+- Added seven new rules: PlugInComplianceBlock, PreReleaseWimMountDriverFound, WinSetupBootFilterFailure, WimMountDriverIssue, DISMImageSessionFailure, FindEarlyDownlevelError, and FindSPFatalError. See the [Rules](#rules) section above for more information.
 - Diagnostic information is now output to the registry at **HKLM\SYSTEM\Setup\MoSetup\Volatile\SetupDiag**
   - The **/AddReg** command was added to toggle registry output. This setting is off by default for offline mode, and on by default for online mode. The command has no effect for online mode and enables registry output for offline mode.
-  - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it’s always up to date.
+  - This registry key is deleted as soon as SetupDiag is run a second time, and replaced with current data, so it's always up to date.
   - This registry key also gets deleted when a new update instance is invoked.
   - For an example, see [Sample registry key](#sample-registry-key).
 
@@ -384,33 +385,33 @@ Each rule name and its associated unique rule identifier are listed with a descr
 
 12/18/2018 - SetupDiag v1.4.0.0 is released with 53 rules, as a standalone tool available from the Download Center.
 - This release includes major improvements in rule processing performance: ~3x faster rule processing performance!
-  - The FindDownlevelFailure rule is up to 10x faster.
+  - The FindDownlevelFailure rule is up to 10 times faster.
 - New rules have been added to analyze failures upgrading to Windows 10 version 1809.
 - A new help link is available for resolving servicing stack failures on the down-level OS when the rule match indicates this type of failure.
 - Removed the need to specify /Mode parameter. Now if you specify /LogsPath, it automatically assumes offline mode.
 - Some functional and output improvements were made for several rules.
 
 07/16/2018 - SetupDiag v1.3.1 is released with 44 rules, as a standalone tool available from the Download Center.
-- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but does not have debugger binaries installed.
+- This release fixes a problem that can occur when running SetupDiag in online mode on a computer that produces a setupmem.dmp file, but doesn't have debugger binaries installed.
 
 07/10/2018 - SetupDiag v1.30 is released with 44 rules, as a standalone tool available from the Download Center.
 - Bug fix for an over-matched plug-in rule. The rule will now correctly match only critical (setup failure) plug-in issues.
 - New feature: Ability to output logs in JSON and XML format.
   - Use "/Format:xml" or "/Format:json" command line parameters to specify the new output format. See [sample logs](#sample-logs) at the bottom of this topic.
-  - If the “/Format:xml” or “/Format:json” parameter is omitted, the log output format will default to text.
+  - If the "/Format:xml" or "/Format:json" parameter is omitted, the log output format will default to text.
 - New Feature: Where possible, specific instructions are now provided in rule output to repair the identified error. For example, instructions are provided to remediate known blocking issues such as uninstalling an incompatible app or freeing up space on the system drive.
-- 3 new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
+- Three new rules added: AdvancedInstallerFailed, MigrationAbortedDueToPluginFailure, DISMAddPackageFailed.
 
 05/30/2018 - SetupDiag v1.20 is released with 41 rules, as a standalone tool available from the Download Center.
 - Fixed a bug in device install failure detection in online mode.
 - Changed SetupDiag to work without an instance of setupact.log. Previously, SetupDiag required at least one setupact.log to operate.  This change enables the tool to analyze update failures that occur prior to calling SetupHost.
-- Telemetry is refactored to only send the rule name and GUID (or “NoRuleMatched” if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing.
+- Telemetry is refactored to only send the rule name and GUID (or "NoRuleMatched" if no rule is matched) and the Setup360 ReportId. This change assures data privacy during rule processing.
 
 05/02/2018 - SetupDiag v1.10 is released with 34 rules, as a standalone tool available from the Download Center.
 - A performance enhancement has been added to result in faster rule processing.
 - Rules output now includes links to support articles, if applicable.
-- SetupDiag now provides the path and name of files that it is processing.
-- You can now run SetupDiag by simply clicking on it and then examining the output log file.
+- SetupDiag now provides the path and name of files that it's processing.
+- You can now run SetupDiag by selecting it and then examining the output log file.
 - An output log file is now always created, whether or not a rule was matched.
 
 03/30/2018 - SetupDiag v1.00 is released with 26 rules, as a standalone tool available from the Download Center.
@@ -565,6 +566,6 @@ Refer to "https://learn.microsoft.com/windows/desktop/Debug/system-error-codes"
 
 ![Example of Addreg.](./../images/addreg.png)
 
-## Related topics
+## Related articles
 
 [Resolve Windows 10 upgrade errors: Technical information for IT Pros](./resolve-windows-10-upgrade-errors.md)
diff --git a/windows/deployment/upgrade/submit-errors.md b/windows/deployment/upgrade/submit-errors.md
index 93500ebda6..2f48ed28eb 100644
--- a/windows/deployment/upgrade/submit-errors.md
+++ b/windows/deployment/upgrade/submit-errors.md
@@ -1,20 +1,21 @@
 ---
 title: Submit Windows 10 upgrade errors using Feedback Hub
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: Download the Feedback Hub app, and then submit Windows 10 upgrade errors for diagnosis using feedback hub.
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Submit Windows 10 upgrade errors using Feedback Hub
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
 >[!NOTE]
 >This is a 100 level topic (basic).<br>
@@ -28,11 +29,11 @@ This topic describes how to submit problems with a Windows 10 upgrade to Microso
 
 The Feedback Hub app lets you tell Microsoft about any problems you run in to while using Windows 10 and send suggestions to help us improve your Windows experience. Previously, you could only use the Feedback Hub if you were in the Windows Insider Program. Now anyone can use this tool.  You can download the Feedback Hub app from the Microsoft Store [here](https://www.microsoft.com/store/p/feedback-hub/9nblggh4r32n?SilentAuth=1&wa=wsignin1.0).
 
-The Feedback Hub requires Windows 10. If you are having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information, but you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you are upgrading to Windows 10 from a previous version of Windows 10, the Feedback Hub will collect log files automatically.
+The Feedback Hub requires Windows 10. If you're having problems upgrading from an older version of Windows to Windows 10, you can use the Feedback Hub to submit this information. However, you must collect the log files from the legacy operating system and then attach these files to your feedback using a device that is running Windows 10. If you're upgrading to Windows 10 from a previous version of Windows 10, the Feedback Hub will collect log files automatically.
 
 ## Submit feedback
 
-To submit feedback about a failed Windows 10 upgrade, click the following link: [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md) 
+To submit feedback about a failed Windows 10 upgrade, select the following link: [Feedback Hub](feedback-hub://?referrer=resolveUpgradeErrorsPage&tabid=2&contextid=81&newFeedback=true&feedbackType=2&topic=submit-errors.md) 
 
 The Feedback Hub will open.
 
@@ -44,22 +45,22 @@ The Feedback Hub will open.
     - How did the upgrade fail?
         - Were any error codes visible?
         - Did the computer fail to a blue screen?
-        - Did the computer automatically roll back or did it hang, requiring you to power cycle it before it rolled back?
+        - Did the computer automatically rollback or did it hang, requiring you to power cycle it before it rolled back?
 - Additional details
     - What type of security software is installed?
     - Is the computer up to date with latest drivers and firmware?
     - Are there any external devices connected? 
-- If you used the link above, the category and subcategory will be automatically selected. If it is not selected, choose **Install and Update** and **Windows Installation**. 
+- If you used the link above, the category and subcategory will be automatically selected. If it isn't selected, choose **Install and Update** and **Windows Installation**. 
 
-You can attach a screenshot or file if desired. This is optional, but can be extremely helpful when diagnosing your upgrade issue. The location of these files is described here: [Windows Setup log files and event logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs).
+You can attach a screenshot or file if desired. This is optional, but can be helpful when diagnosing your upgrade issue. The location of these files is described here: [Windows Setup log files and event logs](/windows-hardware/manufacture/desktop/windows-setup-log-files-and-event-logs).
 
-Click **Submit** to send your feedback.
+Select **Submit** to send your feedback.
 
 See the following example:
 
 ![feedback example.](../images/feedback.png) 
 
-After you click Submit, that's all you need to do. Microsoft will receive your feedback and begin analyzing the issue.  You can check on your feedback periodically to see what solutions have been provided.
+After you select Submit, that's all you need to do. Microsoft will receive your feedback and begin analyzing the issue.  You can check on your feedback periodically to see what solutions have been provided.
 
 ## Link to your feedback
 
@@ -67,6 +68,6 @@ After your feedback is submitted, you can email or post links to it by opening t
 
 ![share.](../images/share.jpg) 
 
-## Related topics
+## Related articles
 
 [Windows 10 release information](https://technet.microsoft.com/windows/release-info.aspx)
diff --git a/windows/deployment/upgrade/windows-10-edition-upgrades.md b/windows/deployment/upgrade/windows-10-edition-upgrades.md
index b037fecf6c..2fdbd0beea 100644
--- a/windows/deployment/upgrade/windows-10-edition-upgrades.md
+++ b/windows/deployment/upgrade/windows-10-edition-upgrades.md
@@ -1,14 +1,15 @@
 ---
 title: Windows 10 edition upgrade (Windows 10)
 description: With Windows 10, you can quickly upgrade from one edition of Windows 10 to another, provided the upgrade path is supported.
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Windows 10 edition upgrade
@@ -27,7 +28,7 @@ The following table shows the methods and paths available to change the edition
 > The reboot requirement for upgrading from Pro to Enterprise was removed in version 1607.
 
 > [!TIP]
-> Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](/configmgr/compliance/deploy-use/upgrade-windows-version) in Microsoft Endpoint Configuration Manager.
+> Although it isn't displayed yet in the table, edition upgrade is also possible using [edition upgrade policy](/configmgr/compliance/deploy-use/upgrade-windows-version) in Microsoft Configuration Manager.
 
 ![not supported.](../images/x_blk.png) (X) = not supported</br>
 ![supported, reboot required.](../images/check_grn.png) (green checkmark) = supported, reboot required</br>
@@ -69,21 +70,21 @@ X = unsupported <BR>
 > <br>
 
 ## Upgrade using mobile device management (MDM)
-- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp).
+- To upgrade desktop editions of Windows 10 using MDM, you'll need to enter the product key for the upgraded edition in the **UpgradeEditionWithProductKey** policy setting of the **WindowsLicensing** CSP. For more info, see [WindowsLicensing CSP](/windows/client-management/mdm/windowslicensing-csp).
 
 
 ## Upgrade using a provisioning package
 Use Windows Configuration Designer to create a provisioning package to upgrade a desktop edition. To get started, [install Windows Configuration Designer from the Microsoft Store](https://www.microsoft.com/store/apps/9nblggh4tx22).
 
-- To create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
+- To create a provisioning package for upgrading desktop editions of Windows 10, go to **Runtime settings &gt; EditionUpgrade &gt; UpgradeEditionWithProductKey** in the **Available customizations** panel in Windows ICD and enter the product key for the upgraded edition.
 
-For more info about Windows Configuration Designer, see these topics:
+For more info about Windows Configuration Designer, see these articles:
 - [Create a provisioning package for Windows 10](/windows/configuration/provisioning-packages/provisioning-create-package)
 - [Apply a provisioning package](/windows/configuration/provisioning-packages/provisioning-apply-package)
 
 
 ## Upgrade using a command-line tool
-You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
+You can run the changepk.exe command-line tool to upgrade devices to a supported edition of Windows 10:
 
 `changepk.exe /ProductKey <enter your new product key here>`
 
@@ -93,37 +94,37 @@ You can also upgrade using slmgr.vbs and a [KMS client setup key](/windows-serve
 
 
 ## Upgrade by manually entering a product key
-If you are upgrading only a few devices, you may want to enter a product key for the upgraded edition manually.
+If you're upgrading only a few devices, you may want to enter a product key for the upgraded edition manually.
 
 **To manually enter a product key**
 
-1.  From either the Start menu or the Start screen, type 'Activation' and click on the Activation shortcut.
+1.  From either the Start menu or the Start screen, type 'Activation' and select on the Activation shortcut.
 
-2.  Click **Change product key**.
+2.  Select **Change product key**.
 
 3.  Enter your product key.
 
 4.  Follow the on-screen instructions.
 
 ## Upgrade by purchasing a license from the Microsoft Store
-If you do not have a product key, you can upgrade your edition of Windows 10 through the Microsoft Store.
+If you don't have a product key, you can upgrade your edition of Windows 10 through the Microsoft Store.
 
 **To upgrade through the Microsoft Store**
 
-1.  From either the **Start** menu or the **Start** screen, type 'Activation' and click on the Activation shortcut.
+1.  From either the **Start** menu or the **Start** screen, type 'Activation' and select on the Activation shortcut.
 
-2.  Click **Go to Store**.
+2.  Select **Go to Store**.
 
 3.  Follow the on-screen instructions.
 
     > [!NOTE]
-    > If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Microsoft Store, click [here](ms-windows-store://windowsupgrade/).
+    > If you are a Windows 10 Home N or Windows 10 Home KN user and have trouble finding your applicable upgrade in the Microsoft Store, click [here](ms-windows-store://windowsupgrade/).
 
 ## License expiration
 
-Volume license customers whose license has expired will need to change the edition of Windows 10 to an edition with an active license. Switching to a downgraded edition of Windows 10 is possible using the same methods that were used to perform an edition upgrade. If the downgrade path is supported, then your apps and settings can be migrated from the current edition. If a path is not supported, then a clean install is required.
+Volume license customers whose license has expired will need to change the edition of Windows 10 to an edition with an active license. Switching to a downgraded edition of Windows 10 is possible using the same methods that were used to perform an edition upgrade. If the downgrade path is supported, then your apps and settings can be migrated from the current edition. If a path isn't supported, then a clean install is required.
 
-Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key is not supported.  You also cannot downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. This topic does not discuss version downgrades.
+Downgrading from any edition of Windows 10 to Windows 7, 8, or 8.1 by entering a different product key isn't supported.  You also can't downgrade from a later version to an earlier version of the same edition (Ex: Windows 10 Pro 1709 to 1703) unless the rollback process is used. This article doesn't discuss version downgrades.
 
 > [!NOTE]
 > If you are using [Windows 10 Enterprise Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation) and a license expires, devices will automatically revert to the original edition when the grace period expires.
@@ -136,7 +137,7 @@ Downgrading from Enterprise
 - Upgrade edition: **Enterprise**
 - Valid downgrade paths: **Pro, Pro for Workstations, Pro Education, Education**
 
-You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you are a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/download/details.aspx?id=11091).
+You can move directly from Enterprise to any valid destination edition. In this example, downgrading to Pro for Workstations, Pro Education, or Education requires an additional activation key to supersede the firmware-embedded Pro key. In all cases, you must comply with [Microsoft License Terms](https://www.microsoft.com/useterms). If you're a volume license customer, refer to the [Microsoft Volume Licensing Reference Guide](https://www.microsoft.com/download/details.aspx?id=11091).
 
 ### Supported Windows 10 downgrade paths
 
@@ -164,9 +165,9 @@ S = Supported; Not considered a downgrade or an upgrade
 
 > **Windows N/KN**: Windows "N" and "KN" SKUs follow the same rules shown above.
 
-Some slightly more complex scenarios are not represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro.
+Some slightly more complex scenarios aren't represented by the table above. For example, you can perform an upgrade from Pro to Pro for Workstation on a computer with an embedded Pro key using a Pro for Workstation license key, and then later downgrade this computer back to Pro with the firmware-embedded key. The downgrade is allowed but only because the pre-installed OS is Pro.
 
-## Related topics
+## Related articles
 
 [Windows 10 upgrade paths](./windows-10-upgrade-paths.md)<br>
 [Windows 10 volume license media](../windows-10-media.md)<br>
diff --git a/windows/deployment/upgrade/windows-10-upgrade-paths.md b/windows/deployment/upgrade/windows-10-upgrade-paths.md
index 0123bb3b1e..eff1786ff2 100644
--- a/windows/deployment/upgrade/windows-10-upgrade-paths.md
+++ b/windows/deployment/upgrade/windows-10-upgrade-paths.md
@@ -1,14 +1,15 @@
 ---
 title: Windows 10 upgrade paths (Windows 10)
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: You can upgrade to Windows 10 from a previous version of Windows if the upgrade path is supported.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Windows 10 upgrade paths
@@ -19,19 +20,19 @@ ms.technology: itpro-deploy
 
 ## Upgrade paths
 
-This topic provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. This includes upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported. 
+This article provides a summary of available upgrade paths to Windows 10. You can upgrade to Windows 10 from Windows 7 or a later operating system. This includes upgrading from one release of Windows 10 to later release of Windows 10. Migrating from one edition of Windows 10 to a different edition of the same release is also supported. 
 
-If you are also migrating to a different edition of Windows, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths, but please note that applications and settings are not maintained when the Windows edition is downgraded.
+If you're also migrating to a different edition of Windows, see [Windows 10 edition upgrade](windows-10-edition-upgrades.md). Methods and supported paths are described on this page to change the edition of Windows. These methods require that you input a license or product key for the new Windows edition prior to starting the upgrade process. Edition downgrade is also supported for some paths. However, applications and settings aren't maintained when the Windows edition is downgraded.
 
 - **Windows 10 version upgrade**: You can directly upgrade any General Availability Channel version of Windows 10 to a newer, supported General Availability Channel version of Windows 10, even if it involves skipping versions. Work with your account representative if your current version of Windows is out of support. See the [Windows lifecycle fact sheet](/lifecycle/faq/windows) for availability and service information.
 
-- **In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 General Availability Channel](/windows/release-health/release-information)** to Windows 10 LTSC is not supported. Windows 10 LTSC 2015 did not block this in-place upgrade path. This issue was corrected in the Windows 10 LTSC 2016 release, which only allows data-only and clean install options.
+- **In-place upgrade from Windows 7, Windows 8.1, or [Windows 10 General Availability Channel](/windows/release-health/release-information)** to Windows 10 LTSC isn't supported. Windows 10 LTSC 2015 didn't block this in-place upgrade path. This issue was corrected in the Windows 10 LTSC 2016 release, which only allows data-only and clean install options.
 
-  You can upgrade from Windows 10 LTSC to Windows 10 General Availability Channel, provided that you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You will need to use the Product Key switch if you want to keep your apps. If you don't use the switch, the option **Keep personal files and apps** option is grayed out. The command line would be `setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx`, using your relevant Windows 10 GA Channel product key. For example, if using a KMS, the command line would be `setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43`.
+  You can upgrade from Windows 10 LTSC to Windows 10 General Availability Channel if you upgrade to the same or a newer build version. For example, Windows 10 Enterprise 2016 LTSB can be upgraded to Windows 10 Enterprise version 1607 or later. Upgrade is supported using the in-place upgrade process (using Windows setup). You'll need to use the Product Key switch if you want to keep your apps. If you don't use the switch, the option **Keep personal files and apps** option is grayed out. The command line would be `setup.exe /pkey xxxxx-xxxxx-xxxxx-xxxxx-xxxxx`, using your relevant Windows 10 GA Channel product key. For example, if using a KMS, the command line would be `setup.exe /pkey NPPR9-FWDCX-D2C8J-H872K-2YT43`.
 
-- **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions are not the same type (e.g. Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
+- **Windows N/KN**: Windows "N" and "KN" SKUs (editions without media-related functionality) follow the same upgrade paths shown below. If the pre-upgrade and post-upgrade editions aren't the same type (for example, Windows 8.1 Pro N to Windows 10 Pro), personal data will be kept but applications and settings will be removed during the upgrade process.
 
-- **Windows 8.0**: You cannot upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355).
+- **Windows 8.0**: You can't upgrade directly from Windows 8.0 to Windows 10. To upgrade from Windows 8.0, you must first install the [Windows 8.1 update](https://support.microsoft.com/help/15356/windows-8-install-update-kb-2919355).
 
 ## Windows 10
 
@@ -86,10 +87,10 @@ D = Edition downgrade; personal data is maintained, applications and settings ar
 
 ---
 
-## Related Topics
+## Related articles
 
 [Windows 10 deployment scenarios](../windows-10-deployment-scenarios.md)
 
 [Windows upgrade and migration considerations](windows-upgrade-and-migration-considerations.md)
 
-[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
+[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
\ No newline at end of file
diff --git a/windows/deployment/upgrade/windows-error-reporting.md b/windows/deployment/upgrade/windows-error-reporting.md
index c5762be55a..ece3ab44a0 100644
--- a/windows/deployment/upgrade/windows-error-reporting.md
+++ b/windows/deployment/upgrade/windows-error-reporting.md
@@ -1,20 +1,21 @@
 ---
 title: Windows error reporting - Windows IT Pro
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: Learn how to review the events generated by Windows Error Reporting when something goes wrong during Windows 10 setup.
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Windows Error Reporting
 
 **Applies to**
--   Windows 10
+-   Windows 10
 
 > [!NOTE]
 > This is a 300 level topic (moderately advanced).  
@@ -36,7 +37,7 @@ $event.Event.EventData.Data
 
 To use Event Viewer: 
 1. Open Event Viewer and navigate to **Windows Logs\Application**.
-2. Click **Find**, and then search for **winsetupdiag02**.
+2. Select **Find**, and then search for **winsetupdiag02**.
 3. Double-click the event that is highlighted.
 
 > [!NOTE]
@@ -57,15 +58,14 @@ Ten parameters are listed in the event:
 |P9: New OS build (Ex: 16299}   | 
 |P10: New OS branch (Ex: rs3_release}   | 
 
-
-The event will also contain links to log files that can be used to perform a detailed diagnosis of the error.  An example of this event from a successful upgrade is shown below.
+The event will also contain links to log files that can be used to perform a detailed diagnosis of the error. An example of this event from a successful upgrade is shown below.
 
 :::image type="content" alt-text="Windows Error Reporting." source="../images/event.png" lightbox="../images/event.png":::
 
-## Related topics
+## Related articles
 
 [Windows 10 FAQ for IT professionals](../planning/windows-10-enterprise-faq-itpro.yml)  
 [Windows 10 Enterprise system requirements](https://technet.microsoft.com/windows/dn798752.aspx)  
 [Windows 10 Specifications](https://www.microsoft.com/windows/Windows-10-specifications)  
 [Windows 10 IT pro forums](https://social.technet.microsoft.com/Forums/en-US/home?category=Windows10ITPro)  
-[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
+[Fix Windows Update errors by using the DISM or System Update Readiness tool](/troubleshoot/windows-server/deployment/fix-windows-update-errors)
\ No newline at end of file
diff --git a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
index 72fded4619..d197dc65f1 100644
--- a/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
+++ b/windows/deployment/upgrade/windows-upgrade-and-migration-considerations.md
@@ -1,57 +1,58 @@
 ---
 title: Windows Upgrade and Migration Considerations (Windows 10)
-description: Discover the Microsoft tools you can use to move files and settings between installations, as well as special considerations for performing an upgrade or migration.
+description: Discover the Microsoft tools you can use to move files and settings between installations including special considerations for performing an upgrade or migration.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 10/28/2022
 ---
 
 # Windows upgrade and migration considerations
 Files and application settings can be migrated to new hardware running the Windows® operating system, or they can be maintained during an operating system upgrade on the same computer. This topic summarizes the Microsoft® tools you can use to move files and settings between installations in addition to special considerations for performing an upgrade or migration.
 
 ## Upgrade from a previous version of Windows
-You can upgrade from an earlier version of Windows, which means you can install the new version of Windows and retain your applications, files, and settings as they were in your previous version of Windows. If you decide to perform a custom installation of Windows instead of an upgrade, your applications and settings will not be maintained. Your personal files, and all Windows files and directories, will be moved to a Windows.old folder. You can access your data in the Windows.old folder after Windows Setup is complete.
+You can upgrade from an earlier version of Windows, which means you can install the new version of Windows and retain your applications, files, and settings as they were in your previous version of Windows. If you decide to perform a custom installation of Windows instead of an upgrade, your applications and settings won't be maintained. Your personal files, and all Windows files and directories, will be moved to a Windows.old folder. You can access your data in the Windows.old folder after Windows Setup is complete.
 
 ## Migrate files and settings
 Migration tools are available to transfer settings from one computer that is running Windows to another. These tools transfer only the program settings, not the programs themselves.
 
 For more information about application compatibility, see the [Application Compatibility Toolkit (ACT)](/previous-versions/windows/server/cc722055(v=ws.10)).
 
-The User State Migration Tool (USMT) 10.0 is an application intended for administrators who are performing large-scale automated deployments. For deployment to a small number of computers or for individually customized deployments, you can use Windows Easy Transfer.
+The User State Migration Tool (USMT) 10.0 is an application intended for administrators who are performing large-scale automated deployments. For deployment to a few computers or for individually customized deployments, you can use Windows Easy Transfer.
 
 ### Migrate with Windows Easy Transfer
-Windows Easy Transfer is a software wizard for transferring files and settings from one computer that is running Windows to another. It helps you select what to move to your new computer, enables you to set which migration method to use, and then performs the transfer. When the transfer has completed, Windows Easy Transfer Reports shows you what was transferred and provides a list of programs you might want to install on your new computer, in addition to links to other programs you might want to download.
+Windows Easy Transfer is a software wizard for transferring files and settings from one computer that is running Windows to another. It helps you select what to move to your new computer, enables you to set which migration method to use, and then performs the transfer. When the transfer has completed, Windows Easy Transfer Reports shows you what was transferred and provides a list of programs you might want to install on your new computer, in addition to links to other programs you might want to download.
 
-With Windows Easy Transfer, files and settings can be transferred using a network share, a USB flash drive (UFD), or the Easy Transfer cable. However, you cannot use a regular universal serial bus (USB) cable to transfer files and settings with Windows Easy Transfer. An Easy Transfer cable can be purchased on the Web, from your computer manufacturer, or at an electronics store.
+With Windows Easy Transfer, files and settings can be transferred using a network share, a USB flash drive (UFD), or the Easy Transfer cable. However, you can't use a regular universal serial bus (USB) cable to transfer files and settings with Windows Easy Transfer. An Easy Transfer cable can be purchased on the Web, from your computer manufacturer, or at an electronics store.
 
 > [!NOTE]
 > Windows Easy Transfer [is not available in Windows 10](https://support.microsoft.com/help/4026265/windows-windows-easy-transfer-is-not-available-in-windows-10).
 
 ### Migrate with the User State Migration Tool
-You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they are migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded.
+You can use USMT to automate migration during large deployments of the Windows operating system. USMT uses configurable migration rule (.xml) files to control exactly which user accounts, user files, operating system settings, and application settings are migrated and how they're migrated. You can use USMT for both *side-by-side* migrations, where one piece of hardware is being replaced, or *wipe-and-load* (or *refresh*) migrations, when only the operating system is being upgraded.
 
 ## Upgrade and migration considerations
-Whether you are upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations:
+Whether you're upgrading or migrating to a new version of Windows, you must be aware of the following issues and considerations:
 
 ### Application compatibility
 For more information about application compatibility in Windows, see [Use Upgrade Readiness to manage Windows upgrades](/windows/deployment/upgrade/use-upgrade-readiness-to-manage-windows-upgrades).
 
 ### Multilingual Windows image upgrades
-When performing multilingual Windows upgrades, cross-language upgrades are not supported by USMT. If you are upgrading or migrating an operating system with multiple language packs installed, you can upgrade or migrate only to the system default user interface (UI) language. For example, if English is the default but you have a Spanish language pack installed, you can upgrade or migrate only to English.
+When performing multilingual Windows upgrades, cross-language upgrades aren't supported by USMT. If you're upgrading or migrating an operating system with multiple language packs installed, you can upgrade or migrate only to the system default user interface (UI) language. For example, if English is the default but you have a Spanish language pack installed, you can upgrade or migrate only to English.
 
-If you are using a single-language Windows image that matches the system default UI language of your multilingual operating system, the migration will work. However, all of the language packs will be removed, and you will have to reinstall them after the upgrade is completed.
+If you're using a single-language Windows image that matches the system default UI language of your multilingual operating system, the migration will work. However, all of the language packs will be removed, and you'll have to reinstall them after the upgrade is completed.
 
 ### Errorhandler.cmd
-When upgrading from an earlier version of Windows, if you intend to use Errorhandler.cmd, you must copy this file into the %WINDIR%\\Setup\\Scripts directory on the old installation. This makes sure that if there are errors during the down-level phase of Windows Setup, the commands in Errorhandler.cmd will run.
+When upgrading from an earlier version of Windows, if you intend to use Errorhandler.cmd, you must copy Errorhandler.cmd into the %WINDIR%\\Setup\\Scripts directory on the old installation. This makes sure that if there are errors during the down-level phase of Windows Setup, the commands in Errorhandler.cmd will run.
 
 ### Data drive ACL migration
-During the configuration pass of Windows Setup, the root access control list (ACL) on drives formatted for NTFS that do not appear to have an operating system will be changed to the default Windows XP ACL format. The ACLs on these drives are changed to enable authenticated users to modify access on folders and files.
+During the configuration pass of Windows Setup, the root access control list (ACL) on drives formatted for NTFS that don't appear to have an operating system will be changed to the default Windows XP ACL format. The ACLs on these drives are changed to enable authenticated users to modify access on folders and files.
 
-Changing the ACLs may affect the performance of Windows Setup if the default Windows XP ACLs are applied to a partition with a large amount of data. Because of these performance concerns, you can change the following registry value to disable this feature:
+Changing the ACLs may affect the performance of Windows Setup if the default Windows XP ACLs are applied to a partition with a large amount of data. Because of these performance concerns, you can change the following registry value to disable this feature:
 
 ``` syntax
 Key: HKLM\System\Setup
@@ -59,14 +60,9 @@ Type: REG_DWORD
 Value: "DDACLSys_Disabled" = 1
 ```
 
-This feature is disabled if this registry key value exists and is configured to `1`.
+This feature is disabled if this registry key value exists and is configured to `1`.
 
-## Related topics
+## Related articles
 [User State Migration Tool (USMT) Overview Topics](../usmt/usmt-topics.md)<BR>
 [Windows 10 upgrade paths](windows-10-upgrade-paths.md)<BR>
-[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
-
-
- 
-
- 
+[Windows 10 edition upgrade](windows-10-edition-upgrades.md)
\ No newline at end of file
diff --git a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
index 816ce09308..a5d392e636 100644
--- a/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
+++ b/windows/deployment/usmt/getting-started-with-the-user-state-migration-tool.md
@@ -2,83 +2,87 @@
 title: User State Migration Tool (USMT) - Getting Started (Windows 10)
 description: Plan, collect, and prepare your source computer for migration using the User State Migration Tool (USMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 11/01/2022
 ---
 
-# Getting Started with the User State Migration Tool (USMT)
-This topic outlines the general process that you should follow to migrate files and settings.
+# Getting started with the User State Migration Tool (USMT)
 
-## In this topic
--   [Step 1: Plan Your Migration](#step-1-plan-your-migration)
-
--   [Step 2: Collect files and settings from the source computer](#step-2-collect-files-and-settings-from-the-source-computer)
-
--   [Step 3: Prepare the destination computer and restore files and settings](#step-3-prepare-the-destination-computer-and-restore-files-and-settings)
+This article outlines the general process that you should follow to migrate files and settings.
 
 ## Step 1: Plan your migration
-1.  [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
 
-2.  [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys.
+1. [Plan Your Migration](usmt-plan-your-migration.md). Depending on whether your migration scenario is refreshing or replacing computers, you can choose an online migration or an offline migration using Windows Preinstallation Environment (WinPE) or the files in the Windows.old directory. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
 
-3.  Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
+2. [Determine What to Migrate](usmt-determine-what-to-migrate.md). Data you might consider migrating includes end-user information, applications settings, operating-system settings, files, folders, and registry keys.
 
-4.  Use the **/GenMigXML** command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information see [ScanState Syntax](usmt-scanstate-syntax.md)
+3. Determine where to store data. Depending on the size of your migration store, you can store the data remotely, locally in a hard-link migration store or on a local external storage device, or directly on the destination computer. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
 
-5.  Modify copies of the Migration.xml and MigDocs.xml files and create custom .xml files, if it is required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or **MigXmlHelper.GenerateDocPatterns** helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files.
+4. Use the `/GenMigXML` command-line option to determine which files will be included in your migration, and to determine whether any modifications are necessary. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md)
 
-    **Important**  
-    We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files.
-    
-    You can use the MigXML.xsd file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
+5. Modify copies of the `Migration.xml` and `MigDocs.xml` files and create custom .xml files, if it's required. To modify the migration behavior, such as migrating the **Documents** folder but not the **Music** folder, you can create a custom .xml file or modify the rules in the existing migration .xml files. The document finder, or `MigXmlHelper.GenerateDocPatterns` helper function, can be used to automatically find user documents on a computer without creating extensive custom migration .xml files.
 
-6.  Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the **ScanState** command. For example, the following command creates a Config.xml file by using the MigDocs and MigApp.xml files:
+    > [!IMPORTANT]
+    > We recommend that you always make and modify copies of the .xml files included in User State Migration Tool (USMT) 10.0. Never modify the original .xml files.
 
-    `scanstate /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scanstate.log`
+    You can use the `MigXML.xsd` file to help you write and validate the .xml files. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
 
-7.  Review the migration state of the components listed in the Config.xml file, and specify `migrate=no` for any components that you do not want to migrate.
+6. Create a [Config.xml File](usmt-configxml-file.md) if you want to exclude any components from the migration. To create this file, use the [ScanState Syntax](usmt-scanstate-syntax.md) option together with the other .xml files when you use the `ScanState.exe` command. For example, the following command creates a `Config.xml` file by using the `MigDocs.xml` and `MigApp.xml` files:
+
+    ``` syntax
+    ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log
+    ```
+
+7. Review the migration state of the components listed in the `Config.xml` file, and specify `migrate=no` for any components that you don't want to migrate.
 
 ## Step 2: Collect files and settings from the source computer
-1.  Back up the source computer.
 
-2.  Close all applications. If some applications are running when you run the **ScanState** command, USMT might not migrate all of the specified data. For example, if Microsoft&reg; Office Outlook&reg; is open, USMT might not migrate PST files.
+1. Back up the source computer.
 
-    **Note**  
-    USMT will fail if it cannot migrate a file or setting unless you specify the **/C** option. When you specify the **/C** option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the **&lt;ErrorControl&gt;** section in the Config.xml file to specify which errors should be ignored, and which should cause the migration to fail.
+2. Close all applications. If some applications are running when you run the `ScanState.exe` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
 
-3.  Run the **ScanState** command on the source computer to collect files and settings. You should specify all of the .xml files that you want the **ScanState** command to use. For example,
+     > [!NOTE]
+     > USMT will fail if it cannot migrate a file or setting unless you specify the `/C` option. When you specify the `/C` option, USMT will ignore the errors, and log an error every time that it encounters a file that is being used that USMT did not migrate. You can use the `<ErrorControl>` section in the `Config.xml` file to specify which errors should be ignored, and which should cause the migration to fail.
 
-    `scanstate \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log`
+3. Run the `ScanState.exe` command on the source computer to collect files and settings. You should specify all of the .xml files that you want the `ScanState.exe` command to use. For example,
 
-    **Note**  
-    If the source computer is running Windows 7, or Windows 8, you must run the **ScanState** command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then click **Run As Administrator**. If the source computer is running Windows XP, you must run the **ScanState** command from an account that has administrative credentials. For more information about the how the **ScanState** command processes and stores the data, see [How USMT Works](usmt-how-it-works.md).
+     ``` syntax
+        ScanState.exe \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log
+     ```
 
-4.  Run the **USMTUtils** command with the **/Verify** option to ensure that the store you created is not corrupted.
+     > [!NOTE]
+     > If the source computer is running Windows 7, or Windows 8, you must run the `ScanState.exe` command in **Administrator** mode. To run in **Administrator** mode, right-click **Command Prompt**, and then select **Run As Administrator**. For more information about the how the `ScanState.exe` command processes and stores the data, see [How USMT Works](usmt-how-it-works.md).
+
+4. Run the `UsmtUtils.exe` command with the `/Verify` option to ensure that the store you created isn't corrupted.
 
 ## Step 3: Prepare the destination computer and restore files and settings
-1.  Install the operating system on the destination computer.
 
-2.  Install all applications that were on the source computer. Although it is not always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved.
+1. Install the operating system on the destination computer.
 
-    **Note**  
-    The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft&reg; Office, which USMT can migrate from an older version to a newer version.
+2. Install all applications that were on the source computer. Although it isn't always required, we recommend installing all applications on the destination computer before you restore the user state. This makes sure that migrated settings are preserved.
 
-3.  Close all applications. If some applications are running when you run the **LoadState** command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
+     > [!NOTE]
+     > The application version that is installed on the destination computer should be the same version as the one on the source computer. USMT does not support migrating the settings for an older version of an application to a newer version. The exception to this is Microsoft Office, which USMT can migrate from an older version to a newer version.
 
-    **Note**  
-    Use **/C** to continue your migration if errors are encountered, and use the **&lt;ErrorControl&gt;** section in the Config.xml file to specify which errors should be ignored, and which errors should cause the migration to fail.
+3. Close all applications. If some applications are running when you run the `LoadState.exe ` command, USMT might not migrate all of the specified data. For example, if Microsoft Office Outlook is open, USMT might not migrate PST files.
 
-4.  Run the **LoadState** command on the destination computer. Specify the same set of .xml files that you specified when you used the **ScanState** command. However, you do not have to specify the Config.xml file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the Config.xml file and specify the updated file by using the **LoadState** command. Then, the **LoadState** command will migrate only the files and settings that you want to migrate. For more information about the how the **LoadState** command processes and migrates data, see [How USMT Works](usmt-how-it-works.md).
+     > [!NOTE]
+     > Use `/C` to continue your migration if errors are encountered, and use the `<ErrorControl>` section in the `Config.xml` file to specify which errors should be ignored, and which errors should cause the migration to fail.
+
+4. Run the `LoadState.exe ` command on the destination computer. Specify the same set of .xml files that you specified when you used the `ScanState.exe` command. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the `Config.xml` file and specify the updated file by using the `LoadState.exe ` command. Then, the `LoadState.exe ` command will migrate only the files and settings that you want to migrate. For more information about how the `LoadState.exe ` command processes and migrates data, see [How USMT Works](usmt-how-it-works.md).
 
     For example, the following command migrates the files and settings:
 
-    `loadstate \\server\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log`
+    ``` syntax
+    LoadState.exe  \\server\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:LoadState.log
+    ```
 
-    **Note**  
-    Run the **LoadState** command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**.
+     > [!NOTE]
+     > Run the `LoadState.exe ` command in administrator mode. To do this, right-click **Command Prompt**, and then click **Run As Administrator**.
 
-5.  Log off after you run the **LoadState** command. Some settings (for example, fonts, wallpaper, and screen saver settings) will not take effect until the next time that the user logs on.
+5. Sign out after you run the `LoadState.exe ` command. Some settings, such as fonts, wallpaper, and screen saver settings, won't take effect until the next time that the user logs on.
diff --git a/windows/deployment/usmt/migrate-application-settings.md b/windows/deployment/usmt/migrate-application-settings.md
index 5814c465d8..4b4868af71 100644
--- a/windows/deployment/usmt/migrate-application-settings.md
+++ b/windows/deployment/usmt/migrate-application-settings.md
@@ -2,163 +2,147 @@
 title: Migrate Application Settings (Windows 10)
 description: Learn how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using MigApp.xml.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Migrate Application Settings
 
+You can create a custom .xml file to migrate specific line-of-business application settings or to change the default migration behavior of the User State Migration Tool (USMT) 10.0. For ScanState and LoadState to use this file, you must specify the custom .xml file on both command lines.
 
-You can create a custom .xml file to migrate specific line-of-business application settings or to change the default migration behavior of the User State Migration Tool (USMT) 10.0. For ScanState and LoadState to use this file, you must specify the custom .xml file on both command lines.
+This article defines how to author a custom migration .xml file that migrates the settings of an application that isn't migrated by default using `MigApp.xml`. You should migrate the settings after you install the application, but before the user runs the application for the first time.
 
-This topic defines how to author a custom migration .xml file that migrates the settings of an application that is not migrated by default using MigApp.xml. You should migrate the settings after you install the application, but before the user runs the application for the first time.
+This article doesn't contain information about how to migrate applications that store settings in an application-specific store, only the applications that store the information in files or in the registry. It also doesn't contain information about how to migrate the data that users create using the application. For example, if the application creates .doc files using a specific template, this article doesn't discuss how to migrate the .doc files and templates themselves.
 
-This topic does not contain information about how to migrate applications that store settings in an application-specific store, only the applications that store the information in files or in the registry. It also does not contain information about how to migrate the data that users create using the application. For example, if the application creates .doc files using a specific template, this topic does not discuss how to migrate the .doc files and templates themselves.
+## Before you begin
 
-## <a href="" id="createxmlmigappsettings"></a>In this Topic
+You should identify a test computer that contains the operating system of your source computers, and the application whose settings you want to migrate. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 7 on your test computer and then install the application.
 
+## Step 1: Verify that the application is installed on the source computer, and that it's the same version as the version to be installed on the destination computer
 
--   [Before You Begin](#bkmk-beforebegin)
+Before USMT migrates the settings, you need it to check whether the application is installed on the source computer, and that it's the correct version. If the application isn't installed on the source computer, you probably don't want USMT to spend time searching for the application's settings. More importantly, if USMT collects settings for an application that isn't installed, it may migrate settings that will cause the destination computer to function incorrectly. You should also investigate whether there's more than one version of the application because the new version may not store the settings in the same place.  Mismatched application versions may lead to unexpected results on the destination computer.
 
--   [Step 1: Verify that the application is installed on the source computer, and that it is the same version as the version to be installed on the destination computer](#bkmk-step1).
+There are many ways to detect if an application is installed. The best practice is to check for an application uninstall key in the registry, and then search the computer for the executable file that installed the application. It's important that you check for both of these items, because sometimes different versions of the same application share the same uninstall key. So even if the key is there, it may not correspond to the version of the application that you want.
 
--   [Step 2: Identify settings to collect and determine where each setting is stored on the computer](#bkmk-step2).
+### Check the registry for an application uninstall key
 
--   [Step 3: Identify how to apply the gathered settings](#bkmk-step3).
+When many applications are installed (especially those installed using the Microsoft® Windows® Installer technology), an application uninstall key is created under:
 
--   [Step 4: Create the migration XML component for the application](#bkmk-step4).
+`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall`
 
--   [Step 5: Test the application settings migration](#bkmk-step5).
+For example, when Adobe Acrobat Reader 7 is installed, it creates a key named:
 
-## <a href="" id="bkmk-beforebegin"></a>Before You Begin
+`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall \{AC76BA86-7AD7-1033-7B44-A70000000000}`
 
+Therefore, if a computer contains this key, then Adobe Acrobat Reader 7 is installed on the computer. You can check for the existence of a registry key using the `DoesObjectExist` helper function.
 
-You should identify a test computer that contains the operating system of your source computers, and the application whose settings you want to migrate. For example, if you are planning on migrating from Windows 7 to Windows 10, install Windows 7 on your test computer and then install the application.
+Usually, you can find this key by searching under
 
-## <a href="" id="bkmk-step1"></a>Step 1: Verify that the application is installed on the source computer, and that it is the same version as the version to be installed on the destination computer.
+`HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall`
 
+for the name of the application, the name of the application executable file, or for the name of the company that makes the application. You can use the Registry Editor, `Regedit.exe` located in the `%SystemRoot%`, to search the registry.
 
-Before USMT migrates the settings, you need it to check whether the application is installed on the source computer, and that it is the correct version. If the application is not installed on the source computer, you probably do not want USMT to spend time searching for the application’s settings. More importantly, if USMT collects settings for an application that is not installed, it may migrate settings that will cause the destination computer to function incorrectly. You should also investigate whether there is more than one version of the application. This is because the new version may not store the settings in the same place, which may lead to unexpected results on the destination computer.
+### Check the file system for the application executable file
 
-There are many ways to detect if an application is installed. The best practice is to check for an application uninstall key in the registry, and then search the computer for the executable file that installed the application. It is important that you check for both of these items, because sometimes different versions of the same application share the same uninstall key. So even if the key is there, it may not correspond to the version of the application that you want.
+You should also check the application binaries for the executable that installed the application. To check for application binaries, you'll first need to determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry for the name of the application, the name of the application executable, or for the name of the company that makes the application, until you find the registry value that contains the installation path. Once you've determined the path to the application executable, you can use the `DoesFileVersionMatch` helper function to check for the correct version of the application executable. For an example of how to use the `DoesFileVersionMatch` helper function, see the Windows Live™ Messenger section of the `MigApp.xml` file.
 
-### Check the registry for an application uninstall key.
+## Step 2: Identify settings to collect and determine where each setting is stored on the computer
 
-When many applications are installed (especially those installed using the Microsoft® Windows® Installer technology), an application uninstall key is created under **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall**. For example, when Adobe Acrobat Reader 7 is installed, it creates a key named **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall \\{AC76BA86-7AD7-1033-7B44-A70000000000}**. Therefore, if a computer contains this key, then Adobe Acrobat Reader 7 is installed on the computer. You can check for the existence of a registry key using the **DoesObjectExist** helper function.
+Next, you should go through the user interface and make a list of all of the available settings. You can reduce the list if there are settings that you don't want to migrate. To determine where each setting is stored, you'll need to change each setting and monitor the activity on the registry and the file system. You don't need to migrate the binary files and registry settings that are made when the application is installed because you'll need to reinstall the application onto the destination computer. You only need to migrate those settings that are customizable.
 
-Usually, you can find this key by searching under **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall** for the name of the application, the name of the application executable file, or for the name of the company that makes the application. You can use the Registry Editor (**Regedit.exe** located in the %**SystemRoot**%) to search the registry.
+### How to determine where each setting is stored
 
-### Check the file system for the application executable file.
+1. Download a file and registry monitoring tool, such as the Regmon and Filemon tools, from the [Windows Sysinternals Web site](/sysinternals/).
 
-You should also check the application binaries for the executable that installed the application. To do this, you will first need to determine where the application is installed and what the name of the executable is. Most applications store the installation location of the application binaries in the registry. You should search the registry for the name of the application, the name of the application executable, or for the name of the company that makes the application, until you find the registry value that contains the installation path. Once you have determined the path to the application executable, you can use the **DoesFileVersionMatch** helper function to check for the correct version of the application executable. For an example of how to do this, see the Windows Live™ Messenger section of the MigApp.xml file.
+2. Shut down as many applications as possible to limit the registry and file system activity on the computer.
 
-## <a href="" id="bkmk-step2"></a>Step 2: Identify settings to collect and determine where each setting is stored on the computer.
+3. Filter the output of the tools so it only displays changes being made by the application.
 
+     > [!NOTE]
+     > Most applications store their settings under the user profile. That is, the settings stored in the file system are under the `%UserProfile%` directory, and the settings stored in the registry are under the `HKEY_CURRENT_USER` hive. For these applications you can filter the output of the file and registry monitoring tools to show activity only under these locations. This will considerably reduce the amount of output that you will need to examine.
 
-Next, you should go through the user interface and make a list of all of the available settings. You can reduce the list if there are settings that you do not want to migrate. To determine where each setting is stored, you will need to change each setting and monitor the activity on the registry and the file system. You do not need to migrate the binary files and registry settings that are made when the application is installed. This is because you will need to reinstall the application onto the destination computer. You only need to migrate those settings that are customizable.
+4. Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you're changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically won't take effect until you close the dialog box by clicking **OK**.
 
-### <a href="" id="bkmkdetermine"></a>
+5. When the setting is changed, note the changes to the file system and registry. There may be more than one file or registry values for each setting. You should identify the minimal set of file and registry changes that are required to change this setting. This set of files and registry keys is what you will need to migrate in order to migrate the setting.
 
-**How To Determine Where Each Setting is Stored**
+     > [!NOTE]
+     > Changing an application setting invariably leads to writing to registry keys. If possible, filter the output of the file and registry monitor tool to display only writes to files and registry keys/values.
 
-1.  Download a file and registry monitoring tool, such as the Regmon and Filemon tools, from the [Windows Sysinternals Web site](/sysinternals/).
+## Step 3: Identify how to apply the gathered settings
 
-2.  Shut down as many applications as possible to limit the registry and file system activity on the computer.
+If the version of the application on the source computer is the same as the one on the destination computer, then you don't have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the `C:\Documents and Settings\User1\My Documents` folder and the profile directory on the destination computer is located at `D:\Users\User1`, then USMT will automatically migrate the file to `D:\Users\User1\My Documents`. However, you may need to modify the location of some settings in the following three cases:
 
-3.  Filter the output of the tools so it only displays changes being made by the application.
+### Case 1: The version of the application on the destination computer is newer than the one on the source computer
 
-    **Note**  
-    Most applications store their settings under the user profile. That is, the settings stored in the file system are under the %**UserProfile**% directory, and the settings stored in the registry are under the **HKEY\_CURRENT\_USER** hive. For these applications you can filter the output of the file and registry monitoring tools to show activity only under these locations. This will considerably reduce the amount of output that you will need to examine.
+In this case, the newer version of the application may be able to read the settings from the source computer without modification. That is, the data collected from an older version of the application is sometimes compatible with the newer version of the application. However, you may need to modify the setting location if either of the following conditions is true:
 
-     
+- **The newer version of the application has the ability to import settings from an older version.** This mapping usually happens the first time a user runs the newer version after the settings have been migrated. Some applications import settings automatically after settings are migrated. However, other applications will only do import settings if the application was upgraded from the older version. When the application is upgraded, a set of files and/or registry keys is installed that indicates the older version of the application was previously installed. If you perform a clean installation of the newer version (which is the case in most migrations), the computer doesn't contain this set of files and registry keys so the mapping doesn't occur. In order to trick the newer version of the application into initiating this import process, your migration script may need to create these files and/or registry keys on the destination computer.
 
-4.  Start the monitoring tool(s), change a setting, and look for registry and file system writes that occurred when you changed the setting. Make sure the changes you make actually take effect. For example, if you are changing a setting in Microsoft Word by selecting a check box in the **Options** dialog box, the change typically will not take effect until you close the dialog box by clicking **OK**.
+    To identify which files and/or registry keys/values need to be created to cause the import, you should upgrade the older version of the application to the newer one and monitor the changes made to the file system and registry by using the same process described in [How to determine where each setting is stored](#how-to-determine-where-each-setting-is-stored). Once you know the set of files that the computer needs, you can use the **&lt;addObjects&gt;** element to add them to the destination computer.
 
-5.  When the setting is changed, note the changes to the file system and registry. There may be more than one file or registry values for each setting. You should identify the minimal set of file and registry changes that are required to change this setting. This set of files and registry keys is what you will need to migrate in order to migrate the setting.
+- **The newer version of the application can't read settings from the source computer and it's also unable to import the settings into the new format.** In this case, you'll need to create a mapping for each setting from the old locations to the new locations. To create the mapping, determine where the newer version stores each setting using the process described in [How to determine where each setting is stored](#how-to-determine-where-each-setting-is-stored). After you've created the mapping, apply the settings to the new location on the destination computer using the **&lt;locationModify&gt;** element, and the `RelativeMove` and `ExactMove` helper functions.
 
-    **Note**  
-    Changing an application setting invariably leads to writing to registry keys. If possible, filter the output of the file and registry monitor tool to display only writes to files and registry keys/values.
+### Case 2: The destination computer already contains settings for the application
 
-     
+We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. If you must install the application before the migration, you should delete any existing settings using the **&lt;destinationCleanup&gt;** element. If for any reason you want to preserve the settings that are on the destination computer, you can use the **&lt;merge&gt;** element and `DestinationPriority` helper function.
 
-## <a href="" id="bkmk-step3"></a>Step 3: Identify how to apply the gathered settings.
+### Case 3: The application overwrites settings when it's installed
 
+We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this process because this process ensures that there are no settings on the destination computer when you migrate the settings. Also, when some applications are installed, they overwrite any existing settings that are on the computer. In this scenario, if you migrated the data before you installed the application, your customized settings would be overwritten. This scenario is common for applications that store settings in locations that are outside of the user profile (typically these settings are settings that apply to all users). These universal settings are sometimes overwritten when an application is installed, and they're replaced by default values. To avoid this problem, you must install these applications before migrating the files and settings to the destination computer. By default with USMT, data from the source computer overwrites data that already exists in the same location on the destination computer.
 
-If the version of the application on the source computer is the same as the one on the destination computer, then you do not have to modify the collected files and registry keys. By default, USMT migrates the files and registry keys from the source location to the corresponding location on the destination computer. For example, if a file was collected from the C:\\Documents and Settings\\User1\\My Documents folder and the profile directory on the destination computer is located at D:\\Users\\User1, then USMT will automatically migrate the file to D:\\Users\\User1\\My Documents. However, you may need to modify the location of some settings in the following three cases:
+## Step 4: Create the migration XML component for the application
 
-### Case 1: The version of the application on the destination computer is newer than the one on the source computer.
+After you have completed steps 1 through 3, you'll need to create a custom migration .xml file that migrates the application based on the information that you now have. You can use the `MigApp.xml` file as a model because it contains examples of many of the concepts discussed in this article. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample .xml file.
 
-In this case, the newer version of the application may be able to read the settings from the source computer without modification. That is, the data collected from an older version of the application is sometimes compatible with the newer version of the application. However, you may need to modify the setting location if either of the following is true:
+ > [!NOTE]
+ > We recommend that you create a separate .xml file instead of adding your script to the `MigApp.xml` file. This is because the `MigApp.xml` file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the `MigApp.xml` file will be overwritten by the default version of the file and you will lose your customized version.
 
--   **The newer version of the application has the ability to import settings from an older version.** This mapping usually happens the first time a user runs the newer version after the settings have been migrated. Some applications do this automatically after settings are migrated; however, other applications will only do this if the application was upgraded from the older version. When the application is upgraded, a set of files and/or registry keys is installed that indicates the older version of the application was previously installed. If you perform a clean installation of the newer version (which is the case in most migrations), the computer does not contain this set of files and registry keys so the mapping does not occur. In order to trick the newer version of the application into initiating this import process, your migration script may need to create these files and/or registry keys on the destination computer.
+> [!IMPORTANT]
+> Some applications store information in the user profile, such as application installation paths, the computer name, etc., should not be migrated. You should make sure to exclude these files and registry keys from the migration.
 
-    To identify which files and/or registry keys/values need to be created to cause the import, you should upgrade the older version of the application to the newer one and monitor the changes made to the file system and registry by using the same process described in [How To determine where each setting is stored](#bkmkdetermine). Once you know the set of files that the computer needs, you can use the &lt;`addObjects`&gt; element to add them to the destination computer.
+Your script should do the following actions:
 
--   [The newer version of the application cannot read settings from the source computer and it is also unable to import the settings into the new format.](#bkmkdetermine) In this case, you will need to create a mapping for each setting from the old locations to the new locations. To do this, determine where the newer version stores each setting using the process described in How to determine where each setting is stored. After you have created the mapping, apply the settings to the new location on the destination computer using the &lt;`locationModify`&gt; element, and the **RelativeMove** and **ExactMove** helper functions.
+1. Check whether the application and correct version is installed by:
 
-### Case 2: The destination computer already contains settings for the application.
+    - Searching for the installation uninstall key under `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall` using the `DoesObjectExist` helper function.
 
-We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this because this ensures that there are no settings on the destination computer when you migrate the settings. If you must install the application before the migration, you should delete any existing settings using the &lt;`destinationCleanup`&gt; element. If for any reason you want to preserve the settings that are on the destination computer, you can use the &lt;`merge`&gt; element and **DestinationPriority** helper function.
+    - Checking for the correct version of the application executable file using the `DoesFileVersionMatch` helper function.
 
-### Case 3: The application overwrites settings when it is installed.
+2. If the correct version of the application is installed, then ensure that each setting is migrated to the appropriate location on the destination computer.
 
-We recommend that you migrate the settings after you install the application, but before the user runs the application for the first time. We recommend this because this ensures that there are no settings on the destination computer when you migrate the settings. Also, when some applications are installed, they overwrite any existing settings that are on the computer. In this scenario, if you migrated the data before you installed the application, your customized settings would be overwritten. This is common for applications that store settings in locations that are outside of the user profile (typically these are settings that apply to all users). These universal settings are sometimes overwritten when an application is installed, and they are replaced by default values. To avoid this, you must install these applications before migrating the files and settings to the destination computer. By default with USMT, data from the source computer overwrites data that already exists in the same location on the destination computer.
+    - If the versions of the applications are the same on both the source and destination computers, migrate each setting using the **&lt;include&gt;** and **&lt;exclude&gt;** elements.
 
-## <a href="" id="bkmk-step4"></a>Step 4: Create the migration XML component for the application
+    - If the version of the application on the destination computer is newer than the one on the source computer, and the application can't import the settings, your script should either:
+        1. Add the set of files that trigger the import using the **&lt;addObjects&gt;** element
+        2. Create a mapping that applies the old settings to the correct location on the destination computer using the **&lt;locationModify&gt;** element, and the `RelativeMove` and `ExactMove` helper functions.
 
-
-After you have completed steps 1 through 3, you will need to create a custom migration .xml file that migrates the application based on the information that you now have. You can use the MigApp.xml file as a model because it contains examples of many of the concepts discussed in this topic. You can also see [Custom XML Examples](usmt-custom-xml-examples.md) for another sample .xml file.
-
-**Note**  
-We recommend that you create a separate .xml file instead of adding your script to the **MigApp.xml** file. This is because the **MigApp.xml** file is a very large file and it will be difficult to read and edit. In addition, if you reinstall USMT for some reason, the **MigApp.xml** file will be overwritten by the default version of the file and you will lose your customized version.
-
- 
-
-**Important**  
-Some applications store information in the user profile that should not be migrated (for example, application installation paths, the computer name, and so on). You should make sure to exclude these files and registry keys from the migration.
-
- 
-
-Your script should do the following:
-
-1.  Check whether the application and correct version is installed by:
-
-    -   Searching for the installation uninstall key under **HKEY\_LOCAL\_MACHINE\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Uninstall** using the **DoesObjectExist** helper function.
-
-    -   Checking for the correct version of the application executable file using the **DoesFileVersionMatch** helper function.
-
-2.  If the correct version of the application is installed, then ensure that each setting is migrated to the appropriate location on the destination computer.
-
-    -   If the versions of the applications are the same on both the source and destination computers, migrate each setting using the &lt;`include`&gt; and &lt;`exclude`&gt; elements.
-
-    -   If the version of the application on the destination computer is newer than the one on the source computer, and the application cannot import the settings, your script should either 1) add the set of files that trigger the import using the &lt;`addObjects`&gt; element or 2) create a mapping that applies the old settings to the correct location on the destination computer using the &lt;`locationModify`&gt; element, and the **RelativeMove** and **ExactMove** helper functions.
-
-    -   If you must install the application before migrating the settings, delete any settings that are already on the destination computer using the &lt;`destinationCleanup`&gt; element.
+    - If you must install the application before migrating the settings, delete any settings that are already on the destination computer using the **&lt;destinationCleanup&gt;** element.
 
 For information about the .xml elements and helper functions, see [XML Elements Library](usmt-xml-elements-library.md).
 
-## <a href="" id="bkmk-step5"></a>Step 5: Test the application settings migration
+## Step 5: Test the application settings migration
 
+On a test computer, install the operating system that will be installed on the destination computers. For example, if you're planning on migrating from Windows 7 to Windows 10, install Windows 10 and the application. Next, run LoadState on the test computer and verify that all settings migrate. Make corrections if necessary and repeat the process until all the necessary settings are migrated correctly.
 
-On a test computer, install the operating system that will be installed on the destination computers. For example, if you are planning on migrating from Windows 7 to Windows 10, install Windows 10 and the application. Next, run LoadState on the test computer and verify that all settings migrate. Make corrections if necessary and repeat the process until all the necessary settings are migrated correctly.
+To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you're testing. To specify only **User1** in the migration, enter:
 
-To speed up the time it takes to collect and migrate the data, you can migrate only one user at a time, and you can exclude all other components from the migration except the application that you are testing. To specify only User1 in the migration, type: **/ue:\*\\\* /ui:user1**. For more information, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md) and User options in the [ScanState Syntax](usmt-scanstate-syntax.md) topic. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration.
+``` syntax
+/ue:*\* /ui:user1
+```
 
-## Related topics
+For more information, see the [Exclude files and settings](usmt-exclude-files-and-settings.md) article and the [User options](usmt-scanstate-syntax.md#user-options) section in the [ScanState syntax](usmt-scanstate-syntax.md) article. To troubleshoot a problem, check the progress log, and the ScanState and LoadState logs, which contain warnings and errors that may point to problems with the migration.
 
+## Related articles
 
-[USMT XML Reference](usmt-xml-reference.md)
+[USMT XML reference](usmt-xml-reference.md)
 
-[Conflicts and Precedence](usmt-conflicts-and-precedence.md)
+[Conflicts and precedence](usmt-conflicts-and-precedence.md)
 
-[XML Elements Library](usmt-xml-elements-library.md)
-
-[Log Files](usmt-log-files.md)
-
- 
+[XML elements library](usmt-xml-elements-library.md)
 
+[Log files](usmt-log-files.md)
diff --git a/windows/deployment/usmt/migration-store-types-overview.md b/windows/deployment/usmt/migration-store-types-overview.md
index aec69b1dd2..9059505be0 100644
--- a/windows/deployment/usmt/migration-store-types-overview.md
+++ b/windows/deployment/usmt/migration-store-types-overview.md
@@ -2,78 +2,60 @@
 title: Migration Store Types Overview (Windows 10)
 description: Learn about the migration store types and how to determine which migration store type best suits your needs.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Migration Store Types Overview
 
+When planning your migration, you should determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers. You should also determine the space needed to create and host the migration store, whether you're using a local share, network share, or storage device.
 
-When planning your migration, you should determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers. You should also determine the space needed to create and host the migration store, whether you are using a local share, network share, or storage device.
-
-## In This Topic
-
-
-[Migration Store Types](#bkmk-types)
-
-[Local Store vs. Remote Store](#bkmk-localvremote)
-
-[The /localonly Command-Line Option](#bkmk-localonly)
-
-## <a href="" id="bkmk-types"></a>Migration Store Types
-
+## Migration store types
 
 This section describes the three migration store types available in USMT.
 
 ### Uncompressed (UNC)
 
-The uncompressed (UNC) migration store is an uncompressed directory with a mirror image of the folder hierarchy being migrated. Each directory and file retains the same access permissions that it has on the local file system. You can use Windows Explorer to view this migration store type. Settings are stored in a catalog file that also describes how to restore files on the destination computer.
+The uncompressed (UNC) migration store is an uncompressed directory with a mirror image of the folder hierarchy being migrated. Each directory and file retains the same access permissions that it has on the local file system. You can use Windows Explorer to view this migration store type. Settings are stored in a catalog file that also describes how to restore files on the destination computer.
 
 ### Compressed
 
-The compressed migration store is a single image file that contains all files being migrated and a catalog file. This image file is often encrypted and protected with a password, and cannot be navigated with Windows Explorer.
+The compressed migration store is a single image file that contains all files being migrated and a catalog file. This image file is often encrypted and protected with a password, and can't be navigated with Windows Explorer.
 
 ### Hard-Link
 
-A hard-link migration store functions as a map that defines how a collection of bits on the hard disk are “wired” into the file system. You use the new USMT hard-link migration store in the PC Refresh scenario only. This is because the hard-link migration store is maintained on the local computer while the old operating system is removed and the new operating system is installed. Using a hard-link migration store saves network bandwidth and minimizes the server use needed to accomplish the migration.
+A hard-link migration store functions as a map that defines how a collection of bits on the hard disk are "wired" into the file system. You use the new USMT hard-link migration store in the PC Refresh scenario only. You only use hard-link migration stores in Refresh scenarios because the hard-link migration store is maintained on the local computer while the old operating system is removed and the new operating system is installed. Using a hard-link migration store saves network bandwidth and minimizes the server use needed to accomplish the migration.
 
-You use a command-line option,**/hardlink** , to create a hard-link migration store, which functions the same as an uncompressed migration store. Files are not duplicated on the local computer when user state is captured, nor are they duplicated when user state is restored. For more information, see [Hard-Link Migration Store](usmt-hard-link-migration-store.md).
+You use the command-line option `/hardlink` to create a hard-link migration store, which functions the same as an uncompressed migration store. Files aren't duplicated on the local computer when user state is captured, nor are they duplicated when user state is restored. For more information, see [Hard-Link Migration Store](usmt-hard-link-migration-store.md).
 
 The following flowchart illustrates the procedural differences between a local migration store and a remote migration store. In this example, a hard-link migration store is used for the local store.
 
 ![migration store comparison.](images/dep-win8-l-usmt-migrationcomparemigstores.gif)
 
-## <a href="" id="bkmk-localvremote"></a>Local Store vs. Remote Store
+## Local store vs. remote store
 
+If you have enough space and you're migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you're using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It's also good practice to ensure that the migration is the only task the server is performing.
 
-If you have enough space and you are migrating the user state back to the same computer, storing data on a local device is normally the best option to reduce server storage costs and network performance issues. You can store the data locally either on a different partition or on a removable device such as a USB flash drive (UFD). Also, depending on the imaging technology that you are using, you might be able to store the data on the partition that is being re-imaged, if the data will be protected from deletion during the process. To increase performance, store the data on high-speed drives that use a high-speed network connection. It is also good practice to ensure that the migration is the only task the server is performing.
+If there isn't enough local disk space, or if you're moving the user state to another computer, then you must store the data remotely such as on a shared folder, on removable media, or you can store it directly on the destination computer. For example:
 
-If there is not enough local disk space, or if you are moving the user state to another computer, then you must store the data remotely. For example, you can store it in on a shared folder, on removable media such as a UFD drive, or you can store it directly on the destination computer. For example, create and share C:\\store on the destination computer. Then run the ScanState command on the source computer and save the files and settings to \\\\*DestinationComputerName*\\store. Then, run the **LoadState** command on the destination computer and specify **C:\\Store** as the store location. By doing this, you do not need to save the files to a server.
+1. Create and share `C:\store` on the destination computer
+2. Run the `ScanState.exe` command on the source computer and save the files and settings to `\\<DestinationComputerName>\store`
+3. Run the `LoadState.exe ` command on the destination computer and specify `C:\Store` as the store location.
 
-**Important**  
-If possible, have users store their data within their %UserProfile%\\My Documents and %UserProfile%\\Application Data folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check.
-
- 
-
-### <a href="" id="bkmk-localonly"></a>The /localonly Command-Line Option
-
-You should use this option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify **/LocalOnly**, see [ScanState Syntax](usmt-scanstate-syntax.md).
-
-## Related topics
-
-
-[Plan Your Migration](usmt-plan-your-migration.md)
-
- 
-
- 
+By doing this process, you don't need to save the files to a server.
 
+> [!IMPORTANT]
+> If possible, have users store their data within their `%UserProfile%\My Documents` and `%UserProfile%\Application Data` folders. This will reduce the chance of USMT missing critical user data that is located in a directory that USMT is not configured to check.
 
+### The /localonly command-line option
 
+You should use this option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify `/LocalOnly`, see [ScanState Syntax](usmt-scanstate-syntax.md).
 
+## Related articles
 
+[Plan your migration](usmt-plan-your-migration.md)
diff --git a/windows/deployment/usmt/offline-migration-reference.md b/windows/deployment/usmt/offline-migration-reference.md
index 4e6416a3c3..fb362c9ab3 100644
--- a/windows/deployment/usmt/offline-migration-reference.md
+++ b/windows/deployment/usmt/offline-migration-reference.md
@@ -2,78 +2,64 @@
 title: Offline Migration Reference (Windows 10)
 description: Offline migration enables the ScanState tool to run inside a different Windows OS than the Windows OS from which ScanState is gathering files and settings.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Offline Migration Reference
 
-Offline migration enables the ScanState tool to run inside a different Windows&reg; operating system than the Windows operating system from which ScanState is gathering files and settings. There are two primary offline scenarios:
+Offline migration enables the ScanState tool to run inside a different Windows operating system than the Windows operating system from which ScanState is gathering files and settings. There are two primary offline scenarios:
 
--   **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine.
+- **Windows PE.** The ScanState tool can be run from within Windows PE, gathering files and settings from the offline Windows operating system on that machine.
 
--   **Windows.old.** The ScanState tool can now gather files and settings from the Windows.old directory that is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows 10, gathering files from a previous Windows 7or Windows 8 installation contained in the Windows.old directory.
+- **Windows.old.** The ScanState tool can now gather files and settings from the Windows.old directory that is created during Windows installation on a partition that contains a previous installation of Windows. For example, the ScanState tool can run in Windows 10, gathering files from a previous Windows 7or Windows 8 installation contained in the Windows.old directory.
 
-When you use User State Migration Tool (USMT) 10.0 to gather and restore user state, offline migration reduces the cost of deployment by:
+When you use User State Migration Tool (USMT) 10.0 to gather and restore user state, offline migration reduces the cost of deployment by:
 
--   **Reducing complexity.** In computer-refresh scenarios, migrations from the Windows.old directory reduce complexity by eliminating the need for the ScanState tool to be run before the operating system is deployed. Also, migrations from the Windows.old directory enable ScanState and LoadState to be run successively.
+- **Reducing complexity.** In computer-refresh scenarios, migrations from the Windows.old directory reduce complexity by eliminating the need for the ScanState tool to be run before the operating system is deployed. Also, migrations from the Windows.old directory enable ScanState and LoadState to be run successively.
 
--   **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. This may increase performance on older machines with limited hardware resources and numerous installed software applications.
+- **Improving performance.** When USMT runs in an offline Windows Preinstallation Environment (WinPE) environment, it has better access to the hardware resources. Running USMT in WinPE may increase performance on older machines with limited hardware resources and numerous installed software applications.
 
--   **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE.
+- **New recovery scenario.** In scenarios where a machine no longer restarts properly, it might be possible to gather user state with the ScanState tool from within WinPE.
 
-## In This topic
-
--   [What Will Migrate Offline?](#bkmk-whatwillmigrate)
-
--   [What Offline Environments are Supported?](#bkmk-offlineenvironments)
-
--   [User-Group Membership and Profile Control](#bkmk-usergroupmembership)
-
--   [Command-Line Options](#bkmk-commandlineoptions)
-
--   [Environment Variables](#bkmk-environmentvariables)
-
--   [Offline.xml Elements](#bkmk-offlinexml)
-
-## <a href="" id="bkmk-whatwillmigrate"></a>What Will Migrate Offline?
+## What will migrate offline?
 
 The following user data and settings migrate offline, similar to an online migration:
 
--   Data and registry keys specified in MigXML
+- Data and registry keys specified in MigXML
 
--   User accounts
+- User accounts
 
--   Application settings
+- Application settings
 
--   Limited set of operating-system settings
+- Limited set of operating-system settings
 
--   EFS files
+- EFS files
 
--   Internet Explorer&reg; Favorites
+- Internet Explorer Favorites
 
 For exceptions to what you can migrate offline, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
 
-## <a href="" id="bkmk-offlineenvironments"></a>What Offline Environments are Supported?
+## What offline environments are supported?
 
 The following table defines the supported combination of online and offline operating systems in USMT.
 
 |Running Operating System|Offline Operating System|
 |--- |--- |
-|WinPE 5.0 or greater, with the MSXML library|Windows Vista, Windows 7, Windows 8, Windows 10|
-|Windows 7, Windows 8, Windows 10|Windows.old directory|
+|WinPE 5.0 or greater, with the MSXML library|Windows 7, Windows 8, Windows 10|
+|Windows 7, Windows 8, Windows 10|Windows.old directory|
 
-**Note**  
-It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](/previous-versions/windows/it-pro/windows-7/ee424315(v=ws.10)).
+> [!NOTE]
+> It is possible to run the ScanState tool while the drive remains encrypted by suspending Windows BitLocker Drive Encryption before booting into WinPE. For more information, see [this Microsoft site](/previous-versions/windows/it-pro/windows-7/ee424315(v=ws.10)).
 
-## <a href="" id="bkmk-usergroupmembership"></a>User-Group Membership and Profile Control
+## User-group membership and profile control
 
-User-group membership is not preserved during offline migrations. You must configure a **&lt;ProfileControl&gt;** section in the Config.xml file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group:
+User-group membership isn't preserved during offline migrations. You must configure a **&lt;ProfileControl&gt;** section in the `Config.xml` file to specify the groups that the migrated users should be made members of. The following example places all migrated users into the Users group:
 
 ``` xml
 <Configuration>
@@ -91,70 +77,74 @@ User-group membership is not preserved during offline migrations. You must confi
 </Configuration>
 ```
 
-For information about the format of a Config.xml file, see [Config.xml File](usmt-configxml-file.md).
+For information about the format of a `Config.xml` file, see [Config.xml File](usmt-configxml-file.md).
 
-## <a href="" id="bkmk-commandlineoptions"></a>Command-Line Options
+## Command-line options
 
 An offline migration can either be enabled by using a configuration file on the command line, or by using one of the following command line options:
 
 |Component|Option|Description|
 |--- |--- |--- |
-|ScanState.exe|**/offline:***&lt;path to offline.xml&gt;*|This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.|
-|ScanState.exe|**/offlineWinDir:***&lt;Windows directory&gt;*|This command-line option enables the offline-migration mode and starts the migration from the location specified. It is only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.|
-|ScanState.exe|**/OfflineWinOld:***&lt;Windows.old directory&gt;*|This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.|
+|*ScanState.exe*|**/offline:***&lt;path to Offline.xml&gt;*|This command-line option enables the offline-migration mode and requires a path to an Offline.xml configuration file.|
+|*ScanState.exe*|**/offlineWinDir:***&lt;Windows directory&gt;*|This command-line option enables the offline-migration mode and starts the migration from the location specified. It's only for use in WinPE offline scenarios where the migration is occurring from a Windows directory.|
+|*ScanState.exe*|**/OfflineWinOld:***&lt;Windows.old directory&gt;*|This command-line option enables the offline migration mode and starts the migration from the location specified. It's only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.|
 
-You can use only one of the **/offline**, **/offlineWinDir**, or **/OfflineWinOld** command-line options at a time; USMT does not support using more than one together.
+You can use only one of the `/offline`, `/offlineWinDir`, or `/OfflineWinOld` command-line options at a time. USMT doesn't support using more than one together.
 
-## <a href="" id="bkmk-environmentvariables"></a>Environment Variables
+## Environment variables
 
 The following system environment variables are necessary in the scenarios outlined below.
 
 |Variable|Value|Scenario|
 |--- |--- |--- |
-|USMT_WORKING_DIR|Full path to a working directory|Required when USMT binaries are located on read-only media, which does not support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following: <br/><pre class="syntax"><code>Set USMT_WORKING_DIR=[path to working directory]</code></pre>|
-|MIG_OFFLINE_PLATFORM_ARCH|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system does not match the WinPE and Scanstate.exe architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. This is required when auto-detection of the offline architecture doesn't function properly, for example, when the source system is running a 64-bit version of Windows XP. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following: <br/><pre class="syntax"><code>Set MIG_OFFLINE_PLATFORM_ARCH=32</code></pre>|
+|*USMT_WORKING_DIR*|Full path to a working directory|Required when USMT binaries are located on read-only media, which doesn't support the creation of log files or temporary storage. To set the system environment variable, at a command prompt type the following command: <br/><pre class="syntax"><code>Set USMT_WORKING_DIR=[path to working directory]</code></pre>|
+*|MIG_OFFLINE_PLATFORM_ARCH*|32 or 64|While operating offline, this environment variable defines the architecture of the offline system, if the system doesn't match the WinPE and `ScanState.exe` architecture. This environment variable enables the 32-bit ScanState application to gather data from a computer with 64-bit architecture, or the 64-bit ScanState application to gather data from a computer with 32-bit architecture. Specifying the architecture is required when auto-detection of the offline architecture doesn't function properly. For example, to set this system environment variable for a 32-bit architecture, at a command prompt type the following command: <br/><pre class="syntax"><code>Set MIG_OFFLINE_PLATFORM_ARCH=32</code></pre>|
 
-## <a href="" id="bkmk-offlinexml"></a>Offline.xml Elements
+## Offline.xml elements
 
-Use an offline.xml file when running the ScanState tool on a computer that has multiple Windows directories. The offline.xml file specifies which directories to scan for windows files. An offline.xml file can be used with the /offline option as an alternative to specifying a single Windows directory path with the /offlineDir option.
+Use an `Offline.xml` file when running the ScanState tool on a computer that has multiple Windows directories. The `Offline.xml` file specifies which directories to scan for windows files. An `Offline.xml` file can be used with the `/offline` option as an alternative to specifying a single Windows directory path with the `/offlineDir` option.
 
-### <a href="" id="-offline-"></a>&lt;offline&gt;
+### &lt;offline&gt;
 
 This element contains other elements that define how an offline migration is to be performed.
 
-Syntax: &lt;offline&gt; &lt;/offline&gt;
+Syntax: `<offline>` `</offline>`
 
-### <a href="" id="-windir-"></a>&lt;winDir&gt;
+### &lt;winDir&gt;
 
 This element is a required child of **&lt;offline&gt;** and contains information about how the offline volume can be selected. The migration will be performed from the first element of **&lt;winDir&gt;** that contains a valid Windows system volume.
 
-Syntax: &lt; winDir &gt; &lt;/ winDir &gt;
+Syntax: `<winDir>` `</winDir>`
 
-### <a href="" id="-path-"></a>&lt;path&gt;
+### &lt;path&gt;
 
 This element is a required child of **&lt;winDir&gt;** and contains a file path pointing to a valid Windows directory. Relative paths are interpreted from the ScanState tool's working directory.
 
-Syntax: &lt;path&gt; c:\\windows &lt;/path&gt;
+Syntax: `<path> C:\Windows </path>`
 
 -or-
 
-Syntax, when used with the **&lt;mappings&gt;** element: &lt;path&gt; C:\\, D:\\ &lt;/path&gt;
+Syntax, when used with the **&lt;mappings&gt;** element: `<path> C:\, D:\ </path>`
 
-### <a href="" id="-mappings-"></a>&lt;mappings&gt;
+### &lt;mappings&gt;
 
 This element is an optional child of **&lt;offline&gt;**. When specified, the **&lt;mappings&gt;** element will override the automatically detected WinPE drive mappings. Each child **&lt;path&gt;** element will provide a mapping from one system volume to another. Additionally, mappings between folders can be provided, since an entire volume can be mounted to a specific folder.
 
-Syntax: &lt;mappings&gt; &lt;/mappings&gt;
+Syntax: `<mappings>` `</mappings>`
 
-### <a href="" id="-failonmultiplewindir-"></a>&lt;failOnMultipleWinDir&gt;
+### &lt;failOnMultipleWinDir&gt;
 
-This element is an optional child of **&lt;offline&gt;**. The **&lt;failOnMultipleWinDir&gt;** element allows the user to specify that the migration should fail when USMT detects that there are multiple instances of Windows installed on the source machine. When the **&lt;failOnMultipleWinDir&gt;** element isn't present, the default behavior is that the migration does not fail.
+This element is an optional child of **&lt;offline&gt;**. The **&lt;failOnMultipleWinDir&gt;** element allows the user to specify that the migration should fail when USMT detects that there are multiple instances of Windows installed on the source machine. When the **&lt;failOnMultipleWinDir&gt;** element isn't present, the default behavior is that the migration doesn't fail.
 
-Syntax: &lt;failOnMultipleWinDir&gt;1&lt;/failOnMultipleWinDir&gt; or Syntax: &lt;failOnMultipleWinDir&gt;0&lt;/failOnMultipleWinDir&gt;
+Syntax: `<failOnMultipleWinDir>1</failOnMultipleWinDir>`
+
+-or-
+
+Syntax: `<failOnMultipleWinDir>0</failOnMultipleWinDir>`
 
 ### Offline .xml Example
 
-The following XML example illustrates some of the elements discussed earlier in this topic.
+The following XML example illustrates some of the elements discussed earlier in this article.
 
 ``` xml
 <offline>
@@ -167,6 +157,6 @@ The following XML example illustrates some of the elements discussed earlier in
 </offline>
 ```
 
-## Related topics
+## Related articles
 
-[Plan Your Migration](usmt-plan-your-migration.md)
+[Plan your migration](usmt-plan-your-migration.md)
diff --git a/windows/deployment/usmt/understanding-migration-xml-files.md b/windows/deployment/usmt/understanding-migration-xml-files.md
index a8500e179f..bbfd70227a 100644
--- a/windows/deployment/usmt/understanding-migration-xml-files.md
+++ b/windows/deployment/usmt/understanding-migration-xml-files.md
@@ -2,242 +2,225 @@
 title: Understanding Migration XML Files (Windows 10)
 description: Learn how to modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Understanding Migration XML Files
+# Understanding migration XML files
 
-You can modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the MigDocs.xml and MigUser.xml files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a Config.xml file to further customize your migration.
+You can modify the behavior of a basic User State Migration Tool (USMT) 10.0 migration by using XML files; these files provide instructions on where and how the USMT tools should gather and apply files and settings. USMT includes three XML files that you can use to customize a basic migration: the `MigDocs.xml` and `MigUser.xml` files, which modify how files are discovered on the source computer, and the MigApps.xml file, which is required in order to migrate supported application settings. You can also create and edit custom XML files and a `Config.xml` file to further customize your migration.
 
-This topic provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file. The MigDocs.xml file uses the new **GenerateDocPatterns** function available in USMT to automatically find user documents on a source computer.
+This article provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the `MigDocs.xml` file. The `MigDocs.xml` file uses the new `GenerateDocPatterns` function available in USMT to automatically find user documents on a source computer.
 
-## In This topic
+## Overview of the Config.xml file
 
-[Overview of the Config.xml file](#bkmk-config)
+The `Config.xml` file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The `Config.xml` file can be used with other XML files, such as in the following example:
 
-[Overview of the MigApp.xml file](#bkmk-migapp)
+`ScanState.exe /i:migapps.xml /i:MigDocs.xml /genconfig:c:\myFolder\Config.xml`
 
-[Overview of the MigDocs.xml file](#bkmk-migdocs)
-
-[Overview of the MigUser.xml file](#bkmk-miguser)
-
-[Using multiple XML files](#bkmk-multiple)
-
-[XML rules for migrating user files](#bkmk-userfiles)
-
-[The GenerateDocPatterns function](#bkmk-generate)
-
-[Understanding the system and user context](#bkmk-context)
-
-[Sample migration rules for customized versions of XML files](#bkmk-samples)
-
-[Exclude rules usage examples](#bkmk-exclude)
-
-[Include rules usage examples](#bkmk-include)
-
-[Next Steps](#bkmk-next)
-
-## <a href="" id="bkmk-config"></a>Overview of the Config.xml file
-
-The Config.xml file is the configuration file created by the `/genconfig` option of the ScanState tool; it can be used to modify which operating-system components are migrated by USMT. The Config.xml file can be used with other XML files, such as in the following example: `scanstate /i:migapps.xml /i:migdocs.xml /genconfig:c:\myFolder\config.xml`. When used this way, the Config.xml file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the Config.xml file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).
+When used this way, the `Config.xml` file tightly controls aspects of the migration, including user profiles, data, and settings, without modifying or creating other XML files. For more information about the `Config.xml` file, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).
 
 > [!NOTE]
-> When modifying the XML elements in the Config.xml file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files.
+> When modifying the XML elements in the `Config.xml` file, you should edit an element and set the **migrate** property to **no**, rather than deleting the element from the file. If you delete the element instead of setting the property, the component may still be migrated by rules in other XML files.
 
-## <a href="" id="bkmk-migapp"></a>Overview of the MigApp.xml file
+## Overview of the MigApp.xml file
 
-The MigApp.xml file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the MigApp.xml file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The MigDocs.xml and MigUser.xml files do not migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md).
+The `MigApp.xml` file installed with USMT includes instructions to migrate the settings for the applications listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md). You must include the `MigApp.xml` file when using the ScanState and LoadState tools, by using the `/i` option in order to migrate application settings. The `MigDocs.xml` and `MigUser.xml` files don't migrate application settings. You can create a custom XML file to include additional applications. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md).
 
-> [!Important]
-> The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. For more information about migrating .pst files that are not linked to Outlook, see the [Sample migration rules for customized versions of XML files](#bkmk-samples).
+> [!IMPORTANT]
+> The MigApps.xml file will only detect and migrate .pst files that are linked to Microsoft Office Outlook. For more information about migrating .pst files that are not linked to Outlook, see [Sample migration rules for customized versions of XML files](#sample-migration-rules-for-customized-versions-of-xml-files).
 
-## <a href="" id="bkmk-migdocs"></a>Overview of the MigDocs.xml file
+## Overview of the MigDocs.xml file
 
-The MigDocs.xml file uses the new **GenerateDocPatterns** helper function to create instructions for USMT to migrate files from the source computer, based on the location of the files. You can use the MigDocs.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions.
+The `MigDocs.xml` file uses the new `GenerateDocPatterns` helper function to create instructions for USMT to migrate files from the source computer, based on the location of the files. You can use the `MigDocs.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions.
 
-The default MigDocs.xml file migrates the following:
+The default `MigDocs.xml` file migrates the following data:
 
--   All files on the root of the drive except %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA%, or %USERS%.
+- All files on the root of the drive except `%WINDIR%`, `%PROGRAMFILES%`, `%PROGRAMDATA%`, or `%USERS%`.
 
--   All folders in the root directory of all fixed drives. For example: c:\\data\_mail\\\*\[\*\]
+- All folders in the root directory of all fixed drives. For example: `c:\data_mail\*[*]`
 
--   All files from the root of the Profiles folder, except for files in the system profile. For example: c:\\users\\name\[mail.pst\]
+- All files from the root of the Profiles folder, except for files in the system profile. For example: `c:\users\name[mail.pst]`
 
--   All folders from the root of the Profiles folder, except for the system-profile folders. For example: c:\\users\\name\\new folder\\\*\[\*\]
+- All folders from the root of the Profiles folder, except for the system-profile folders. For example: `c:\users\name\new folder\*[*]`
 
--   Standard shared folders:
+- Standard shared folders:
 
-    -   CSIDL\_COMMON\_DESKTOPDIRECTORY
+  - CSIDL_COMMON_DESKTOPDIRECTORY
 
-    -   CSIDL\_COMMON\_FAVORITES
+  - CSIDL_COMMON_FAVORITES
 
-    -   CSIDL\_COMMON\_DOCUMENTS
+  - CSIDL_COMMON_DOCUMENTS
 
-    -   CSIDL\_COMMON\_MUSIC
+  - CSIDL_COMMON_MUSIC
 
-    -   CSIDL\_COMMON\_PICTURES
+  - CSIDL_COMMON_PICTURES
 
-    -   CSIDL\_COMMON\_VIDEO
+  - CSIDL_COMMON_VIDEO
 
-    -   FOLDERID\_PublicDownloads
+  - FOLDERID_PublicDownloads
 
--   Standard user-profile folders for each user:
+- Standard user-profile folders for each user:
 
-    -   CSIDL\_MYDOCUMENTS
+  - CSIDL_MYDOCUMENTS
 
-    -   CSIDL\_MYPICTURES
+  - CSIDL_MYPICTURES
 
-    -   FOLDERID\_OriginalImages
+  - FOLDERID_OriginalImages
 
-    -   CSIDL\_MYMUSIC
+  - CSIDL_MYMUSIC
 
-    -   CSIDL\_MYVIDEO
+  - CSIDL_MYVIDEO
 
-    -   CSIDL\_FAVORITES
+  - CSIDL_FAVORITES
 
-    -   CSIDL\_DESKTOP
+  - CSIDL_DESKTOP
 
-    -   CSIDL\_QUICKLAUNCH
+  - CSIDL_QUICKLAUNCH
 
-    -   FOLDERID\_Contacts
+  - FOLDERID_Contacts
 
-    -   FOLDERID\_Libraries
+  - FOLDERID_Libraries
 
-    -   FOLDERID\_Downloads
+  - FOLDERID_Downloads
 
-    -   FOLDERID\_SavedGames
+  - FOLDERID_SavedGames
 
-    -   FOLDERID\_RecordedTV
+  - FOLDERID_RecordedTV
 
-The default MigDocs.xml file will not migrate the following:
+The default `MigDocs.xml` file won't migrate the following data:
 
--   Files tagged with both the **hidden** and **system** attributes.
+- Files tagged with both the **hidden** and **system** attributes.
 
--   Files and folders on removable drives.
+- Files and folders on removable drives.
 
--   Data from the %WINDIR%, %PROGRAMDATA%, and %PROGRAMFILES% folders.
+- Data from the %WINDIR%, %PROGRAMDATA%, and %PROGRAMFILES% folders.
 
--   Folders that contain installed applications.
+- Folders that contain installed applications.
 
-You can also use the **/genmigxml** option with the ScanState tool to review and modify what files will be migrated.
+You can also use the `/genmigxml` option with the ScanState tool to review and modify what files will be migrated.
 
-## <a href="" id="bkmk-miguser"></a>Overview of the MigUser.xml file
+## Overview of the MigUser.xml file
 
-The MigUser.xml file includes instructions for USMT to migrate user files based on file name extensions. You can use the MigUser.xml file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The MigUser.xml file will gather all files from the standard user-profile folders, and any files on the computer with the specified file name extensions.
+The `MigUser.xml` file includes instructions for USMT to migrate user files based on file name extensions. You can use the `MigUser.xml` file with the ScanState and LoadState tools to perform a more targeted migration than using USMT without XML instructions. The `MigUser.xml` file will gather all files from the standard user-profile folders, and any files on the computer with the specified file name extensions.
 
-The default MigUser.xml file migrates the following:
+The default `MigUser.xml` file migrates the following data:
 
--   All files from the standard user-profile folders, which are described as:
+- All files from the standard user-profile folders, which are described as:
 
-    -   CSIDL\_MYVIDEO
+  - CSIDL_MYVIDEO
 
-    -   CSIDL\_MYMUSIC
+  - CSIDL_MYMUSIC
 
-    -   CSIDL\_DESKTOP
+  - CSIDL_DESKTOP
 
-    -   CSIDL\_STARTMENU
+  - CSIDL_STARTMENU
 
-    -   CSIDL\_PERSONAL
+  - CSIDL_PERSONAL
 
-    -   CSIDL\_MYPICTURES
+  - CSIDL_MYPICTURES
 
-    -   CSIDL\_FAVORITES
+  - CSIDL_FAVORITES
 
-    -   CSIDL\_QUICK LAUNCH
+  - CSIDL_QUICK LAUNCH
 
--   Files with the following extensions:
+- Files with the following extensions:
 
-    `.qdf`, `.qsd`, `.qel`, `.qph`, `.doc\*`, `.dot\*`, `.rtf`, `.mcw`, `.wps`, `.scd`, `.wri`, `.wpd`, `.xl\*`, `.csv`, `.iqy`, `.dqy`, `.oqy`, `.rqy`, `.wk\*`, `.wq1`, `.slk`, `.dif`, `.ppt\*`, `.pps\*`, `.pot\*`, `.sh3`, `.ch3`, `.pre`, `.ppa`, `.txt`, `.pst`, `.one\*`, `.vl\*`, `.vsd`, `.mpp`, `.or6`, `.accdb`, `.mdb`, `.pub`
+   `.accdb`, `.ch3`, `.csv`, `.dif`, `.doc*`, `.dot*`, `.dqy`, `.iqy`, `.mcw`, `.mdb*`, `.mpp`, `.one*`, `.oqy`, `.or6`, `.pot*`, `.ppa`, `.pps*`, `.ppt*`, `.pre`, `.pst`, `.pub`, `.qdf`, `.qel`, `.qph`, `.qsd`, `.rqy`, `.rtf`, `.scd`, `.sh3`, `.slk`, `.txt`, `.vl*`, `.vsd`, `.wk*`, `.wpd`, `.wps`, `.wq1`, `.wri`, `.xl*`, `.xla`, `.xlb`, `.xls*`
 
-The default MigUser.xml file does not migrate the following:
+  > [!NOTE]
+  > The asterisk (`*`) stands for zero or more characters.
 
--   Files tagged with both the **hidden** and **system** attributes.
+The default `MigUser.xml` file doesn't migrate the following data:
 
--   Files and folders on removable drives,
+- Files tagged with both the **Hidden** and **System** attributes.
 
--   Data from the %WINDIR%, %PROGRAMFILES%, %PROGRAMDATA% folders.
+- Files and folders on removable drives,
 
--   ACLS for files in folders outside the user profile.
+- Data from the `%WINDIR%`, `%PROGRAMFILES%`, `%PROGRAMDATA%` folders.
 
-You can make a copy of the MigUser.xml file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the MigUser.xml file to move all of your relevant data, regardless of the location of the files. However, this provision may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer.
+- ACLS for files in folders outside the user profile.
+
+You can make a copy of the `MigUser.xml` file and modify it to include or exclude standard user-profile folders and file name extensions. If you know all of the extensions for the files you want to migrate from the source computer, use the `MigUser.xml` file to move all of your relevant data, regardless of the location of the files. However, this provision may result in a migration that contains more files than intended. For example, if you choose to migrate all .jpg files, you may migrate image files such as thumbnails and logos from legacy applications that are installed on the source computer.
 
 > [!NOTE]
-> Each file name extension you include in the rules within the MigUser.xml file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#bkmk-multiple) section of this document.
+> Each file name extension you include in the rules within the `MigUser.xml` file increases the amount of time needed for the ScanState tool to gather the files for the migration. If you are migrating more than 300 file types, you may experience a slow migration. For more information about other ways to organize the migration of your data, see the [Using multiple XML files](#using-multiple-xml-files) section of this article.
 
-## <a href="" id="bkmk-multiple"></a>Using multiple XML files
+## Using multiple XML files
 
 You can use multiple XML files with the ScanState and LoadState tools. Each of the default XML files included with or generated by USMT is configured for a specific component of the migration. You can also use custom XML files to supplement these default files with more migration rules.
 
 |XML migration file|Modifies the following components:|
 |--- |--- |
-|Config.xml file|Operating-system components such as desktop wallpaper and background theme. <br/>You can also overload config.xml to include some application and document settings by generating the config.xml file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).|
-|MigApps.xml file|Applications settings.|
-|MigUser.xml or MigDocs.xml files|User files and profile settings.|
-|Custom XML files|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.|
+|*Config.xml file*|Operating-system components such as desktop wallpaper and background theme.<br/> You can also overload `Config.xml` to include some application and document settings by generating the `Config.xml` file with the other default XML files. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [Config.xml File](usmt-configxml-file.md).|
+|*MigApps.xml file*|Applications settings.|
+|*MigUser.xml* or *MigDocs.xml* files|User files and profile settings.|
+|*Custom XML files*|Application settings, user profile settings, or user files, beyond the rules contained in the other XML files.|
 
 For example, you can use all of the XML migration file types for a single migration, as in the following example:
 
-```console
-Scanstate <store> /config:c:\myFolder\config.xml /i:migapps.xml /i:migdocs.xml /i:customrules.xml
+``` syntax
+ScanState.exe <store> /config:c:\myFolder\Config.xml /i:migapps.xml /i:MigDocs.xml /i:CustomRules.xml
 ```
 
-### <a href="" id="bkmk-userfiles"></a>XML rules for migrating user files
+### XML rules for migrating user files
 
 > [!IMPORTANT]
-> You should not use the MigUser.xml and MigDocs.xml files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer.
+> You should not use the `MigUser.xml` and `MigDocs.xml` files together in the same command. Using both XML files can result in duplication of some migrated files. This occurs when conflicting target-location instructions are given in each XML file. The target file will be stored once during the migration, but will be applied by each XML file to a different location on the destination computer.
 
-If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location. The MigUser.xml file migrates only the files with the specified file name extensions.
+If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file will gather a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location. The `MigUser.xml` file migrates only the files with the specified file name extensions.
 
-If you want more control over the migration, you can create custom XML files. See the [Creating and editing a custom ,xml file](#bkmk-createxml) section of this document.
+If you want more control over the migration, you can create custom XML files. See [Creating and editing a custom XML file](#creating-and-editing-a-custom-xml-file) for more information.
 
-## <a href="" id="bkmk-createxml"></a>Creating and editing a custom XML file
+## Creating and editing a custom XML file
 
-You can use the **/genmigxml** command-line option to determine which files will be included in your migration. The **/genmigxml** option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary.
+You can use the `/genmigxml` command-line option to determine which files will be included in your migration. The `/genmigxml` option creates a file in a location you specify, so that you can review the XML rules and make modifications as necessary.
 
 > [!NOTE]
 > If you reinstall USMT, the default migration XML files will be overwritten and any customizations you make directly to these files will be lost. Consider creating separate XML files for your custom migration rules and saving them in a secure location.
 
 To generate the XML migration rules file for a source computer:
 
-1.  Click **Start**, click **All Programs**, click **Accessories**, right-click **Command Prompt**, and then click **Run as**.
+1. Select **Start** > **All Programs** > **Accessories**
 
-2.  Select an account with administrator privileges, supply a password, and then click **OK**.
+2. Right-click **Command Prompt**, and then select **Run as**.
 
-3.  At the command prompt, type:
+3. Select an account with administrator privileges, supply a password, and then select **OK**.
 
-    ```console
+4. At the command prompt, enter:
+
+    ``` syntax
     cd /d <USMTpath>
-    scanstate.exe /genmigxml: <filepath.xml>
+    ScanState.exe /genmigxml: <filepath.xml>
     ```
 
-    Where *&lt;USMTpath&gt;* is the location on your source computer where you have saved the USMT files and tools, and *&lt;filepath.xml&gt;* is the full path to a file where you can save the report. For example, type:
+    Where *&lt;USMTpath&gt;* is the location on your source computer where you've saved the USMT files and tools, and *&lt;filepath.xml&gt;* is the full path to a file where you can save the report. For example, enter:
 
-    ```console
+    ``` syntax
     cd /d c:\USMT
-    scanstate.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml"
+    ScanState.exe /genmigxml:"C:\Documents and Settings\USMT Tester\Desktop\genMig.xml"
     ```
 
-### <a href="" id="bkmk-generate"></a>The GenerateDocPatterns function
+### The GenerateDocPatterns function
 
-The MigDocs.xml file calls the **GenerateDocPatterns** function, which takes three Boolean values. You can change the settings to modify the way the MigDocs.xml file generates the XML rules for migration.
+The `MigDocs.xml` file calls the `GenerateDocPatterns` function, which takes three Boolean values. You can change the settings to modify the way the `MigDocs.xml` file generates the XML rules for migration.
 
-- `ScanProgramFiles`: This argument is valid only when the **GenerateDocPatterns** function is called in a system context. This argument determines whether or not to scan the Program Files directory to gather registered file name extensions for known applications.
+- `ScanProgramFiles`: This argument is valid only when the `GenerateDocPatterns` function is called in a system context. This argument determines whether or not to scan the Program Files directory to gather registered file name extensions for known applications.
 
   **Default value**: False
 
-  For example, when set to **TRUE**, the function discovers and migrates .doc files under the Microsoft Office directory, because .doc is a file name extension registered to a Microsoft Office application. The **GenerateDocPatterns** function generates this inclusion pattern for `.doc` files:
+  For example, when set to **TRUE**, the function discovers and migrates .doc files under the Microsoft Office directory, because .doc is a file name extension registered to a Microsoft Office application. The `GenerateDocPatterns` function generates this inclusion pattern for `.doc` files:
 
   `<pattern type="File">C:\Program Files\Microsoft Office[.doc]</pattern>`
 
   If a child folder of an included folder contains an installed application, ScanProgramFiles will also create an exclusion rule for the child folder. All folders under the application folder will be scanned recursively for registered file name extensions.
 
-- `IncludePatterns`: This argument determines whether to generate exclude or include patterns in the XML. When this argument is set to **TRUE**, the **GenerateDocPatterns** function generates include patterns and the function must be added under the `<include>` element. Changing this argument to **FALSE** generates exclude patterns and the function must be added under the `<exclude>` element.
+- `IncludePatterns`: This argument determines whether to generate exclude or include patterns in the XML. When this argument is set to **TRUE**, the `GenerateDocPatterns` function generates include patterns, and the function must be added under the `<include>` element. Changing this argument to **FALSE** generates exclude patterns and the function must be added under the `<exclude>` element.
 
   **Default value**: True
 
@@ -247,7 +230,7 @@ The MigDocs.xml file calls the **GenerateDocPatterns** function, which takes thr
 
 **Usage:**
 
-```console
+``` syntax
 MigXmlHelper.GenerateDocPatterns ("<ScanProgramFiles>", "<IncludePatterns>", "<SystemDrive>")
 ```
 
@@ -281,78 +264,78 @@ To create exclude data patterns:
 </exclude>
 ```
 
-### <a href="" id="bkmk-context"></a>Understanding the system and user context
+### Understanding the system and user context
 
-The migration XML files contain two &lt;component&gt; elements with different **context** settings. The system context applies to files on the computer that are not stored in the User Profiles directory, while the user context applies to files that are particular to an individual user.
+The migration XML files contain two &lt;component&gt; elements with different **context** settings. The system context applies to files on the computer that aren't stored in the User Profiles directory, while the user context applies to files that are particular to an individual user.
 
-**System context**
+#### System context
 
-The system context includes rules for data outside of the User Profiles directory. For example, when called in a system context in the MigDocs.xml file, the **GenerateDocPatterns** function creates patterns for all common shell folders, files in the root directory of hard drives, and folders located at the root of hard drives. The following folders are included:
+The system context includes rules for data outside of the User Profiles directory. For example, when called in a system context in the `MigDocs.xml` file, the `GenerateDocPatterns` function creates patterns for all common shell folders, files in the root directory of hard drives, and folders located at the root of hard drives. The following folders are included:
 
--   CSIDL\_COMMON\_DESKTOPDIRECTORY
+- CSIDL_COMMON_DESKTOPDIRECTORY
 
--   CSIDL\_COMMON\_FAVORITES
+- CSIDL_COMMON_FAVORITES
 
--   CSIDL\_COMMON\_DOCUMENTS
+- CSIDL_COMMON_DOCUMENTS
 
--   CSIDL\_COMMON\_MUSIC
+- CSIDL_COMMON_MUSIC
 
--   CSIDL\_COMMON\_PICTURES
+- CSIDL_COMMON_PICTURES
 
--   CSIDL\_COMMON\_VIDEO
+- CSIDL_COMMON_VIDEO
 
--   FOLDERID\_PublicDownloads
+- FOLDERID_PublicDownloads
 
-**User context**
+#### User context
 
-The user context includes rules for data in the User Profiles directory. When called in a user context in the MigDocs.xml file, the **GenerateDocPatterns** function creates patterns for all user shell folders, files located at the root of the profile, and folders located at the root of the profile. The following folders are included:
+The user context includes rules for data in the User Profiles directory. When called in a user context in the `MigDocs.xml` file, the `GenerateDocPatterns` function creates patterns for all user shell folders, files located at the root of the profile, and folders located at the root of the profile. The following folders are included:
 
--   CSIDL\_MYDOCUMENTS
+- CSIDL_MYDOCUMENTS
 
--   CSIDL\_MYPICTURES
+- CSIDL_MYPICTURES
 
--   FOLDERID\_OriginalImages
+- FOLDERID_OriginalImages
 
--   CSIDL\_MYMUSIC
+- CSIDL_MYMUSIC
 
--   CSIDL\_MYVIDEO
+- CSIDL_MYVIDEO
 
--   CSIDL\_FAVORITES
+- CSIDL_FAVORITES
 
--   CSIDL\_DESKTOP
+- CSIDL_DESKTOP
 
--   CSIDL\_QUICKLAUNCH
+- CSIDL_QUICKLAUNCH
 
--   FOLDERID\_Contacts
+- FOLDERID_Contacts
 
--   FOLDERID\_Libraries
+- FOLDERID_Libraries
 
--   FOLDERID\_Downloads
+- FOLDERID_Downloads
 
--   FOLDERID\_SavedGames
+- FOLDERID_SavedGames
 
--   FOLDERID\_RecordedTV
+- FOLDERID_RecordedTV
 
 > [!NOTE]
-> Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the MigDocs.xml files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable.
+> Rules contained in a component that is assigned the user context will be run for each user profile on the computer. Files that are scanned multiple times by the `MigDocs.xml` files will only be copied to the migration store once; however, a large number of rules in the user context can slow down the migration. Use the system context when it is applicable.
 
- ### <a href="" id="bkmk-samples"></a>Sample migration rules for customized versions of XML files
+### Sample migration rules for customized versions of XML files
 
 > [!NOTE]
 > For best practices and requirements for customized XML files in USMT, see [Customize USMT XML Files](usmt-customize-xml-files.md) and [General Conventions](usmt-general-conventions.md).
 
-### <a href="" id="bkmk-exclude"></a>Exclude rules usage examples
+### Exclude rules usage examples
 
-In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default MigDocs.xml behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are:
+In the examples below, the source computer has a .txt file called "new text document" in a directory called "new folder". The default `MigDocs.xml` behavior migrates the new text document.txt file and all files contained in the "new folder" directory. The rules generated by the function are:
 
 | Rule | Syntax |
 |--- |--- |
 |Rule 1|`<pattern type="File">d:\new folder[new text document.txt]</pattern>`|
 |Rule 2|`<pattern type="File">d:\new folder[]</pattern>`|
 
-To exclude the new text document.txt file and any .txt files in "new folder", you can do the following:
+To exclude the new text document.txt file and any .txt files in "new folder", you can do the following modification:
 
-**Example 1: Exclude all .txt files in a folder**
+#### Example 1: Exclude all .txt files in a folder
 
 To exclude Rule 1, there needs to be an exact match of the file name. However, for Rule 2, you can create a pattern to exclude files by using the file name extension.
 
@@ -365,9 +348,9 @@ To exclude Rule 1, there needs to be an exact match of the file name. However, f
 </exclude>
 ```
 
-**Example 2: Use the UnconditionalExclude element to give a rule precedence over include rules**
+#### Example 2: Use the UnconditionalExclude element to give a rule precedence over include rules
 
-If you do not know the file name or location of the file, but you do know the file name extension, you can use the **GenerateDrivePatterns** function. However, the rule will be less specific than the default include rule generated by the MigDocs.xml file, so it will not have precedence. You must use the &lt;UnconditionalExclude&gt; element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+If you don't know the file name or location of the file, but you do know the file name extension, you can use the `GenerateDrivePatterns` function. However, the rule will be less specific than the default include rule generated by the `MigDocs.xml` file, so it will not have precedence. You must use the &lt;UnconditionalExclude&gt; element to give this rule precedence over the default include rule. For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
 
 ``` xml
 <unconditionalExclude>
@@ -377,9 +360,9 @@ If you do not know the file name or location of the file, but you do know the fi
 </unconditionalExclude>
 ```
 
-**Example 3 : Use a UserandSystem context component to run rules in both contexts**
+#### Example 3: Use a UserandSystem context component to run rules in both contexts
 
-If you want the &lt;UnconditionalExclude&gt; element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts.
+If you want the **&lt;UnconditionalExclude&gt;** element to apply to both the system and user context, you can create a third component using the **UserandSystem** context. Rules in this component will be run in both contexts.
 
 ``` xml
 <component type="Documents" context="UserandSystem">
@@ -398,13 +381,13 @@ If you want the &lt;UnconditionalExclude&gt; element to apply to both the system
 
 For more examples of exclude rules that you can use in custom migration XML files, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md).
 
-### <a href="" id="bkmk-include"></a>Include rules usage examples
+### Include rules usage examples
 
-The application data directory is the most common location that you would need to add an include rule for. The **GenerateDocPatterns** function excludes this location by default. If your company uses an application that saves important data to this location, you can create include rules to migrate the data. For example, the default location for .pst files is: `%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook`. The Migapp.xml file contains migration rules to move only those .pst files that are linked to Microsoft Outlook. To include .pst files that are not linked, you can do the following:
+The application data directory is the most common location that you would need to add an include rule for. The `GenerateDocPatterns` function excludes this location by default. If your company uses an application that saves important data to this location, you can create include rules to migrate the data. For example, the default location for .pst files is: `%CSIDL_LOCAL_APPDATA%\Microsoft\Outlook`. The `MigApp.xml` file contains migration rules to move only those .pst files that are linked to Microsoft Outlook. To include .pst files that aren't linked, you can do the following modification:
 
-**Example 1: Include a file name extension in a known user folder**
+#### Example 1: Include a file name extension in a known user folder
 
-This rule will include .pst files that are located in the default location, but are not linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer.
+This rule will include .pst files that are located in the default location, but aren't linked to Microsoft Outlook. Use the user context to run this rule for each user on the computer.
 
 ``` xml
 <include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>
@@ -414,7 +397,7 @@ This rule will include .pst files that are located in the default location, but
 </include>
 ```
 
-**Example 2: Include a file name extension in Program Files**
+#### Example 2: Include a file name extension in Program Files
 
 For locations outside the user profile, such as the Program Files folder, you can add the rule to the system context component.
 
@@ -431,14 +414,14 @@ For more examples of include rules that you can use in custom migration XML file
 > [!NOTE]
 > For more information about the order of precedence for XML migration rules, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
 
-## <a href="" id="bkmk-next"></a>Next steps
+## Next steps
 
-You can include additional rules for the migration in the MigDocs.xml file or other XML migration files. For example, you can use the `<locationModify>` element to move files from the folder where they were gathered to a different folder, when they are applied to the destination computer.
+You can include additional rules for the migration in the `MigDocs.xml` file or other XML migration files. For example, you can use the `<locationModify>` element to move files from the folder where they were gathered to a different folder, when they're applied to the destination computer.
 
 You can use an XML schema (MigXML.xsd) file to validate the syntax of your customized XML files. For more information, see [USMT Resources](usmt-resources.md).
 
-## Related topics
+## Related articles
 
-[Exclude Files and Settings](usmt-exclude-files-and-settings.md)
+[Exclude files and settings](usmt-exclude-files-and-settings.md)
 
-[Include Files and Settings](usmt-include-files-and-settings.md)
+[Include files and settings](usmt-include-files-and-settings.md)
diff --git a/windows/deployment/usmt/usmt-best-practices.md b/windows/deployment/usmt/usmt-best-practices.md
index 20736f2108..e1f6f61c40 100644
--- a/windows/deployment/usmt/usmt-best-practices.md
+++ b/windows/deployment/usmt/usmt-best-practices.md
@@ -1,118 +1,112 @@
 ---
 title: USMT Best Practices (Windows 10)
-description: This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0.
+description: This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0.
 ms.custom: seo-marvel-apr2020
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# USMT Best Practices
+# USMT best practices
 
+This article discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0.
 
-This topic discusses general and security-related best practices when using User State Migration Tool (USMT) 10.0.
+## General best practices
 
-## General Best Practices
+- **Install applications before running the LoadState tool**
 
+    Though it isn't always essential, it's best practice to install all applications on the destination computer before restoring the user state. Installing applications before restoring user state helps ensure that migrated settings are preserved.
 
--   **Install applications before running the LoadState tool**
+- **Don't use MigUser.xml and MigDocs.xml together**
 
-    Though it is not always essential, it is best practice to install all applications on the destination computer before restoring the user state. This helps ensure that migrated settings are preserved.
+    If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the `/genmigxml` command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md).
 
--   **Do not use MigUser.xml and MigDocs.xml together**
+- **Use MigDocs.xml for a better migration experience**
 
-    If you use both .xml files, some migrated files may be duplicated if conflicting instructions are given about target locations. You can use the **/genmigxml** command-line option to determine which files will be included in your migration, and to determine if any modifications are necessary. For more information, see [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md).
+    If your data set is unknown or if many files are stored outside of the standard user-profile folders, the `MigDocs.xml` file is a better choice than the `MigUser.xml` file, because the `MigDocs.xml` file will gather a broader scope of data. The `MigDocs.xml` file migrates folders of data based on location, and on registered file type by querying the registry for registered application extensions. The `MigUser.xml` file migrates only the files with the specified file extensions.
 
--   **Use MigDocs.xml for a better migration experience**
+- **Close all applications before running either the ScanState or LoadState tools**
 
-    If your data set is unknown or if many files are stored outside of the standard user-profile folders, the MigDocs.xml file is a better choice than the MigUser.xml file, because the MigDocs.xml file will gather a broader scope of data. The MigDocs.xml file migrates folders of data based on location, and on registered file type by querying the registry for registered application extensions. The MigUser.xml file migrates only the files with the specified file extensions.
+    Although using the `/vsc` switch can allow the migration of many files that are open with another application, it's a best practice to close all applications in order to ensure all files and settings migrate. Without the `/vsc` or `/c` switch USMT will fail when it can't migrate a file or setting. When you use the `/c` option, USMT will ignore any files or settings that it can't migrate and log an error each time.
 
--   **Close all applications before running either the ScanState or LoadState tools**
+- **Log off after you run the LoadState**
 
-    Although using the **/vsc** switch can allow the migration of many files that are open with another application it is a best practice to close all applications in order to ensure all files and settings migrate. Without the **/vsc** or **/c** switch USMT will fail when it cannot migrate a file or setting. When you use the **/c** option USMT will ignore any files or settings that it cannot migrate and log an error each time.
+    Some settings, such as fonts, wallpaper, and screensaver settings, won't take effect until the next time the user logs on. For this reason, you should sign out after you run the LoadState tool.
 
--   **Log off after you run the LoadState**
+- **Managed environment**
 
-    Some settings, such as fonts, wallpaper, and screensaver settings, will not take effect until the next time the user logs on. For this reason, you should log off after you run the LoadState tool.
+    To create a managed environment, you can move all of the end user's documents into My Documents (%CSIDL\_PERSONAL%). We recommend that you migrate files into the smallest-possible number of folders on the destination computer. Minimizing folders will help you to clean up files on the destination computer, if the `LoadState.exe` command fails before completion.
 
--   **Managed environment**
+- **Chkdsk.exe**
 
-    To create a managed environment, you can move all of the end user’s documents into My Documents (%CSIDL\_PERSONAL%). We recommend that you migrate files into the smallest-possible number of folders on the destination computer. This will help you to clean up files on the destination computer, if the LoadState command fails before completion.
+    We recommend that you run **Chkdsk.exe** before running the ScanState and LoadState tools. **Chkdsk.exe** creates a status report for a hard disk drive and lists and corrects common errors. For more information about the **Chkdsk.exe** tool, see [Chkdsk](/previous-versions/windows/it-pro/windows-xp/bb490876(v=technet.10)).
 
--   **Chkdsk.exe**
+- **Migrate in groups**
 
-    We recommend that you run Chkdsk.exe before running the ScanState and LoadState tools. Chkdsk.exe creates a status report for a hard disk drive and lists and corrects common errors. For more information about the Chkdsk.exe tool, see [Chkdsk](/previous-versions/windows/it-pro/windows-xp/bb490876(v=technet.10)).
-
--   **Migrate in groups**
-
-    If you decide to perform the migration while users are using the network, it is best to migrate user accounts in groups. To minimize the impact on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups.
-
-## Security Best Practices
+    If you decide to perform the migration while users are using the network, it's best to migrate user accounts in groups. To minimize the impact on network performance, determine the size of the groups based on the size of each user account. Migrating in phases also allows you to make sure each phase is successful before starting the next phase. Using this method, you can make any necessary modifications to your plan between groups.
 
+## Security best practices
 
 As the authorized administrator, it is your responsibility to protect the privacy of the users and maintain security during and after the migration. In particular, you must consider the following issues:
 
--   **Encrypting File System (EFS)**
+- **Encrypting File System (EFS)**
 
-    Take extreme caution when migrating encrypted files, because the end user does not need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
+    Take extreme caution when migrating encrypted files, because the end user doesn't need to be logged on to capture the user state. By default, USMT fails if an encrypted file is found. For specific instructions about EFS best practices, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
 
-    **Important**  
-    If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
+    > [!NOTE]
+    > If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
 
-     
+- **Encrypt the store**
 
--   **Encrypt the store**
+    Consider using the `/encrypt` option with the `ScanState.exe` command and the `/decrypt` option with the `LoadState.exe` command. However, use extreme caution with this set of options, because anyone who has access to the `ScanState.exe` command-line script also has access to the encryption key.
 
-    Consider using the **/encrypt** option with the ScanState command and the **/decrypt** option with the LoadState command. However, use extreme caution with this set of options, because anyone who has access to the ScanState command-line script also has access to the encryption key.
-
--   **Virus Scan**
+- **Virus Scan**
 
     We recommend that you scan both the source and destination computers for viruses before running USMT. In addition, you should scan the destination computer image. To help protect data from viruses, we strongly recommend running an antivirus utility before migration.
 
--   **Maintain security of the file server and the deployment server**
+- **Maintain security of the file server and the deployment server**
 
-    We recommend that you manage the security of the file and deployment servers. It is important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files is not exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657).
+    We recommend that you manage the security of the file and deployment servers. It's important to make sure that the file server where you save the store is secure. You must also secure the deployment server, to ensure that the user data that is in the log files isn't exposed. We also recommend that you only transmit data over a secure Internet connection, such as a virtual private network. For more information about network security, see [Microsoft Security Compliance Manager](https://go.microsoft.com/fwlink/p/?LinkId=215657).
 
--   **Password Migration**
+- **Password Migration**
 
-    To ensure the privacy of the end users, USMT does not migrate passwords, including those for applications such as Windows Live™ Mail, Microsoft Internet Explorer®, as well as Remote Access Service (RAS) connections and mapped network drives. It is important to make sure that end users know their passwords.
+    To ensure the privacy of the end users, USMT doesn't migrate passwords, including passwords for applications such as Windows Live™ Mail, Microsoft Internet Explorer®, and Remote Access Service (RAS) connections and mapped network drives. It's important to make sure that end users know their passwords.
 
--   **Local Account Creation**
+- **Local Account Creation**
 
-    Before you migrate local accounts, see the Migrating Local Accounts section in the [Identify Users](usmt-identify-users.md) topic.
+    Before you migrate local accounts, see the Migrating Local Accounts section in the [Identify Users](usmt-identify-users.md) article.
 
-## <a href="" id="bkmk-bestpractices"></a>XML File Best Practices
+## XML file best practices
 
+- **Specify the same set of mig\*.xml files in both the ScanState and the LoadState tools**
 
--   **Specify the same set of mig\*.xml files in both the ScanState and the LoadState tools**
+    If you used a particular set of mig\*.xml files in the ScanState tool, either called through the `/auto` option, or individually through the `/i` option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool.
 
-    If you used a particular set of mig\*.xml files in the ScanState tool, either called through the "/auto" option, or individually through the "/i" option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool.
+- **The &lt;CustomFileName&gt; in the migration urlid should match the name of the file**
 
--   **The &lt;CustomFileName&gt; in the migration urlid should match the name of the file**
-
-    Although it is not a requirement, it is good practice for &lt;CustomFileName&gt; to match the name of the file. For example, the following is from the MigApp.xml file:
+    Although it isn't a requirement, it's good practice for **&lt;CustomFileName&gt;** to match the name of the file. For example, the following example is from the `MigApp.xml` file:
 
     ``` xml
     <?xml version="1.0" encoding="UTF-8"?>
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/migapp">
     ```
 
--   **Use the XML Schema (MigXML.xsd) when authoring .xml files to validate syntax**
+- **Use the XML Schema (MigXML.xsd) when authoring .xml files to validate syntax**
 
-    The MigXML.xsd schema file should not be included on the command line or in any of the .xml files.
+    The `MigXML.xsd` schema file shouldn't be included on the command line or in any of the .xml files.
 
--   **Use the default migration XML files as models**
+- **Use the default migration XML files as models**
 
-    To create a custom .xml file, you can use the migration .xml files as models to create your own. If you need to migrate user data files, model your custom .xml file on MigUser.xml. To migrate application settings, model your custom .xml file on the MigApp.xml file.
+    To create a custom .xml file, you can use the migration .xml files as models to create your own. If you need to migrate user data files, model your custom .xml file on `MigUser.xml`. To migrate application settings, model your custom .xml file on the `MigApp.xml` file.
 
--   **Consider the impact on performance when using the &lt;context&gt; parameter**
+- **Consider the impact on performance when using the &lt;context&gt; parameter**
 
-    Your migration performance can be affected when you use the &lt;context&gt; element with the &lt;component&gt; element; for example, as in when you want to encapsulate logical units of file- or path-based &lt;include&gt; and &lt;exclude&gt; rules.
+    Your migration performance can be affected when you use the **&lt;context&gt;** element with the **&lt;component&gt;** element; for example, as in when you want to encapsulate logical units of file- or path-based **&lt;include&gt;** and **&lt;exclude&gt;** rules.
 
     In the **User** context, a rule is processed one time for each user on the system.
 
@@ -120,32 +114,24 @@ As the authorized administrator, it is your responsibility to protect the privac
 
     In the **UserAndSystem** context, a rule is processed one time for each user on the system and one time for the system.
 
-    **Note**  
-    The number of times a rule is processed does not affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once.
+    > [!NOTE]
+    > The number of times a rule is processed does not affect the number of times a file is migrated. The USMT migration engine ensures that each file migrates only once.
 
-     
+- **We recommend that you create a separate .xml file instead of adding your .xml code to one of the existing migration .xml files**
 
--   **We recommend that you create a separate .xml file instead of adding your .xml code to one of the existing migration .xml files**
+    For example, if you have code that migrates the settings for an application, you shouldn't just add the code to the `MigApp.xml` file.
 
-    For example, if you have code that migrates the settings for an application, you should not just add the code to the MigApp.xml file.
+- **You should not create custom .xml files to alter the operating system settings that are migrated**
 
--   **You should not create custom .xml files to alter the operating system settings that are migrated**
+    These settings are migrated by manifests and you can't modify those files. If you want to exclude certain operating system settings from the migration, you should create and modify a `Config.xml` file.
 
-    These settings are migrated by manifests and you cannot modify those files. If you want to exclude certain operating system settings from the migration, you should create and modify a Config.xml file.
+- **You can use the asterisk (\*) wildcard character in any migration XML file that you create**
 
--   **You can use the asterisk (\*) wildcard character in any migration XML file that you create**
+    > [!NOTE]
+    > The question mark is not valid as a wildcard character in USMT .xml files.
 
-    **Note**  
-    The question mark is not valid as a wildcard character in USMT .xml files.
+## Related articles
 
-     
-
-## Related topics
-
-
-[Migration Store Encryption](usmt-migration-store-encryption.md)
-
-[Plan Your Migration](usmt-plan-your-migration.md)
-
- 
+[Migration store encryption](usmt-migration-store-encryption.md)
 
+[Plan your migration](usmt-plan-your-migration.md)
diff --git a/windows/deployment/usmt/usmt-choose-migration-store-type.md b/windows/deployment/usmt/usmt-choose-migration-store-type.md
index fb9d196086..72982b364a 100644
--- a/windows/deployment/usmt/usmt-choose-migration-store-type.md
+++ b/windows/deployment/usmt/usmt-choose-migration-store-type.md
@@ -2,30 +2,30 @@
 title: Choose a Migration Store Type (Windows 10)
 description: Learn how to choose a migration store type and estimate the amount of disk space needed for computers in your organization.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Choose a Migration Store Type
+# Choose a migration store type
 
-One of the main considerations for planning your migration is to determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers, and how much space is needed to create and host the migration store, whether you are using a local share, network share, or storage device. The final consideration is ensuring that user date integrity is maintained by encrypting the migration store.
+One of the main considerations for planning your migration is to determine which migration store type best meets your needs. As part of these considerations, determine how much space is required to run the User State Migration Tool (USMT) 10.0 components on your source and destination computers, and how much space is needed to create and host the migration store, whether you're using a local share, network share, or storage device. The final consideration is ensuring that user date integrity is maintained by encrypting the migration store.
 
-## In This Section
+## In this section
 
 | Link | Description |
 |--- |--- |
-|[Migration Store Types Overview](migration-store-types-overview.md)|Choose the migration store type that works best for your needs and migration scenario.|
-|[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)|Estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure.|
-|[Hard-Link Migration Store](usmt-hard-link-migration-store.md)|Learn about hard-link migration stores and the scenarios in which they are used.|
-|[Migration Store Encryption](usmt-migration-store-encryption.md)|Learn about the using migration store encryption to protect user data integrity during a migration.|
+|[Migration store types overview](migration-store-types-overview.md)|Choose the migration store type that works best for your needs and migration scenario.|
+|[Estimate migration store size](usmt-estimate-migration-store-size.md)|Estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure.|
+|[Hard-link migration store](usmt-hard-link-migration-store.md)|Learn about hard-link migration stores and the scenarios in which they're used.|
+|[Migration store encryption](usmt-migration-store-encryption.md)|Learn about the using migration store encryption to protect user data integrity during a migration.|
 
-## Related topics
+## Related articles
 
-[Plan Your Migration](usmt-plan-your-migration.md)
+[Plan your migration](usmt-plan-your-migration.md)
 
-[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
+[User State Migration Tool (USMT) how-to topics](usmt-how-to.md)
diff --git a/windows/deployment/usmt/usmt-command-line-syntax.md b/windows/deployment/usmt/usmt-command-line-syntax.md
index 4ee45cbdca..d7332ed880 100644
--- a/windows/deployment/usmt/usmt-command-line-syntax.md
+++ b/windows/deployment/usmt/usmt-command-line-syntax.md
@@ -2,23 +2,23 @@
 title: User State Migration Tool (USMT) Command-line Syntax (Windows 10)
 description: Learn about the User State Migration Tool (USMT) command-line syntax for using the ScanState tool, LoadState tool, and UsmtUtils tool.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# User State Migration Tool (USMT) Command-line Syntax
+# User State Migration Tool (USMT) command-line syntax
 
-The User State Migration Tool (USMT) 10.0 migrates user files and settings during large deployments of Windows. To improve and simplify the migration process, USMT captures desktop, network, and application settings in addition to a user's files. USMT then migrates these items to a new Windows installation.
+The User State Migration Tool (USMT) 10.0 migrates user files and settings during large deployments of Windows. To improve and simplify the migration process, USMT captures desktop, network, and application settings in addition to a user's files. USMT then migrates these items to a new Windows installation.
 
-## In This Section
+## In this Section
 
 | Link | Description |
 |--- |--- |
-|[ScanState Syntax](usmt-scanstate-syntax.md)|Lists the command-line options for using the ScanState tool.|
-|[LoadState Syntax](usmt-loadstate-syntax.md)|Lists the command-line options for using the LoadState tool.|
-|[UsmtUtils Syntax](usmt-utilities.md)|Lists the command-line options for using the UsmtUtils tool.|
+|[ScanState syntax](usmt-scanstate-syntax.md)|Lists the command-line options for using the ScanState tool.|
+|[LoadState syntax](usmt-loadstate-syntax.md)|Lists the command-line options for using the LoadState tool.|
+|[UsmtUtils syntax](usmt-utilities.md)|Lists the command-line options for using the UsmtUtils tool.|
diff --git a/windows/deployment/usmt/usmt-common-issues.md b/windows/deployment/usmt/usmt-common-issues.md
index 32ab6268e2..6262d58456 100644
--- a/windows/deployment/usmt/usmt-common-issues.md
+++ b/windows/deployment/usmt/usmt-common-issues.md
@@ -1,235 +1,210 @@
 ---
 title: Common Issues (Windows 10)
-description: Learn about common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools.
+description: Learn about common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-ms.date: 09/19/2017
-author: aczechowski
+ms.date: 11/01/2022
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Common Issues
+# Common issues
 
+The following sections discuss common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. USMT produces log files that describe in further detail any errors that occurred during the migration process. These logs can be used to troubleshoot migration failures.
 
-The following sections discuss common issues that you might see when you run the User State Migration Tool (USMT) 10.0 tools. USMT produces log files that describe in further detail any errors that occurred during the migration process. These logs can be used to troubleshoot migration failures.
-
-## In This Topic
-
-
-[User Account Problems](#user)
-
-[Command-line Problems](#command)
-
-[XML File Problems](#xml)
-
-[Migration Problems](#migration)
-
-[Offline Migration Problems](#bkmk-offline)
-
-[Hard Link Migration Problems](#bkmk-hardlink)
-
-[USMT does not migrate the Start layout](#usmt-does-not-migrate-the-start-layout)
-
-## General Guidelines for Identifying Migration Problems
-
+## General guidelines for identifying migration problems
 
 When you encounter a problem or error message during migration, you can use the following general guidelines to help determine the source of the problem:
 
-- Examine the ScanState, LoadState, and UsmtUtils logs to obtain the exact USMT error messages and Windows® application programming interface (API) error messages. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). For more information about Windows API error messages, type **nethelpmsg** on the command line.
+- Examine the **ScanState**, **LoadState**, and UsmtUtils logs to obtain the exact USMT error messages and Windows® application programming interface (API) error messages. For more information about USMT return codes and error messages, see [Return codes](usmt-return-codes.md). You can obtain more information about any listed **Windows** system error codes by typing in a command prompt window `net.exe helpmsg <error_number>`  where *<error_number>* is the error code number generated by the error message. For more information about System Error Codes, see [System Error Codes (0-499)](/windows/win32/debug/system-error-codes--0-499-).
 
-  In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**<em>:5</em> option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger.
+  In most cases, the **ScanState** and **LoadState** logs indicate why a USMT migration is failing. We recommend that you use the `/v:5` option when testing your migration. This verbosity level can be adjusted in a production migration; however, reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a verbosity level higher than 5 if you want the log files output to go to a debugger.
 
-  **Note**  
-  Running the ScanState and LoadState tools with the **/v**<em>:5</em> option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred.
+  > [!NOTE]
+  > Running the **ScanState** and **LoadState** tools with the `/v:5` option creates a detailed log file. Although this option makes the log file large, the extra detail can help you determine where migration errors occurred.
 
-     
+- Use the `/Verify` option with the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md).
 
-- Use the **/Verify** option in the UsmtUtils tool to determine whether any files in a compressed migration store are corrupted. For more information, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md).
+- Use the `/Extract` option with the UsmtUtils tool to extract files from a compressed migration store. For more information, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md).
 
-- Use the **/Extract** option in the UsmtUtils tool to extract files from a compressed migration store. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).
-
-- Create a progress log using the **/Progress** option to monitor your migration.
+- Create a progress log using the `/Progress` option to monitor your migration.
 
 - For the source and destination computers, obtain operating system information, and versions of applications such as Internet Explorer and any other relevant programs. Then verify the exact steps that are needed to reproduce the problem. This information might help you to understand what is wrong and to reproduce the issue in your testing environment.
 
-- Log off after you run the LoadState tool. Some settings—for example, fonts, desktop backgrounds, and screen-saver settings—will not take effect until the next time the end user logs on.
+- Sign out after you run the **LoadState** tool. Some settings such as fonts, desktop backgrounds, and screen-saver settings won't take effect until the next time the end user logs on.
 
-- Close all applications before running ScanState or LoadState tools. If some applications are running during the ScanState or LoadState process, USMT might not migrate some data. For example, if Microsoft Outlook® is open, USMT might not migrate PST files.
+- Close all applications before running **ScanState** or **LoadState** tools. If some applications are running during the **ScanState** or **LoadState** process, USMT might not migrate some data. For example, if Microsoft Outlook® is open, USMT might not migrate PST files.
 
-  **Note**  
-  USMT will fail if it cannot migrate a file or setting unless you specify the **/c** option. When you specify the **/c** option, USMT ignores errors. However, it logs an error when it encounters a file that is in use that did not migrate.
-
-     
-
-## <a href="" id="user"></a>User Account Problems
+  > [!NOTE]
+  > USMT will fail if it can't migrate a file or setting unless you specify the `/c` option. When you specify the `/c` option, USMT ignores errors. However, it logs an error when it encounters a file that is in use that didn't migrate.
 
+## User account problems
 
 The following sections describe common user account problems. Expand the section to see recommended solutions.
 
-### I'm having problems creating local accounts on the destination computer.
+### I'm having problems creating local accounts on the destination computer
 
-**Resolution:** For more information about creating accounts and migrating local accounts, see [Migrate User Accounts](usmt-migrate-user-accounts.md).
+**Resolution:** For more information about creating accounts and migrating local accounts, see [Migrate user accounts](usmt-migrate-user-accounts.md).
 
-### Not all of the user accounts were migrated to the destination computer.
+### Not all of the user accounts were migrated to the destination computer
 
 **Causes/Resolutions** There are two possible causes for this problem:
 
-When running the ScanState tool on Windows Vista, or the ScanState and LoadState tools on Windows 7, Windows 8, or Windows 10, you must run them in Administrator mode from an account with administrative credentials to ensure that all specified users are migrated. To run in Administrator mode:
+When running the **ScanState** and LoadState tools on Windows 7, Windows 8, or Windows 10, you must run them in Administrator mode from an account with administrative credentials to ensure that all specified users are migrated. To run in Administrator mode:
 
-1.  Click **Start**.
+1. Select **Start** > **All Programs** > **Accessories**.
 
-2.  Click **All Programs**.
+2. Right-click **Command Prompt**.
 
-3.  Click **Accessories**.
+3. Select **Run as administrator**.
 
-4.  Right-click **Command Prompt**.
+4. Specify the `LoadState.exe` or `ScanState.exe` command.
 
-5.  Click **Run as administrator**.
+If you don't run USMT in Administrator mode, only the user profile that is logged on will be included in the migration.
 
-Then specify your LoadState or ScanState command. If you do not run USMT in Administrator mode, only the user profile that is logged on will be included in the migration.
+Any user accounts on the computer that haven't been used won't be migrated. For example, if you add User1 to the computer, but User1 never logs on, then USMT won't migrate the User1 account.
 
-Any user accounts on the computer that have not been used will not be migrated. For example, if you add User1 to the computer, but User1 never logs on, then USMT will not migrate the User1 account.
+### User accounts that I excluded were migrated to the destination computer
 
-### User accounts that I excluded were migrated to the destination computer.
+**Cause:** The command that you specified might have had conflicting `ui` and `/ue` options. If a user is specified with the `/ui` option and with either the `/ue` or `/uel` options at the same time, the user will be included in the migration. For example, if you specify `/ui:domain1\* /ue:domain1\user1`, then User1 will be migrated because the `/ui` option takes precedence.
 
-**Cause:** The command that you specified might have had conflicting **/ui** and **/ue** options. If a user is specified with the **/ui** option and is also specified to be excluded with either the **/ue** or **/uel** options, the user will be included in the migration. For example, if you specify `/ui:domain1\* /ue:domain1\user1`, then User1 will be migrated because the **/ui** option takes precedence.
+**Resolution:** For more information about how to use the `/ui` and `/ue` options together, see the examples in the [ScanState Syntax](usmt-scanstate-syntax.md) article.
 
-**Resolution:** For more information about how to use the **/ui** and **/ue** options together, see the examples in the [ScanState Syntax](usmt-scanstate-syntax.md) topic.
+### I'm using the /uel option, but many accounts are still being included in the migration
 
-### I am using the /uel option, but many accounts are still being included in the migration.
+**Cause:** The `/uel` option depends on the last modified date of the users' NTUser.dat file. There are scenarios in which this last modified date might not match the users' last sign-in date.
 
-**Cause** The **/uel** option depends on the last modified date of the users' NTUser.dat file. There are scenarios in which this last modified date might not match the users' last logon date.
+**Resolution:** This is a limitation of the `/uel` option. You might need to exclude these users manually with the `/ue` option.
 
-**Resolution** This is a limitation of the **/uel** option. You might need to exclude these users manually with the **/ue** option.
+### The LoadState tool reports an error as return code 71 and fails to restore a user profile during a migration test
 
-### The LoadState tool reports an error as return code 71 and fails to restore a user profile during a migration test.
-
-**Cause:** During a migration test, if you run the ScanState tool on your test computer and then delete user profiles in order to test the LoadState tool on the same computer, you may have a conflicting key present in the registry. Using the **net use** command to remove a user profile will delete folders and files associated with that profile, but will not remove the registry key.
+**Cause:** During a migration test, if you run the **ScanState** tool on your test computer and then delete user profiles in order to test the **LoadState** tool on the same computer, you may have a conflicting key present in the registry. Using the **net use** command to remove a user profile will delete folders and files associated with that profile, but won't remove the registry key.
 
 **Resolution:** To delete a user profile, use the **User Accounts** item in Control Panel. To correct an incomplete deletion of a user profile:
 
-1.  Open the registry editor by typing `regedit` at an elevated command prompt.
+1. Open the registry editor by typing `regedit` at an elevated command prompt.
 
-2.  Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList`.
+2. Navigate to `HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList`.
 
     Each user profile is stored in a System Identifier key under `ProfileList`.
 
-3.  Delete the key for the user profile you are trying to remove.
+3. Delete the key for the user profile you're trying to remove.
 
-### Files that were not encrypted before the migration are now encrypted with the account used to run the LoadState tool.
+### Files that weren't encrypted before the migration are now encrypted with the account used to run the LoadState tool
 
-**Cause:** The ScanState tool was run using the **/EFS: copyraw** option to migrate encrypted files and Encrypting File System (EFS) certificates. The encryption attribute was set on a folder that was migrated, but the attribute was removed from file contents of that folder prior to migration.
+**Cause:** The **ScanState** tool was run using the `/EFS:copyraw` option to migrate encrypted files and Encrypting File System (EFS) certificates. The encryption attribute was set on a folder that was migrated, but the attribute was removed from file contents of that folder prior to migration.
 
-**Resolution:** Before using the ScanState tool for a migration that includes encrypted files and EFS certificates, you can run the Cipher tool at the command prompt to review and change encryption settings on files and folders. You must remove the encryption attribute from folders that contain unencrypted files or encrypt the contents of all files within an encrypted folder.
+**Resolution:** Before using the **ScanState** tool for a migration that includes encrypted files and EFS certificates, you can run the Cipher tool at the command prompt to review and change encryption settings on files and folders. You must remove the encryption attribute from folders that contain unencrypted files or encrypt the contents of all files within an encrypted folder.
 
-To remove encryption from files that have already been migrated incorrectly, you must log on to the computer with the account that you used to run the LoadState tool and then remove the encryption from the affected files.
+To remove encryption from files that have already been migrated incorrectly, you must sign into the computer with the account that you used to run the **LoadState** tool and then remove the encryption from the affected files.
 
-### The LoadState tool reports an error as return code 71 and a Windows Error 2202 in the log file.
+### The LoadState tool reports an error as return code 71 and a Windows Error 2202 in the log file
 
 **Cause:** The computer name was changed during an offline migration of a local user profile.
 
-**Resolution:** You can use the **/mu** option when you run the LoadState tool to specify a new name for the user. For example,
+**Resolution:** You can use the `/mu` option when you run the **LoadState** tool to specify a new name for the user. For example,
 
 ``` syntax
-loadstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore 
-/progress:prog.log /l:load.log /mu:fareast\user1:farwest\user1
+LoadState.exe  /i:MigApp.xml /i:MigDocs.xml \\server\share\migration\mystore 
+/progress:Progress.log /l:LoadState.log /mu:fareast\user1:farwest\user1
 ```
 
-## <a href="" id="command"></a>Command-line Problems
-
+## Command-line problems
 
 The following sections describe common command-line problems. Expand the section to see recommended solutions.
 
-### I received the following error message: "Usage Error: You cannot specify a file path with any of the command-line options that exceeds 256 characters."
+### I received the following error message: "Usage Error: You can't specify a file path with any of the command-line options that exceeds 256 characters."
 
-**Cause:** You might receive this error message in some cases even if you do not specify a long store or file path, because the path length is calculated based on the absolute path. For example, if you run the **scanstate.exe /o store** command from C:\\Program Files\\USMT40, then each character in "`C:\Program Files\USMT40`" will be added to the length of "store" to get the length of the path.
+**Cause:** You might receive this error message in some cases even if you don't specify a long store or file path, because the path length is calculated based on the absolute path. For example, if you run the ` **ScanState**.exe /o store` command from `C:\Program Files\USMT40`, then each character in "`C:\Program Files\USMT40`" will be added to the length of "store" to get the length of the path.
 
-**Resolution:** Ensure that the total path length—the store path plus the current directory—does not exceed 256 characters.
+**Resolution:** Ensure that the total path length doesn't exceed 256 characters. The total path length includes the store path plus the current directory.
 
 ### I received the following error message: "USMT was unable to create the log file(s). Ensure that you have write access to the log directory."
 
-**Cause:** If you are running the ScanState or LoadState tools from a shared network resource, you will receive this error message if you do not specify **/l**.
+**Cause:** If you're running the **ScanState** or **LoadState** tools from a shared network resource, you'll receive this error message if you don't specify `/l`.
 
-**Resolution:** To fix this issue in this scenario, specify the **/l:scan.log** or **/l:load.log** option.
-
-## <a href="" id="xml"></a>XML File Problems
+**Resolution:** To fix this issue in this scenario, specify the `/l:ScanState.log` or `/l:LoadState.log` option.
 
+## XML file problems
 
 The following sections describe common XML file problems. Expand the section to see recommended solutions.
 
-### I used the /genconfig option to create a Config.xml file, but I see only a few applications and components that are in MigApp.xml. Why does Config.xml not contain all of the same applications?
+### I used the `/genconfig` option to create a `Config.xml` file, but I see only a few applications and components that are in `MigApp.xml`. Why does `Config.xml` not contain all of the same applications?
 
-**Cause:** Config.xml will contain only operating system components, applications, and the user document sections that are in both of the .xml files and are installed on the computer when you run the **/genconfig** option. Otherwise, these applications and components will not appear in the Config.xml file.
+**Cause:** `Config.xml` will contain only operating system components, applications, and the user document sections that are in both of the .xml files and are installed on the computer when you run the `/genconfig` option. Otherwise, these applications and components won't appear in the `Config.xml` file.
 
-**Resolution:** Install all of the desired applications on the computer before running the **/genconfig** option. Then run ScanState with all of the .xml files. For example, run the following:
+**Resolution:** Install all of the desired applications on the computer before running the `/genconfig` option. Then run `ScanState.exe` with all of the .xml files. For example, run the following command:
 
-`scanstate /genconfig:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:scanstate.log`
+``` syntax
+ScanState.exe /genconfig:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:5 /l:ScanState.log
+```
 
-### I am having problems with a custom .xml file that I authored, and I cannot verify that the syntax is correct.
+### I'm having problems with a custom .xml file that I authored, and I can't verify that the syntax is correct
 
-**Resolution:** You can load the XML schema (MigXML.xsd), included with USMT, into your XML authoring tool. For examples, see the [Visual Studio Development Center](https://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there is a syntax error. In addition, see [USMT XML Reference](usmt-xml-reference.md) for more information about using the XML elements.
+**Resolution:** You can load the XML schema file `MigXML.xsd` into your XML authoring tool. `MigXML.xsd` is included with USMT. For examples, see the [Visual Studio Development Center](https://go.microsoft.com/fwlink/p/?LinkId=74513). Then, load your .xml file in the authoring tool to see if there's a syntax error. For more information about using the XML elements, see [USMT XML Reference](usmt-xml-reference.md).
 
-### <a href="" id="i-am-using-a-migxml-helper-function--but-the-migration-isn-t-working-the-way-i-expected-it-to---how-do-i-troubleshoot-this-issue-"></a>I am using a MigXML helper function, but the migration isn’t working the way I expected it to.  How do I troubleshoot this issue?
+### I'm using a MigXML helper function, but the migration isn't working the way I expected it to.  How do I troubleshoot this issue?
 
-**Cause:** Typically, this issue is caused by incorrect syntax used in a helper function. You receive a Success return code, but the files you wanted to migrate did not get collected or applied, or weren’t collected or applied in the way you expected.
+**Cause:** Typically, this issue is caused by incorrect syntax used in a helper function. You receive a Success return code, but the files you wanted to migrate didn't get collected or applied, or weren't collected or applied in the way you expected.
 
-**Resolution:** You should search the ScanState or LoadState log for either the component name which contains the MigXML helper function, or the MigXML helper function title, so that you can locate the related warning in the log file.
-
-## <a href="" id="migration"></a>Migration Problems
+**Resolution:** You should search the **ScanState** or **LoadState** log for either the component name that contains the MigXML helper function, or the MigXML helper function title, so that you can locate the related warning in the log file.
 
+## Migration problems
 
 The following sections describe common migration problems. Expand the section to see recommended solutions.
 
-### Files that I specified to exclude are still being migrated.
+### Files that I specified to exclude are still being migrated
 
-**Cause:** There might be another rule that is including the files. If there is a more specific rule or a conflicting rule, the files will be included in the migration.
+**Cause:** There might be another rule that is including the files. If there's a more specific rule or a conflicting rule, the files will be included in the migration.
 
 **Resolution:** For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md) and the Diagnostic Log section in [Log Files](usmt-log-files.md).
 
-### I specified rules to move a folder to a specific location on the destination computer, but it has not migrated correctly.
+### I specified rules to move a folder to a specific location on the destination computer, but it hasn't migrated correctly
 
 **Cause:** There might be an error in the XML syntax.
 
-**Resolution:** You can use the USMT XML schema (MigXML.xsd) to write and validate migration .xml files. Also see the XML examples in the following topics:
+**Resolution:** You can use the USMT XML schema (`MigXML.xsd`) to write and validate migration .xml files. Also see the XML examples in the following articles:
 
-[Conflicts and Precedence](usmt-conflicts-and-precedence.md)
+[Conflicts and precedence](usmt-conflicts-and-precedence.md)
 
-[Exclude Files and Settings](usmt-exclude-files-and-settings.md)
+[Exclude files and settings](usmt-exclude-files-and-settings.md)
 
-[Reroute Files and Settings](usmt-reroute-files-and-settings.md)
+[Reroute files and settings](usmt-reroute-files-and-settings.md)
 
-[Include Files and Settings](usmt-include-files-and-settings.md)
+[Include files and settings](usmt-include-files-and-settings.md)
 
-[Custom XML Examples](usmt-custom-xml-examples.md)
+[Custom XML examples](usmt-custom-xml-examples.md)
 
-### After LoadState completes, the new desktop background does not appear on the destination computer.
+### After LoadState completes, the new desktop background doesn't appear on the destination computer
 
 There are three typical causes for this issue.
 
-**Cause \#1:**: Some settings such as fonts, desktop backgrounds, and screen-saver settings are not applied by LoadState until after the destination computer has been restarted.
+**Cause**: Some settings such as fonts, desktop backgrounds, and screen-saver settings aren't applied by **LoadState** until after the destination computer has been restarted.
 
-**Resolution:** To fix this issue, log off, and then log back on to see the migrated desktop background.
+**Resolution:** To fix this issue, sign out, and then log back on to see the migrated desktop background.
 
-**Cause \#2:** If the source computer was running Windows® XP and the desktop background was stored in the *Drive*:\\WINDOWS\\Web\\Wallpaper folder—the default folder where desktop backgrounds are stored in Windows XP—the desktop background will not be migrated. Instead, the destination computer will have the default Windows® desktop background. This will occur even if the desktop background was a custom picture that was added to the \\WINDOWS\\Web\\Wallpaper folder. However, if the end user sets a picture as the desktop background that was saved in another location, for example, My Pictures, then the desktop background will migrate.
+<!--- 
+**Cause \#2:** If the source computer was running Windows® XP and the desktop background was stored in the *Drive*:\\WINDOWS\\Web\\Wallpaper folder—the default folder where desktop backgrounds are stored in Windows XP—the desktop background won't be migrated. Instead, the destination computer will have the default Windows® desktop background. This issue will occur even if the desktop background was a custom picture that was added to the \\WINDOWS\\Web\\Wallpaper folder. However, if the end user sets a picture as the desktop background that was saved in another location, for example, My Pictures, then the desktop background will migrate.
 
-**Resolution:** Ensure that the desktop background images that you want to migrate are not in the \\WINDOWS\\Web\\Wallpaper folder on the source computer.
+**Resolution:** Ensure that the desktop background images that you want to migrate aren't in the \\WINDOWS\\Web\\Wallpaper folder on the source computer.
 
-**Cause \#3:** If ScanState was not run on Windows XP from an account with administrative credentials, some operating system settings will not migrate. For example, desktop background settings, screen-saver selections, modem options, media-player settings, and Remote Access Service (RAS) connection phone book (.pbk) files and settings will not migrate.
+**Cause \#3:** If **ScanState** wasn't run on Windows XP from an account with administrative credentials, some operating system settings won't migrate. For example, desktop background settings, screen-saver selections, modem options, media-player settings, and Remote Access Service (RAS) connection phone book (.pbk) files and settings won't migrate.
 
-**Resolution:** Run the ScanState and LoadState tools from within an account with administrative credentials.
+**Resolution:** Run the **ScanState** and **LoadState** tools from within an account with administrative credentials.
+ --->
 
-### <a href="" id="i-included-migapp-xml-in-the-migration--but-some-pst-files-aren-t-migrating-"></a>I included MigApp.xml in the migration, but some PST files aren’t migrating.
+### I included `MigApp.xml` in the migration, but some `PST` files aren't migrating
 
-**Cause:** The MigApp.xml file migrates only the PST files that are linked to Outlook profiles.
+**Cause:** The `MigApp.xml` file migrates only the PST files that are linked to Outlook profiles.
 
-**Resolution:** To migrate PST files that are not linked to Outlook profiles, you must create a separate migration rule to capture these files.
+**Resolution:** To migrate PST files that aren't linked to Outlook profiles, you must create a separate migration rule to capture these files.
 
-### USMT does not migrate the Start layout
+### USMT doesn't migrate the Start layout
 
-**Description:** You are using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and does not have the Start menu layout they had previously configured.
+**Description:** You're using USMT to migrate profiles from one installation of Windows 10 to another installation of Windows 10 on different hardware. After migration, the user signs in on the new device and doesn't have the Start menu layout they had previously configured.
 
 **Cause:** A code change in the Start Menu with Windows 10 version 1607 and later is incompatible with this USMT function.
 
@@ -237,96 +212,88 @@ There are three typical causes for this issue.
 
 1. With the user signed in, back up the Start layout using the following Windows PowerShell command. You can specify a different path if desired:
 
-    ```
+    ```powershell
     Export-StartLayout -Path "C:\Layout\user1.xml"
     ```
+
 2. Migrate the user's profile with USMT.
+
 3. Before the user signs in on the new device, import the Start layout using the following Windows PowerShell command:
 
-    ```
-    Import-StartLayout –LayoutPath "C:\Layout\user1.xml" –MountPath %systemdrive%
+    ```powershell
+    Import-StartLayout -LayoutPath "C:\Layout\user1.xml" -MountPath %systemdrive%
     ```
 
-This workaround changes the Default user's Start layout. The workaround does not scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout.
-
-## <a href="" id="bkmk-offline"></a>Offline Migration Problems
+This workaround changes the Default user's Start layout. The workaround doesn't scale to a mass migrations or multiuser devices, but it can potentially unblock some scenarios. If other users will sign on to the device, you should delete layoutmodification.xml from the Default user profile. Otherwise, all users who sign on to that device will use the imported Start layout.
 
+## Offline migration problems
 
 The following sections describe common offline migration problems. Expand the section to see recommended solutions.
 
-### Some of my system settings do not migrate in an offline migration.
+### Some of my system settings don't migrate in an offline migration
 
-**Cause:** Some system settings, such as desktop backgrounds and network printers, are not supported in an offline migration. For more information, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
+**Cause:** Some system settings, such as desktop backgrounds and network printers, aren't supported in an offline migration. For more information, see [What does USMT migrate?](usmt-what-does-usmt-migrate.md)
 
 **Resolution:** In an offline migration, these system settings must be restored manually.
 
-### The ScanState tool fails with return code 26.
+### The ScanState tool fails with return code 26
 
-**Cause:** A common cause of return code 26 is that a temp profile is active on the source computer. This profile maps to c:\\users\\temp. The ScanState log shows a MigStartupOfflineCaught exception that includes the message "User profile duplicate SID error".
+**Cause:** A common cause of return code 26 is that a temp profile is active on the source computer. This profile maps to c:\\users\\temp. The **ScanState** log shows a **MigStartupOfflineCaught** exception that includes the message **User profile duplicate SID error**.
 
-**Resolution:** You can reboot the computer to get rid of the temp profile or you can set MIG\_FAIL\_ON\_PROFILE\_ERROR=0 to skip the error and exclude the temp profile.
+**Resolution:** You can reboot the computer to get rid of the temp profile or you can set **MIG_FAIL_ON_PROFILE_ERROR=0** to skip the error and exclude the temp profile.
 
-### Include and Exclude rules for migrating user profiles do not work the same offline as they do online.
+### Include and Exclude rules for migrating user profiles don't work the same offline as they do online
 
-**Cause:** When offline, the DNS server cannot be queried to resolve the user name and SID mapping.
+**Cause:** When offline, the DNS server can't be queried to resolve the user name and SID mapping.
 
-**Resolution:** Use a Security Identifier (SID) to include a user when running the ScanState tool. For example:
+**Resolution:** Use a Security Identifier (SID) to include a user when running the **ScanState** tool. For example:
 
 ``` syntax
-Scanstate /ui:S1-5-21-124525095-708259637-1543119021*
+ScanState.exe /ui:S1-5-21-124525095-708259637-1543119021*
 ```
 
 The wild card (\*) at the end of the SID will migrate the *SID*\_Classes key as well.
 
-You can also use patterns for SIDs that identify generic users or groups. For example, you can use the */ue:\*-500* option to exclude the local administrator accounts. For more information about Windows SIDs, see [this Microsoft Web site](/troubleshoot/windows-server/identity/security-identifiers-in-windows).
+You can also use patterns for SIDs that identify generic users or groups. For example, you can use the `/ue:*-500` option to exclude the local administrator accounts. For more information about Windows SIDs, see [Security identifiers](/windows-server/identity/ad-ds/manage/understand-security-identifiers).
 
-### My script to wipe the disk fails after running the ScanState tool on a 64-bit system.
+### My script to wipe the disk fails after running the ScanState tool on a 64-bit system
 
-**Cause:** The HKLM registry hive is not unloaded after the ScanState tool has finished running.
+**Cause:** The HKLM registry hive isn't unloaded after the **ScanState** tool has finished running.
 
-**Resolution:** Reboot the computer or unload the registry hive at the command prompt after the ScanState tool has finished running. For example, at a command prompt, type:
+**Resolution:** Reboot the computer or unload the registry hive at the command prompt after the **ScanState** tool has finished running. For example, at a command prompt, enter:
 
 ``` syntax
 reg.exe unload hklm\$dest$software
 ```
 
-## <a href="" id="bkmk-hardlink"></a>Hard-Link Migration Problems
-
+## Hard-Link Migration Problems
 
 The following sections describe common hard-link migration problems. Expand the section to see recommended solutions.
 
-### EFS files are not restored to the new partition.
+### EFS files aren't restored to the new partition
 
-**Cause:** EFS files cannot be moved to a new partition with a hard link. The **/efs:hardlink** command-line option is only applicable to files migrated on the same partition.
+**Cause:** EFS files can't be moved to a new partition with a hard link. The `/efs:hardlink` command-line option is only applicable to files migrated on the same partition.
 
-**Resolution:** Use the **/efs:copyraw** command-line option to copy EFS files during the migration instead of creating hard links, or manually copy the EFS files from the hard-link store.
+**Resolution:** Use the `/efs:copyraw` command-line option to copy EFS files during the migration instead of creating hard links, or manually copy the EFS files from the hard-link store.
 
-### The ScanState tool cannot delete a previous hard-link migration store.
+### The ScanState tool can't delete a previous hard-link migration store
 
 **Cause:** The migration store contains hard links to locked files.
 
-**Resolution:** Use the UsmtUtils tool to delete the store or change the store name. For example, at a command prompt, type:
+**Resolution:** Use the UsmtUtils tool to delete the store or change the store name. For example, at a command prompt, enter:
 
 ``` syntax
-USMTutils /rd <storedir>
+UsmtUtils.exe /rd <storedir>
 ```
 
 You should also reboot the machine.
 
+## Related articles
 
+[User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md)
 
+[Frequently asked questions](usmt-faq.yml)
 
+[Return codes](usmt-return-codes.md)
 
-## Related topics
-
-
-[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
-
-[Frequently Asked Questions](usmt-faq.yml)
-
-[Return Codes](usmt-return-codes.md)
-
-[UsmtUtils Syntax](usmt-utilities.md)
-
- 
-
+[UsmtUtils syntax](usmt-utilities.md)
diff --git a/windows/deployment/usmt/usmt-common-migration-scenarios.md b/windows/deployment/usmt/usmt-common-migration-scenarios.md
index a7c5b2d143..4f68b4b46e 100644
--- a/windows/deployment/usmt/usmt-common-migration-scenarios.md
+++ b/windows/deployment/usmt/usmt-common-migration-scenarios.md
@@ -1,152 +1,110 @@
 ---
 title: Common Migration Scenarios (Windows 10)
-description: See how the User State Migration Tool (USMT) 10.0 is used when planning hardware and/or operating system upgrades.
+description: See how the User State Migration Tool (USMT) 10.0 is used when planning hardware and/or operating system upgrades.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Common Migration Scenarios
 
+You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred.
 
-You use the User State Migration Tool (USMT) 10.0 when hardware and/or operating system upgrades are planned for a large number of computers. USMT manages the migration of an end-user's digital identity by capturing the user's operating-system settings, application settings, and personal files from a source computer and reinstalling them on a destination computer after the upgrade has occurred.
-
-One common scenario when only the operating system, and not the hardware, is being upgraded is referred to as *PC refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system.
-
-## In this topic
-
-
-[PC Refresh](#bkmk-pcrefresh)
-
-[Scenario One: PC-refresh offline using Windows PE and a hard-link migration store](#bkmk-onepcrefresh)
-
-[Scenario Two: PC-refresh using a compressed migration store](#bkmk-twopcrefresh)
-
-[Scenario Three: PC-refresh using a hard-link migration store](#bkmk-threepcrefresh)
-
-[Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store](#bkmk-fourpcrefresh)
-
-[PC Replacement](#bkmk-pcreplace)
-
-[Scenario One: Offline migration using Windows PE and an external migration store](#bkmk-onepcreplace)
-
-[Scenario Two: Manual network migration](#bkmk-twopcreplace)
-
-[Scenario Three: Managed network migration](#bkmk-threepcreplace)
-
-## <a href="" id="bkmk-pcrefresh"></a>PC-Refresh
+One common scenario is when the operating system is upgraded on existing hardware without the hardware being replaced. This scenario is referred to as *PC-refresh*. A second common scenario is known as *PC replacement*, where one piece of hardware is being replaced, typically by newer hardware and a newer operating system.
 
+## PC-refresh
 
 The following diagram shows a PC-refresh migration, also known as a computer refresh migration. First, the administrator migrates the user state from a source computer to an intermediate store. After installing the operating system, the administrator migrates the user state back to the source computer.
 
- 
-
 ![usmt pc refresh scenario.](images/dep-win8-l-usmt-pcrefresh.jpg)
 
- 
+### Scenario One: PC-refresh offline using Windows PE and a hard-link migration store
 
-### <a href="" id="bkmk-onepcrefresh"></a>Scenario One: PC-refresh offline using Windows PE and a hard-link migration store
+A company has received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer.
 
-A company has just received funds to update the operating system on all of its computers in the accounting department to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, the update is being handled completely offline, without a network connection. An administrator uses Windows Preinstallation Environment (WinPE) and a hard-link migration store to save each user state to their respective computer.
+1. On each computer, the administrator boots the machine into WinPE and runs the **ScanState** command-line tool, specifying the `/hardlink /nocompress` command-line options. **ScanState** saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive.
 
-1.  On each computer, the administrator boots the machine into WinPE and runs the ScanState command-line tool, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
+2. On each computer, the administrator installs the company's standard operating environment (SOE) which includes Windows 10 and other company applications.
 
-2.  On each computer, the administrator installs the company's standard operating environment (SOE) which includes Windows 10 and other company applications.
+3. The administrator runs the **LoadState** command-line tool on each computer. **LoadState** restores each user state back to each computer.
 
-3.  The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back to each computer.
+### Scenario Two: PC-refresh using a compressed migration store
 
-### <a href="" id="bkmk-twopcrefresh"></a>Scenario Two: PC-refresh using a compressed migration store
+A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server.
 
-A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a compressed migration store to save the user states to a server.
+1. The administrator runs the **ScanState** command-line tool on each computer. **ScanState** saves each user state to a server.
 
-1.  The administrator runs the ScanState command-line tool on each computer. ScanState saves each user state to a server.
+2. On each computer, the administrator installs the company's standard SOE that includes Windows 10 and other company applications.
 
-2.  On each computer, the administrator installs the company's standard SOE which includes Windows 10 and other company applications.
+3. The administrator runs the **LoadState** command-line tool on each source computer, and **LoadState** restores each user state back to the computer.
 
-3.  The administrator runs the LoadState command-line tool on each source computer, and LoadState restores each user state back to the computer.
+### Scenario Three: PC-refresh using a hard-link migration store
 
-### <a href="" id="bkmk-threepcrefresh"></a>Scenario Three: PC-refresh using a hard-link migration store
+A company has received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer.
 
-A company has just received funds to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses a hard-link migration store to save each user state to their respective computer.
+1. The administrator runs the **ScanState** command-line tool on each computer, specifying the `/hardlink /nocompress` command-line options. **ScanState** saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic and minimizing migration failures on computers with limited space available on the hard drive.
 
-1.  The administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink /nocompress** command-line options. ScanState saves the user state to a hard-link migration store on each computer, improving performance by minimizing network traffic as well as minimizing migration failures on computers with very limited space available on the hard drive.
+2. On each computer, the administrator installs the company's SOE that includes Windows 10 and other company applications.
 
-2.  On each computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
+3. The administrator runs the **LoadState** command-line tool on each computer. **LoadState** restores each user state back on each computer.
 
-3.  The administrator runs the LoadState command-line tool on each computer. LoadState restores each user state back on each computer.
+### Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store
 
-### <a href="" id="bkmk-fourpcrefresh"></a>Scenario Four: PC-refresh using Windows.old folder and a hard-link migration store
+A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer.
 
-A company has decided to update the operating system on all of its computers to Windows 10. Each employee will keep the same computer, but the operating system on each computer will be updated. In this scenario, an administrator uses Windows.old and a hard-link migration store to save each user state to their respective computer.
+1. The administrator clean installs Windows 10 on each computer, making sure that the Windows.old directory is created by installing Windows 10 without formatting or repartitioning and by selecting a partition that contains the previous version of Windows.
 
-1.  The administrator clean installs Windows 10 on each computer, making sure that the Windows.old directory is created by installing Windows 10 without formatting or repartitioning and by selecting a partition that contains the previous version of Windows.
+2. On each computer, the administrator installs the company's SOE that includes company applications.
 
-2.  On each computer, the administrator installs the company's SOE which includes company applications.
-
-3.  The administrator runs the ScanState and LoadState command-line tools successively on each computer while specifying the **/hardlink /nocompress** command-line options.
-
-## <a href="" id="bkmk-pcreplace"></a>PC-Replacement
+3. The administrator runs the **ScanState** and **LoadState** command-line tools successively on each computer while specifying the `/hardlink /nocompress` command-line options.
 
+## PC-replacement
 
 The following diagram shows a PC-replacement migration. First, the administrator migrates the user state from the source computer to an intermediate store. After installing the operating system on the destination computer, the administrator migrates the user state from the store to the destination computer.
 
- 
-
 ![usmt pc replace scenario.](images/dep-win8-l-usmt-pcreplace.jpg)
 
- 
+### Scenario One: Offline migration using Windows PE and an external migration store
 
-### <a href="" id="bkmk-onepcreplace"></a>Scenario One: Offline migration using WinPE and an external migration store
+A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled offline, without a network connection.
 
-A company is allocating 20 new computers to users in the accounting department. The users each have a source computer with their files and settings. In this scenario, migration is being handled completely offline, without a network connection.
+1. On each source computer, an administrator boots the machine into WinPE and runs **ScanState** to collect the user state to either a server or an external hard disk.
 
-1.  On each source computer, an administrator boots the machine into WinPE and runs ScanState to collect the user state to either a server or an external hard disk.
+2. On each new computer, the administrator installs the company's SOE that includes Windows 10 and other company applications.
 
-2.  On each new computer, the administrator installs the company's SOE which includes Windows 10 and other company applications.
+3. On each of the new computers, the administrator runs the **LoadState** tool, restoring each user state from the migration store to one of the new computers.
 
-3.  On each of the new computers, the administrator runs the LoadState tool, restoring each user state from the migration store to one of the new computers.
+### Scenario Two: Manual network migration
 
-### <a href="" id="bkmk-twopcreplace"></a>Scenario Two: Manual network migration
+A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the **ScanState** tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store.
 
-A company receives 50 new laptops for their managers and needs to reallocate 50 older laptops to new employees. In this scenario, an administrator runs the ScanState tool from the cmd prompt on each computer to collect the user states and save them to a server in a compressed migration store.
+1. The administrator runs the **ScanState** tool on each of the manager's old laptops, and saves each user state to a server.
 
-1.  The administrator runs the ScanState tool on each of the manager's old laptops, and saves each user state to a server.
+2. On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
 
-2.  On the new laptops, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
+3. The administrator runs the **LoadState** tool on the new laptops to migrate the managers' user states to the appropriate computer. The new laptops are now ready for the managers to use.
 
-3.  The administrator runs the LoadState tool on the new laptops to migrate the managers' user states to the appropriate computer. The new laptops are now ready for the managers to use.
+4. On the old computers, the administrator installs the company's SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use.
 
-4.  On the old computers, the administrator installs the company's SOE, which includes Windows 10, Microsoft Office, and other company applications. The old computers are now ready for the new employees to use.
+### Scenario Three: Managed network migration
 
-### <a href="" id="bkmk-threepcreplace"></a>Scenario Three: Managed network migration
+A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a sign-in script or a batch file to run **ScanState** on each source computer to collect the user states and save them to a server in a compressed migration store.
 
-A company is allocating 20 new computers to users in the accounting department. The users each have a source computer that contains their files and settings. An administrator uses a management technology such as a logon script or a batch file to run ScanState on each source computer to collect the user states and save them to a server in a compressed migration store.
+1. On each source computer, the administrator runs the **ScanState** tool using Microsoft Configuration Manager, Microsoft Deployment Toolkit (MDT), a sign-in script, a batch file, or a non-Microsoft management technology. **ScanState** collects the user state from each source computer and then saves it to a server.
 
-1.  On each source computer, the administrator runs the ScanState tool using Microsoft Endpoint Configuration Manager, Microsoft Deployment Toolkit (MDT), a logon script, a batch file, or a non-Microsoft management technology. ScanState collects the user state from each source computer and then saves it to a server.
-
-2.  On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
-
-3.  On each of the new computers, the administrator runs the LoadState tool using Microsoft Endpoint Configuration Manager, a logon script, a batch file, or a non-Microsoft management technology. LoadState migrates each user state from the migration store to one of the new computers.
-
-## Related topics
-
-
-[Plan Your Migration](usmt-plan-your-migration.md)
-
-[Choose a Migration Store Type](usmt-choose-migration-store-type.md)
-
-[Offline Migration Reference](offline-migration-reference.md)
-
- 
-
- 
+2. On each new computer, the administrator installs the company's SOE, which includes Windows 10 and other company applications.
 
+3. On each of the new computers, the administrator runs the **LoadState** tool using Microsoft Configuration Manager, a sign-in script, a batch file, or a non-Microsoft management technology. **LoadState** migrates each user state from the migration store to one of the new computers.
 
+## Related articles
 
+[Plan your migration](usmt-plan-your-migration.md)
 
+[Choose a migration store type](usmt-choose-migration-store-type.md)
 
+[Offline migration reference](offline-migration-reference.md)
diff --git a/windows/deployment/usmt/usmt-configxml-file.md b/windows/deployment/usmt/usmt-configxml-file.md
index 55ce65391a..4d4f72d27c 100644
--- a/windows/deployment/usmt/usmt-configxml-file.md
+++ b/windows/deployment/usmt/usmt-configxml-file.md
@@ -1,88 +1,52 @@
 ---
 title: Config.xml File (Windows 10)
-description: Learn how the Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the /genconfig option with the ScanState.exe tool.
+description: Learn how the Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the /genconfig option with the ScanState.exe tool.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Config.xml File
 
-## Config.xml File
+The `Config.xml` file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the `/genconfig` option with the ScanState tool. If you want to include all of the default components, and don't want to change the default store-creation or profile-migration behavior, you don't need to create a `Config.xml` file.
 
-The Config.xml file is an optional User State Migration Tool (USMT) 10.0 file that you can create using the **/genconfig** option with the ScanState.exe tool. If you want to include all of the default components, and do not want to change the default store-creation or profile-migration behavior, you do not need to create a Config.xml file.
+However, if you're satisfied with the default migration behavior defined in the `MigApp.xml`, `MigUser.xml` and `MigDocs.xml` files, but you want to exclude certain components, you can create and modify a `Config.xml` file and leave the other .xml files unchanged. For example, you must create and modify the `Config.xml` file if you want to exclude any of the operating-system settings that are migrated. It's necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior.
 
-However, if you are satisfied with the default migration behavior defined in the MigApp.xml, MigUser.xml and MigDocs.xml files, but you want to exclude certain components, you can create and modify a Config.xml file and leave the other .xml files unchanged. For example, you must create and modify the Config.xml file if you want to exclude any of the operating-system settings that are migrated. It is necessary to create and modify this file if you want to change any of the default store-creation or profile-migration behavior.
+The `Config.xml` file has a different format than the other migration .xml files, because it doesn't contain any migration rules. It contains only a list of the operating-system components, applications, user documents that can be migrated, and user-profile policy and error-control policy. For this reason, excluding components using the `Config.xml` file is easier than modifying the migration .xml files, because you don't need to be familiar with the migration rules and syntax. However, you can't use wildcard characters in this file.
 
-The Config.xml file has a different format than the other migration .xml files, because it does not contain any migration rules. It contains only a list of the operating-system components, applications, user documents that can be migrated, as well as user-profile policy and error-control policy. For this reason, excluding components using the Config.xml file is easier than modifying the migration .xml files, because you do not need to be familiar with the migration rules and syntax. However, you cannot use wildcard characters in this file.
+For more information about using the `Config.xml` file with other migration files, such as the `MigDocs.xml` and `MigApps.xml` files, see [Understanding Migration XML Files](understanding-migration-xml-files.md).
 
-For more information about using the Config.xml file with other migration files, such as the MigDocs.xml and MigApps.xml files, see [Understanding Migration XML Files](understanding-migration-xml-files.md).
+> [!NOTE]
+> To exclude a component from the `Config.xml` file, set the **migrate** value to **no**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration.
 
-**Note**  
-To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration.
+## Migration Policies
 
-## In this topic
+In USMT there are new migration policies that can be configured in the `Config.xml` file. For example, you can configure additional **&lt;ErrorControl&gt;**, **&lt;ProfileControl&gt;**, and **&lt;HardLinkStoreControl&gt;** options. The following elements and parameters are for use in the `Config.xml` file only.
 
-In USMT there are new migration policies that can be configured in the Config.xml file. For example, you can configure additional **&lt;ErrorControl&gt;**, **&lt;ProfileControl&gt;**, and **&lt;HardLinkStoreControl&gt;** options. The following elements and parameters are for use in the Config.xml file only.
-
-[&lt;Policies&gt;](#bkmk-policies)
-
-[&lt;ErrorControl&gt;](#bkmk-errorcontrol)
-
-[&lt;fatal&gt;](#bkmk-fatal)
-
-[&lt;fileError&gt;](#bkmk-fileerror)
-
-[&lt;nonfatal&gt;](#bkmk-nonfatal)
-
-[&lt;registryError&gt;](#bkmk-registryerror)
-
-[&lt;HardLinkStoreControl&gt;](#bkmk-hardlinkstorecontrol)
-
-[&lt;fileLocked&gt;](#bkmk-filelock)
-
-[&lt;createHardLink&gt;](#bkmk-createhardlink)
-
-[&lt;errorHardLink&gt;](#bkmk-errorhardlink)
-
-[&lt;ProfileControl&gt;](#bkmk-profilecontrol)
-
-[&lt;localGroups&gt;](#bkmk-localgroups)
-
-[&lt;mappings&gt;](#bkmk-mappings)
-
-[&lt;changeGroup&gt;](#bkmk-changegrou)
-
-[&lt;include&gt;](#bkmk-include)
-
-[&lt;exclude&gt;](#bkmk-exclude)
-
-[Sample Config.xml File](#bkmk-sampleconfigxjmlfile)
-
-## <a href="" id="bkmk-policies"></a>&lt;Policies&gt;
+### &lt;Policies&gt;
 
 The **&lt;Policies&gt;** element contains elements that describe the policies that USMT follows while creating a migration store. Valid children of the **&lt;Policies&gt;** element are **&lt;ErrorControl&gt;** and **&lt;HardLinkStoreControl&gt;**. The **&lt;Policies&gt;** element is a child of **&lt;Configuration&gt;**.
 
-Syntax: `<Policies> </Policies>`
+Syntax: `<Policies>` `</Policies>`
 
-## <a href="" id="bkmk-errorcontrol"></a>&lt;ErrorControl&gt;
+### &lt;ErrorControl&gt;
 
-The **&lt;ErrorControl&gt;** element is an optional element you can configure in the Config.xml file. The configurable **&lt;ErrorControl&gt;** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character.
+The **&lt;ErrorControl&gt;** element is an optional element you can configure in the `Config.xml` file. The configurable **&lt;ErrorControl&gt;** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character.
 
--   **Number of occurrences**: Once for each component
+- **Number of occurrences**: Once for each component
 
--   **Parent elements**: The **&lt;Policies&gt;** element
+- **Parent elements**: The **&lt;Policies&gt;** element
 
--   **Child elements**: The **&lt;fileError&gt;** and **&lt;registryError&gt;** element
+- **Child elements**: The **&lt;fileError&gt;** and **&lt;registryError&gt;** element
 
-Syntax: `<ErrorControl></ErrorControl>`
+Syntax: `<ErrorControl>` `</ErrorControl>`
 
-The following example specifies that all locked files, regardless of their location (including files in C:\\Users), should be ignored. However, the migration fails if any file in C:\\Users cannot be accessed because of any other reason. In the example below, the **&lt;ErrorControl&gt;** element ignores any problems in migrating registry keys that match the supplied pattern, and it resolves them to an **Access denied** error.
+The following example specifies that all locked files, regardless of their location (including files in C:\\Users), should be ignored. However, the migration fails if any file in C:\\Users can't be accessed because of any other reason. In the example below, the **&lt;ErrorControl&gt;** element ignores any problems in migrating registry keys that match the supplied pattern, and it resolves them to an **Access denied** error.
 
 Additionally, the order in the **&lt;ErrorControl&gt;** section implies priority. In this example, the first **&lt;nonFatal&gt;** tag takes precedence over the second **&lt;fatal&gt;** tag. This precedence is applied, regardless of how many tags are listed.
 
@@ -101,17 +65,17 @@ Additionally, the order in the **&lt;ErrorControl&gt;** section implies priority
 > [!IMPORTANT]
 > The configurable **&lt;ErrorControl&gt;** rules support only the environment variables for the operating system that is running and the currently logged-on user. As a workaround, you can specify a path using the (\*) wildcard character.
 
-### <a href="" id="bkmk-fatal"></a>&lt;fatal&gt;
+### &lt;fatal&gt;
 
-The **&lt;fatal&gt;** element is not required.
+The **&lt;fatal&gt;** element isn't required.
 
--   **Number of occurrences**: Once for each component
+- **Number of occurrences**: Once for each component
 
--   **Parent elements**: **&lt;fileError&gt;** and **&lt;registryError&gt;**
+- **Parent elements**: **&lt;fileError&gt;** and **&lt;registryError&gt;**
 
--   **Child elements**: None.
+- **Child elements**: None.
 
-Syntax: `<fatal errorCode="any">`*&lt;pattern&gt;*`</fatal>`
+Syntax: `<fatal errorCode="any">` *&lt;pattern&gt;* `</fatal>`
 
 |Parameter|Required|Value|
 |--- |--- |--- |
@@ -119,74 +83,74 @@ Syntax: `<fatal errorCode="any">`*&lt;pattern&gt;*`</fatal>`
 
 You use the **&lt;fatal&gt;** element to specify that errors matching a specific pattern should cause USMT to halt the migration.
 
-## <a href="" id="bkmk-fileerror"></a>&lt;fileError&gt;
+### &lt;fileError&gt;
 
-The **&lt;fileError&gt;** element is not required.
+The **&lt;fileError&gt;** element isn't required.
 
--   **Number of occurrences**: Once for each component
+- **Number of occurrences**: Once for each component
 
--   **Parent elements**: **&lt;ErrorControl&gt;**
+- **Parent elements**: **&lt;ErrorControl&gt;**
 
--   **Child elements**: **&lt;nonFatal&gt;** and **&lt;fatal&gt;**
+- **Child elements**: **&lt;nonFatal&gt;** and **&lt;fatal&gt;**
 
-Syntax: `<fileError></fileError>`
+Syntax: `<fileError>` `</fileError>`
 
 You use the **&lt;fileError&gt;** element to represent the behavior associated with file errors.
 
-## <a href="" id="bkmk-nonfatal"></a>&lt;nonFatal&gt;
+### &lt;nonFatal&gt;
 
-The **&lt;nonFatal&gt;** element is not required.
+The **&lt;nonFatal&gt;** element isn't required.
 
--   **Number of occurrences**: Once for each component
+- **Number of occurrences**: Once for each component
 
--   **Parent elements**: The **&lt;fileError&gt;** and **&lt;registryError&gt;** elements.
+- **Parent elements**: The **&lt;fileError&gt;** and **&lt;registryError&gt;** elements.
 
--   **Child elements**: None.
+- **Child elements**: None.
 
-Syntax: `<nonfatal errorCode="any">`*&lt;pattern&gt;*`</nonFatal>`
+Syntax: `<nonfatal errorCode="any">` *&lt;pattern&gt;* `</nonFatal>`
 
 |Parameter|Required|Value|
 |--- |--- |--- |
-|**&lt;errorCode&gt;**|No|"any" or "*specify system error message here*". If system error messages are not specified, the default behavior applies the parameter to all system error messages.|
+|**&lt;errorCode&gt;**|No|"any" or "*specify system error message here*". If system error messages aren't specified, the default behavior applies the parameter to all system error messages.|
 
-You use the **&lt;nonFatal&gt;** element to specify that errors matching a specific pattern should not cause USMT to halt the migration.
+You use the **&lt;nonFatal&gt;** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration.
 
-## <a href="" id="bkmk-registryerror"></a>&lt;registryError&gt;
+### &lt;registryError&gt;
 
-The <strong>&lt;registryError&gt;</strong>element is not required.
+The **&lt;registryError&gt;** element isn't required.
 
--   **Number of occurrences**: Once for each component
+- **Number of occurrences**: Once for each component
 
--   **Parent elements**: **&lt;ErrorControl&gt;**
+- **Parent elements**: **&lt;ErrorControl&gt;**
 
--   **Child elements**: **&lt;nonfatal&gt;** and **&lt;fatal&gt;**
+- **Child elements**: **&lt;nonfatal&gt;** and **&lt;fatal&gt;**
 
-Syntax: `<registryError></registryError>`
+Syntax: `<registryError>` `</registryError>`
 
 |Parameter|Required|Value|
 |--- |--- |--- |
-|**&lt;errorCode&gt;**|No|"any" or "*specify system error message here*". If system error messages are not specified, the default behavior applies the parameter to all system error messages.|
+|**&lt;errorCode&gt;**|No|"any" or "*specify system error message here*". If system error messages aren't specified, the default behavior applies the parameter to all system error messages.|
 
-You use the **&lt;registryError&gt;** element to specify that errors matching a specific pattern should not cause USMT to halt the migration.
+You use the **&lt;registryError&gt;** element to specify that errors matching a specific pattern shouldn't cause USMT to halt the migration.
 
-## <a href="" id="bkmk-hardlinkstorecontrol"></a>&lt;HardLinkStoreControl&gt;
+### &lt;HardLinkStoreControl&gt;
 
 The **&lt;HardLinkStoreControl&gt;** element contains elements that describe how to handle files during the creation of a hard-link migration store. Its only valid child is **&lt;fileLocked&gt;**.
 
-Syntax: `<HardLinkStoreControl> </HardLinkStoreControl>`
+Syntax: `<HardLinkStoreControl>` `</HardLinkStoreControl>`
 
--   **Number of occurrences**: Once for each component
+- **Number of occurrences**: Once for each component
 
--   **Parent elements**: **&lt;Policies&gt;**
+- **Parent elements**: **&lt;Policies&gt;**
 
--   **Child elements**: **&lt;fileLocked&gt;**
+- **Child elements**: **&lt;fileLocked&gt;**
 
-Syntax: `<HardLinkStoreControl></HardLinkStoreControl>`
+Syntax: `<HardLinkStoreControl>` `</HardLinkStoreControl>`
 
-The **&lt;HardLinkStoreControl&gt;** sample code below specifies that hard links can be created to locked files only if the locked file resides somewhere under C:\\Users\\. Otherwise, a file-access error occurs when a locked file is encountered that cannot be copied, even though is technically possible for the link to be created.
+The **&lt;HardLinkStoreControl&gt;** sample code below specifies that hard links can be created to locked files only if the locked file resides somewhere under C:\\Users\\. Otherwise, a file-access error occurs when a locked file is encountered that can't be copied, even though is technically possible for the link to be created.
 
 > [!IMPORTANT]
-> The **&lt;ErrorControl&gt;** section can be configured to conditionally ignore file access errors, based on the file’s location.
+> The **&lt;ErrorControl&gt;** section can be configured to conditionally ignore file access errors, based on the file's location.
 
 ``` xml
 <Policy>
@@ -202,45 +166,45 @@ The **&lt;HardLinkStoreControl&gt;** sample code below specifies that hard links
 </Policy>
 ```
 
-## <a href="" id="bkmk-filelock"></a>&lt;fileLocked&gt;
+### &lt;fileLocked&gt;
 
 The **&lt;fileLocked&gt;** element contains elements that describe how to handle files that are locked for editing. The rules defined by the **&lt;fileLocked&gt;** element are processed in the order in which they appear in the XML file.
 
-Syntax: `<fileLocked></fileLocked>`
+Syntax: `<fileLocked>` `</fileLocked>`
 
-## <a href="" id="bkmk-createhardlink"></a>&lt;createHardLink&gt;
+### &lt;createHardLink&gt;
 
 The **&lt;createHardLink&gt;** element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application.
 
-Syntax: `<createHardLink>`*&lt;pattern&gt;*`</createHardLink>`
+Syntax: `<createHardLink>` *&lt;pattern&gt;* `</createHardLink>`
 
-## <a href="" id="bkmk-errorhardlink"></a>&lt;errorHardLink&gt;
+### &lt;errorHardLink&gt;
 
-The **&lt;errorHardLink&gt;** element defines a standard MigXML pattern that describes file paths where hard links should not be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that is not possible, **Error\_Locked** is thrown. This is a standard Windows application programming interface (API) error that can be captured by the **&lt;ErrorControl&gt;** section to either cause USMT to skip the file or abort the migration.
+The **&lt;errorHardLink&gt;** element defines a standard MigXML pattern that describes file paths where hard links shouldn't be created if the file is locked for editing by another application. USMT will attempt to copy files under these paths into the migration store. However, if that isn't possible, **Error\_Locked** is thrown. This error is a standard Windows application programming interface (API) error that can be captured by the **&lt;ErrorControl&gt;** section to either cause USMT to skip the file or abort the migration.
 
-Syntax: `<errorHardLink>`*&lt;pattern&gt;*`</errorHardLink>`
+Syntax: `<errorHardLink>` *&lt;pattern&gt;* `</errorHardLink>`
 
-## <a href="" id="bkmk-profilecontrol"></a>&lt;ProfileControl&gt;
+### &lt;ProfileControl&gt;
 
 This element is used to contain other elements that establish rules for migrating profiles, users, and policies around local group membership during the migration. **&lt;ProfileMigration&gt;** is a child of **&lt;Configuration&gt;**.
 
-Syntax: &lt;`ProfileControl> </ProfileControl>`
+Syntax: &lt;`ProfileControl>` `</ProfileControl>`
 
-## <a href="" id="bkmk-localgroups"></a>&lt;localGroups&gt;
+### &lt;localGroups&gt;
 
 This element is used to contain other elements that establish rules for how to migrate local groups. **&lt;localGroups&gt;** is a child of **&lt;ProfileControl&gt;**.
 
-Syntax: `<localGroups> </localGroups>`
+Syntax: `<localGroups>` `</localGroups>`
 
-## <a href="" id="bkmk-mappings"></a>&lt;mappings&gt;
+### &lt;mappings&gt;
 
 This element is used to contain other elements that establish mappings between groups.
 
-Syntax: `<mappings> </mappings>`
+Syntax: `<mappings>` `</mappings>`
 
-## <a href="" id="bkmk-changegrou"></a>&lt;changeGroup&gt;
+### &lt;changeGroup&gt;
 
-This element describes the source and destination groups for a local group membership change during the migration. It is a child of **&lt;localGroups&gt;**. The following parameters are defined:
+This element describes the source and destination groups for a local group membership change during the migration. It's a child of **&lt;localGroups&gt;**. The following parameters are defined:
 
 |Parameter|Required|Value|
 |--- |--- |--- |
@@ -250,23 +214,27 @@ This element describes the source and destination groups for a local group membe
 
 The valid and required children of **&lt;changeGroup&gt;** are **&lt;include&gt;** and **&lt;exclude&gt;**. Although both can be children at the same time, only one is required.
 
-Syntax: `<changeGroup From="Group1" To= "Group2"> </changeGroup>`
+Syntax: `<changeGroup From="Group1" To= "Group2">` `</changeGroup>`
 
-## <a href="" id="bkmk-include"></a>&lt;include&gt;
+### &lt;include&gt;
 
 This element specifies that its required child, *&lt;pattern&gt;*, should be included in the migration.
 
-Syntax: `<include>``</include>`
+Syntax: `<include>` `</include>`
 
-## <a href="" id="bkmk-exclude"></a>&lt;exclude&gt;
+### &lt;exclude&gt;
 
 This element specifies that its required child, *&lt;pattern&gt;*, should be excluded from the migration.
 
-Syntax: `<exclude>`` </exclude>`
+Syntax: `<exclude>` `</exclude>`
 
-## <a href="" id="bkmk-sampleconfigxjmlfile"></a>Sample Config.xml File
+## Sample Config.xml File
 
-Refer to the following sample Config.xml file for additional details about items you can choose to exclude from a migration.
+Refer to the following sample `Config.xml` file for more details about items you can choose to exclude from a migration.
+<br>
+<br>
+<details>
+  <summary>Expand for sample Config.xml file:</summary>
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -459,6 +427,8 @@ Refer to the following sample Config.xml file for additional details about items
 </Configuration>
 ```
 
-## Related topics
+</details>
 
-[USMT XML Reference](usmt-xml-reference.md)
+## Related articles
+
+[USMT XML reference](usmt-xml-reference.md)
diff --git a/windows/deployment/usmt/usmt-conflicts-and-precedence.md b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
index c14de7c5c9..d6433d0ca6 100644
--- a/windows/deployment/usmt/usmt-conflicts-and-precedence.md
+++ b/windows/deployment/usmt/usmt-conflicts-and-precedence.md
@@ -1,67 +1,41 @@
 ---
 title: Conflicts and Precedence (Windows 10)
-description: In this article, learn how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence.
+description: In this article, learn how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Conflicts and Precedence
+# Conflicts and precedence
 
-When you include, exclude, and reroute files and settings, it is important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind.
+When you include, exclude, and reroute files and settings, it's important to know how User State Migration Tool (USMT) 10.0 deals with conflicts and precedence. When working with USMT, the following are the most important conflicts and precedence guidelines to keep in mind.
 
--   **If there are conflicting rules within a component, the most specific rule is applied.** However, the &lt;unconditionalExclude&gt; rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting include and exclude rules?](#bkmk1) and the first example in [Include and exclude precedence examples](#precexamples)****later in this topic.
+- **If there are conflicting rules within a component, the most specific rule is applied.** However, the **&lt;unconditionalExclude&gt;** rule is an exception because it takes precedence over all others. Directory names take precedence over file extensions. For examples, see [What happens when there are conflicting &lt;include&gt; and &lt;exclude&gt; rules?](#what-happens-when-there-are-conflicting-include-and-exclude-rules) and the first example in [&lt;include&gt; and &lt;exclude&gt; rules precedence examples](#include-and-exclude-rules-precedence-examples) later in this article.
 
--   **Only rules inside the same component can affect each other, depending on specificity.** Rules that are in different components do not affect each other, except for the &lt;unconditionalExclude&gt; rule.
+- **Only rules inside the same component can affect each other, depending on specificity.** Rules that are in different components don't affect each other, except for the **&lt;unconditionalExclude&gt;** rule.
 
--   **If the rules are equally specific, &lt;exclude&gt; takes precedence over &lt;include&gt;.** For example, if you use the &lt;exclude&gt; rule to exclude a file and use the &lt;include&gt; rule to include the same file, the file will be excluded.
+- **If the rules are equally specific, &lt;exclude&gt; takes precedence over &lt;include&gt;.** For example, if you use the **&lt;exclude&gt;** rule to exclude a file and use the **&lt;include&gt;** rule to include the same file, the file will be excluded.
 
--   **The ordering of components does not matter.** It does not matter which components are listed in which .xml file, because each component is processed independently of the other components across all of the .xml files.
+- **The ordering of components does not matter.** It doesn't matter which components are listed in which .xml file, because each component is processed independently of the other components across all of the .xml files.
 
--   **The ordering of the &lt;include&gt; and &lt;exclude&gt; rules within a component does not matter.**
+- **The ordering of the &lt;include&gt; and &lt;exclude&gt; rules within a component does not matter.**
 
--   **You can use the &lt;unconditionalExclude&gt; element to globally exclude data.** This element excludes objects, regardless of any other &lt;include&gt; rules that are in the .xml files. For example, you can use the &lt;unconditionalExclude&gt; element to exclude all MP3 files on the computer or to exclude all files from C:\\UserData.
-
-## In this topic
-
-**General**
-
--   [What is the relationship between rules that are located within different components?](#bkmk2)
-
--   [How does precedence work with the Config.xml file?](#bkmk3)
-
--   [How does USMT process each component in an .xml file with multiple components?](#bkmk4)
-
--   [How are rules processed?](#bkmk5)
-
--   [How does USMT combine all of the .xml files that I specify on the command line?](#bkmk6)
-
-**The &lt;include&gt; and &lt;exclude&gt; rules**
-
--   [What happens when there are conflicting include and exclude rules?](#bkmk1)
-
--   [&lt;include&gt; and &lt;exclude&gt; precedence examples](#precexamples)
-
-**File collisions**
-
--   [What is the default behavior when there are file collisions?](#collisions)
-
--   [How does the &lt;merge&gt; rule work when there are file collisions?](#bkmk11)
+- **You can use the &lt;unconditionalExclude&gt; element to globally exclude data.** This element excludes objects, regardless of any other **&lt;include&gt;** rules that are in the .xml files. For example, you can use the **&lt;unconditionalExclude&gt;** element to exclude all MP3 files on the computer or to exclude all files from `C:\UserData`.
 
 ## General
 
-### <a href="" id="bkmk2"></a>What is the relationship between rules that are located within different components?
+### What is the relationship between rules that are located within different components?
 
-Only rules inside the same component can affect each other, depending on specificity, except for the &lt;unconditionalExclude&gt; rule. Rules that are in different components do not affect each other. If there is an &lt;include&gt; rule in one component and an identical &lt;exclude&gt; rule in another component, the data will be migrated because the two rules are independent of each other.
+Only rules inside the same component can affect each other, depending on specificity, except for the **&lt;unconditionalExclude&gt;** rule. Rules that are in different components don't affect each other. If there's an **&lt;include&gt;** rule in one component and an identical **&lt;exclude&gt;** rule in another component, the data will be migrated because the two rules are independent of each other.
 
-If you have an &lt;include&gt; rule in one component and a &lt;locationModify&gt; rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the &lt;include&gt; rule, and it will be migrated based on the &lt;locationModify&gt; rule.
+If you have an **&lt;include&gt;** rule in one component and a **&lt;locationModify&gt;** rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the **&lt;include&gt;** rule, and it will be migrated based on the **&lt;locationModify&gt;** rule.
 
-The following .xml file migrates all files from C:\\Userdocs, including .mp3 files, because the &lt;exclude&gt; rule is specified in a separate component.
+The following .xml file migrates all files from C:\\Userdocs, including .mp3 files, because the **&lt;exclude&gt;** rule is specified in a separate component.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/UserDocs">
@@ -93,9 +67,9 @@ The following .xml file migrates all files from C:\\Userdocs, including .mp3 fil
 </migration>
 ```
 
-### <a href="" id="bkmk3"></a>How does precedence work with the Config.xml file?
+### How does precedence work with the Config.xml file?
 
-Specifying `migrate="no"` in the Config.xml file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded.
+Specifying `migrate="no"` in the `Config.xml` file is the same as deleting the corresponding component from the migration .xml file. However, if you set `migrate="no"` for My Documents, but you have a rule similar to the one shown below in a migration .xml file (which includes all of the .doc files from My Documents), then only the .doc files will be migrated, and all other files will be excluded.
 
 ``` xml
 <include>
@@ -105,29 +79,29 @@ Specifying `migrate="no"` in the Config.xml file is the same as deleting the cor
 </include> 
 ```
 
-### <a href="" id="bkmk4"></a>How does USMT process each component in an .xml file with multiple components?
+### How does USMT process each component in an .xml file with multiple components?
 
-The ordering of components does not matter. Each component is processed independently of other components. For example, if you have an &lt;include&gt; rule in one component and a &lt;locationModify&gt; rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the &lt;include&gt; rule, and it will be migrated based on the &lt;locationModify&gt; rule.
+The ordering of components doesn't matter. Each component is processed independently of other components. For example, if you have an **&lt;include&gt;** rule in one component and a **&lt;locationModify&gt;** rule in another component for the same file, the file will be migrated in both places. That is, it will be included based on the **&lt;include&gt;** rule, and it will be migrated based on the **&lt;locationModify&gt;** rule.
 
-### <a href="" id="bkmk5"></a>How are rules processed?
+### How are rules processed?
 
 There are two broad categories of rules.
 
--   **Rules that affect the behavior of both the ScanState and LoadState tools**. For example, the &lt;include&gt;, &lt;exclude&gt;, and &lt;unconditionalExclude&gt; rules are processed for each component in the .xml files. For each component, USMT creates an include list and an exclude list. Some of the rules in the component might be discarded due to specificity, but all of the remaining rules are processed. For each &lt;include&gt; rule, USMT iterates through the elements to see if any of the locations need to be excluded. USMT enumerates all of the objects and creates a list of objects it is going to collect for each user. Once the list is complete, each of the objects is stored or migrated to the destination computer.
+- **Rules that affect the behavior of both the ScanState and LoadState tools**. For example, the **&lt;include&gt;**, **&lt;exclude&gt;**, and **&lt;unconditionalExclude&gt;** rules are processed for each component in the .xml files. For each component, USMT creates an include list and an exclude list. Some of the rules in the component might be discarded due to specificity, but all of the remaining rules are processed. For each **&lt;include&gt;** rule, USMT iterates through the elements to see if any of the locations need to be excluded. USMT enumerates all of the objects and creates a list of objects it's going to collect for each user. Once the list is complete, each of the objects is stored or migrated to the destination computer.
 
--   **Rules that affect the behavior of only the LoadState tool**. For example, the &lt;locationModify&gt;, &lt;contentModify&gt;, and &lt;destinationCleanup&gt; rules do not affect ScanState. They are processed only with LoadState. First, the LoadState tool determines the content and location of each component based on the &lt;locationModify&gt;and &lt;contentModify&gt; rules. Then, LoadState processes all of the &lt;destinationCleanup&gt; rules and deletes data from the destination computer. Lastly, LoadState applies the components to the computer.
+- **Rules that affect the behavior of only the LoadState tool**. For example, the **&lt;locationModify&gt;**, **&lt;contentModify&gt;**, and **&lt;destinationCleanup&gt;** rules don't affect ScanState. They're processed only with LoadState. First, the LoadState tool determines the content and location of each component based on the **&lt;locationModify&gt;** and **&lt;contentModify&gt;** rules. Then, LoadState processes all of the **&lt;destinationCleanup&gt;** rules and deletes data from the destination computer. Lastly, LoadState applies the components to the computer.
 
-### <a href="" id="bkmk6"></a>How does USMT combine all of the .xml files that I specify on the command line?
+### How does USMT combine all of the .xml files that I specify on the command line?
 
-USMT does not distinguish the .xml files based on their name or content. It processes each component within the files separately. USMT supports multiple .xml files only to make it easier to maintain and organize the components within them. Because USMT uses a urlid to distinguish each component from the others, be sure that each .xml file that you specify on the command line has a unique migration urlid.
+USMT doesn't distinguish the .xml files based on their name or content. It processes each component within the files separately. USMT supports multiple .xml files only to make it easier to maintain and organize the components within them. Because USMT uses a urlid to distinguish each component from the others, be sure that each .xml file that you specify on the command line has a unique migration urlid.
 
-## <a href="" id="the--include--and--exclude--rules"></a>The &lt;include&gt; and &lt;exclude&gt; rules
+## The &lt;include&gt; and &lt;exclude&gt; rules
 
-### <a href="" id="bkmk1"></a>What happens when there are conflicting &lt;include&gt; and &lt;exclude&gt; rules?
+### What happens when there are conflicting &lt;include&gt; and &lt;exclude&gt; rules?
 
-If there are conflicting rules within a component, the most specific rule is applied, except with the &lt;unconditionalExclude&gt; rule, which takes precedence over all other rules. If the rules are equally specific, then the data will be not be migrated. For example if you exclude a file, and include the same file, the file will not be migrated. If there are conflicting rules within different components, the rules do not affect each other because each component is processed independently.
+If there are conflicting rules within a component, the most specific rule is applied, except with the **&lt;unconditionalExclude&gt;** rule, which takes precedence over all other rules. If the rules are equally specific, then the data won't be migrated. For example if you exclude a file, and include the same file, the file won't be migrated. If there are conflicting rules within different components, the rules don't affect each other because each component is processed independently.
 
-In the following example, mp3 files will not be excluded from the migration. This is because directory names take precedence over the file extensions.
+In the following example, mp3 files won't be excluded from the migration. The mp3 files won't be excluded because directory names take precedence over the file extensions.
 
 ``` xml
 <include>
@@ -142,68 +116,68 @@ In the following example, mp3 files will not be excluded from the migration. Thi
 </exclude>  
 ```
 
-### <a href="" id="precexamples"></a>&lt;include&gt; and &lt;exclude&gt; rules precedence examples
+### &lt;include&gt; and &lt;exclude&gt; rules precedence examples
 
-These examples explain how USMT deals with &lt;include&gt; and &lt;exclude&gt; rules. When the rules are in different components, the resulting behavior will be the same regardless of whether the components are in the same or in different migration .xml files.
+These examples explain how USMT deals with **&lt;include&gt;** and **&lt;exclude&gt;** rules. When the rules are in different components, the resulting behavior will be the same regardless of whether the components are in the same or in different migration .xml files.
 
--   [Including and excluding files](#filesex)
+- [Including and excluding files](#including-and-excluding-files)
 
--   [Including and excluding registry objects](#regex)
+- [Including and excluding registry objects](#including-and-excluding-registry-objects)
 
-### <a href="" id="filesex"></a>Including and excluding files
+### Including and excluding files
 
 | If you have the following code in the same component | Resulting behavior | Explanation |
 |-----|-----|-----|
-| <ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1* []&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:* [.txt]&lt;/pattern&gt;</li></ul> | Migrates all files and subfolders in Dir1 (including all .txt files in C:). | The &lt;exclude&gt; rule does not affect the migration because the &lt;include&gt; rule is more specific. |
+| <ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1* []&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:* [.txt]&lt;/pattern&gt;</li></ul> | Migrates all files and subfolders in Dir1 (including all .txt files in C:). | The **&lt;exclude&gt;** rule doesn't affect the migration because the **&lt;include&gt;** rule is more specific. |
 | <ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1* []&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\Dir2* [.txt]&lt;/pattern&gt;</li></ul> | Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1\Dir2 and its subfolders. | Both rules are processed as intended. |
 | <ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1* []&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\ * [.txt]&lt;/pattern&gt;</li></ul> | Migrates all files and subfolders in C:\Dir1, except the .txt files in C:\Dir1 and its subfolders. | Both rules are processed as intended. |
-| <ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\Dir2* [.txt]&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\Dir2* [.txt]&lt;/pattern&gt;</li></ul> | Nothing will be migrated. | The rules are equally specific, so the &lt;exclude&gt; rule takes precedence over the &lt;include&gt; rule. |
+| <ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\Dir2* [.txt]&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\Dir2* [.txt]&lt;/pattern&gt;</li></ul> | Nothing will be migrated. | The rules are equally specific, so the **&lt;exclude&gt;** rule takes precedence over the **&lt;include&gt;** rule. |
 | <ul><li>Include rule: C:\Dir1* [.txt]</li><li>Exclude rule: C:\Dir1\Dir2* []</li></ul> | Migrates the .txt files in Dir1 and the .txt files from subfolders other than Dir2. <br/>No files are migrated from Dir2 or its subfolders. | Both rules are processed as intended. |
 | <ul><li>Include rule: C:\Dir1\Dir2* []</li><li>Exclude rule: C:\Dir1* [.txt]</li></ul> | Migrates all files and subfolders of Dir2, except the .txt files from Dir1 and any subfolders of Dir1 (including Dir2). | Both rules are processed as intended. |
 
 | If you have the following code in different components | Resulting behavior | Explanation |
 |-----|----|----|
-| Component 1:<ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1* []&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\Dir2* [.txt]&lt;/pattern&gt;</li></ul> <br/>Component 2:<ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\Dir2* [.txt]&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1* []&lt;/pattern&gt;</li></ul> | Migrates all files and subfolders of C:\Dir1\ (including C:\Dir1\Dir2). | Rules that are in different components do not affect each other, except for the &lt;unconditionalExclude&gt; rule. Therefore, in this example, although some .txt files were excluded when Component 1 was processed, they were included when Component 2 was processed. |
+| Component 1:<ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1* []&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\Dir2* [.txt]&lt;/pattern&gt;</li></ul> <br/>Component 2:<ul><li>Include rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1\Dir2* [.txt]&lt;/pattern&gt;</li><li>Exclude rule: &lt;pattern type=&quot;File&quot;&gt;C:\Dir1* []&lt;/pattern&gt;</li></ul> | Migrates all files and subfolders of C:\Dir1\ (including C:\Dir1\Dir2). | Rules that are in different components don't affect each other, except for the **&lt;unconditionalExclude&gt;** rule. Therefore, in this example, although some .txt files were excluded when Component 1 was processed, they were included when Component 2 was processed. |
 | Component 1:<ul><li>Include rule: C:\Dir1\Dir2* []</li></ul> <br/>Component 2:<ul><li>Exclude rule: C:\Dir1* [.txt]</li></ul> | Migrates all files and subfolders from Dir2 except the .txt files in C:\Dir1 and its subfolders. | Both rules are processed as intended. |
-| Component 1:<ul><li>Exclude rule: C:\Dir1\Dir2* []</li></ul> <br/>Component 2:<ul><li>Include rule: C:\Dir1* [.txt]</li></ul> | Migrates all .txt files in Dir1 and any subfolders. | Component 1 does not contain an &lt;include&gt; rule, so the &lt;exclude&gt; rule is not processed. |
+| Component 1:<ul><li>Exclude rule: C:\Dir1\Dir2* []</li></ul> <br/>Component 2:<ul><li>Include rule: C:\Dir1* [.txt]</li></ul> | Migrates all .txt files in Dir1 and any subfolders. | Component 1 doesn't contain an **&lt;include&gt;** rule, so the **&lt;exclude&gt;** rule isn't processed. |
 
-### <a href="" id="regex"></a>Including and excluding registry objects
+### Including and excluding registry objects
 
 | If you have the following code in the same component | Resulting behavior | Explanation |
 |-----|-----|-----|
 | <ul><li>Include rule: <br/>HKLM\Software\Microsoft\Command Processor* []</li><li>Exclude Rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li></ul> | Migrates all keys in HKLM\Software\Microsoft\Command Processor except DefaultColor. | Both rules are processed as intended. |
-| <ul><li>Include rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li><li>Exclude Rule: <br/>HKLM\Software\Microsoft\Command Processor* []</li></ul> | Migrates only DefaultColor in HKLM\Software\Microsoft\Command Processor. | DefaultColor is migrated because the &lt;include&gt; rule is more specific than the &lt;exclude&gt; rule. |
-| <ul><li>Include rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li><li>Exclude rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li></ul> | Does not migrate DefaultColor. | The rules are equally specific, so the &lt;exclude&gt; rule takes precedence over the &lt;include&gt; rule. |
+| <ul><li>Include rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li><li>Exclude Rule: <br/>HKLM\Software\Microsoft\Command Processor* []</li></ul> | Migrates only DefaultColor in HKLM\Software\Microsoft\Command Processor. | DefaultColor is migrated because the **&lt;include&gt;** rule is more specific than the **&lt;exclude&gt;** rule. |
+| <ul><li>Include rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li><li>Exclude rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li></ul> | Doesn't migrate DefaultColor. | The rules are equally specific, so the **&lt;exclude&gt;** rule takes precedence over the &lt;include&gt; rule. |
 
 | If you have the following code in different components | Resulting behavior | Explanation |
 |-----|-----|-----|
-| Component 1:<ul><li>Include rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li><li>Exclude rule: <br/>HKLM\Software\Microsoft\Command Processor* []</li></ul> <br/>Component 2:<ul><li>Include rule: <br/>HKLM\Software\Microsoft\Command Processor* []</li><li>Exclude rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li></ul> | Migrates all the keys/values under HKLM\Software\Microsoft\Command Processor. | Rules that are in different components do not affect each other, except for the &lt;unconditionalExclude&gt; rule. Therefore, in this example, the objects that were excluded when Component 1 was processed were included when Component 2 was processed. |
+| Component 1:<ul><li>Include rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li><li>Exclude rule: <br/>HKLM\Software\Microsoft\Command Processor* []</li></ul> <br/>Component 2:<ul><li>Include rule: <br/>HKLM\Software\Microsoft\Command Processor* []</li><li>Exclude rule: <br/>HKLM\Software\Microsoft\Command Processor [DefaultColor]</li></ul> | Migrates all the keys/values under HKLM\Software\Microsoft\Command Processor. | Rules that are in different components don't affect each other, except for the **&lt;unconditionalExclude&gt;** rule. Therefore, in this example, the objects that were excluded when Component 1 was processed were included when Component 2 was processed. |
 
 ## File collisions
 
-### <a href="" id="collisions"></a>What is the default behavior when there are file collisions?
+### What is the default behavior when there are file collisions?
 
-If there is not a &lt;merge&gt; rule, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally: for example, OriginalFileName(1).OriginalExtension, OriginalFileName(2).OriginalExtension, and so on.
+If there isn't a **&lt;merge&gt;** rule, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally: for example, OriginalFileName(1).OriginalExtension, OriginalFileName(2).OriginalExtension, and so on.
 
-### <a href="" id="bkmk11"></a>How does the &lt;merge&gt; rule work when there are file collisions?
+### How does the &lt;merge&gt; rule work when there are file collisions?
 
-When a collision is detected, USMT will select the most specific &lt;merge&gt; rule and apply it to resolve the conflict. For example, if you have a &lt;merge&gt; rule for C:\\\* \[\*\] set to **sourcePriority()** and another &lt;merge&gt; rule for C:\\subfolder\\\* \[\*\] set to **destinationPriority()** , then USMT uses the destinationPriority() rule because it is the most specific.
+When a collision is detected, USMT will select the most specific **&lt;merge&gt;** rule and apply it to resolve the conflict. For example, if you have a **&lt;merge&gt;** rule for **C:\\\* \[\*\]** set to **sourcePriority()** and another **&lt;merge&gt;** rule for **C:\\subfolder\\\* \[\*\]** set to **destinationPriority()** , then USMT uses the **destinationPriority()** rule because it's the most specific.
 
 ### Example scenario
 
 The source computer contains the following files:
 
--   C:\\Data\\SampleA.txt
+- `C:\Data\SampleA.txt`
 
--   C:\\Data\\SampleB.txt
+- `C:\Data\SampleB.txt`
 
--   C:\\Data\\Folder\\SampleB.txt
+- `C:\Data\Folder\SampleB.txt`
 
 The destination computer contains the following files:
 
--   C:\\Data\\SampleB.txt
+- `C:\Data\SampleB.txt`
 
--   C:\\Data\\Folder\\SampleB.txt
+- `C:\Data\SampleB.txt`
 
 You have a custom .xml file that contains the following code:
 
@@ -217,7 +191,7 @@ You have a custom .xml file that contains the following code:
 
 For this example, the following information describes the resulting behavior if you add the code to your custom .xml file.
 
-**Example 1**
+#### Example 1
 
 ```xml
 <merge script="MigXmlHelper.DestinationPriority()">
@@ -227,9 +201,9 @@ For this example, the following information describes the resulting behavior if
 </merge>
 ```
 
-**Result**: During ScanState, all the files will be added to the store. During LoadState, only C:\Data\SampleA.txt will be restored.
+**Result**: During ScanState, all the files will be added to the store. During LoadState, only `C:\Data\SampleA.txt` will be restored.
 
-**Example 2**
+#### Example 2
 
 ```xml
 <merge script="MigXmlHelper.SourcePriority()">
@@ -242,7 +216,7 @@ For this example, the following information describes the resulting behavior if
 **Result**: During ScanState, all the files will be added to the store.
 During LoadState, all the files will be restored, overwriting the existing files on the destination computer.
 
-**Example 3**
+#### Example 3
 
 ```xml
 <merge script="MigXmlHelper.SourcePriority()">
@@ -252,12 +226,12 @@ During LoadState, all the files will be restored, overwriting the existing files
 </merge>
 ```
 
-**Result**: During ScanState, all the files will be added to the store. During LoadState, the following will occur:
+**Result**: During ScanState, all the files will be added to the store. During LoadState, the following actions will occur:
 
-- C:\Data\SampleA.txt will be restored.
-- C:\Data\SampleB.txt will be restored, overwriting the existing file on the destination computer.
-- C:\Data\Folder\SampleB.txt will not be restored.
+- `C:\Data\SampleA.txt` will be restored.
+- `C:\Data\SampleB.txt` will be restored, overwriting the existing file on the destination computer.
+- `C:\Data\Folder\SampleB.txt` won't be restored.
 
-## Related topics
+## Related articles
 
-[USMT XML Reference](usmt-xml-reference.md)
+[USMT XML reference](usmt-xml-reference.md)
diff --git a/windows/deployment/usmt/usmt-custom-xml-examples.md b/windows/deployment/usmt/usmt-custom-xml-examples.md
index 5531154de7..40514b888a 100644
--- a/windows/deployment/usmt/usmt-custom-xml-examples.md
+++ b/windows/deployment/usmt/usmt-custom-xml-examples.md
@@ -2,19 +2,25 @@
 title: Custom XML Examples (Windows 10)
 description: Use custom XML examples to learn how to migrate an unsupported application, migrate files and registry keys, and migrate the My Videos folder.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 11/01/2022
 ---
 
 # Custom XML Examples
 
-## <a href="" id="example"></a>Example 1: Migrating an Unsupported Application
+## Example 1: Migrating an unsupported application
 
-The following is a template for the sections that you need to migrate your application. The template isn't functional on its own, but you can use it to write your own .xml file.
+The following template is a template for the sections that you need to migrate your application. The template isn't functional on its own, but you can use it to write your own .xml file.
+
+**Template**
+<br>
+<details>
+  <summary>Expand to show <b>Example 1</b> application template:</summary>
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/migtestapp">
@@ -80,25 +86,30 @@ The following is a template for the sections that you need to migrate your appli
 </migration>
 ```
 
-## <a href="" id="example2"></a>Example 2: Migrating the My Videos Folder
+</details>
 
-The following sample is a custom .xml file named CustomFile.xml that migrates My Videos for all users, if the folder exists on the source computer.
+## Example 2: Migrating the My Videos folder
 
-- **Sample condition**: Verifies that My Videos exists on the source computer:
+The following sample is a custom .xml file named `CustomFile.xml` that migrates **My Videos** for all users, if the folder exists on the source computer.
+
+- **Sample condition**: Verifies that **My Videos** exists on the source computer:
 
   `<condition>MigXmlHelper.DoesObjectExist("File","%CSIDL_MYVIDEO%")</condition>`
 
-- **Sample filter**: Filters out the shortcuts in My Videos that don't resolve on the destination computer:
+- **Sample filter**: Filters out the shortcuts in **My Videos** that don't resolve on the destination computer:
 
   `<include filter='MigXmlHelper.IgnoreIrrelevantLinks()'>`
 
-  This has no effect on files that aren't shortcuts. For example, if there's a shortcut in My Videos on the source computer that points to C:\Folder1, that shortcut will be migrated only if C:\Folder1 exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering.
+  This filter has no effect on files that aren't shortcuts. For example, if there's a shortcut in **My Videos** on the source computer that points to `C:\Folder1`, that shortcut will be migrated only if `C:\Folder1` exists on the destination computer. However, all other files, such as .mp3 files, migrate without any filtering.
 
-- **Sample pattern**: Migrates My Videos for all users:
+- **Sample pattern**: Migrates **My Videos** for all users:
 
   `<pattern type="File">%CSIDL_MYVIDEO%* [*]</pattern>`
 
 **XML file**
+<br>
+<details>
+  <summary>Expand to show <b>Example 2</b> XML file:</summary>
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -123,11 +134,13 @@ The following sample is a custom .xml file named CustomFile.xml that migrates My
 </migration>
 ```
 
-## <a href="" id="example3"></a>Example 3: Migrating Files and Registry Keys
+</details>
+
+## Example 3: Migrating files and registry keys
 
 The sample patterns describe the behavior in the following example .xml file.
 
-- **Sample pattern**: Migrates all instances of the file Usmttestfile.txt from all subdirectories under `%ProgramFiles%\USMTTestFolder`:
+- **Sample pattern**: Migrates all instances of the file `Usmttestfile.txt` from all subdirectories under `%ProgramFiles%\USMTTestFolder`:
 
   `<pattern type="File">%ProgramFiles%\USMTTestFolder* [USMTTestFile.txt]</pattern>`
 
@@ -144,6 +157,9 @@ The sample patterns describe the behavior in the following example .xml file.
   `<pattern type="Registry">HKLM\Software\USMTTESTKEY* []</pattern>`
 
 **XML file**
+<br>
+<details>
+  <summary>Expand to show <b>Example 3</b> XML file:</summary>
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/testfilemig">
@@ -176,11 +192,17 @@ The sample patterns describe the behavior in the following example .xml file.
 </migration>
 ```
 
-## <a href="" id="example4"></a>Example 4: Migrating Specific Folders from Various Locations
+</details>
 
+## Example 4: Migrating specific folders from various locations
 
 The behavior for this custom .xml file is described within the `<displayName>` tags in the code.
 
+**XML file**
+<br>
+<details>
+  <summary>Expand to show <b>Example 4</b> XML file:</summary>
+
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
 
@@ -250,8 +272,10 @@ The behavior for this custom .xml file is described within the `<displayName>` t
 </migration>
 ```
 
-## Related topics
+</details>
 
-[USMT XML Reference](usmt-xml-reference.md)
+## Related articles
 
-[Customize USMT XML Files](usmt-customize-xml-files.md)
+[USMT XML reference](usmt-xml-reference.md)
+
+[Customize USMT XML files](usmt-customize-xml-files.md)
diff --git a/windows/deployment/usmt/usmt-customize-xml-files.md b/windows/deployment/usmt/usmt-customize-xml-files.md
index 9092cef4af..9b4a91454c 100644
--- a/windows/deployment/usmt/usmt-customize-xml-files.md
+++ b/windows/deployment/usmt/usmt-customize-xml-files.md
@@ -2,135 +2,102 @@
 title: Customize USMT XML Files (Windows 10)
 description: Learn how to customize USMT XML files. Also, learn about the migration XML files that are included with USMT.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Customize USMT XML Files
+# Customize USMT XML files
 
+## Overview
 
-## In This Topic
+If you want the ScanState and LoadState tools to use any of the migration .xml files, specify these files at the command line using the `/i` option. Because the ScanState and LoadState tools need the .xml files to control the migration, specify the same set of .xml files for both the `ScanState.exe` and `LoadState.exe` commands. However, you don't have to specify the `Config.xml` file with the `/config` option, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store but not to the destination computer. To achieve this scenario, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. Then the `LoadState.exe` command will migrate only the files and settings that you want to migrate.
 
+If you leave out an .xml file from the `LoadState.exe` command, all of the data in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified with the `ScanState.exe` command won't apply. For example, if you leave out an .xml file, and it contains a rerouting rule such as:
 
-[Overview](#bkmk-overview)
+`MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`
 
-[Migration .xml Files](#bkmk-migxml)
-
-[Custom .xml Files](#bkmk-customxmlfiles)
-
-[The Config.xml File](#bkmk-configxml)
-
-[Examples](#bkmk-examples)
-
-[Additional Information](#bkmk-addlinfo)
-
-## <a href="" id="bkmk-overview"></a>Overview
-
-
-If you want the **ScanState** and **LoadState** tools to use any of the migration .xml files, specify these files at the command line using the **/i** option. Because the **ScanState** and **LoadState** tools need the .xml files to control the migration, specify the same set of .xml files for both the **ScanState** and **LoadState** commands. However, you do not have to specify the Config.xml file with the **/config** option, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store but not to the destination computer. To do this, modify the Config.xml file and specify the updated file with the **LoadState** command. Then the **LoadState** command will migrate only the files and settings that you want to migrate.
-
-If you leave out an .xml file from the **LoadState** command, all of the data in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified with the **ScanState** command will not apply. For example, if you leave out an .xml file, and it contains a rerouting rule such as: `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files, and they will be migrated to C:\\data.
+USMT won't reroute the files, and they'll be migrated to `C:\data`.
 
 To modify the migration, do one or more of the following.
 
--   **Modify the migration .xml files.** If you want to exclude a portion of a component—for example, you want to migrate C:\\ but exclude all of the .mp3 files—or if you want to move data to a new location on the destination computer, modify the .xml files. To modify these files, you must be familiar with the migration rules and syntax. If you want **ScanState** and **LoadState** to use these files, specify them at the command line when each command is entered.
+- **Modify the migration .xml files.** If you want to exclude a portion of a component, for example, you want to migrate C:\\ but exclude all of the .mp3 files, or if you want to move data to a new location on the destination computer, modify the .xml files. To modify these files, you must be familiar with the migration rules and syntax. If you want ScanState and LoadState to use these files, specify them at the command line when each command is entered.
 
--   **Create a custom .xml file.** You can also create a custom .xml file to migrate settings for another application, or to change the migration behavior to suit your needs. For **ScanState** and **LoadState** to use this file, specify them on both command lines.
+- **Create a custom .xml file.** You can also create a custom .xml file to migrate settings for another application, or to change the migration behavior to suit your needs. For ScanState and LoadState to use this file, specify them on both command lines.
 
--   **Create and modify a Config.xml file.** Do this if you want to exclude an entire component from the migration. For example, you can use a Config.xml file to exclude the entire My Documents folder, or exclude the settings for an application. Excluding components using a Config.xml file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax. In addition, using a Config.xml file is the only way to exclude the operating system settings from being migrated.
+- **Create and modify a Config.xml file.** Create and modify a `Config.xml` file if you want to exclude an entire component from the migration. For example, you can use a `Config.xml` file to exclude the entire My Documents folder, or exclude the settings for an application. Excluding components using a `Config.xml` file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. In addition, using a `Config.xml` file is the only way to exclude the operating system settings from being migrated.
 
-For more information about excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) topic.
+For more information about excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) article.
 
-## <a href="" id="bkmk-migxml"></a>Migration .xml Files
+## Migration .xml files
 
+This section describes the migration .xml files that are included with USMT. Each file contains migration rules that control which components are migrated and where they're migrated to on the destination computer.
 
-This section describes the migration .xml files that are included with USMT. Each file contains migration rules that control which components are migrated and where they are migrated to on the destination computer.
+> [!NOTE]
+> You can use the asterisk (\*) wildcard character in each of these files. However, you cannot use a question mark (?) as a wildcard character.
 
-**Note**  
-You can use the asterisk (\*) wildcard character in each of these files. However, you cannot use a question mark (?) as a wildcard character.
+- **The MigApp.xml file.** Specify this file with both the `ScanState.exe` and `LoadState.exe` commands to migrate application settings.
 
- 
+- **The MigDocs.xml file.** Specify this file with both the ScanState and LoadState tools to migrate all user folders and files that are found by the **MigXmlHelper.GenerateDocPatterns** helper function. This helper function finds user data that resides on the root of any drive and in the Users directory. However, it doesn't find and migrate any application data, program files, or any files in the Windows directory. You can modify the `MigDocs.xml` file.
 
--   **The MigApp.xml file.** Specify this file with both the **ScanState** and **LoadState** commands to migrate application settings.
+- **The MigUser.xml file.** Specify this file with both the `ScanState.exe` and `LoadState.exe` commands to migrate user folders, files, and file types. You can modify the `MigUser.xml` file. This file doesn't contain rules that migrate specific user accounts. The only way to specify which user accounts to migrate is on the command line using the ScanState and the LoadState user options.
 
--   **The MigDocs.xml file.** Specify this file with both the **ScanState** and **LoadState** tools to migrate all user folders and files that are found by the **MigXmlHelper.GenerateDocPatterns** helper function. This helper function finds user data that resides on the root of any drive and in the Users directory. However, it does not find and migrate any application data, program files, or any files in the Windows directory. You can modify the MigDocs.xml file.
+> [!NOTE]
+> Don't use the `MigUser.xml` and `MigDocs.xml` files together. For more information, see the [Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md) and [USMT best practices](usmt-best-practices.md) articles.
 
--   **The MigUser.xml file.** Specify this file with both the **ScanState** and **LoadState** commands to migrate user folders, files, and file types. You can modify the MigUser.xml file. This file does not contain rules that migrate specific user accounts. The only way to specify which user accounts to migrate is on the command line using the **ScanState** and the **LoadState** user options.
+## Custom .xml files
 
-    **Note**  
-    Do not use the MigUser.xml and MigDocs.xml files together. For more information, see the [Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md) and [USMT Best Practices](usmt-best-practices.md) topics.
+You can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior. If you want `ScanState.exe` and `LoadState.exe` to use this file, specify it with both commands. For more information, see the [Custom XML examples](usmt-custom-xml-examples.md) article.
 
-     
+## The Config.xml file
 
-## <a href="" id="bkmk-customxmlfiles"></a>Custom .xml Files
+The `Config.xml` file is an optional file that you create using the `/genconfig` option with the `ScanState.exe` command. You should create and modify this file if you want to exclude certain components from the migration. In addition, you must create and modify this file if you want to exclude any of the operating system settings from being migrated. The `Config.xml` file format is different from the migration .xml files because it doesn't contain any migration rules. It contains only a list of the operating system components, applications, and the user documents that can be migrated. For an example, see the [Config.xml File](usmt-configxml-file.md) article. For this reason, excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. However, you can't use wildcard characters in a `Config.xml` file.
 
+If you want to include all of the default components, you don't need to create the `Config.xml` file. Alternatively, if you're satisfied with the default migration behavior defined in the `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml` files, and you want to exclude only some components, you can create and modify a `Config.xml` file and leave the other .xml files in their original state.
 
-You can create custom .xml files to customize the migration for your unique needs. For example, you may want to create a custom file to migrate a line-of-business application or to modify the default migration behavior. If you want **ScanState** and **LoadState** to use this file, specify it with both commands. For more information, see the How to Create a Custom .xml File topic.
+When you run the `ScanState.exe` command with the `/genconfig` option, `ScanState.exe` reads the other .xml files that you specify using the `/i` option to create a custom list of components that can be migrated from the computer. This file will contain only operating system components, applications, and the user document sections that are in both of the .xml files and that are installed on the computer when you run the `ScanState.exe` command with the `/genconfig` option. Therefore, you should create this file on a source computer that contains all of the components, applications, and settings that will be present on the destination computers. Creating the file on the source computer will ensure that this file contains every component that can be migrated. The components are organized into sections: &lt;Applications&gt;, &lt;WindowsComponents&gt;, and &lt;Documents&gt;. To choose not to migrate a component, change its entry to `migrate="no"`.
 
-## <a href="" id="bkmk-configxml"></a>The Config.xml File
+After you create this file, you need to specify it only with the `ScanState.exe` command using the `/Config` option for it to affect the migration. However, if you want to exclude additional data that you migrated to the store, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. For example, if you collected the My Documents folder in the store, but you decide that you don't want to migrate the My Documents folder to a destination computer, you can modify the `Config.xml` file to indicate `migrate="no"` before you run the `LoadState.exe` command, and the file won't be migrated. For more information about the precedence that takes place when excluding data, see the [Exclude files and settings](usmt-exclude-files-and-settings.md) article.
 
+In addition, note the following functionality with the `Config.xml` file:
 
-The Config.xml file is an optional file that you create using the **/genconfig** option with the **ScanState** command. You should create and modify this file if you want to exclude certain components from the migration. In addition, you must create and modify this file if you want to exclude any of the operating system settings from being migrated. The Config.xml file format is different from that of the migration .xml files because it does not contain any migration rules. It contains only a list of the operating system components, applications, and the user documents that can be migrated. For an example, see the [Config.xml File](usmt-configxml-file.md) topic. For this reason, excluding components using this file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax. However, you cannot use wildcard characters in a Config.xml file.
+- If a parent component is removed from the migration in the `Config.xml` file by specifying `migrate="no"`, all of its child components will automatically be removed from the migration, even if the child component is set to `migrate="yes"`.
 
-If you want to include all of the default components, you do not need to create the Config.xml file. Alternatively, if you are satisfied with the default migration behavior defined in the MigApp.xml, MigDocs.xml, and MigUser.xml files, and you want to exclude only some components, you can create and modify a Config.xml file and leave the other .xml files in their original state.
+- If you mistakenly have two lines of code for the same component where one line specifies `migrate="no"` and the other line specifies `migrate="yes"`, the component will be migrated.
 
-When you run the **ScanState** command with the **/genconfig** option, **ScanState** reads the other .xml files that you specify using the **/i** option to create a custom list of components that can be migrated from the computer. This file will contain only operating system components, applications, and the user document sections that are in both of the .xml files and that are installed on the computer when you run the **ScanState** command with the **/genconfig** option. Therefore, you should create this file on a source computer that contains all of the components, applications, and settings that will be present on the destination computers. This will ensure that this file contains every component that can be migrated. The components are organized into sections: &lt;Applications&gt;, &lt;WindowsComponents&gt;, and &lt;Documents&gt;. To choose not to migrate a component, change its entry to `migrate="no"`.
+- In USMT, there are several migration policies that can be configured in the `Config.xml` file. For example, you can configure additional **&lt;ErrorControl&gt;**, **&lt;ProfileControl&gt;**, and **&lt;HardLinkStoreControl&gt;** options. For more information, see the [Config.xml File](usmt-configxml-file.md) article.
 
-After you create this file, you need to specify it only with the **ScanState** command using the **/Config** option for it to affect the migration. However, if you want to exclude additional data that you migrated to the store, modify the Config.xml file and specify the updated file with the **LoadState** command. For example, if you collected the My Documents folder in the store, but you decide that you do not want to migrate the My Documents folder to a destination computer, you can modify the Config.xml file to indicate `migrate="no"` before you run the **LoadState** command, and the file will not be migrated. For more information about the precedence that takes place when excluding data, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) topic.
+> [!NOTE]
+> To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration.
 
-In addition, note the following functionality with the Config.xml file:
+### Examples
 
--   If a parent component is removed from the migration in the Config.xml file by specifying `migrate="no"`, all of its child components will automatically be removed from the migration, even if the child component is set to `migrate="yes"`.
+- The following command creates a `Config.xml` file in the current directory, but it doesn't create a store:
 
--   If you mistakenly have two lines of code for the same component where one line specifies `migrate="no"` and the other line specifies `migrate="yes"`, the component will be migrated.
+    `ScanState.exe /i:MigApp.xml /i:MigDocs.xml /genconfig:Config.xml /v:5`
 
--   In USMT there are several migration policies that can be configured in the Config.xml file. For example, you can configure additional **&lt;ErrorControl&gt;**, **&lt;ProfileControl&gt;**, and **&lt;HardLinkStoreControl&gt;** options. For more information, see the [Config.xml File](usmt-configxml-file.md) topic.
+- The following command creates an encrypted store using the `Config.xml` file and the default migration .xml files:
 
-**Note**  
-To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration.
+    `ScanState.exe \\server\share\migration\mystore /i:MigApp.xml /i:MigDocs.xml /o /config:Config.xml /v:5 /encrypt /key:"mykey"`
 
- 
+- The following command decrypts the store and migrates the files and settings:
 
-### <a href="" id="bkmk-examples"></a>Examples
+    `LoadState.exe \\server\share\migration\mystore /i:MigApp.xml /i:MigDocs.xml /v:5 /decrypt /key:"mykey"`
 
--   The following command creates a Config.xml file in the current directory, but it does not create a store:
+## Additional information
 
-    `scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:5`
-
--   The following command creates an encrypted store using the Config.xml file and the default migration .xml files:
-
-    `scanstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:5 /encrypt /key:"mykey"`
-
--   The following command decrypts the store and migrates the files and settings:
-
-    `loadstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:5 /decrypt /key:"mykey"`
-
-## <a href="" id="bkmk-addlinfo"></a>Additional Information
-
-
--   For more information about how to change the files and settings that are migrated, see the [User State Migration Tool (USMT) How-to topics](usmt-how-to.md).
-
--   For more information about each .xml element, see the [XML Elements Library](usmt-xml-elements-library.md) topic.
-
--   For answers to common questions, see ".xml files" in the [Frequently Asked Questions](usmt-faq.yml) topic.
-
-## Related topics
-
-
-[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)
-
-[USMT Resources](usmt-resources.md)
-
- 
-
- 
+- For more information about how to change the files and settings that are migrated, see the [User State Migration Tool (USMT) how-to topics](usmt-how-to.md).
 
+- For more information about each .xml element, see the [XML elements library](usmt-xml-elements-library.md) article.
 
+- For answers to common questions, see ".xml files" in the [Frequently asked questions](usmt-faq.yml) article.
 
+## Related articles
 
+[User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md)
 
+[USMT resources](usmt-resources.md)
diff --git a/windows/deployment/usmt/usmt-determine-what-to-migrate.md b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
index 5f9cda4b77..ed6b5bc177 100644
--- a/windows/deployment/usmt/usmt-determine-what-to-migrate.md
+++ b/windows/deployment/usmt/usmt-determine-what-to-migrate.md
@@ -1,33 +1,41 @@
 ---
 title: Determine What to Migrate (Windows 10)
-description: Determine migration settings for standard or customized for the User State Migration Tool (USMT) 10.0.
+description: Determine migration settings for standard or customized for the User State Migration Tool (USMT) 10.0.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Determine What to Migrate
+# Determine what to migrate
 
-By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration.
+By default, User State Migration Tool (USMT) 10.0 migrates the items listed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md), depending on the migration .xml files you specify. These default settings are often enough for a basic migration.
 
 However, when considering what settings to migrate, you should also consider what settings you would like the user to be able to configure, if any, and what settings you would like to standardize. Many organizations use their migration as an opportunity to create and begin enforcing a better-managed environment. Some of the settings that users can configure on unmanaged computers prior to the migration can be locked on the new, managed computers. For example, standard wallpaper, Internet Explorer security settings, and desktop configuration are some of the items you can choose to standardize.
 
-To reduce complexity and increase standardization, your organization should consider creating a *standard operating environment (SOE)*. An SOE is a combination of hardware and software that you distribute to all users. This means selecting a baseline for all computers, including standard hardware drivers; core operating system features; core productivity applications, especially if they are under volume licensing; and core utilities. This environment should also include a standard set of security features, as outlined in the organization’s corporate policy. Using a standard operating environment can vastly simplify the migration and reduce overall deployment challenges.
+To reduce complexity and increase standardization, your organization should consider creating a *standard operating environment (SOE)*. An SOE is a combination of hardware and software that you distribute to all users. Creating an SOE means selecting:
 
-## In This Section
+- A baseline for all computers, including standard hardware drivers
+- Core operating system features
+- Core productivity applications, especially if they are under volume licensing
+- Core utilities.
+- A standard set of security features, as outlined in the organization's corporate policy
+
+Using an SOE can vastly simplify the migration and reduce overall deployment challenges.
+
+## In this section
 
 | Link | Description |
 |--- |--- |
-|[Identify Users](usmt-identify-users.md)|Use command-line options to specify which users to migrate and how they should be migrated.|
-|[Identify Applications Settings](usmt-identify-application-settings.md)|Determine which applications you want to migrate and prepare a list of application settings to be migrated.|
-|[Identify Operating System Settings](usmt-identify-operating-system-settings.md)|Use migration to create a new standard environment on each of the destination computers.|
-|[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)|Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.|
+|[Identify users](usmt-identify-users.md)|Use command-line options to specify which users to migrate and how they should be migrated.|
+|[Identify applications settings](usmt-identify-application-settings.md)|Determine which applications you want to migrate and prepare a list of application settings to be migrated.|
+|[Identify operating system settings](usmt-identify-operating-system-settings.md)|Use migration to create a new standard environment on each of the destination computers.|
+|[Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md)|Determine and locate the standard, company-specified, and non-standard locations of the file types, files, folders, and settings that you want to migrate.|
 
-## Related topics
+## Related articles
 
-[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
+[What does USMT migrate?](usmt-what-does-usmt-migrate.md)
diff --git a/windows/deployment/usmt/usmt-estimate-migration-store-size.md b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
index 28acdba266..45c30d631c 100644
--- a/windows/deployment/usmt/usmt-estimate-migration-store-size.md
+++ b/windows/deployment/usmt/usmt-estimate-migration-store-size.md
@@ -2,91 +2,77 @@
 title: Estimate Migration Store Size (Windows 10)
 description: Estimate the disk space requirement for a migration so that you can use User State Migration Tool (USMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Estimate Migration Store Size
-
+# Estimate migration store size
 
 The disk space requirements for a migration are dependent on the size of the migration store and the type of migration. You can estimate the amount of disk space needed for computers in your organization based on information about your organization's infrastructure. You can also calculate the disk space requirements using the ScanState tool.
 
-## In This Topic
+## Hard disk space requirements
 
+- **Store**: For non-hard-link migrations, you should ensure that there's enough available disk space at the location where you'll save your store to contain the data being migrated. You can save your store to another partition, an external storage device such as a USB flash drive or a server. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
 
--   [Hard Disk Space Requirements](#bkmk-spacereqs). Describes the disk space requirements for the migration store and other considerations on the source and destination computers.
+- **Source Computer**: The source computer needs enough available space for the following items:
 
--   [Calculate Disk Space Requirements Using the ScanState Tool](#bkmk-calcdiskspace). Describes how to use the ScanState tool to determine how large the migration store will be on a particular computer.
+  - **E250 megabytes (MB) minimum of hard disk space**: Space is needed to support the User State Migration Tool (USMT) 10.0 operations, for example, growth in the page file. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless of the size of the migration. The USMT tools won't create the migration store if 250 MB of disk space isn't available.
 
--   [Estimate Migration Store Size](#bkmk-estmigstoresize). Describes how to estimate the average size of migration stores for the computers in your organization, based on your infrastructure.
+  - **Temporary space for USMT to run**: Extra disk space for the USMT tools to operate is required. This disk space requirement doesn't include the minimum 250 MB needed to create the migration store. The amount of temporary space required can be calculated using the ScanState tool.
 
-## <a href="" id="bkmk-spacereqs"></a>Hard Disk Space Requirements
+  - **Hard-link migration store**: It isn't necessary to estimate the size of a hard-link migration store. The only case where the hard-link store can be large is when non-NTFS file volumes exist on the system and those volumes contain data being migrated.
 
+- **Destination computer**: The destination computer needs enough available space for the following components:
 
--   **Store.** For non-hard-link migrations, you should ensure that there is enough available disk space at the location where you will save your store to contain the data being migrated. You can save your store to another partition, an external storage device such as a USB flash drive or a server. For more information, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md).
+  - **Operating system**
 
--   **Source Computer.** The source computer needs enough available space for the following:
+  - **Applications**
 
-    -   [E250 megabytes (MB) minimum of hard disk space.](#bkmk-estmigstoresize) Space is needed to support the User State Migration Tool (USMT) 10.0 operations, for example, growth in the page file. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless of the size of the migration. The USMT tools will not create the migration store if 250 MB of disk space is not available.
+  - **Data being migrated**: Data being migrated includes files and registry information.
 
-    -   [Temporary space for USMT to run.](#bkmk-estmigstoresize) Extra disk space for the USMT tools to operate is required. This does not include the minimum 250 MB needed to create the migration store. The amount of temporary space required can be calculated using the ScanState tool.
+  - **Temporary space for USMT to run**: Extra disk space for the USMT tools to operate is required. The amount of temporary space required can be calculated using the ScanState tool.
 
-    -   [Hard-link migration store.](#bkmk-estmigstoresize) It is not necessary to estimate the size of a hard-link migration store. The only case where the hard-link store can be large is when non-NTFS file systems exist on the system and contain data being migrated.
+## Calculate disk space requirements using the ScanState tool
 
--   [Destination computer.](#bkmk-estmigstoresize) The destination computer needs enough available space for the following components:
+You can use the ScanState tool to calculate the disk space requirements for a particular compressed or uncompressed migration. It isn't necessary to estimate the migration store size for a hard-link migration since this method doesn't create a separate migration store. The ScanState tool provides disk space requirements for the state of the computer at the time the tool is run. The state of the computer may change during day-to-day use so it's recommended that you use the calculations as an estimate when planning your migration.
 
-    -   [Operating system.](#bkmk-estmigstoresize)
+To run the ScanState tool on the source computer with USMT installed:
 
-    -   [Applications.](#bkmk-estmigstoresize)
+1. Open a command prompt with administrator privileges.
 
-    -   [Data being migrated.](#bkmk-estmigstoresize) It is important to consider that in addition to the files being migrated, registry information will also require hard disk space for storage.
-
-    -   [Temporary space for USMT to run.](#bkmk-estmigstoresize) Extra disk space for the USMT tools to operate is required. The amount of temporary space required can be calculated using the ScanState tool.
-
-## <a href="" id="bkmk-calcdiskspace"></a>Calculate Disk Space Requirements using the ScanState Tool
-
-
-You can use the ScanState tool to calculate the disk space requirements for a particular compressed or uncompressed migration. It is not necessary to estimate the migration store size for a hard-link migration since this method does not create a separate migration store. The ScanState tool provides disk space requirements for the state of the computer at the time the tool is run. The state of the computer may change during day-to-day use so it is recommended that you use the calculations as an estimate when planning your migration.
-
-**To run the ScanState tool on the source computer with USMT installed,**
-
-1.  Open a command prompt with administrator privileges.
-
-2.  Navigate to the USMT tools. For example, type
+2. Navigate to the USMT tools. For example, enter:
 
     ``` syntax
     cd /d "C:\Program Files (x86)\Windows Kits\8.0\Assessment and Deployment Kit\User State Migration Tool\<architecture>"
     ```
 
-    Where *&lt;architecture&gt;* is x86 or amd64.
+    where *&lt;architecture&gt;* is x86 or amd64.
 
-3.  Run the **ScanState** tool to generate an XML report of the space requirements. At the command prompt, type
+3. Run the **ScanState** tool to generate an XML report of the space requirements. At the command prompt, enter:
 
     ``` syntax
     ScanState.exe <StorePath> /p:<path to a file>
     ```
 
-    Where *&lt;StorePath&gt;* is a path to a directory where the migration store will be saved and *&lt;path to a file&gt;* is the path and filename where the XML report for space requirements will be saved. For example,
+    Where *&lt;StorePath&gt;* is a path to a directory where the migration store will be saved and *&lt;path to a file&gt;* is the path and filename where the XML report for space requirements will be saved. For example:
 
     ``` syntax
     ScanState.exe c:\store /p:c:\spaceRequirements.xml
     ```
 
-    The migration store will not be created by running this command, but `StorePath` is a required parameter.
+    Although a migration store isn't created by running this command, the *&lt;StorePath&gt;* is still a required parameter.
 
-The ScanState tool also allows you to estimate disk space requirements based on a customized migration. For example, you might not want to migrate the My Documents folder to the destination computer. You can specify this condition in a configuration file when you run the ScanState tool. For more information, see [Customize USMT XML Files](usmt-customize-xml-files.md).
+The ScanState tool also allows you to estimate disk space requirements based on a customized migration. For example, you might not want to migrate the My Documents folder to the destination computer. You can specify this condition in a configuration file when you run the ScanState tool. For more information, see [Customize USMT XML files](usmt-customize-xml-files.md).
 
-**Note**  
-To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, the **/p** option, without specifying *&lt;path to a file&gt;* is still available in USMT.
+> [!NOTE]
+> To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, the `/p` option is still available in USMT without having to specify the path to a file. See [Monitoring Options](usmt-scanstate-syntax.md#monitoring-options) for more information.
 
- 
-
-The space requirements report provides two elements, &lt;**storeSize**&gt; and &lt;**temporarySpace**&gt;. The &lt;**temporarySpace**&gt; value shows the disk space, in bytes, that USMT uses to operate during the migration—this does not include the minimum 250 MB needed to support USMT. The &lt;**storeSize**&gt; value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using **/p:***&lt;path to a file&gt;*.
+The space requirements report provides two elements, &lt;**storeSize**&gt; and &lt;**temporarySpace**&gt;. The &lt;**temporarySpace**&gt; value shows the disk space, in bytes, that USMT uses to operate during the migration but it doesn't include the minimum 250 MB needed to support USMT. The &lt;**storeSize**&gt; value shows the disk space, in bytes, required to host the migration store contents on both the source and destination computers. The following example shows a report generated using `/p:`*&lt;path to a file&gt;*.
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -100,38 +86,25 @@ The space requirements report provides two elements, &lt;**storeSize**&gt; and &
 </PreMigration>
 ```
 
-Additionally, USMT performs a compliance check for a required minimum of 250 MB of available disk space and will not create a store if the compliance check fails.
+Additionally, USMT performs a compliance check for a required minimum of 250 MB of available disk space and won't create a store if the compliance check fails.
 
-## <a href="" id="bkmk-estmigstoresize"></a>Estimate Migration Store Size
+## Estimating migration store size
 
-
-Determine how much space you will need to store the migrated data. You should base your calculations on the volume of e-mail, personal documents, and system settings for each user. The best way to estimate the required space is to survey several computers to arrive at an average for the size of the store that you will need.
+Determine how much space you'll need to store the migrated data. You should base your calculations on the volume of e-mail, personal documents, and system settings for each user. The best way to estimate the required space is to survey several computers to arrive at an average for the size of the store that you'll need.
 
 The amount of space that is required in the store will vary, depending on the local storage strategies your organization uses. For example, one key element that determines the size of migration data sets is e-mail storage. If e-mail is stored centrally, data sets will be smaller. If e-mail is stored locally, such as offline-storage files, data sets will be larger. Mobile users will typically have larger data sets than workstation users. You should perform tests and inventory the network to determine the average data set size in your organization.
 
-**Note**  
-You can create a space-estimate file (Usmtsize.txt), by using the legacy **/p** command-line option to estimate the size of the store.
+> [!NOTE]
+> You can create a space-estimate file (`Usmtsize.txt`) to estimate the size of the store by using the legacy `/p` command-line option .
 
- 
-
-When trying to determine how much disk space you will need, consider the following issues:
-
--   **E-mail** : If users deal with a large volume of e-mail or keep e-mail on their local computers instead of on a mail server, the e-mail can take up as much disk space as all other user files combined. Prior to migrating user data, make sure that users who store e-mail locally synchronize their inboxes with their mail server.
-
--   **User documents**: Frequently, all of a user's documents fit into less than 50 MB of space, depending on the types of files involved. This estimate assumes typical office work, such as word-processing documents and spreadsheets. This estimate can vary substantially based on the types of documents that your organization uses. For example, an architectural firm that predominantly uses computer-aided design (CAD) files needs much more space than a law firm that primarily uses word-processing documents. You do not need to migrate the documents that users store on file servers through mechanisms such as Folder Redirection, as long as users will have access to these locations after the migration.
-
--   **User system settings** Five megabytes is adequate space to save the registry settings. This requirement can fluctuate, however, based on the number of applications that have been installed. It is rare, however, for the user-specific portion of the registry to exceed 5 MB.
-
-## Related topics
-
-
-[Common Migration Scenarios](usmt-common-migration-scenarios.md)
-
- 
-
- 
+When trying to determine how much disk space you'll need, consider the following issues:
 
+- **E-mail**: If users deal with a large volume of e-mail or keep e-mail on their local computers instead of on a mail server, the e-mail can take up as much disk space as all other user files combined. Prior to migrating user data, make sure that users who store e-mail locally synchronize their inboxes with their mail server.
 
+- **User documents**: Frequently, all of a user's documents fit into less than 50 MB of space, depending on the types of files involved. This estimate assumes typical office work, such as word-processing documents and spreadsheets. This estimate can vary substantially based on the types of documents that your organization uses. For example, an architectural firm that predominantly uses computer-aided design (CAD) files needs much more space than a law firm that primarily uses word-processing documents. You don't need to migrate the documents that users store on file servers through mechanisms such as Folder Redirection, as long as users will have access to these locations after the migration.
 
+- **User system settings**: Five megabytes is adequate space to save the registry settings. This requirement can fluctuate, however, based on the number of applications that have been installed. It's rare, however, for the user-specific portion of the registry to exceed 5 MB.
 
+## Related articles
 
+[Common migration scenarios](usmt-common-migration-scenarios.md)
diff --git a/windows/deployment/usmt/usmt-exclude-files-and-settings.md b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
index 22b7169df1..3821597500 100644
--- a/windows/deployment/usmt/usmt-exclude-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-exclude-files-and-settings.md
@@ -1,49 +1,53 @@
 ---
 title: Exclude Files and Settings (Windows 10)
-description: In this article, learn how to exclude files and settings when creating a custom .xml file and a config.xml file.
+description: In this article, learn how to exclude files and settings when creating a custom .xml file and a Config.xml file.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Exclude Files and Settings
-When you specify the migration .xml files, MigApp.xml, Migdocs, and MigUser.xml, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a Config.xml file to exclude an entire component from a migration. You cannot, however, exclude users by using the migration .xml files or the Config.xml file. The only way to specify which users to include and exclude is by using the User options on the command line in the ScanState tool. For more information, see [ScanState Syntax](usmt-scanstate-syntax.md).
+# Exclude files and settings
 
-In this topic:
+When you specify the migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, the User State Migration Tool (USMT) 10.0 migrates the settings and components listed, as discussed in [What does USMT migrate?](usmt-what-does-usmt-migrate.md) You can create a custom .xml file to further specify what to include or exclude in the migration. In addition you can create a `Config.xml` file to exclude an entire component from a migration. You can't, however, exclude users by using the migration .xml files or the `Config.xml` file. The only way to specify which users to include and exclude is by using the user options on the command line in the ScanState tool. For more information, see the [User options](usmt-scanstate-syntax.md#user-options) section of the [ScanState syntax](usmt-scanstate-syntax.md) article.
 
--   [Create a custom .xml file](#create-a-custom-xml-file). You can use the following elements to specify what to exclude:
+Methods to customize the migration and include and exclude files and settings include:
 
-    -   include and exclude: You can use the &lt;include&gt; and &lt;exclude&gt; elements to exclude objects with conditions. For example, you can migrate all files located in the C:\\ drive, except any .mp3 files. It is important to remember that [Conflicts and Precedence](usmt-conflicts-and-precedence.md) apply to these elements.
+- [Create a custom .xml file](#create-a-custom-xml-file). You can use the following elements to specify what to exclude:
 
-    -   [unconditionalExclude](#example-1-how-to-migrate-all-files-from-c-except-mp3-files): You can use the &lt;unconditionalExclude&gt; element to globally exclude data. This element takes precedence over all other include and exclude rules in the .xml files. Therefore, this element excludes objects regardless of any other &lt;include&gt; rules that are in the .xml files. For example, you can exclude all .mp3 files on the computer, or you can exclude all files from C:\\UserData.
+  - [Include and exclude](#include-and-exclude): You can use the **&lt;include&gt;** and **&lt;exclude&gt;** elements to exclude objects with conditions. For example, you can migrate all files located in the `C:\` drive, except any `.mp3` files. It's important to remember that [Conflicts and precedence](usmt-conflicts-and-precedence.md) apply to these elements.
 
--   [Create a Config.xml File](#create-a-config-xml-file): You can create and modify a Config.xml file to exclude an entire component from the migration. For example, you can use this file to exclude the settings for one of the default applications. In addition, creating and modifying a Config.xml file is the only way to exclude the operating-system settings that are migrated to computers running Windows. Excluding components using this file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax.
+  - [unconditionalExclude](#example-1-how-to-migrate-all-files-from-c-except-mp3-files): You can use the **&lt;unconditionalExclude&gt;** element to globally exclude data. This element takes precedence over all other include and exclude rules in the .xml files. Therefore, this element excludes objects regardless of any other **&lt;include&gt;** rules that are in the .xml files. For example, you can exclude all .mp3 files on the computer, or you can exclude all files from C:\\UserData.
+
+- [Create a Config.xml file](#create-a-config-xml-file): You can create and modify a `Config.xml` file to exclude an entire component from the migration. For example, you can use this file to exclude the settings for one of the default applications. In addition, creating and modifying a `Config.xml` file is the only way to exclude the operating-system settings that are migrated to computers running Windows. Excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax.
 
 ## Create a custom .xml file
-We recommend that you create a custom .xml file instead of modifying the default migration .xml files. When you use a custom .xml file, you can keep your changes separate from the default .xml files, which makes it easier to track your modifications.
+
+We recommend that you create a custom .xml file instead of modifying the default migration .xml files. When you use a custom .xml file, you can keep your changes separate from the default .xml file, which makes it easier to track your modifications.
 
 ### &lt;include&gt; and &lt;exclude&gt;
-The migration .xml files, MigApp.xml, MigDocs, and MigUser.xml, contain the &lt;component&gt; element, which typically represents a self-contained component or an application such as Microsoft® Office Outlook® and Word. To exclude the files and registry settings that are associated with these components, use the &lt;include&gt; and &lt;exclude&gt; elements. For example, you can use these elements to migrate all files and settings with pattern X except files and settings with pattern Y, where Y is more specific than X. For the syntax of these elements, see [USMT XML Reference](usmt-xml-reference.md).
 
-**Note**  
-If you specify an &lt;exclude&gt; rule, always specify a corresponding &lt;include&gt; rule. Otherwise, if you do not specify an &lt;include&gt; rule, the specific files or settings will not be included. They will already be excluded from the migration. Thus, an unaccompanied &lt;exclude&gt; rule is unnecessary.
+The migration .xml files, `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`, contain the **&lt;component&gt;** element, which typically represents a self-contained component or an application such as Microsoft® Office Outlook® and Word. To exclude the files and registry settings that are associated with these components, use the **&lt;include&gt;** and **&lt;exclude&gt;** elements. For example, you can use these elements to migrate all files and settings with pattern X except files and settings with pattern Y, where Y is more specific than X. For the syntax of these elements, see [USMT XML Reference](usmt-xml-reference.md).
 
--   [Example 1: How to migrate all files from C:\\ except .mp3 files](#example-1-how-to-migrate-all-files-from-c-except-mp3-files)
+> [!NOTE]
+> If you specify an **&lt;exclude&gt;** rule, always specify a corresponding **&lt;include&gt;** rule. Otherwise, if you do not specify an **&lt;include&gt;** rule, the specific files or settings will not be included. They will already be excluded from the migration. Thus, an unaccompanied **&lt;exclude&gt;** rule is unnecessary.
 
--   [Example 2: How to migrate all files located in C:\\Data except files in C:\\Data\\tmp](#example-2-how-to-migrate-all-files-located-in-cdata-except-files-in-cdatatmp)
+- [Example 1: How to migrate all files from C:\\ except .mp3 files](#example-1-how-to-migrate-all-files-from-c-except-mp3-files)
 
--   [Example 3: How to exclude the files in a folder but include all subfolders](#example-3-how-to-exclude-the-files-in-a-folder-but-include-all-subfolders)
+- [Example 2: How to migrate all files located in C:\\Data except files in C:\\Data\\tmp](#example-2-how-to-migrate-all-files-located-in-cdata-except-files-in-cdatatmp)
 
--   [Example 4: How to exclude a file from a specific folder](#example-4-how-to-exclude-a-file-from-a-specific-folder)
+- [Example 3: How to exclude the files in a folder but include all subfolders](#example-3-how-to-exclude-the-files-in-a-folder-but-include-all-subfolders)
 
--   [Example 5: How to exclude a file from any location](#example-5-how-to-exclude-a-file-from-any-location)
+- [Example 4: How to exclude a file from a specific folder](#example-4-how-to-exclude-a-file-from-a-specific-folder)
+
+- [Example 5: How to exclude a file from any location](#example-5-how-to-exclude-a-file-from-any-location)
+
+### Example 1: How to migrate all files from `C:\` except `.mp3` files
 
-### Example 1: How to migrate all files from C:\\ except .mp3 files
 The following .xml file migrates all files located on the C: drive, except any .mp3 files.
 
 ``` xml
@@ -68,8 +72,10 @@ The following .xml file migrates all files located on the C: drive, except any .
     </component>
 </migration>
 ```
-### Example 2: How to migrate all files located in C:\\Data except files in C:\\Data\\tmp
-The following .xml file migrates all files and subfolders in C:\\Data, except the files and subfolders in C:\\Data\\tmp.
+
+### Example 2: How to migrate all files located in `C:\Data` except files in `C:\Data\tmp`
+
+The following .xml file migrates all files and subfolders in `C:\Data`, except the files and subfolders in `C:\Data\tmp`.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
@@ -94,7 +100,8 @@ The following .xml file migrates all files and subfolders in C:\\Data, except th
 ```
 
 ### Example 3: How to exclude the files in a folder but include all subfolders
-The following .xml file migrates any subfolders in C:\\EngineeringDrafts, but excludes all files that are in C:\\EngineeringDrafts.
+
+The following .xml file migrates any subfolders in `C:\`EngineeringDrafts`, but excludes all files that are in `C:\EngineeringDrafts`.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
@@ -119,7 +126,8 @@ The following .xml file migrates any subfolders in C:\\EngineeringDrafts, but ex
 ```
 
 ### Example 4: How to exclude a file from a specific folder
-The following .xml file migrates all files and subfolders in C:\\EngineeringDrafts, except for the Sample.doc file in C:\\EngineeringDrafts.
+
+The following .xml file migrates all files and subfolders in `C:\EngineeringDrafts`, except for the `Sample.doc` file in `C:\EngineeringDrafts`.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
@@ -144,22 +152,26 @@ The following .xml file migrates all files and subfolders in C:\\EngineeringDraf
 ```
 
 ### Example 5: How to exclude a file from any location
-To exclude a Sample.doc file from any location on the C: drive, use the &lt;pattern&gt; element. If multiple files exist with the same name on the C: drive, all of these files will be excluded.
+
+To exclude a Sample.doc file from any location on the C: drive, use the **&lt;pattern&gt;** element. If multiple files exist with the same name on the C: drive, all of these files will be excluded.
 
 ``` xml
 <pattern type="File"> C:\* [Sample.doc] </pattern>
 ```
 
-To exclude a Sample.doc file from any drive on the computer, use the &lt;script&gt; element. If multiple files exist with the same name, all of these files will be excluded.
+To exclude a Sample.doc file from any drive on the computer, use the **&lt;script&gt;** element. If multiple files exist with the same name, all of these files will be excluded.
 
 ``` xml
 <script>MigXmlHelper.GenerateDrivePatterns("* [sample.doc]", "Fixed")</script>
 ```
+
 #### Examples of how to use XML to exclude files, folders, and registry keys
+
 Here are some examples of how to use XML to exclude files, folders, and registry keys. For more info, see [USMT XML Reference](usmt-xml-reference.md)
 
-**Example 1: How to exclude all .mp3 files**<br>
-The following .xml file excludes all .mp3 files from the migration:
+##### Example 1: How to exclude all `.mp3` files
+
+The following .xml file excludes all `.mp3` files from the migration:
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/excludefiles">
@@ -177,7 +189,9 @@ The following .xml file excludes all .mp3 files from the migration:
     </component>
 </migration>
 ```
-**Example 2: How to exclude all of the files on a specific drive**<br>
+
+##### Example 2: How to exclude all of the files on a specific drive
+
 The following .xml file excludes only the files located on the C: drive.
 
 ``` xml
@@ -196,8 +210,10 @@ The following .xml file excludes only the files located on the C: drive.
     </component>
 </migration>
 ```
-**Example 3: How to exclude registry keys**<br>
-The following .xml file unconditionally excludes the HKEY_CURRENT_USER registry key and all of its subkeys.
+
+##### Example 3: How to exclude registry keys
+
+The following .xml file unconditionally excludes the `HKEY_CURRENT_USER` registry key and all of its subkeys.
 
 ``` xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -221,8 +237,10 @@ The following .xml file unconditionally excludes the HKEY_CURRENT_USER registry
    </component>
 </migration>
 ```
-**Example 4: How to Exclude `C:\Windows` and `C:\Program Files`**<br>
-The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. Note that all \*.docx, \*.xls and \*.ppt files will not be migrated because the &lt;unconditionalExclude&gt; element takes precedence over the &lt;include&gt; element.
+
+##### Example 4: How to Exclude `C:\Windows` and `C:\Program Files`
+
+The following .xml file unconditionally excludes the system folders of `C:\Windows` and `C:\Program Files`. Note that all `*.docx`, `*.xls` and `*.ppt` files won't be migrated because the **&lt;unconditionalExclude&gt;** element takes precedence over the **&lt;include&gt;** element.
 
 ``` xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -249,29 +267,24 @@ The following .xml file unconditionally excludes the system folders of `C:\Windo
    </component>
 </migration>
 ```
+
 ## Create a Config XML File
-You can create and modify a Config.xml file if you want to exclude components from the migration. Excluding components using this file is easier than modifying the migration .xml files because you do not need to be familiar with the migration rules and syntax. Config.xml is an optional file that you can create using the **/genconfig** command-line option with the ScanState tool. For example, you can use the Config.xml file to exclude the settings for one of the default applications. In addition, creating and modifying this file is the only way to exclude the operating-system settings that are migrated to computers running Windows.
 
--   **To exclude the settings for a default application:** Specify `migrate="no"` for the application under the &lt;Applications&gt; section of the Config.xml file.
+You can create and modify a `Config.xml` file if you want to exclude components from the migration. Excluding components using this file is easier than modifying the migration .xml files because you don't need to be familiar with the migration rules and syntax. `Config.xml` is an optional file that you can create using the `/genconfig` command-line option with the ScanState tool. For example, you can use the `Config.xml` file to exclude the settings for one of the default applications. In addition, creating and modifying this file is the only way to exclude the operating-system settings that are migrated to computers running Windows.
 
--   **To exclude an operating system setting:** Specify `migrate="no"` for the setting under the &lt;WindowsComponents&gt; section.
+- **To exclude the settings for a default application:** Specify `migrate="no"` for the application under the **&lt;Applications&gt;** section of the `Config.xml` file.
 
--   **To exclude My Documents:** Specify `migrate="no"` for My Documents under the &lt;Documents&gt; section. Note that any &lt;include&gt; rules in the .xml files will still apply. For example, if you have a rule that includes all the .docx files in My Documents, then only the .docx files will be migrated, but the rest of the files will not.
+- **To exclude an operating system setting:** Specify `migrate="no"` for the setting under the **&lt;WindowsComponents&gt;** section.
 
-See [Config.xml File](usmt-configxml-file.md) for more information.
-
-**Note**  
-To exclude a component from the Config.xml file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the Config.xml file will not exclude the component from your migration.
-
-## Related topics
-- [Customize USMT XML Files](usmt-customize-xml-files.md)
-- [USMT XML Reference](usmt-xml-reference.md)
-
- 
-
- 
+- **To exclude My Documents:** Specify `migrate="no"` for **My Documents** under the **&lt;Documents&gt;** section. Note that any **&lt;include&gt;** rules in the .xml files will still apply. For example, if you have a rule that includes all the .docx files in My Documents, then only the .docx files will be migrated, but the rest of the files won't.
 
+For more information, see [Config.xml File](usmt-configxml-file.md).
 
+> [!NOTE]
+> To exclude a component from the `Config.xml` file, set the **migrate** value to **"no"**. Deleting the XML tag for the component from the `Config.xml` file will not exclude the component from your migration.
 
+## Related articles
 
+- [Customize USMT XML files](usmt-customize-xml-files.md)
 
+- [USMT XML reference](usmt-xml-reference.md)
diff --git a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
index 7d5909b79a..20b48b006b 100644
--- a/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/usmt-extract-files-from-a-compressed-migration-store.md
@@ -2,119 +2,97 @@
 title: Extract Files from a Compressed USMT Migration Store (Windows 10)
 description: In this article, learn how to extract files from a compressed User State Migration Tool (USMT) migration store.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Extract Files from a Compressed USMT Migration Store
+# Extract files from a compressed USMT migration store
 
+When you migrate files and settings during a typical PC-refresh migration, you usually create a compressed migration store file on the intermediate store. This migration store is a single image file that contains all files being migrated as well as a catalog file. To protect the compressed file, you can encrypt it by using different encryption algorithms. When you migrate the file back to the source computer after the operating system is installed, you can run the **UsmtUtils** command with the `/extract` option to recover the files from the compressed migration store. You can also use the **UsmtUtils** command with the `/extract` option any time you need to recover data from a migration store.
 
-When you migrate files and settings during a typical PC-refresh migration, you usually create a compressed migration store file on the intermediate store. This migration store is a single image file that contains all files being migrated as well as a catalog file. To protect the compressed file, you can encrypt it by using different encryption algorithms. When you migrate the file back to the source computer after the operating system is installed, you can run the **Usmtutils** command with the **/extract** option to recover the files from the compressed migration store. You can also use the **Usmtutils** command with the **/extract** option any time you need to recover data from a migration store.
+Options used with the `/extract` option can specify:
 
-Options used with the **/extract** option can specify:
+- The cryptographic algorithm that was used to create the migration store.
 
--   The cryptographic algorithm that was used to create the migration store.
+- The encryption key or the text file that contains the encryption key.
 
--   The encryption key or the text file that contains the encryption key.
+- Include and exclude patterns for selective data extraction.
 
--   Include and exclude patterns for selective data extraction.
+In addition, you can specify the file patterns that you want to extract by using the `/i` option to include file patterns or the `/e` option to exclude file patterns. When both the `/i` option and the `/e` option are used in the same command, include patterns take precedence over exclude patterns. Note that this is different from the include and exclude rules used in the **ScanState** and **LoadState** tools.
 
-In addition, you can specify the file patterns that you want to extract by using the **/i** option to include file patterns or the **/e** option to exclude file patterns. When both the **/i** option and the **/e** option are used in the same command, include patterns take precedence over exclude patterns. Note that this is different from the include and exclude rules used in the ScanState and LoadState tools.
+### To run the UsmtUtils tool with the /extract option
 
-## In this topic
+To extract files from the compressed migration store onto the destination computer, use the following UsmtUtils syntax:
 
-
--   [To run the USMTutils tool with the /extract option](#bkmk-extractsyntax)
-
--   [To extract all files from a compressed migration store](#bkmk-extractallfiles)
-
--   [To extract specific file types from an encrypted compressed migration store](#bkmk-extractspecificfiles)
-
--   [To extract all but one, or more, file types from an encrypted compressed migration store](#bkmk-excludefilepattern)
-
--   [To extract file types using the include pattern and the exclude pattern](#bkmk-includeexcludefiles)
-
-### <a href="" id="bkmk-extractsyntax"></a>To run the USMTutils tool with the /extract option
-
-To extract files from the compressed migration store onto the destination computer, use the following USMTutils syntax:
-
-Cd /d &lt;USMTpath&gt; usmtutils /extract &lt;filePath&gt; &lt;destinationPath&gt; \[/i:&lt;includePattern&gt;\] \[/e:&lt;excludePattern&gt;\] \[/l:&lt;logfile&gt;\] \[/decrypt\[:&lt;AlgID&gt;\] {/key:&lt;keystring&gt; | /keyfile:&lt;filename&gt;}\] \[/o\]
+``` syntax
+UsmtUtils.exe /extract <filePath> <destinationPath> [/i:<includePattern>] [/e:<excludePattern>] [/l:<logfile>] [/decrypt[:<AlgID>] {/key:<keystring> | /keyfile:<filename>}] [/o]
+```
 
 Where the placeholders have the following values:
 
--   *&lt;USMTpath&gt;* is the location where you have saved the USMT files and tools.
+- **&lt;USMTpath&gt;** is the location where you have saved the USMT files and tools.
 
--   *&lt;filePath&gt;* is the location of the migration store.
+- **&lt;filePath&gt;** is the location of the migration store.
 
--   *&lt;destination path&gt;* is the location of the file where you want the **/extract** option to put the extracted migration store contents.
+- **&lt;destination path&gt;** is the location of the file where you want the **/extract** option to put the extracted migration store contents.
 
--   *&lt;includePattern&gt;* specifies the pattern for the files to include in the extraction.
+- **&lt;includePattern&gt;** specifies the pattern for the files to include in the extraction.
 
--   *&lt;excludePattern&gt;* specifies the pattern for the files to omit from the extraction.
+- **&lt;excludePattern&gt;** specifies the pattern for the files to omit from the extraction.
 
--   *&lt;AlgID&gt;* is the cryptographic algorithm that was used to create the migration store on the **ScanState** command line.
+- **&lt;AlgID&gt;** is the cryptographic algorithm that was used to create the migration store on the `ScanState.exe` command line.
 
--   *&lt;logfile&gt;* is the location and name of the log file.
+- **&lt;logfile&gt;** is the location and name of the log file.
 
--   *&lt;keystring&gt;* is the encryption key that was used to encrypt the migration store.
+- **&lt;keystring&gt;** is the encryption key that was used to encrypt the migration store.
 
--   *&lt;filename&gt;* is the location and name of the text file that contains the encryption key.
+- **&lt;filename&gt;** is the location and name of the text file that contains the encryption key.
 
-### <a href="" id="bkmk-extractallfiles"></a>To extract all files from a compressed migration store
+### To extract all files from a compressed migration store
 
-To extract everything from a compressed migration store to a file on the C:\\ drive, type:
+To extract everything from a compressed migration store to a file on the `C:\` drive, enter:
 
 ``` syntax
-usmtutils /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore
+UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore
 ```
 
-### <a href="" id="bkmk-extractspecificfiles"></a>To extract specific file types from an encrypted compressed migration store
+### To extract specific file types from an encrypted compressed migration store
 
-To extract specific files, such as .txt and .pdf files, from an encrypted compressed migration store, type:
+To extract specific files, such as `.txt` and `.pdf` files, from an encrypted compressed migration store, enter:
 
 ``` syntax
-usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt,*.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt
+UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt,*.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt
 ```
 
 In this example, the file is encrypted and the encryption key is located in a text file called encryptionKey.
 
-### <a href="" id="bkmk-excludefilepattern"></a>To extract all but one, or more, file types from an encrypted compressed migration store
+### To extract all but one, or more, file types from an encrypted compressed migration store
 
-To extract all files except for one file type, such as .exe files, from an encrypted compressed migration store, type:
+To extract all files except for one file type, such as `.exe` files, from an encrypted compressed migration store, enter:
 
 ``` syntax
-usmtutils /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtutilslog.txt
+UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtutilslog.txt
 ```
 
-### <a href="" id="bkmk-includeexcludefiles"></a>To extract file types using the include pattern and the exclude pattern
+### To extract file types using the include pattern and the exclude pattern
 
 To extract files from a compressed migration store, and to exclude files of one type (such as .exe files) while including only specific files, use both the include pattern and the exclude pattern, as in this example:
 
 ``` syntax
-usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o
+UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o
 ```
 
 In this example, if there is a myProject.exe file, it will also be extracted because the include pattern option takes precedence over the exclude pattern option.
 
-## Related topics
-
-
-[UsmtUtils Syntax](usmt-utilities.md)
-
-[Return Codes](usmt-return-codes.md)
-
-[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)
-
- 
-
- 
-
-
+## Related articles
 
+[UsmtUtils syntax](usmt-utilities.md)
 
+[Return codes](usmt-return-codes.md)
 
+[Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md)
diff --git a/windows/deployment/usmt/usmt-faq.yml b/windows/deployment/usmt/usmt-faq.yml
index 024d9e89be..f058fa2a8d 100644
--- a/windows/deployment/usmt/usmt-faq.yml
+++ b/windows/deployment/usmt/usmt-faq.yml
@@ -1,21 +1,21 @@
 ### YamlMime:FAQ
 metadata:
   title: 'Frequently Asked Questions (Windows 10)'
-  description: 'Learn about frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.'
+  description: 'Learn about frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.'
   ms.assetid: 813c13a7-6818-4e6e-9284-7ee49493241b
   ms.reviewer: 
-  author: aczechowski
-  ms.author: aaroncz
-  manager: dougeby
+  author: frankroj
+  ms.author: frankroj
+  manager: aaroncz
   ms.prod: w10
   ms.mktglfcycl: deploy
   ms.sitesec: library
   audience: itpro
-  ms.date: 04/19/2017
+  ms.date: 11/01/2022
   ms.topic: faq
 title: Frequently Asked Questions
 summary: |
-  The following sections provide frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.
+  The following sections provide frequently asked questions and recommended solutions for migrations using User State Migration Tool (USMT) 10.0.
 
 
 sections:
@@ -24,7 +24,7 @@ sections:
       - question: |
           How much space is needed on the destination computer?
         answer: |
-          The destination computer needs enough available space for the following:
+          The destination computer needs enough available space for the following items:
           
           -   Operating system
           
@@ -35,100 +35,100 @@ sections:
       - question: |
           Can I store the files and settings directly on the destination computer or do I need a server?
         answer: |
-          You do not need to save the files to a server. If you are moving the user state to a new computer, you can create the store on a shared folder, on media that you can remove, such as a USB flash drive (UFD), or you can store it directly on the destination computer, as in the following steps:
+          You don't need to save the files to a server. If you're moving the user state to a new computer, you can create the store on a shared folder, on media that you can remove, such as a USB flash drive (UFD), or you can store it directly on the destination computer, as in the following steps:
           
-          1.  Create and share the directory C:\\store on the destination computer.
+          1.  Create and share the directory `C:\store` on the destination computer.
           
-          2.  Run the ScanState tool on the source computer and save the files and settings to \\\\*DestinationComputerName*\\store
+          2.  Run the **ScanState** tool on the source computer and save the files and settings to `\\<DestinationComputerName>\store`
           
-          3.  Run the LoadState tool on the destination computer and specify C:\\store as the store location.
+          3.  Run the **LoadState** tool on the destination computer and specify `C:\store` as the store location.
           
       - question: |
           Can I migrate data between operating systems with different languages?
         answer: |
-          No. USMT does not support migrating data between operating systems with different languages; the source computer's operating-system language must match the destination computer's operating-system language.
+          No. USMT doesn't support migrating data between operating systems with different languages; the source computer's operating-system language must match the destination computer's operating-system language.
 
       - question: |
           Can I change the location of the temporary directory on the destination computer?
         answer: |
-          Yes. The environment variable USMT\_WORKING\_DIR can be changed to an alternative temporary directory. There are some offline migration scenarios where this is necessary, for example, when the USMT binaries are located on read-only Windows Preinstallation Environment (WinPE) boot media.
+          Yes. The environment variable `USMT\_WORKING\_DIR` can be changed to an alternative temporary directory. There are some offline migration scenarios where changing the temporary directory is necessary, for example, when the USMT binaries are located on read-only Windows Preinstallation Environment (WinPE) boot media.
 
       - question: |
           How do I install USMT?
         answer: |
-          Because USMT is included in Windows Assessment and Deployment Kit (Windows ADK), you need to install the Windows ADK package on at least one computer in your environment. However, the USMT binaries are designed to be deployed using xcopy. This means that they are installed on a computer simply by recursively copying the USMT directory from the computer containing the Windows ADK to each client computer.
+          Because USMT is included in Windows Assessment and Deployment Kit (Windows ADK), you need to install the Windows ADK package on at least one computer in your environment. The USMT binaries can then be copied from the USMT directory located on the original computer where the Windows ADK was installed to additional client computers.
 
       - question: |
           How do I uninstall USMT?
         answer: |
-          If you have installed the Windows ADK on the computer, uninstalling Windows ADK will uninstall USMT. For client computers that do not have the Windows ADK installed, you can simply delete the USMT directory to uninstall USMT.
+          If you've installed the Windows ADK on the computer, uninstalling Windows ADK will uninstall USMT. For client computers that don't have the Windows ADK installed, you can delete the USMT directory to uninstall USMT.
 
   - name: Files and Settings
     questions:
       - question: |
           How can I exclude a folder or a certain type of file from the migration?
         answer: |
-          You can use the **&lt;unconditionalExclude&gt;** element to globally exclude data from the migration. For example, you can use this element to exclude all MP3 files on the computer or to exclude all files from C:\\UserData. This element excludes objects regardless of any other &lt;include&gt; rules that are in the .xml files. For an example, see &lt;unconditionalExclude&gt; in the [Exclude Files and Settings](usmt-exclude-files-and-settings.md) topic. For the syntax of this element, see [XML Elements Library](usmt-xml-elements-library.md).
+          You can use the **&lt;unconditionalExclude&gt;** element to globally exclude data from the migration. For example, you can use this element to exclude all MP3 files on the computer or to exclude all files from `C:\UserData`. This element excludes objects regardless of any other **&lt;include&gt;** rules that are in the .xml files. For an example, see **&lt;unconditionalExclude&gt;** in the [Exclude files and settings](usmt-exclude-files-and-settings.md) article. For the syntax of this element, see [XML elements library](usmt-xml-elements-library.md).
           
       - question: |
-          What happens to files that were located on a drive that does not exist on the destination computer?
+          What happens to files that were located on a drive that don't exist on the destination computer?
         answer: |
-          USMT migrates the files to the %SystemDrive% while maintaining the correct folder hierarchy. For example, if E:\\data\\File.pst is on the source computer, but the destination computer does not have an E:\\ drive, the file will be migrated to C:\\data\\File.pst, if C:\\ is the system drive. This holds true even when &lt;locationModify&gt; rules attempt to move data to a drive that does not exist on the destination computer.
+          USMT migrates the files to the `%SystemDrive%` while maintaining the correct folder hierarchy. For example, if `E:\data\File.pst` is on the source computer, but the destination computer doesn't have an E:\\ drive, the file will be migrated to `C:\data\File.pst`, if C:\\ is the system drive. This behavior holds true even when **&lt;locationModify&gt;** rules attempt to move data to a drive that doesn't exist on the destination computer.
           
   - name: USMT .xml Files
     questions:
       - question: |
           Where can I get examples of USMT .xml files?
         answer: |
-          The following topics include examples of USMT .xml files:
+          The following articles include examples of USMT .xml files:
           
-          -   [Exclude Files and Settings](usmt-exclude-files-and-settings.md)
+          -   [Exclude files and settings](usmt-exclude-files-and-settings.md)
           
-          -   [Reroute Files and Settings](usmt-reroute-files-and-settings.md)
+          -   [Reroute files and settings](usmt-reroute-files-and-settings.md)
           
-          -   [Include Files and Settings](usmt-include-files-and-settings.md)
+          -   [Include files and settings](usmt-include-files-and-settings.md)
           
-          -   [Custom XML Examples](usmt-custom-xml-examples.md)
+          -   [Custom XML examples](usmt-custom-xml-examples.md)
           
       - question: |
           Can I use custom .xml files that were written for USMT 5.0?
         answer: |
-          Yes. You can use custom .xml files that were written for USMT 5.0 with USMT for Windows 10. However, in order to use new USMT functionality, you must revisit your custom USMT files and refresh them to include the new command-line options and XML elements.
+          Yes. You can use custom .xml files that were written for USMT 5.0 with USMT for Windows 10. However, in order to use new USMT functionality, you must revisit your custom USMT files and refresh them to include the new command-line options and XML elements.
 
       - question: |
           How can I validate the .xml files?
         answer: |
-          You can use the USMT XML Schema (MigXML.xsd) to write and validate migration .xml files.
+          You can use the USMT XML Schema (`MigXML.xsd`) to write and validate migration .xml files.
 
       - question: |
-          Why must I list the .xml files with both the ScanState and LoadState commands?
+          Why must I list the .xml files with both the `ScanState.exe` and `LoadState.exe` commands?
         answer: |
-          The .xml files are not copied to the store as in previous versions of USMT. Because the ScanState and LoadState tools need the .xml files to control the migration, you must specify the same set of .xml files for the **ScanState** and **LoadState** commands. If you used a particular set of mig\*.xml files in the ScanState tool, either called through the "/auto" option, or individually through the "/i" option, then you should use same option to call the exact same mig\*.xml files in the LoadState tool. However, you do not have to specify the Config.xml file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the My Documents folder to the store, but not to the destination computer. To do this, modify the Config.xml file and specify the updated file with the **LoadState** command. **LoadState** will migrate only the files and settings that you want to migrate.
+          The .xml files aren't copied to the store as in previous versions of USMT. Because the **ScanState** and **LoadState** tools need the .xml files to control the migration, you must specify the same set of .xml files for the `ScanState.exe` and `LoadState.exe` commands. If you used a particular set of mig\*.xml files in the **ScanState** tool, either called through the `/auto` option, or individually through the `/i` option, then you should use same option to call the exact same mig\*.xml files in the **LoadState** tool. However, you don't have to specify the `Config.xml` file, unless you want to exclude some of the files and settings that you migrated to the store. For example, you might want to migrate the **My Documents** folder to the store, but not to the destination computer. To do this type of migration, modify the `Config.xml` file and specify the updated file with the `LoadState.exe` command. **LoadState** will migrate only the files and settings that you want to migrate.
           
-          If you exclude an .xml file from the **LoadState** command, then all of the data that is in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified for the **ScanState** command will not apply. For example, if you exclude a MigApp.xml file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files. Instead, it will migrate them to C:\\data.
+          If you exclude an .xml file from the `LoadState.exe` command, then all of the data that is in the store that was migrated with the missing .xml files will be migrated. However, the migration rules that were specified for the `ScanState.exe` command won't apply. For example, if you exclude a `MigApp.xml` file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT won't reroute the files. Instead, it will migrate them to `C:\data`.
           
       - question: |
           Which files can I modify and specify on the command line?
         answer: |
-          You can specify the MigUser.xml and MigApp.xml files on the command line. You can modify each of these files. The migration of operating system settings is controlled by the manifests, which you cannot modify. If you want to exclude certain operating-system settings or any other components, create and modify the Config.xml file.
+          You can specify the `MigUser.xml` and `MigApp.xml` files on the command line. You can modify each of these files. The migration of operating system settings is controlled by the manifests, which you can't modify. If you want to exclude certain operating-system settings or any other components, create and modify the `Config.xml` file.
 
       - question: |
-          What happens if I do not specify the .xml files on the command line?
+          What happens if I don't specify the .xml files on the command line?
         answer: |
           -   **ScanState**
           
-              If you do not specify any files with the **ScanState** command, all user accounts and default operating system components are migrated.
+              If you don't specify any files with the `ScanState.exe` command, all user accounts and default operating system components are migrated.
           
           -   **LoadState**
           
-              If you do not specify any files with the **LoadState** command, all data that is in the store is migrated. However, any target-specific migration rules that were specified in .xml files with the **ScanState** command will not apply. For example, if you exclude a MigApp.xml file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT will not reroute the files. Instead, it will migrate them to C:\\data.
+              If you don't specify any files with the `LoadState.exe` command, all data that is in the store is migrated. However, any target-specific migration rules that were specified in .xml files with the `ScanState.exe` command won't apply. For example, if you exclude a `MigApp.xml` file that has a rerouting rule such as `MigsysHelperFunction.RelativeMove("c:\data", "%CSIDL_PERSONAL%")`, USMT won't reroute the files. Instead, it will migrate them to `C:\data`.
           
   - name: Conflicts and Precedence
     questions:
       - question: |
           What happens when there are conflicting XML rules or conflicting objects on the destination computer?
         answer: |
-          For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+          For more information, see [Conflicts and precedence](usmt-conflicts-and-precedence.md).
           
 
 additionalContent: |
@@ -137,6 +137,6 @@ additionalContent: |
 
   [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
 
-  [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md)
+  [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md)
 
-  [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)
+  [Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md)
diff --git a/windows/deployment/usmt/usmt-general-conventions.md b/windows/deployment/usmt/usmt-general-conventions.md
index 6ccaaa68cf..ffa159f0c3 100644
--- a/windows/deployment/usmt/usmt-general-conventions.md
+++ b/windows/deployment/usmt/usmt-general-conventions.md
@@ -2,62 +2,52 @@
 title: General Conventions (Windows 10)
 description: Learn about general XML guidelines and how to use XML helper functions in the XML Elements library to change migration behavior.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# General Conventions
-
+# General conventions
 
 This topic describes the XML helper functions.
 
-## In This Topic
-
-
-[General XML Guidelines](#bkmk-general)
-
-[Helper Functions](#bkmk-helperfunctions)
-
-## <a href="" id="bkmk-general"></a>General XML Guidelines
-
+## General XML guidelines
 
 Before you modify the .xml files, become familiar with the following guidelines:
 
--   **XML schema**
+- **XML schema**
 
-    You can use the User State Migration Tool (USMT) 10.0 XML schema, MigXML.xsd, to write and validate migration .xml files.
+    You can use the User State Migration Tool (USMT) 10.0 XML schema, MigXML.xsd, to write and validate migration .xml files.
 
--   **Conflicts**
+- **Conflicts**
 
-    In general, when there are conflicts within the XML schema, the most specific pattern takes precedence. For more information, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+    In general, when there are conflicts within the XML schema, the most specific pattern takes precedence. For more information, see [Conflicts and precedence](usmt-conflicts-and-precedence.md).
 
--   **Required elements**
+- **Required elements**
 
     The required elements for a migration .xml file are **&lt;migration&gt;**, **&lt;component&gt;**, **&lt;role&gt;**, and **&lt;rules&gt;**.
 
--   **Required child elements**
+- **Required child elements**
 
-    -   USMT does not fail with an error if you do not specify the required child elements. However, you must specify the required child elements for the parent element to affect the migration.
+  - USMT doesn't fail with an error if you don't specify the required child elements. However, you must specify the required child elements for the parent element to affect the migration.
 
-    -   The required child elements apply only to the first definition of the element. If these elements are defined and then referred to using their name, the required child elements do not apply. For example, if you define `<detects name="Example">` in **&lt;namedElements&gt;**, and you specify `<detects name="Example"/>` in **&lt;component&gt;** to refer to this element, the definition inside **&lt;namedElements&gt;** must have the required child elements, but the **&lt;component&gt;** element does not need to have the required child elements.
+  - The required child elements apply only to the first definition of the element. If these elements are defined and then referred to using their name, the required child elements don't apply. For example, if you define `<detects name="Example">` in **&lt;namedElements&gt;**, and you specify `<detects name="Example"/>` in **&lt;component&gt;** to refer to this element, the definition inside **&lt;namedElements&gt;** must have the required child elements, but the **&lt;component&gt;** element doesn't need to have the required child elements.
 
--   **File names with brackets**
+- **File names with brackets**
 
-    If you are migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there is a file named **file].txt**, you must specify `<pattern type="File">c:\documents\mydocs [file^].txt]</pattern>` instead of `<pattern type="File">c:\documents\mydocs [file].txt]</pattern>`.
+    If you're migrating a file that has a bracket character (\[ or \]) in the file name, you must insert a carat (^) character directly before the bracket for the bracket character to be valid. For example, if there's a file named **file].txt**, you must specify `<pattern type="File">c:\documents\mydocs [file^].txt]</pattern>` instead of `<pattern type="File">c:\documents\mydocs [file].txt]</pattern>`.
 
--   **Using quotation marks**
+- **Using quotation marks**
 
     When you surround code in quotation marks, you can use either double ("") or single (') quotation marks.
 
-## <a href="" id="bkmk-helperfunctions"></a> Helper Functions
+## Helper functions
 
-
-You can use the XML helper functions in the [XML Elements Library](usmt-xml-elements-library.md) to change migration behavior. Before you use these functions in an .xml file, note the following:
+You can use the XML helper functions in the [XML elements library](usmt-xml-elements-library.md) to change migration behavior. Before you use these functions in an .xml file, note the following items:
 
 - **All of the parameters are strings**
 
@@ -77,28 +67,18 @@ You can use the XML helper functions in the [XML Elements Library](usmt-xml-elem
 
 - **The encoded location used in all the helper functions is an unambiguous string representation for the name of an object**
 
-  It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves.
+  It's composed of the node part, optionally followed by the leaf enclosed in square brackets. This format makes a clear distinction between nodes and leaves.
 
-  For example, specify the file C:\\Windows\\Notepad.exe: **c:\\Windows\[Notepad.exe\]**. Similarly, specify the directory C:\\Windows\\System32 like this: **c:\\Windows\\System32**; note the absence of the \[\] characters.
+  For example, specify the file `C:\Windows\Notepad.exe`: **c:\\Windows\[Notepad.exe\]**. Similarly, specify the directory `C:\Windows\System32` like this: **c:\\Windows\\System32**; note the absence of the **\[\]** characters.
 
-  The registry is represented in a similar way. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key is **HKLM\\SOFTWARE\\MyKey\[\]**.
+  The registry is represented in a similar way. The default value of a registry key is represented as an empty **\[\]** construct. For example, the default value for the `HKLM\SOFTWARE\MyKey` registry key is **HKLM\\SOFTWARE\\MyKey\[\]**.
 
 - **You specify a location pattern in a way that is similar to how you specify an actual location**
 
-  The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf.
-
-  For example, the pattern **c:\\Windows\\\\*** will match the \\Windows directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify **c:\\Windows\\\*\[\*\]**.
-
-## Related topics
-
-
-[USMT XML Reference](usmt-xml-reference.md)
-
- 
-
- 
-
-
+  The exception is that both the node and leaf part accept patterns. However, a pattern from the node doesn't extend to the leaf.
 
+  For example, the pattern **c:\\Windows\\\\\*** will match the `\Windows` directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify **c:\\Windows\\\*\[\*\]**.
 
+## Related articles
 
+[USMT XML reference](usmt-xml-reference.md)
diff --git a/windows/deployment/usmt/usmt-hard-link-migration-store.md b/windows/deployment/usmt/usmt-hard-link-migration-store.md
index 5b98c857bf..2c3791c771 100644
--- a/windows/deployment/usmt/usmt-hard-link-migration-store.md
+++ b/windows/deployment/usmt/usmt-hard-link-migration-store.md
@@ -2,169 +2,147 @@
 title: Hard-Link Migration Store (Windows 10)
 description: Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Hard-Link Migration Store
 
-A *hard-link migration store* enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed; this functionality is what makes *hard-link migration store* best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs, and enables entirely new migration scenarios.
+A **hard-link migration store** enables you to perform an in-place migration where all user state is maintained on the computer while the old operating system is removed and the new operating system is installed. This functionality is what makes **hard-link migration store** best suited for the computer-refresh scenario. Use of a hard-link migration store for a computer-refresh scenario drastically improves migration performance and significantly reduces hard-disk utilization, reduces deployment costs, and enables entirely new migration scenarios.
 
-## In this topic
-
-[When to Use a Hard-Link Migration](#bkmk-when)
-
-[Understanding a Hard-Link Migration](#bkmk-understandhardlinkmig)
-
-[Scenario](#bkmk-scenario)
-
-[Hard-Link Migration Store Details](#bkmk-hardlinkstoredetails)
-
-[Hard Disk Space](#bkmk-harddiskspace)
-
-[Hard-Link Store Size Estimation](#bkmk-hardlinkstoresizeest)
-
-[Migration Store Path on Multiple Volumes](#bkmk-migstoremultvolumes)
-
-[Location Modifications](#bkmk-locationmodify)
-
-[Migrating Encrypting File System (EFS) Certificates and Files](#bkmk-efs)
-
-[Migrating Locked Files With the Hard-Link Migration Store](#bkmk-miglockedfiles)
-
-[XML Elements in the Config.xml File](#bkmk-xmlelementsinconfig)
-
-## <a href="" id="bkmk-when"></a>When to Use a Hard-Link Migration
+## When to use a hard-link migration
 
 You can use a hard-link migration store when your planned migration meets both of the following criteria:
 
--   You are upgrading the operating system on existing hardware rather than migrating to new computers.
+- You're upgrading the operating system on existing hardware rather than migrating to new computers.
 
--   You are upgrading the operating system on the same volume of the computer.
+- You're upgrading the operating system on the same volume of the computer.
 
-You cannot use a hard-link migration store if your planned migration includes any of the following tasks:
+You can't use a hard-link migration store if your planned migration includes any of the following tasks:
 
--   You are migrating data from one computer to a second computer.
+- You're migrating data from one computer to a second computer.
 
--   You are migrating data from one volume on a computer to another volume, for example from `C:` to `D:`.
+- You're migrating data from one volume on a computer to another volume, for example from `C:` to `D:`.
 
--   You are formatting or repartitioning the disk outside of Windows Setup, or specifying a disk format or repartition during Windows Setup that will remove the migration store.
+- You're formatting or repartitioning the disk outside of Windows Setup, or specifying a disk format or repartition during Windows Setup that will remove the migration store.
 
-## <a href="" id="bkmk-understandhardlinkmig"></a>Understanding a Hard-Link Migration
+## Understanding a hard-link migration
 
-The hard-link migration store is created using the command-line option, **/hardlink**, and is equivalent to other migration-store types. However, it differs in that hard links are utilized to keep files stored on the source computer during the migration. Keeping the files in place on the source computer eliminates the redundant work of duplicating files. It also enables the performance benefits and reduction in disk utilization that define this scenario.
+The hard-link migration store is created using the command-line option, `/hardlink`, and is equivalent to other migration-store types. However, it differs in that hard links are utilized to keep files stored on the source computer during the migration. Keeping the files in place on the source computer eliminates the redundant work of duplicating files. It also enables the performance benefits and reduction in disk utilization that define this scenario.
 
-When you create a hard link, you give an existing file one more path. For instance, you could create a hard link to c:\\file1.txt called c:\\hard link\\myFile.txt. These two paths relate to the same file. If you open c:\\file1.txt, make changes, and save the file, you will see those changes when you open c:\\hard link\\myFile.txt. If you delete c:\\file1.txt, the file still exists on your computer as c:\\hardlink\\myFile.txt. You must delete both references to the file in order to delete the file.
+When you create a hard link, you give an existing file one more path. For instance, you could create a hard link to `c:\file1.txt` called `c:\hard link\myFile.txt`. These two paths relate to the same file. If you open `c:\file1.txt`, make changes, and save the file, you'll see those changes when you open `c:\hard link\myFile.txt`. If you delete `c:\file1.txt`, the file still exists on your computer as `c:\hardlink\myFile.txt`. You must delete both references to the file in order to delete the file.
 
 > [!NOTE]
 > A hard link can only be created for a file on the same volume. If you copy a hard-link migration store to another drive or external device, the files, and not the links, are copied, as in a non-compressed migration-store scenario.
 
 For more information about hard links, see [Hard Links and Junctions](/windows/win32/fileio/hard-links-and-junctions)
 
-In most aspects, a hard-link migration store is identical to an uncompressed migration store. It is located where specified by the Scanstate command-line tool and you can view the contents of the store by using Windows&reg; Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store; however, as with creating the store, the same hard-link functionality is used to keep files in-place.
+In most aspects, a hard-link migration store is identical to an uncompressed migration store. It's located where specified by the **ScanState.exe** command-line tool and you can view the contents of the store by using Windows Explorer. Once created, it can be deleted or copied to another location without changing user state. Restoring a hard-link migration store is similar to restoring any other migration store. However, as with creating the store, the same hard-link functionality is used to keep files in-place.
 
-As a best practice, we recommend that you delete the hard-link migration store after you confirm that the Loadstate tool has successfully migrated the files. Since Loadstate has created new paths to the files on your new installation of a Windows operating system, deleting the hard links in the migration store will only delete one path to the files and will not delete the actual files or the paths to them from your new operating system.
+As a best practice, it's recommended that you delete the hard-link migration store after you confirm that the **LoadState** tool has successfully migrated the files. Since **LoadState** has created new paths to the files on the new installation of a Windows operating system, deleting the hard links in the migration store will only delete one path to the files, and won't delete the actual files or the paths to them from the new operating system.
 
 > [!IMPORTANT]
-> Using the **/c** option will force the Loadstate tool to continue applying files when non-fatal errors occur. If you use the **/c** option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss.
+> Using the `/c` option will force the **LoadState** tool to continue applying files when non-fatal errors occur. If you use the `/c` option, you should verify that no errors are reported in the logs before deleting the hard-link migration store in order to avoid data loss.
 
 Keeping the hard-link migration store can result in extra disk space being consumed or problems with some applications for the following reasons:
 
--   Applications reporting file-system statistics, for example, space used and free space, might incorrectly report these statistics while the hard-link migration store is present. The file may be reported twice because of the two paths that reference that file.
+- Applications reporting file-system statistics, for example, space used and free space, might incorrectly report these statistics while the hard-link migration store is present. The file may be reported twice because of the two paths that reference that file.
 
--   A hard link may lose its connection to the original file. Some applications save changes to a file by creating a temporary file and then renaming the original to a backup filename. The path that was not used to open the file in this application will continue to refer to the unmodified file. The unmodified file that is not in use is taking up more disk space. You should create the hard-link migration store just before you perform the migration, and not use applications once the store is created, in order to make sure you are migrating the latest versions of all files.
+- A hard link may lose its connection to the original file. Some applications save changes to a file by creating a temporary file and then renaming the original to a backup filename. The path that wasn't used to open the file in this application will continue to refer to the unmodified file. The unmodified file that isn't in use is taking up more disk space. You should create the hard-link migration store just before you perform the migration, and not use applications once the store is created, in order to make sure you're migrating the latest versions of all files.
 
--   Editing the file by using different paths simultaneously may result in data corruption.
+- Editing the file by using different paths simultaneously may result in data corruption.
 
 > [!IMPORTANT]
 > The read-only file attribute on migrated files is lost when the hard-link migration store is deleted. This is due to a limitation in NTFS file system hard links.
 
-## <a href="" id="bkmk-scenario"></a>Hard-Link Migration Scenario
+## Hard-link migration scenario
 
-For example, a company has decided to deploy Windows 10 on all of their computers. Each employee will keep the same computer, but the operating system on each computer will be updated.
+For example, a company has decided to deploy Windows 10 on all of their computers. Each employee will keep the same computer, but the operating system on each computer will be updated.
 
-1.  An administrator runs the ScanState command-line tool on each computer, specifying the **/hardlink** command-line option. The ScanState tool saves the user state to a hard-link migration store on each computer, improving performance by reducing file duplication, except in certain specific instances.
+1. An administrator runs the  **ScanState** command-line tool on each computer, specifying the `/hardlink` command-line option. The  **ScanState** tool saves the user state to a hard-link migration store on each computer, improving performance by reducing file duplication, except in certain specific instances.
 
     > [!NOTE]
-    > As a best practice, we recommend that you do not create your hard-link migration store until just before you perform the migration in order to migrate the latest versions of your files. You should not use your software applications on the computer after creating the migration store until you have finished migrating your files with Loadstate.
+    > As a best practice, we recommend that you do not create your hard-link migration store until just before you perform the migration in order to migrate the latest versions of your files. You should not use your software applications on the computer after creating the migration store until you have finished migrating your files with  **LoadState**.
 
-2.  On each computer, an administrator installs the company's standard operating environment (SOE), which includes Windows 7 and other applications the company currently uses.
+2. On each computer, an administrator installs the company's standard operating environment (SOE), which includes Windows 7 and other applications the company currently uses.
 
-3.  An administrator runs the LoadState command-line tool on each computer. The LoadState tool restores user state back on each computer.
+3. An administrator runs the  **LoadState** command-line tool on each computer. The  **LoadState** tool restores user state back on each computer.
 
 > [!NOTE]
 > During the update of a domain-joined computer, the profiles of users whose SID cannot be resolved will not be migrated. When using a hard-link migration store, it could cause a data loss.
 
-## <a href="" id="bkmk-hardlinkstoredetails"></a>Hard-Link Migration Store Details
+## Hard-link migration store details
 
 This section provides details about hard-link migration stores.
 
-### <a href="" id="bkmk-harddiskspace"></a>Hard Disk Space
+### Hard disk space
 
-The **/hardlink** command-line option proceeds with creating the migration store only if there are 250 megabytes (MB) of free space on the hard disk. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless on the size of the migration.
+The `/hardlink` command-line option proceeds with creating the migration store only if there are 250 megabytes (MB) of free space on the hard disk. If every volume involved in the migration is formatted as NTFS, 250 MB should be enough space to ensure success for almost every hard-link migration, regardless on the size of the migration.
 
-### <a href="" id="bkmk-hardlinkstoresizeest"></a>Hard-Link Store Size Estimation
+### Hard-link store size estimation
 
-It is not necessary to estimate the size of a hard-link migration store. Estimating the size of a migration store is only useful in scenarios where the migration store is large, and on NTFS volumes the hard-link migration store will require much less incremental space than other store options. The only case where the local store can be large is when non-NTFS file systems exist on the system and contain data being migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual.
+It isn't necessary to estimate the size of a hard-link migration store since hard-link migration store on NTFS volumes will be relatively small and require much less incremental space than other store options. Estimating the size of a migration store is only useful in scenarios where the migration store is large. The only case where the local store can be large with hard-link migrations is when non-NTFS file systems exist on the system and the non-NTFS files system contain data that needs to be migrated. Since NTFS has been the default file system format for Windows XP and newer operating systems, this situation is unusual.
 
-### <a href="" id="bkmk-migstoremultvolumes"></a>Migration Store Path on Multiple Volumes
+### Migration store path on multiple volumes
 
 Separate hard-link migration stores are created on each NTFS volume that contain data being migrated. In this scenario, the primary migration-store location will be specified on the command line, and should be the operating-system volume. Migration stores with identical names and directory names will be created on every volume containing data being migrated. For example:
 
-`Scanstate /hardlink c:\USMTMIG […]`
+  ``` syntax 
+  ScanState.exe /hardlink c:\USMTMIG […]
+  ```
 
 Running this command on a system that contains the operating system on the C: drive and the user data on the D: drive will generate migration stores in the following locations, assuming that both drives are NTFS:
 
-C:\\USMTMIG\\
+`C:\USMTMIG\`
 
-D:\\USMTMIG\\
+`D:\USMTMIG\`
 
-The drive you specify on the command line for the hard-link migration store is important, because it defines where the *master migration store* should be placed. The *master migration store* is the location where data migrating from non-NTFS volumes is stored. This volume must have enough space to contain all of the data that comes from non-NTFS volumes. As in other scenarios, if a migration store already exists at the specified path, the **/o** option must be used to overwrite the existing data in the store.
+The drive you specify on the command line for the hard-link migration store is important, because it defines where the **master migration store** should be placed. The **master migration store** is the location where data migrating from non-NTFS volumes is stored. This volume must have enough space to contain all of the data that comes from non-NTFS volumes. As in other scenarios, if a migration store already exists at the specified path, the `/o` option must be used to overwrite the existing data in the store.
 
-### <a href="" id="bkmk-locationmodify"></a>Location Modifications
+### Location modifications
 
-Location modifications that redirect migrated content from one volume to a different volume have an adverse impact on the performance of a hard-link migration. This impact is because the migrating data that must cross system volumes cannot remain in the hard-link migration store, and must be copied across the system volumes.
+Location modifications that redirect migrated content from one volume to a different volume have an adverse impact on the performance of a hard-link migration. This impact is because the migrating data that must cross system volumes can't remain in the hard-link migration store, and must be copied across the system volumes.
 
-### <a href="" id="bkmk-efs"></a>Migrating Encrypting File System (EFS) Certificates and Files
+### Migrating Encrypting File System (EFS) certificates and files
 
-To migrate Encrypting File System (EFS) files to a new installation of an operating system on the same volume of the computer, specify the **/efs:hardlink** option in the Scanstate command-line syntax.
+To migrate Encrypting File System (EFS) files to a new installation of an operating system on the same volume of the computer, specify the `/efs:hardlink` option in the `ScanState.exe` command-line syntax.
 
-If the EFS files are being restored to a different partition, you should use the **/efs:copyraw** option instead of the **/efs:hardlink** option. Hard links can only be created for files on the same volume. Moving the files to another partition during the migration requires a copy of the files to be created on the new partition. The **/efs:copyraw** option will copy the files to the new partition in encrypted format.
+If the EFS files are being restored to a different partition, you should use the `/efs:copyraw` option instead of the `/efs:hardlink` option. Hard links can only be created for files on the same volume. Moving the files to another partition during the migration requires a copy of the files to be created on the new partition. The `/efs:copyraw` option will copy the files to the new partition in encrypted format.
 
-For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md) and the Encrypted File Options in [ScanState Syntax](usmt-scanstate-syntax.md).
+For more information, see [Migrate EFS files and certificates](usmt-migrate-efs-files-and-certificates.md) and [Encrypted file options](usmt-scanstate-syntax.md#encrypted-file-options).
 
-### <a href="" id="bkmk-miglockedfiles"></a>Migrating Locked Files with the Hard-Link Migration Store
+### Migrating locked files with the hard-link migration store
 
 Files that are locked by an application or the operating system are handled differently when using a hard-link migration store.
 
-Files that are locked by the operating system cannot remain in place and must be copied into the hard-link migration store. As a result, selecting many operating-system files for migration significantly reduces performance during a hard-link migration. As a best practice, we recommend that you do not migrate any files out of the \\Windows directory, which minimizes performance-related issues.
+Files that are locked by the operating system can't remain in place and must be copied into the hard-link migration store. As a result, selecting many operating-system files for migration significantly reduces performance during a hard-link migration. As a best practice, we recommend that you don't migrate any files out of the `\Windows directory`, which minimizes performance-related issues.
 
-Files that are locked by an application are treated the same in hard-link migrations as in other scenarios when the volume shadow-copy service is not being utilized. The volume shadow-copy service cannot be used with hard-link migrations. However, by modifying the new `<HardLinkStoreControl>` section in the Config.xml file, it is possible to enable the migration of files locked by an application.
+Files that are locked by an application are treated the same in hard-link migrations as in other scenarios when the volume shadow-copy service isn't being utilized. The volume shadow-copy service can't be used with hard-link migrations. However, by modifying the new **&lt;HardLinkStoreControl&gt;** section in the `Config.xml` file, it's possible to enable the migration of files locked by an application.
 
 > [!IMPORTANT]
-> There are some scenarios in which modifying the `<HardLinkStoreControl>` section in the Config.xml file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use USMTutils.exe to schedule the migration store for deletion on the next restart.
+> There are some scenarios in which modifying the **&lt;HardLinkStoreControl&gt;** section in the `Config.xml` file makes it more difficult to delete a hard-link migration store. In these scenarios, you must use `UsmtUtils.exe` to schedule the migration store for deletion on the next restart.
 
-## <a href="" id="bkmk-xmlelementsinconfig"></a>XML Elements in the Config.xml File
+## XML elements in the Config.xml file
 
-A new section in the Config.xml file allows optional configuration of some of the hard-link migration behavior introduced with the **/HardLink** option.
+A new section in the `Config.xml` file allows optional configuration of some of the hard-link migration behavior introduced with the `/HardLink` option.
 
 | Element | Description |
 |--- |--- |
-| `<Policies>` | This element contains elements that describe the policies that USMT follows while creating a migration store. |
-| `<HardLinkStoreControl>` | This element contains elements that describe how to handle files during the creation of a hard link migration store. |
-| `<fileLocked>` | This element contains elements that describe how to handle files that are locked for editing. |
-| `<createHardLink>` | This element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. <br/><br/>Syntax: `<createHardLink>` [pattern] `</createHardLink>` |
-| `<errorHardLink>` | This element defines a standard MigXML pattern that describes file paths where hard links should not be created, if the file is locked for editing by another application. <br/><br/>`<errorHardLink>` [pattern] `</errorHardLink>` |
+| **&lt;Policies&gt;** | This element contains elements that describe the policies that USMT follows while creating a migration store. |
+| **&lt;HardLinkStoreControl&gt;** | This element contains elements that describe how to handle files during the creation of a hard link migration store. |
+| **&lt;fileLocked&gt;** | This element contains elements that describe how to handle files that are locked for editing. |
+| **&lt;createHardLink&gt;** | This element defines a standard MigXML pattern that describes file paths where hard links should be created, even if the file is locked for editing by another application. <br/><br/>Syntax: `<createHardLink>` [pattern] `</createHardLink>` |
+| **&lt;errorHardLink&gt;** | This element defines a standard MigXML pattern that describes file paths where hard links shouldn't be created, if the file is locked for editing by another application. <br/><br/>`<errorHardLink>` [pattern] `</errorHardLink>` |
 
 > [!IMPORTANT]
-> You must use the **/nocompress** option with the **/HardLink** option.
+> You must use the `/nocompress` option with the `/HardLink` option.
 
-The following XML sample specifies that files locked by an application under the \\Users directory can remain in place during the migration. It also specifies that locked files that are not located in the \\Users directory should result in the **File in Use** error. It is important to exercise caution when specifying the paths using the **File in Use`<createhardlink>`** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete.
+The following XML sample specifies that files locked by an application under the `\Users` directory can remain in place during the migration. It also specifies that locked files that aren't located in the `\Users` directory should result in the **File in Use** error. It's important to exercise caution when specifying the paths using the `<createhardlink>`** tag in order to minimize scenarios that make the hard-link migration store more difficult to delete.
 
 ``` xml
 <Policies>
@@ -177,6 +155,6 @@ The following XML sample specifies that files locked by an application under the
 </Policies>
 ```
 
-## Related topics
+## Related articles
 
-[Plan Your Migration](usmt-plan-your-migration.md)
+[Plan your migration](usmt-plan-your-migration.md)
diff --git a/windows/deployment/usmt/usmt-how-it-works.md b/windows/deployment/usmt/usmt-how-it-works.md
index 37ea9bd0bc..23bb493204 100644
--- a/windows/deployment/usmt/usmt-how-it-works.md
+++ b/windows/deployment/usmt/usmt-how-it-works.md
@@ -2,131 +2,121 @@
 title: How USMT Works (Windows 10)
 description: Learn how USMT works and how it includes two tools that migrate settings and data - ScanState and LoadState.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.technology: itpro-deploy
+ms.date: 11/01/2022
 ---
 
-# How USMT Works
+# How USMT works
 
+USMT includes two tools that migrate settings and data: **ScanState** and **LoadState**. **ScanState** collects information from the source computer, and **LoadState** applies that information to the destination computer.
 
-USMT includes two tools that migrate settings and data: ScanState and LoadState. ScanState collects information from the source computer, and LoadState applies that information to the destination computer.
+- [How USMT works](#how-usmt-works)
+  - [The ScanState process](#the-scanstate-process)
+  - [The LoadState process](#the-loadstate-process)
+  - [Related articles](#related-articles)
 
--   [ScanState Process](#the-scanstate-process)
--   [LoadState Process](#the-loadstate-process)
+    > [!NOTE]
+    > For more information about how USMT processes the rules and the XML files, see [Conflicts and precedence](usmt-conflicts-and-precedence.md).
 
-    **Note**  
-    For more information about how USMT processes the rules and the XML files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).   
+## The ScanState process
 
-## The ScanState Process
+When you run the **ScanState** tool on the source computer, it goes through the following process:
 
-When you run the ScanState tool on the source computer, it goes through the following process:
+1. It parses and validates the command-line parameters, creates the `ScanState.log` file, and then begins logging.
 
-1.  It parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging.
-
-2.  It collects information about all of the migration components that need to be migrated. A *migration component* is a logical group of files, registry keys, and values. For example, the set of files, registry keys, and values that store the settings of Adobe Acrobat is grouped into a single migration component.
+2. It collects information about all of the migration components that need to be migrated. A *migration component* is a logical group of files, registry keys, and values. For example, the set of files, registry keys, and values that store the settings of Adobe Acrobat is grouped into a single migration component.
 
     There are three types of components:
 
-    -   Components that migrate the operating system settings
-    -   Components that migrate application settings
-    -   Components that migrate users’ files
+    - Components that migrate the operating system settings
+  
+    - Components that migrate application settings
 
-    The ScanState tool collects information about the application settings and user data components from the .xml files that are specified on the command line.
+    - Components that migrate users' files
 
-    In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file.
+    The **ScanState** tool collects information about the application settings and user data components from the .xml files that are specified on the command line.
 
-3.  ScanState determines which user profiles should be migrated. By default, all user profiles on the source computer are migrated. However, you can include and exclude users using the User Options. The public profile in a source computer running Windows 7, Windows 8, and Windows 10 is always migrated, and you cannot exclude these profiles from the migration.
+    In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You can't modify these files. If you want to exclude certain operating-system settings, you must create and modify a `Config.xml` file.
 
-4.  In the "Scanning" phase, ScanState does the following for each user profile selected for migration:
+3. **ScanState** determines which user profiles should be migrated. By default, all user profiles on the source computer are migrated. However, you can include and exclude users using the User Options. The public profile in a source computer running Windows 7, Windows 8, and Windows 10 is always migrated, and you can't exclude these profiles from the migration.
 
-    1.  For each component, ScanState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored.
+4. In the **Scanning** phase, **ScanState** does the following for each user profile selected for migration:
 
-        **Note**  
-        From this point on, ScanState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. ScanState processes all components in the same way.
+    1. For each component, **ScanState** checks the type of the component. If the current user profile is the system profile and the component type is **System** or **UserAndSystem**, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile isn't the system profile and the component type is **User** or **UserAndSystem**, the component is selected for this user. Otherwise, this component is ignored.
 
-    2.  Each component that is selected in the previous step is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile that is being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents, assuming that the user profiles are stored in the C:\\Users directory.
+        > [!NOTE]
+        > From this point on, **ScanState** does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users' files. **ScanState** processes all components in the same way.
 
-    3.  For each selected component, ScanState evaluates the &lt;detects&gt; section. If the condition in the &lt;detects&gt; section evaluates to false, the component is not processed any further. Otherwise, the processing of this component continues.
+    2. Each component that is selected in the previous step is processed further. Any profile-specific variables (such as **CSIDL_PERSONAL**) are evaluated in the context of the current profile. For example, if the profile that is being processed belongs to **User1**, then **CSIDL_PERSONAL** would expand to `C:\Users\User1\Documents`, assuming that the user profiles are stored in the `C:\Users` directory.
 
-    4.  For each selected component, ScanState evaluates the &lt;rules&gt; sections. For each &lt;rules&gt; section, if the current user profile is the system profile and the context of the &lt;rules&gt; section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the &lt;rules&gt; section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored.
+    3. For each selected component, **ScanState** evaluates the **&lt;detects&gt;** section. If the condition in the **&lt;detects&gt;** section evaluates to false, the component isn't processed any further. Otherwise, the processing of this component continues.
 
-    5.  ScanState creates a list of migration units that need to be migrated by processing the various subsections under this &lt;rules&gt; section. Each unit is collected if it is mentioned in an &lt;include&gt; subsection, as long as there is not a more specific rule for it in an &lt;exclude&gt; subsection in the same &lt;rules&gt; section. For more information about precedence in the .xml files, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+    4. For each selected component, **ScanState** evaluates the **&lt;rules&gt;** sections. For each **&lt;rules&gt;** section, if the current user profile is the system profile and the context of the **&lt;rules&gt;** section is **System** or **UserAndSystem**, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile isn't the system profile and the context of the **&lt;rules&gt;** section is **User** or **UserAndSystem**, the rule is processed further. Otherwise, this rule is ignored.
 
-        In addition, any migration unit (such as a file, registry key, or set of registry values) that is in an &lt;UnconditionalExclude&gt; section is not migrated.
+    5. **ScanState** creates a list of migration units that need to be migrated by processing the various subsections under this **&lt;rules&gt;** section. Each unit is collected if it's mentioned in an **&lt;include&gt;** subsection, as long as there isn't a more specific rule for it in an **&lt;exclude&gt;** subsection in the same **&lt;rules&gt;** section. For more information about precedence in the .xml files, see [Conflicts and precedence](usmt-conflicts-and-precedence.md).
 
-        **Note**  
-        ScanState ignores some subsections such as &lt;destinationCleanup&gt; and &lt;locationModify&gt;. These sections are evaluated only on the destination computer.
+        In addition, any migration unit (such as a file, registry key, or set of registry values) that is in an &lt;UnconditionalExclude&gt; section isn't migrated.
 
-5.  In the "Collecting" phase, ScanState creates a master list of the migration units by combining the lists that were created for each selected user profile.
+        > [!NOTE]
+        > **ScanState** ignores some subsections such as &lt;destinationCleanup&gt; and &lt;locationModify&gt;. These sections are evaluated only on the destination computer.
 
-6.  In the "Saving" phase, ScanState writes the migration units that were collected to the store location.
+5. In the **Collecting** phase, **ScanState** creates a master list of the migration units by combining the lists that were created for each selected user profile.
 
-    **Note**  
-    ScanState does not modify the source computer in any way.
+6. In the **Saving** phase, **ScanState** writes the migration units that were collected to the store location.
 
-## The LoadState Process
+    > [!NOTE]
+    > **ScanState** does not modify the source computer in any way.
 
+## The LoadState process
 
-The LoadState process is very similar to the ScanState process. The ScanState tool collects migration units such as file, registry key, or registry values from the source computer and saves them to the store. Similarly, the LoadState tool collects migration units from the store and applies them to the destination computer.
+The **LoadState** process is similar to the **ScanState** process. The **ScanState** tool collects migration units such as file, registry key, or registry values from the source computer and saves them to the store. Similarly, the **LoadState** tool collects migration units from the store and applies them to the destination computer.
 
-1. ScanState parses and validates the command-line parameters, creates the ScanState.log file, and then begins logging.
+1. **ScanState** parses and validates the command-line parameters, creates the `ScanState.log` file, and then begins logging.
 
-2. LoadState collects information about the migration components that need to be migrated.
+2. **LoadState** collects information about the migration components that need to be migrated.
 
-   LoadState obtains information for the application-settings components and user-data components from the migration .xml files that are specified by the LoadState command.
+   **LoadState** obtains information for the application-settings components and user-data components from the migration .xml files that are specified by the `LoadState.exe` command.
 
-   In Windows 7, and Windows 8, the manifest files control how the operating-system settings are migrated. You cannot modify these files. If you want to exclude certain operating-system settings, you must create and modify a Config.xml file.
+   In Windows 7, Windows 8, and Windows 10, the manifest files control how the operating-system settings are migrated. You can't modify these files. If you want to exclude certain operating-system settings, you must create and modify a `Config.xml` file.
 
-3. LoadState determines which user profiles should be migrated. By default, all user profiles present on the source computer are migrated. However, you can include and exclude users using the User Options. The system profile, the "All users" profile in a source computer running Windows XP, or the Public profile in a source computer running Windows Vista, Windows 7, and Windows 8, is always migrated and you cannot exclude these profiles from the migration.
+3. **LoadState** determines which user profiles should be migrated. By default, all user profiles present on the source computer are migrated. However, you can include and exclude users using the **User Options**. The system profile, the Public profile in a source computer running Windows 7, Windows 8, and Windows 10 is always migrated and you can't exclude these profiles from the migration.
 
-   - If you are migrating local user accounts and if the accounts do not already exist on the destination computer, you must use the<strong>/lac</strong> command-line option. If you do not specify the **/lac** option, any local user accounts that are not already present on the destination computer, are not migrated.
+   - If you're migrating local user accounts and if the accounts don't already exist on the destination computer, you must use the `/lac` command-line option. If you don't specify the `/lac` option, any local user accounts that aren't already present on the destination computer, aren't migrated.
 
-   - The **/md** and **/mu** options are processed to rename the user profile on the destination computer, if they have been included when the LoadState command was specified.
+   - The `/md` and `/mu` options are processed to rename the user profile on the destination computer, if they've been included when the `LoadState.exe` command was specified.
 
-   - For each user profile selected from the store, LoadState creates a corresponding user profile on the destination computer. The destination computer does not need to be connected to the domain for domain user profiles to be created. If USMT cannot determine a domain, it attempts to apply the settings to a local account. For more information, see [Identify Users](usmt-identify-users.md).
+   - For each user profile selected from the store, **LoadState** creates a corresponding user profile on the destination computer. The destination computer doesn't need to be connected to the domain for domain user profiles to be created. If USMT can't determine a domain, it attempts to apply the settings to a local account. For more information, see [Identify Users](usmt-identify-users.md).
 
-4. In the "Scanning" phase, LoadState does the following for each user profile:
+4. In the **Scanning** phase, **LoadState** does the following for each user profile:
 
-   1.  For each component, LoadState checks the type of the component. If the current user profile is the system profile and the component type is “System” or “UserAndSystem”, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile is not the system profile and the component type is “User” or “UserAndSystem”, the component is selected for this user. Otherwise, this component is ignored.
+   1. For each component, **LoadState** checks the type of the component. If the current user profile is the system profile and the component type is **System** or **UserAndSystem**, the component is selected for this user. Otherwise, the component is ignored. Alternatively, if the current user profile isn't the system profile and the component type is **User** or **UserAndSystem**, the component is selected for this user. Otherwise, this component is ignored.
 
-       **Note**  
-       From this point on, LoadState does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users’ files. LoadState evaluates all components in the same way.
+       > [!NOTE]
+       > From this point on, **LoadState** does not distinguish between components that migrate operating-system settings, those that migrate application settings, and those that migrate users' files. **LoadState** evaluates all components in the same way.
 
-         
+   2. Each component that is selected is processed further. Any profile-specific variables (such as **CSIDL_PERSONAL**) are evaluated in the context of the current profile. For example, if the profile being processed belongs to **User1**, then **CSIDL_PERSONAL** would expand to `C:\Users\User1\Documents` (assuming that the user profiles are stored in the `C:\Users` directory).
 
-   2.  Each component that is selected is processed further. Any profile-specific variables (such as CSIDL\_PERSONAL) are evaluated in the context of the current profile. For example, if the profile being processed belongs to “User1”, then CSIDL\_PERSONAL would expand to C:\\Users\\User1\\Documents (assuming that the user profiles are stored in the C:\\Users directory).
+       > [!NOTE]
+       > **LoadState** ignores the **&lt;detects&gt;** section specified in a component. At this point, all specified components are considered to be detected and are selected for migration.
 
-       **Note**  
-       LoadState ignores the &lt;detects&gt; section specified in a component. At this point, all specified components are considered to be detected and are selected for migration.
+   3. For each selected component, **LoadState** evaluates the **&lt;rules&gt;** sections. For each **&lt;rules&gt;** section, if the current user profile is the system profile and the context of the **&lt;rules&gt;** section is **System** or **UserAndSystem**, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile isn't the system profile and the context of the **&lt;rules&gt;** section is **User** or **UserAndSystem**, the rule is processed further. Otherwise, this rule is ignored.
 
-         
+   4. **LoadState** creates a master list of migration units by processing the various subsections under the **&lt;rules&gt;** section. Each migration unit that is in an **&lt;include&gt;** subsection is migrated as long, as there isn't a more specific rule for it in an **&lt;exclude&gt;** subsection in the same **&lt;rules&gt;** section. For more information about precedence, see [Conflicts and precedence](usmt-conflicts-and-precedence.md).
 
-   3.  For each selected component, LoadState evaluates the &lt;rules&gt; sections. For each &lt;rules&gt; section, if the current user profile is the system profile and the context of the &lt;rules&gt; section is “System” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored. Alternatively, if the current user profile is not the system profile and the context of the &lt;rules&gt; section is “User” or “UserAndSystem”, the rule is processed further. Otherwise, this rule is ignored.
-
-   4.  LoadState creates a master list of migration units by processing the various subsections under the &lt;rules&gt; section. Each migration unit that is in an &lt;include&gt; subsection is migrated as long, as there is not a more specific rule for it in an &lt;exclude&gt; subsection in the same &lt;rules&gt; section. For more information about precedence, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
-
-   5.  LoadState evaluates the destination computer-specific subsections; for example, the &lt;destinationCleanup&gt; and &lt;locationModify&gt; subsections.
-
-   6.  If the destination computer is running Windows 7 or Windows 8 then the migunits that were collected by ScanState using downlevel manifest files are processed by LoadState using the corresponding Component Manifest for Windows 7. The downlevel manifest files are not used during LoadState.
-
-       **Important**  
-       It is important to specify the .xml files with the LoadState command if you want LoadState to use them. Otherwise, any destination-specific rules, such as &lt;locationModify&gt;, in these .xml files are ignored, even if the same .xml files were provided when the ScanState command ran.
-
-5. In the "Apply" phase, LoadState writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there is not a &lt;merge&gt; rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, do not take effect until the next time the user logs on. For this reason, you should log off when the LoadState command actions have completed.
-
-## Related topics
-
-[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)
-
- 
-
- 
+   5. **LoadState** evaluates the destination computer-specific subsections, for example, the **&lt;destinationCleanup&gt;** and **&lt;locationModify&gt;** subsections.
 
+   6. If the destination computer is running Windows 7, Windows 8, or Windows 10, then the migunits that were collected by **ScanState** using downlevel manifest files are processed by **LoadState** using the corresponding Component Manifest for Windows 7. The downlevel manifest files aren't used during **LoadState**.
 
+       > [!IMPORTANT]
+       > It is important to specify the .xml files with the `LoadState.exe` command if you want **LoadState** to use them. Otherwise, any destination-specific rules, such as **&lt;locationModify&gt;**, in these .xml files are ignored, even if the same .xml files were provided when the `ScanState.exe` command ran.
 
+5. In the **Apply** phase, **LoadState** writes the migration units that were collected to the various locations on the destination computer. If there are conflicts and there isn't a **&lt;merge&gt;** rule for the object, the default behavior for the registry is for the source to overwrite the destination. The default behavior for files is for the source to be renamed incrementally, for example, OriginalFileName(1).OriginalExtension. Some settings, such as fonts, wallpaper, and screen-saver settings, don't take effect until the next time the user logs on. For this reason, you should sign out when the `LoadState.exe` command actions have completed.
 
+## Related articles
 
+[User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md)
diff --git a/windows/deployment/usmt/usmt-how-to.md b/windows/deployment/usmt/usmt-how-to.md
index 673ccff26e..e234211ca1 100644
--- a/windows/deployment/usmt/usmt-how-to.md
+++ b/windows/deployment/usmt/usmt-how-to.md
@@ -1,33 +1,35 @@
 ---
-title: User State Migration Tool (USMT) How-to topics (Windows 10)
-description: Reference the topics in this article to learn how to use User State Migration Tool (USMT) 10.0 to perform specific tasks.
+title: User State Migration Tool (USMT) How-to articles (Windows 10)
+description: Reference the articles in this article to learn how to use User State Migration Tool (USMT) 10.0 to perform specific tasks.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# User State Migration Tool (USMT) How-to topics
-The following table lists topics that describe how to use User State Migration Tool (USMT) 10.0 to perform specific tasks.
+# User State Migration Tool (USMT) how-to articles
 
-## In This Section
+The following table lists articles that describe how to use User State Migration Tool (USMT) 10.0 to perform specific tasks.
 
-|Topic |Description|
-|------|-----------|
-|[Exclude Files and Settings](usmt-exclude-files-and-settings.md)|Create a custom .xml file to exclude files, file types, folders, or registry settings from your migration.|
-|[Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md)|Recover files from a compressed migration store after installing the operating system.|
-|[Include Files and Settings](usmt-include-files-and-settings.md)|Create a custom .xml file to include files, file types, folders, or registry settings in your migration.|
-|[Migrate Application Settings](migrate-application-settings.md)|Migrate the settings of an application that the MigApp.xml file does not include by default.|
-|[Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md)|Migrate Encrypting File System (EFS) certificates by using USMT.|
-|[Migrate User Accounts](usmt-migrate-user-accounts.md)|Specify the users to include and exclude in your migration.|
-|[Reroute Files and Settings](usmt-reroute-files-and-settings.md)|Create a custom .xml file to reroute files and settings during a migration.|
-|[Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md)|Determine whether a compressed migration store is intact, or whether it contains corrupt files or a corrupt catalog.|
+## In this section
 
-## Related topics
-- [User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
-- [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
-- [User State Migration Toolkit (USMT) Reference](usmt-reference.md)
+| Link | Description |
+|------ |----------- |
+|[Exclude files and settings](usmt-exclude-files-and-settings.md)|Create a custom .xml file to exclude files, file types, folders, or registry settings from your migration.|
+|[Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md)|Recover files from a compressed migration store after installing the operating system.|
+|[Include files and settings](usmt-include-files-and-settings.md)|Create a custom .xml file to include files, file types, folders, or registry settings in your migration.|
+|[Migrate application settings](migrate-application-settings.md)|Migrate the settings of an application that the MigApp.xml file doesn't include by default.|
+|[Migrate EFS files and certificates](usmt-migrate-efs-files-and-certificates.md)|Migrate Encrypting File System (EFS) certificates by using USMT.|
+|[Migrate user accounts](usmt-migrate-user-accounts.md)|Specify the users to include and exclude in your migration.|
+|[Reroute files and settings](usmt-reroute-files-and-settings.md)|Create a custom .xml file to reroute files and settings during a migration.|
+|[Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md)|Determine whether a compressed migration store is intact, or whether it contains corrupt files or a corrupt catalog.|
+
+## Related articles
+
+- [User State Migration Tool (USMT) overview topics](usmt-topics.md)
+- [User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md)
+- [User State Migration Toolkit (USMT) reference](usmt-reference.md)
diff --git a/windows/deployment/usmt/usmt-identify-application-settings.md b/windows/deployment/usmt/usmt-identify-application-settings.md
index 586733f45e..24278e020b 100644
--- a/windows/deployment/usmt/usmt-identify-application-settings.md
+++ b/windows/deployment/usmt/usmt-identify-application-settings.md
@@ -1,60 +1,46 @@
 ---
 title: Identify Applications Settings (Windows 10)
-description: Identify which applications and settings you want to migrate before using the User State Migration Tool (USMT).
+description: Identify which applications and settings you want to migrate before using the User State Migration Tool (USMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Identify Applications Settings
+# Identify applications settings
 
-
-When planning for your migration, you should identify which applications and settings you want to migrate. For more information about how to create a custom .xml file to migrate the settings of another application, see [Customize USMT XML Files](usmt-customize-xml-files.md).
+When planning for your migration, you should identify which applications and settings you want to migrate. For more information about how to create a custom .xml file to migrate the settings of another application, see [Customize USMT XML files](usmt-customize-xml-files.md).
 
 ## Applications
 
+First, create and prioritize a list of applications that need to be migrated. It may be helpful to review the application lists and decide which applications will be redeployed and which applications will be retired. Often, what applications are migrated are prioritized based on a combination of how widely the application is used and how complex the application is.
 
-First, create and prioritize a list of applications that to be migrated. It may be helpful to review the application lists and decide which applications will be redeployed and which applications will be retired. Often, the applications are prioritized based on a combination of how widely the application is used and how complex the application is.
+Next, identify an application owner to be in charge of each application. Application ownership identification is necessary because the developers won't be experts on all of the applications in the organization. The application owner should have the most experience with an application. The application owner provides insight into how the organization installs, configures, and uses the application.
 
-Next, identify an application owner to be in charge of each application. This is necessary because the developers will not be experts on all of the applications in the organization. The application owner should have the most experience with an application. The application owner provides insight into how the organization installs, configures, and uses the application.
+## Application settings
 
-## Application Settings
+Next, determine and locate the application settings to be migrated. You can acquire much of the information that you need for this step when you're testing the new applications for compatibility with the new operating system.
 
+After completing the list of applications to be migrated, review the list, and work with each application owner on a list of settings to be migrated. For each setting, determine whether it needs to be migrated or if the default settings are adequate. Then, determine where the setting is located, for example, in the registry or in an .ini file. Next, consider the following questions to determine what needs to be done to migrate the setting successfully:
 
-Next, determine and locate the application settings to be migrated. You can acquire much of the information that you need for this step when you are testing the new applications for compatibility with the new operating system.
+- Is the destination version of the application newer than the source version?
 
-After completing the list of applications to be migrated, review the list and work with each application owner on a list of settings to be migrated. For each setting, determine whether it needs to be migrated or if the default settings are adequate. Then, determine where the setting is located; for example, in the registry or in an .ini file. Next, consider the following questions to determine what needs to be done to migrate the setting successfully:
+- Do these settings work with the new version?
 
--   Is the destination version of the application newer than the source version?
+- Do the settings need to be moved or altered?
 
--   Do these settings work with the new version?
-
--   Do the settings need to be moved or altered?
-
--   Can the first-run process force the application to appear as if it had run already? If so, does this work correctly, or does it break the application?
+- Can the first-run process force the application to appear as if it had run already? If so, does this work correctly, or does it break the application?
 
 After answering these questions, create a custom .xml file to migrate settings. Work with the application owner to develop test cases and to determine the file types that need to be migrated for the application.
 
-## Locating Where Settings Are Stored
-
-
-See [Migrate Application Settings](migrate-application-settings.md) and follow the directions.
-
-## Related topics
-
-
-[Determine What to Migrate](usmt-determine-what-to-migrate.md)
-
- 
-
- 
-
-
+## Locating where settings are stored
 
+See [Migrate application settings](migrate-application-settings.md) and follow the directions.
 
+## Related articles
 
+[Determine what to migrate](usmt-determine-what-to-migrate.md)
diff --git a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
index 86e1f15aa7..01625d4d37 100644
--- a/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
+++ b/windows/deployment/usmt/usmt-identify-file-types-files-and-folders.md
@@ -2,48 +2,40 @@
 title: Identify File Types, Files, and Folders (Windows 10)
 description: Learn how to identify the file types, files, folders, and settings that you want to migrate when you're planning your migration.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Identify File Types, Files, and Folders
+# Identify file types, files, and folders
 
+When planning for your migration, if not using MigDocs.xml, you should identify the file types, files, folders, and settings that you want to migrate. First, you should determine the standard file locations on each computer, such as **My Documents** , `C:\Data` , and company-specified locations, such as `\\EngineeringDrafts`. Next, you should determine and locate the non-standard locations. For non-standard locations, consider the following items:
 
-When planning for your migration, if not using MigDocs.xml, you should identify the file types, files, folders, and settings that you want to migrate. First, you should determine the standard file locations on each computer, such as **My Documents.** , **C:\\Data** , and company-specified locations, such as **\\EngineeringDrafts**. Next, you should determine and locate the non-standard locations. For non-standard locations, consider the following:
+- **File types**. Consider which file types need to be included and excluded from the migration. You can create this list based on common applications used in your organization. Applications normally use specific file name extensions. For example, Microsoft Office Word primarily uses `.doc`, `.docx` and `.dotx` file name extension. However, it also uses other file types, such as templates (`.dot` files), on a less frequent basis.
 
--   **File types**. Consider which file types need to be included and excluded from the migration. You can create this list based on common applications used in your organization. Applications normally use specific file name extensions. For example, Microsoft Office Word primarily uses .doc, .docx and .dotx file name extension. However, it also uses other file types, such as templates (.dot files), on a less frequent basis.
+- **Excluded locations**. Consider the locations on the computer that should be excluded from the migration (for example, `%WINDIR%` and **Program Files**).
 
--   **Excluded locations**. Consider the locations on the computer that should be excluded from the migration (for example, %WINDIR% and Program Files).
+- **New locations**. Decide where files should be migrated to on the destination computer, such as **My Documents**, a designated folder, or a folder matching the files' name and location on the source computer. For example, you might have shared data on source machine or you might wish to clean up documents outside the user profiles on the source system. Identify any data that needs to be redirected to a new location in the apply phase. Redirection can be accomplished with location modify rules.
 
--   **New locations**. Decide where files should be migrated to on the destination computer for example, \\My Documents, a designated folder, or a folder matching the files' name and location on the source computer. For example, you might have shared data on source machine or you might wish to clean up documents outside the user profiles on the source system. Identify any data that needs to be redirected to a new location in the apply phase. This can be accomplished with location modify rules.
+Once you've verified which files and file types that the end users work with regularly, you'll need to locate them. Files may be saved to a single folder or scattered across a drive. A good starting point for finding files types to include is to look at the registered file types on the computer.
 
-Once you have verified which files and file types that the end users work with regularly, you will need to locate them. Files may be saved to a single folder or scattered across a drive. A good starting point for finding files types to include is to look at the registered file types on the computer.
+To find the registered file types on a computer running Windows 7, Windows 8, Windows 10, or Windows 11:
 
-**To find the registered file types on a computer running Windows 7 or Windows 8**
+1. Open **Control Panel**
+2. Make sure **View by:** is set to **Category** and then select **Programs**.
 
-1.  Click **Start**. Open **Control Panel**, click **Control Panel Home**, and click **Programs**.
-
-2.  Click **Default Programs**, and click **Associate a file type or protocol with a program**.
-
-3.  On this screen, the registered file types are displayed.
-
-For more information about how to change the file types, files, and folders that are migrated when you specify the MigUser.xml file, see [User State Migration Tool (USMT) How-to topics](usmt-how-to.md).
-
-## Related topics
-
-
-[Determine What to Migrate](usmt-determine-what-to-migrate.md)
-
- 
-
- 
+3. Select **Default Programs**
 
+4. select **Associate a file type or protocol with a program**.
 
+5. On this screen, the registered file types are displayed.
 
+For more information about how to change the file types, files, and folders that are migrated when you specify the MigUser.xml file, see [User State Migration Tool (USMT) how-to topics](usmt-how-to.md).
 
+## Related articles
 
+[Determine what to migrate](usmt-determine-what-to-migrate.md)
diff --git a/windows/deployment/usmt/usmt-identify-operating-system-settings.md b/windows/deployment/usmt/usmt-identify-operating-system-settings.md
index 71a553ad8f..9b3d93da8e 100644
--- a/windows/deployment/usmt/usmt-identify-operating-system-settings.md
+++ b/windows/deployment/usmt/usmt-identify-operating-system-settings.md
@@ -2,57 +2,44 @@
 title: Identify Operating System Settings (Windows 10)
 description: Identify which system settings you want to migrate, then use the User State Migration Tool (USMT) to select settings and keep the default values for all others.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Identify Operating System Settings
+# Identify operating system settings
 
+When planning for your migration, you should identify which operating system settings you want to migrate and to what extent you want to create a new standard environment on each of the computers. User State Migration Tool (USMT) 10.0 enables you to migrate select settings and keep the default values for all others. The operating system settings include the following parameters:
 
-When planning for your migration, you should identify which operating system settings you want to migrate and to what extent you want to create a new standard environment on each of the computers. User State Migration Tool (USMT) 10.0 enables you to migrate select settings and keep the default values for all others. The operating system settings include the following parameters:
-
--   **Appearance.**
+- **Appearance**
 
     The appearance factor includes items such as wallpaper, colors, sounds, and the location of the taskbar.
 
--   **Action.**
+- **Action**
 
     The action factor includes items such as the key-repeat rate, whether double-clicking a folder opens it in a new window or the same window, and whether you need to single-click or double-click an item to open it.
 
--   **Internet.**
+- **Internet**
 
     The Internet factor includes the settings that let you connect to the Internet and control how your browser operates. The settings include items such as your home page URL, favorites, bookmarks, cookies, security settings, dial-up connections, and proxy settings.
 
--   **Mail.**
+- **Mail**
 
     The mail factor includes the information that you need to connect to your mail server, your signature file, views, mail rules, local mail, and contacts.
 
-To help you decide which settings to migrate, you should consider any previous migration experiences and the results of any surveys and tests that you have conducted. You should also consider the number of help-desk calls related to operating-system settings that you have had in the past, and are able to handle in the future. Also decide how much of the new operating-system functionality you want to take advantage of.
+To help you decide which settings to migrate, you should consider any previous migration experiences and the results of any surveys and tests that you've conducted. You should also consider the number of help-desk calls related to operating-system settings that you've had in the past, and are able to handle in the future. Also decide how much of the new operating-system functionality you want to take advantage of.
 
-You should migrate any settings that users need to get their jobs done, those settings that make the work environment comfortable, and those settings that will reduce help-desk calls after the migration. Although it is easy to dismiss migrating user preferences, you should consider the factor of users spending a significant amount of time restoring items such as wallpaper, screen savers, and other customizable user-interface features. Most users do not remember how these settings were applied. Although these items are not critical to migration success, migrating these items increases user productivity and overall satisfaction of the migration process.
+You should migrate any settings that users need to get their jobs done, those settings that make the work environment comfortable, and those settings that will reduce help-desk calls after the migration. Although it's easy to dismiss migrating user preferences, you should consider the factor of users spending a significant amount of time restoring items such as wallpaper, screen savers, and other customizable user-interface features. Most users don't remember how these settings were applied. Although these items aren't critical to migration success, migrating these items increases user productivity and overall satisfaction of the migration process.
 
-**Note**  
-For more information about how to change the operating-system settings that are migrated, see [User State Migration Tool (USMT) How-to topics](usmt-how-to.md).
+> [!NOTE]
+> For more information about how to change the operating-system settings that are migrated, see [User State Migration Tool (USMT) how-to topics](usmt-how-to.md).
 
-For information about the operating-system settings that USMT migrates, see [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
-
- 
-
-## Related topics
+For information about the operating-system settings that USMT migrates, see [What does USMT migrate?](usmt-what-does-usmt-migrate.md)
 
+## Related articles
 
 [Determine What to Migrate](usmt-determine-what-to-migrate.md)
-
- 
-
- 
-
-
-
-
-
diff --git a/windows/deployment/usmt/usmt-identify-users.md b/windows/deployment/usmt/usmt-identify-users.md
index 59be0df0d4..270b1902c3 100644
--- a/windows/deployment/usmt/usmt-identify-users.md
+++ b/windows/deployment/usmt/usmt-identify-users.md
@@ -1,63 +1,58 @@
 ---
 title: Identify Users (Windows 10)
-description: Learn how to identify users you plan to migrate, as well as how to migrate local accounts and domain accounts.
+description: Learn how to identify users you plan to migrate, and how to migrate local accounts and domain accounts.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.topic: article
 ms.localizationpriority: medium
 ms.technology: itpro-deploy
+ms.date: 11/01/2022
 ---
 
-# Identify Users
+# Identify users
 
-It is important to carefully consider how you plan to migrate users. By default, all users are migrated by User State Migration Tool (USMT) 5.0. You must specify which users to include by using the command line. You cannot specify users in the .xml files. For instructions on how to migrate users, see [Migrate User Accounts](usmt-migrate-user-accounts.md).
+It's important to carefully consider how you plan to migrate users. By default, all users are migrated by User State Migration Tool (USMT) 5.0. You must specify which users to include by using the command line. You can't specify users in the .xml files. For instructions on how to migrate users, see [Migrate user accounts](usmt-migrate-user-accounts.md).
 
-## In this topic
+## Migrating local accounts
 
-- [Migrating Local Accounts](#bkmk-8)
-- [Migrating Domain Accounts](#bkmk-9)
-- [Command-Line Options](#bkmk-7)
+Before migrating local accounts, be aware of the following items:
 
-## <a href="" id="bkmk-8"></a>Migrating Local Accounts
+- **You must explicitly specify that local accounts that are not on the destination computer should be migrated**. If you're migrating local accounts and the local account doesn't exist on the destination computer, you must use the `/lac` option when using the `LoadState.exe` command. If the `/lac` option isn't specified, no local user accounts will be migrated.
 
-Before migrating local accounts, note the following:
+- **Consider whether to enable user accounts that are new to the destination computer.** The `/lae` option enables the account that was created with the `/lac` option. However, if you create a disabled local account by using only the `/lac` option, a local administrator must enable the account on the destination computer.
 
-- [You must explicitly specify that local accounts that are not on the destination computer should be migrated.](#bkmk-8) If you are migrating local accounts and the local account does not exist on the destination computer, you must use the **/lac** option when using the LoadState command. If the **/lac** option is not specified, no local user accounts will be migrated.
+- **Be careful when specifying a password for local accounts.** If you create the local account with a blank password, anyone could sign in that account on the destination computer. If you create the local account with a password, the password is available to anyone with access to the USMT command-line tools.
 
-- [Consider whether to enable user accounts that are new to the destination computer.](#bkmk-8) The **/lae** option enables the account that was created with the **/lac** option. However, if you create a disabled local account by using only the **/lac** option, a local administrator must enable the account on the destination computer.
+> [!NOTE]
+> If there are multiple users on a computer, and you specify a password with the `/lac` option, all migrated users will have the same password.
 
-- [Be careful when specifying a password for local accounts.](#bkmk-8) If you create the local account with a blank password, anyone could log on to that account on the destination computer. If you create the local account with a password, the password is available to anyone with access to the USMT command-line tools.
+## Migrating domain accounts
 
->[!NOTE]
->If there are multiple users on a computer, and you specify a password with the **/lac** option, all migrated users will have the same password.
+The source and destination computers don't need to be connected to the domain for domain user profiles to be migrated.
 
-## <a href="" id="bkmk-9"></a>Migrating Domain Accounts
-
-The source and destination computers do not need to be connected to the domain for domain user profiles to be migrated.
-
-## <a href="" id="bkmk-7"></a>Command-Line Options
+## Command-line options
 
 USMT provides several options to migrate multiple users on a single computer. The following command-line options specify which users to migrate.
 
-- [Specifying users.](#bkmk-8) You can specify which users to migrate with the **/all**, **/ui**, **/uel**, and **/ue** options with both the ScanState and LoadState command-line tools.
+- **Specifying users.** You can specify which users to migrate with the `/all`, `/ui`, `/uel`, and `/ue` options with both the  **ScanState** and **LoadState** command-line tools.
 
-  >[!IMPORTANT]
-  >The **/uel** option excludes users based on the **LastModified** date of the Ntuser.dat file. The **/uel** option is not valid in offline migrations.
+  > [!IMPORTANT]
+  > The `/uel` option excludes users based on the **LastModified** date of the `Ntuser.dat` file. The `/uel` option is not valid in offline migrations.
 
-- [Moving users to another domain.](#bkmk-8) You can move user accounts to another domain using the **/md** option with the LoadState command-line tool.
+- **Moving users to another domain.** You can move user accounts to another domain using the `/md` option with the **LoadState** command-line tool.
 
-- [Creating local accounts.](#bkmk-8) You can create and enable local accounts using the **/lac** and **/lae** options with the LoadState command-line tool.
+- **Creating local accounts.** You can create and enable local accounts using the `/lac` and `/lae` options with the **LoadState** command-line tool.
 
-- [Renaming user accounts.](#bkmk-8) You can rename user accounts using the **/mu** option.
+- **Renaming user accounts.** You can rename user accounts using the `/mu` option.
 
-  >[!NOTE]
+  > [!NOTE]
   >By default, if a user name is not specified in any of the command-line options, the user will be migrated.
 
-## Related topics
+## Related articles
 
-[Determine What to Migrate](usmt-determine-what-to-migrate.md)<br>
-[ScanState Syntax](usmt-scanstate-syntax.md)<br>
-[LoadState Syntax](usmt-loadstate-syntax.md)
+- [Determine what to migrate](usmt-determine-what-to-migrate.md)
+- [ScanState syntax](usmt-scanstate-syntax.md)
+- [LoadState syntax](usmt-loadstate-syntax.md)
diff --git a/windows/deployment/usmt/usmt-include-files-and-settings.md b/windows/deployment/usmt/usmt-include-files-and-settings.md
index c6ef4174e5..52126c877e 100644
--- a/windows/deployment/usmt/usmt-include-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-include-files-and-settings.md
@@ -1,37 +1,21 @@
 ---
 title: Include Files and Settings (Windows 10)
-description: Specify the migration .xml files you want, then use the User State Migration Tool (USMT) 10.0  to migrate the settings and components specified.
+description: Specify the migration .xml files you want, then use the User State Migration Tool (USMT) 10.0  to migrate the settings and components specified.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Include Files and Settings
 
+When you specify the migration .xml files, User State Migration Tool (USMT) 10.0 migrates the settings and components specified in [What does USMT migrate?](usmt-what-does-usmt-migrate.md). To include additional files and settings, we recommend that you create a custom .xml file, and then include this file when using both the `ScanState.exe` and `LoadState.exe` commands. By creating a custom .xml file, you can keep your changes separate from the default .xml files, which makes it easier to track your modifications.
 
-When you specify the migration .xml files, User State Migration Tool (USMT) 10.0 migrates the settings and components specified in [What Does USMT Migrate?](usmt-what-does-usmt-migrate.md) To include additional files and settings, we recommend that you create a custom .xml file and then include this file when using both the ScanState and LoadState commands. By creating a custom .xml file, you can keep your changes separate from the default .xml files, which makes it easier to track your modifications.
-
-In this topic:
-
-[Migrate a Single Registry Key](#bkmk-migsingleregkey)
-
-[Migrate a Specific Folder](#bkmk-migspecificfolder)
-
-[Migrate a Folder from a Specific Drive](#bkmk-migfoldspecdrive)
-
-[Migrate a Folder from Any Location](#bkmk-migfolderanyloc)
-
-[Migrate a File Type Into a Specific Folder](#bkmk-migfiletypetospecificfolder)
-
-[Migrate a Specific File](#bkmk-migspecificfile)
-
-## <a href="" id="bkmk-migsingleregkey"></a> Migrate a Single Registry Key
-
+## Migrate a single registry key
 
 The following .xml file migrates a single registry key.
 
@@ -52,54 +36,53 @@ The following .xml file migrates a single registry key.
 </migration>
 ```
 
-## <a href="" id="bkmk-migspecificfolder"></a>Migrate a Specific Folder
-
+## Migrate a specific folder
 
 The following examples show how to migrate a folder from a specific drive, and from any location on the computer.
 
-### <a href="" id="bkmk-migfoldspecdrive"></a> Migrate a Folder from a Specific Drive
+### Migrate a folder from a specific drive
 
--   **Including subfolders.** The following .xml file migrates all files and subfolders from C:\\EngineeringDrafts to the destination computer.
+- **Including subfolders.** The following .xml file migrates all files and subfolders from `C:\EngineeringDrafts` to the destination computer.
 
     ``` xml
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
     <component type="Documents" context="System">
       <displayName>Component to migrate all Engineering Drafts Documents including subfolders</displayName>
       <role role="Data">
-        <rules>
-          <include>
+        <rules>
+          <include>
             <objectSet>
               <pattern type="File">C:\EngineeringDrafts\* [*]</pattern>
             </objectSet>
           </include>
-        </rules>
-      </role>
+        </rules>
+      </role>
     </component>
     </migration>
     ```
 
--   **Excluding subfolders.** The following .xml file migrates all files from C:\\EngineeringDrafts, but it does not migrate any subfolders within C:\\EngineeringDrafts.
+- **Excluding subfolders.** The following .xml file migrates all files from `C:\EngineeringDrafts`, but it doesn't migrate any subfolders within `C:\EngineeringDrafts`.
 
     ``` xml
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
     <component type="Documents" context="System">
       <displayName>Component to migrate all Engineering Drafts Documents without subfolders</displayName>
       <role role="Data">
-        <rules>
-          <include>
+        <rules>
+          <include>
             <objectSet>
               <pattern type="File"> C:\EngineeringDrafts\ [*]</pattern>
             </objectSet>
           </include>
-        </rules>
-      </role>
+        </rules>
+      </role>
     </component>
     </migration>
     ```
 
-### <a href="" id="bkmk-migfolderanyloc"></a>Migrate a Folder from Any Location
+### Migrate a folder from any location
 
-The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any drive on the computer. If multiple folders exist with the same name, then all files with this name are migrated.
+The following .xml file migrates all files and subfolders of the `EngineeringDrafts` folder from any drive on the computer. If multiple folders exist with the same name, then all files with this name are migrated.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
@@ -119,7 +102,7 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf
 </migration>
 ```
 
-The following .xml file migrates all files and subfolders of the EngineeringDrafts folder from any location on the C:\\ drive. If multiple folders exist with the same name, they are all migrated.
+The following .xml file migrates all files and subfolders of the `EngineeringDrafts` folder from any location on the `C:\` drive. If multiple folders exist with the same name, they're all migrated.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
@@ -139,10 +122,9 @@ The following .xml file migrates all files and subfolders of the EngineeringDraf
 </migration>
 ```
 
-## <a href="" id="bkmk-migfiletypetospecificfolder"></a>Migrate a File Type Into a Specific Folder
+## Migrate a file type into a specific folder
 
-
-The following .xml file migrates .mp3 files located in the specified drives on the source computer into the C:\\Music folder on the destination computer.
+The following .xml file migrates `.mp3` files located in the specified drives on the source computer into the `C:\Music` folder on the destination computer.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
@@ -167,31 +149,30 @@ The following .xml file migrates .mp3 files located in the specified drives on t
 </migration> 
 ```
 
-## <a href="" id="bkmk-migspecificfile"></a>Migrate a Specific File
-
+## Migrate a specific file
 
 The following examples show how to migrate a file from a specific folder, and how to migrate a file from any location.
 
--   **To migrate a file from a folder.** The following .xml file migrates only the Sample.doc file from C:\\EngineeringDrafts on the source computer to the destination computer.
+- **To migrate a file from a folder.** The following .xml file migrates only the `Sample.doc` file from `C:\EngineeringDrafts` on the source computer to the destination computer.
 
     ``` xml
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
     <component type="Documents" context="System">
       <displayName>Component to migrate all Engineering Drafts Documents</displayName>
       <role role="Data">
-        <rules>
-          <include>
+        <rules>
+          <include>
             <objectSet>
               <pattern type="File"> C:\EngineeringDrafts\ [Sample.doc]</pattern>
             </objectSet>
           </include>
-        </rules>
-      </role>
+        </rules>
+      </role>
     </component>
     </migration>
     ```
 
--   **To migrate a file from any location.** To migrate the Sample.doc file from any location on the C:\\ drive, use the &lt;pattern&gt; element, as the following example shows. If multiple files exist with the same name on the C:\\ drive, all of files with this name are migrated.
+- **To migrate a file from any location.** To migrate the `Sample.doc` file from any location on the `C:\` drive, use the **&lt;pattern&gt;** element, as the following example shows. If multiple files exist with the same name on the `C:\` drive, all of files with this name are migrated.
 
     ``` xml
     <pattern type="File"> C:\* [Sample.doc] </pattern>
@@ -203,22 +184,12 @@ The following examples show how to migrate a file from a specific folder, and ho
     <script>MigXmlHelper.GenerateDrivePatterns("* [sample.doc]", "Fixed")</script>
     ```
 
-## Related topics
-
-
-[Customize USMT XML Files](usmt-customize-xml-files.md)
-
-[Custom XML Examples](usmt-custom-xml-examples.md)
-
-[Conflicts and Precedence](usmt-conflicts-and-precedence.md)
-
-[USMT XML Reference](usmt-xml-reference.md)
-
- 
-
- 
-
+## Related articles
 
+[Customize USMT XML files](usmt-customize-xml-files.md)
 
+[Custom XML examples](usmt-custom-xml-examples.md)
 
+[Conflicts and precedence](usmt-conflicts-and-precedence.md)
 
+[USMT XML reference](usmt-xml-reference.md)
diff --git a/windows/deployment/usmt/usmt-loadstate-syntax.md b/windows/deployment/usmt/usmt-loadstate-syntax.md
index ebd2d4e5ed..b6238044f2 100644
--- a/windows/deployment/usmt/usmt-loadstate-syntax.md
+++ b/windows/deployment/usmt/usmt-loadstate-syntax.md
@@ -2,99 +2,101 @@
 title: LoadState Syntax (Windows 10)
 description: Learn about the syntax and usage of the command-line options available when you use the LoadState command.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# LoadState Syntax
+# LoadState syntax
 
-This topic discusses the **LoadState** command syntax and options available with it.
+The `LoadState.exe` command is used with the User State Migration Tool (USMT) 10.0 to restore a store previously captured by the `ScanState.exe` command onto a destination computer. This article discusses the `LoadState.exe` command syntax and the options available with it.
 
-## <a href="" id="before"></a>Before You Begin
+## Before you begin
 
-Before you run the **LoadState** command, note the following:
+Before you run the `LoadState.exe` command, note the following items:
 
--   To ensure that all operating system settings migrate, we recommend that you run the **LoadState** commands in administrator mode from an account with administrative credentials.
+- To ensure that all operating system settings migrate, we recommend that you run the `LoadState.exe` commands in administrator mode from an account with administrative credentials.
 
--   For information about software requirements for running the **LoadState** command, see [USMT Requirements](usmt-requirements.md).
+- For information about software requirements for running the `LoadState.exe` command, see [USMT requirements](usmt-requirements.md).
 
--   You should log off after you run the **LoadState** command. Some settings (for example, fonts, wallpaper, and screensaver settings) will not take effect until the next time the user logs in.
+- You should sign out after you run the `LoadState.exe` command. Some settings, such as example, fonts, wallpaper, and screensaver settings, won't take effect until the next time the user logs in.
 
--   Unless otherwise specified, you can use each option only once when running a tool on the command line.
+- Unless otherwise specified, you can use each option only once when running a tool on the command line.
 
--   **LoadState** does not require domain controller access to apply domain profiles. This functionality is available without any additional configuration. It is not necessary for the source computer to have had domain controller access when the user profile was gathered using **ScanState**. However, domain profiles are inaccessible until the destination computer is joined to the domain.
+- **LoadState** doesn't require domain controller access to apply domain profiles. This functionality is available without any additional configuration. It isn't necessary for the source computer to have had domain controller access when the user profile was gathered using **ScanState**. However, domain profiles are inaccessible until the destination computer is joined to the domain.
 
--   The [Incompatible Command-Line Options](#bkmk-cloi) table lists which options you can use together and which command-line options are incompatible.
+- The [Incompatible command-line options](#incompatible-command-line-options) table lists which options you can use together and which command-line options are incompatible.
 
-## <a href="" id="bkmk-s"></a>Syntax
+## Syntax
 
-This section explains the syntax and usage of the command-line options available when you use the **LoadState** command. The options can be specified in any order. If the option contains a parameter, you can specify either a colon or space separator.
+This section explains the syntax and usage of the command-line options available when you use the `LoadState.exe` command. The options can be specified in any order. If the option contains a parameter, you can specify either a colon or space separator.
 
-The **LoadState** command's syntax is:
+The `LoadState.exe` command's syntax is:
 
-loadstate *StorePath* \[/i:\[*Path*\\\]*FileName*\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/decrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsToWait*\] \[/c\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/md:*OldDomain*:*NewDomain*\] \[/mu:*OldDomain*\\*OldUserName*:\[*NewDomain*\\\]*NewUserName*\] \[/lac:\[*Password*\]\] \[/lae\] \[/config:\[*Path*\\\]*FileName*\] \[/?|help\]
+<!--
+`LoadState.exe  StorePath [/i:[Path\]FileName] [/v:VerbosityLevel] [/nocompress] [/decrypt /key:KeyString|/keyfile:[Path\]FileName] [/l:[Path\]FileName] [/progress:[Path\]FileName] [/r:TimesToRetry] [/w:SecondsToWait] [/c] [/all] [/ui:[DomainName|ComputerName\]UserName] [/ue:[[DomainName|ComputerName\]UserName] [/uel:NumberOfDays|YYYY/MM/DD|0] [/md:OldDomain:NewDomain] [/mu:OldDomain\OldUserName:[NewDomain\]NewUserName] [/lac:[Password]] [/lae] [/config:[Path\]FileName] [/?|help]`
+-->
 
-For example, to decrypt the store and migrate the files and settings to a computer running Windows 7 type the following on the command line:
+> LoadState.exe  *StorePath* \[/i:\[*Path*\\\]*FileName*\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/decrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsToWait*\] \[/c\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/md:*OldDomain*:*NewDomain*\] \[/mu:*OldDomain*\\*OldUserName*:\[*NewDomain*\\\]*NewUserName*\] \[/lac:\[*Password*\]\] \[/lae\] \[/config:\[*Path*\\\]*FileName*\] \[/?|help\]
 
-`loadstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /v:13 /decrypt /key:"mykey"`
+For example, to decrypt the store and migrate the files and settings to a computer, type the following command:
 
-## <a href="" id="bkmk-st"></a>Storage Options
+`LoadState.exe  \\server\share\migration\mystore /i:MigApp.xml /i:MigDocs.xml /v:13 /decrypt /key:"mykey"`
 
+## Storage options
 
 USMT provides the following options that you can use to specify how and where the migrated data is stored.
 
 | Command-Line Option | Description |
 |--- |--- |
-| `StorePath` | Indicates the folder where the files and settings data are stored. You must specify *StorePath* when using the **LoadState** command. You cannot specify more than one *StorePath*. |
-| `/decrypt /key`:*KeyString* <br/>or <br/>`/decrypt /key`:"*Key String*" <br/>or <br/>`/decrypt /keyfile`:[*Path*]*FileName* | Decrypts the store with the specified key. With this option, you will need to specify the encryption key in one of the following ways:<ul><li>`/key:`*KeyString* specifies the encryption key. If there is a space in *KeyString*, you must surround the argument with quotation marks.</li><li>`/keyfile:`*FilePathAndName* specifies a text (.txt) file that contains the encryption key</li></ul> <br/>*KeyString* cannot exceed 256 characters. <br/>The `/key` and `/keyfile` options cannot be used on the same command line. <br/>The `/decrypt` and `/nocompress` options cannot be used on the same command line. <br/><div class="alert">**Important** <br/> Use caution with this option, because anyone who has access to the **LoadState** command-line script will also have access to the encryption key.</div> <br/>For example: <br/>`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /decrypt /key:mykey` |
-| `/decrypt:`*"encryption strength"* | The `/decrypt` option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). |
-| `/hardlink` | Enables user-state data to be restored from a hard-link migration store. The `/nocompress` parameter must be specified with `/hardlink` option. |
-| `/nocompress` | Specifies that the store is not compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option cannot be used with the `/decrypt` option. <br/>For example: <br/>`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /nocompress` |
+| **StorePath** | Indicates the folder where the files and settings data are stored. You must specify *StorePath* when using the `LoadState.exe` command. You can't specify more than one *StorePath*. |
+| **/decrypt /key**:*KeyString* <br/>or <br/>**/decrypt /key**:"*Key String*" <br/>or <br/>**/decrypt /keyfile**:[*Path*]*FileName* | Decrypts the store with the specified key. With this option, you'll need to specify the encryption key in one of the following ways:<ul><li>`/key`:*KeyString* specifies the encryption key. If there's a space in *KeyString*, you must surround the argument with quotation marks (`"`).</li><li>`/keyfile`:*FilePathAndName* specifies a text (`.txt`) file that contains the encryption key</li></ul> <br/>*KeyString* can't exceed 256 characters. <br/>The `/key` and `/keyfile` options can't be used on the same command line. <br/>The `/decrypt` and `/nocompress` options can't be used on the same command line. <br/><div class="alert">**Important** <br/> Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `LoadState.exe` command with these options will also have access to the encryption key.</div> <br/>For example: <br/>`LoadState.exe  /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /decrypt /key:mykey` |
+| **/decrypt**:*"encryption strength"* | The `/decrypt` option accepts a command-line parameter to define the encryption strength specified for the migration store encryption. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). |
+| **/hardlink** | Enables user-state data to be restored from a hard-link migration store. The `/nocompress` parameter must be specified with `/hardlink` option. |
+| **/nocompress** | Specifies that the store isn't compressed. You should only use this option in testing environments. We recommend that you use a compressed store during your actual migration. This option can't be used with the `/decrypt` option. <br/>For example: <br/>`LoadState.exe  /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /nocompress` |
 
-## <a href="" id="bkmk-mig"></a>Migration Rule Options
+## Migration rule options
 
 USMT provides the following options to specify what files you want to migrate.
 
 | Command-Line Option | Description |
 |--- |--- |
-| `/i`:[*Path*]*FileName* | **(include)** <br/>Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigSys.xml, MigDocs.xml and any custom .xml files that you create). *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* must be located in the current directory. <br/><br/>For more information about which files to specify, see the &quot;XML files&quot; section of the [Frequently Asked Questions](usmt-faq.yml) topic. |
-| `/config:`[*Path*]*FileName* | Specifies the Config.xml file that the **LoadState** command should use. You cannot specify this option more than once on the command line. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the *FileName* must be located in the current directory. <br/><br/>This example migrates the files and settings based on the rules in the Config.xml, MigDocs.xml, and MigApp.xml files: <br/><br/>`loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:5 /l:loadstate.log` |
-| `/auto:`*"path to script files"* | This option enables you to specify the location of the default .xml files and then launch your migration. If no path is specified, USMT will use the directory where the USMT binaries are located. The `/auto` option has the same effect as using the following options: `/i:MigDocs.xml` `/i:MigApp.xml /v:5`. |
+| **/i**:[*Path*]*FileName* | **(include)** <br/>Specifies an .xml file that contains rules that define what state to migrate. You can specify this option multiple times to include all of your .xml files (`MigApp.xml`, `MigSys.xml`, `MigDocs.xml` and any custom .xml files that you create). *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory. <br/><br/>For more information about which files to specify, see the &quot;XML files&quot; section of the [Frequently Asked Questions](usmt-faq.yml) article. |
+| **/config**:[*Path*]*FileName* | Specifies the `Config.xml` file that the `LoadState.exe` command should use. You can't specify this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the *FileName* must be located in the current directory. <br/><br/>This example migrates the files and settings based on the rules in the `Config.xml`, `MigDocs.xml`, and `MigApp.xml` files: <br/><br/>`LoadState.exe  \server\share\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:5 /l:LoadState.log` |
+| **/auto**:*"path to script files"* | This option enables you to specify the location of the default .xml files and then launch your migration. If no path is specified, USMT will use the directory where the USMT binaries are located. The `/auto` option has the same effect as using the following options: `/i:MigDocs.xml` `/i:MigApp.xml /v:5`. |
 
-## <a href="" id="bkmk-mon"></a>Monitoring Options
+## Monitoring options
 
 USMT provides several command-line options that you can use to analyze problems that occur during migration.
 
 | Command-Line Option | Description |
 |--- |--- |
-| `/l:`[*Path*]*FileName* | Specifies the location and name of the **LoadState** log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the log will be created in the current directory. You can specify the **/v** option to adjust the amount of output. <br/><br/>If you run the **LoadState** command from a shared network resource, you must specify this option or USMT will fail with the error: &quot;USMT was unable to create the log file(s)&quot;. To fix this issue, use the **/l:load.log** option. |
-| `/v:`*`<VerbosityLevel>`* | **(Verbosity)** <br/><br/>Enables verbose output in the LoadState log file. The default value is 0. <br/>You can set the *VerbosityLevel* to one of the following levels:<ul><li>**0** - Only the default errors and warnings are enabled.</li><li>**1** - Enables verbose output.</li><li>**4** - Enables error and status output.</li><li>**5** - Enables verbose and status output.</li><li>**8** - Enables error output to a debugger.</li><li>**9** - Enables verbose output to a debugger.</li><li>**12** - Enables error and status output to a debugger.</li><li>**13** - Enables verbose, status, and debugger output.</li></ul><br/>For example: <br/>`loadstate \server\share\migration\mystore /v:5 /i:migdocs.xml /i:migapp.xml` |
-| `/progress:`[*Path*]*FileName* | Creates the optional progress log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory. <br/><br/>For example: <br/>`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:loadlog.log` |
-| `/c` | When this option is specified, the **LoadState** command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit on the computer, the **LoadState** command will log an error and continue with the migration. Without the **/c** option, the **LoadState** command will exit on the first error. You can use the new &lt;**ErrorControl**&gt; section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This enables the **/c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the **/genconfig** option now generates a sample &lt;**ErrorControl**&gt; section that is enabled by specifying error messages and desired behaviors in the Config.xml file. |
-| `/r:`*`<TimesToRetry>`* | **(Retry)** <br/><br/>Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity is not reliable. <br/><br/>While restoring the user state, the **/r** option will not recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. |
-| `/w:`*`<SecondsBeforeRetry>`* | **(Wait)** <br/><br/>Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. |
-| `/?` or `/help` | Displays Help on the command line. |
+| **/l**:[*Path*]*FileName* | Specifies the location and name of the **LoadState** log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the log will be created in the current directory. You can specify the `/v` option to adjust the verbosity of the log. <br/><br/>If you run the `LoadState.exe` command from a shared network resource, you must specify the `l` option, or USMT will fail with the error:<br/><br/>***USMT was unable to create the log file(s)***<br/><br/> To fix this issue, make sure to specify the `/l` option when running `LoadState.exe` from a shared network resource. |
+| **/v**:*`<VerbosityLevel>`* | **(Verbosity)** <br/><br/>Enables verbose output in the **LoadState** log file. The default value is 0. <br/>You can set the *VerbosityLevel* to one of the following levels:<ul><li>**0** - Only the default errors and warnings are enabled.</li><li>**1** - Enables verbose output.</li><li>**4** - Enables error and status output.</li><li>**5** - Enables verbose and status output.</li><li>**8** - Enables error output to a debugger.</li><li>**9** - Enables verbose output to a debugger.</li><li>**12** - Enables error and status output to a debugger.</li><li>**13** - Enables verbose, status, and debugger output.</li></ul><br/>For example: <br/>`LoadState.exe  \server\share\migration\mystore /v:5 /i:MigDocs.xml /i:MigApp.xml` |
+| **/progress**:[*Path*]*FileName* | Creates the optional progress log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory. <br/><br/>For example: <br/>`LoadState.exe  /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /progress:Progress.log /l:loadlog.log` |
+| **/c** | When this option is specified, the `LoadState.exe` command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there's a large file that won't fit on the computer, the `LoadState.exe` command will log an error and continue with the migration. Without the `/c` option, the `LoadState.exe` command will exit on the first error. You can use the new &lt;**ErrorControl**&gt; section in the `Config.xml` file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This error control enables the `/c` command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the `/genconfig` option now generates a sample &lt;**ErrorControl**&gt; section that is enabled by specifying error messages and desired behaviors in the `Config.xml` file. |
+| **/r**:*`<TimesToRetry>`* | **(Retry)** <br/><br/>Specifies the number of times to retry when an error occurs while migrating the user state from a server. The default is three times. This option is useful in environments where network connectivity isn't reliable. <br/><br/>While restoring the user state, the `/r` option won't recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. |
+| **/w**:*`<SecondsBeforeRetry>`* | **(Wait)** <br/><br/>Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. |
+| **/?** or **/help** | Displays Help on the command line. |
 
-## <a href="" id="bkmk-user"></a>User Options
+## User options
 
-By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You cannot exclude users in the migration .xml files or by using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md).
+By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You can't exclude users in the migration .xml files or by using the `Config.xml` file. For more information, see [Identify Users](usmt-identify-users.md).
 
 | Command-Line Option | Description |
 |--- |--- |
-| `/all` | Migrates all of the users on the computer. <br/><br/>USMT migrates all user accounts on the computer, unless you specifically exclude an account with the **/ue** or **/uel** options. For this reason, you do not need to specify this option on the command line. However, if you choose to use the **/all** option, you cannot also use the **/ui**, **/ue** or **/uel** options. |
-| `/ui:`*DomainName UserName* <br/>or <br/>`/ui:`*"DomainName User Name"* <br/>or <br/>`/ui:`*ComputerName LocalUserName* | **(User include)** <br/><br/>Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the **/ue** option. You can specify multiple **/ui** options, but you cannot use the **/ui** option with the **/all** option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotations marks. <br/>For example:<ul><li>To include only User2 from the Corporate domain, type: <br/>`/ue:* /ui:corporate\user2`</li></ul> <div class="alert">**Note** <br/>If a user is specified for inclusion with the **/ui** option, and also is specified to be excluded with either the **/ue** or **/uel** options, the user will be included in the migration.</div> <br/> For more examples, see the descriptions of the **/uel**, **/ue**, and **/ui** options in this table. |
-| `/uel:`*`<NumberOfDays>`* <br/>or <br/>`/uel:`*`<YYYY/MM/DD>`* <br/>or <br/>`/uel:0` | **(User exclude based on last logon)** <br/><br/>Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The **/uel** option acts as an include rule. For example, the **/uel:30** option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the ScanState command is run. You can specify a number of days or you can specify a date. You cannot use this option with the **/all** option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has logged onto another computer, that logon instance is not considered by USMT. <div class="alert">**Note** <br/>The **/uel** option is not valid in offline migrations.</div> <br/>Examples:<ul><li>`/uel:0` migrates accounts that were logged on to the source computer when the **ScanState** command was run.</li><li>`/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.</li><li>`/uel:1` migrates users whose accounts have been modified within the last 24 hours.</li><li>`/uel:2002/1/15` migrates users who have logged on or whose accounts have been modified since January 15, 2002.</li></ul> <br/>For example: <br/>`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /uel:0` |
-| `/ue`:*DomainName UserName* <br/>or <br/>`/ue`*"DomainName User Name"* <br/>or <br/>`/ue`:*ComputerName LocalUserName* | **(User exclude)** <br/><br/>Excludes the specified users from the migration. You can specify multiple **/ue** options but you cannot use the **/ue** option with the **/all** option. *DomainName* and *UserName* can contain the asterisk () wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks. <br/><br/>For example: <br/>`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /ue:contoso\user1` <br/>For more examples, see the descriptions of the **/uel**, **/ue**, and **/ui** options in this table. |
-| `/md:`*OldDomain*:*NewDomain* <br/>or <br/>`/md:`*LocalComputerName:NewDomain* | **(move domain)** <br/>Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character. <br/><br/>You can specify this option more than once. You may want to specify multiple **/md** options if you are consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`. <br/><br/>If there are conflicts between two **/md** commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain. <div class="alert"> **Note** <br/>If you specify an *OldDomain* that did not exist on the source computer, the **LoadState** command will appear to complete successfully, without an error or warning. However, in this case, users will not be moved to *NewDomain* but will remain in their original domain. For example, if you misspell &quot;contoso&quot; and you specify &quot;/md:contso:fabrikam&quot;, the users will remain in contoso on the destination computer.</div> <br/> For example: <br/>`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore` <br/>` /progress:prog.log /l:load.log /md:contoso:fabrikam` |
-| `/mu:`*OldDomain OldUserName*:[*NewDomain*]*NewUserName* <br/>or <br/>`/mu:`*OldLocalUserName*:*NewDomain NewUserName* | Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple **/mu** options. You cannot use wildcard characters with this option. <br/><br/>For example: <br/>`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore` <br/>`/progress:prog.log /l:load.log /mu:contoso\user1:fabrikam\user1` |
-| `/lac:`[*Password*] | **(local account create)** <br/><br/>Specifies that if a user account is a local (non-domain) account, and it does not exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the **/lae** option. <br/><br/>If the **/lac** option is not specified, any local user accounts that do not already exist on the destination computer will not be migrated. <br/><br/>*Password* is the password for the newly created account. An empty password is used by default. <div class="alert"> **Caution** <br/>Use the *Password* variable with caution because it is provided in plain text and can be obtained by anyone with access to the computer that is running the **LoadState** command. <br/>Also, if the computer has multiple users, all migrated users will have the same password.</div> <br/>For example: <br/>`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore` <br/>For instructions, see [Migrate User Accounts](usmt-migrate-user-accounts.md). |
-| `/lae` | **(local account enable)** <br/><br/>Enables the account that was created with the **/lac** option. You must specify the **/lac** option with this option. <br/><br/>For example: <br/>`loadstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore` <br/>`/progress:prog.log /l:load.log /lac:password /lae` <br/><br/>For instructions, see [Migrate User Accounts](usmt-migrate-user-accounts.md). |
-
+| **/all** | Migrates all of the users on the computer. <br/><br/>USMT migrates all user accounts on the computer, unless you specifically exclude an account with the `/ue` or `/uel` options. For this reason, you don't need to specify this option on the command line. However, if you choose to use the `/all` option, you can't also use the `/ui`, `/ue` or `/uel` options. |
+| **/ui**:*DomainName UserName* <br/>or <br/>**/ui**:*"DomainName User Name"* <br/>or <br/>**/ui**:*ComputerName LocalUserName* | **(User include)** <br/><br/>Migrates the specified user. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` option. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotations marks (`"`). <br/><br/>For example, to include only **User2** from the Corporate domain, enter: <br/><br/>`/ue:* /ui:corporate\user2`<br/><br/><div class="alert">**Note** <br/>If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.</div> <br/> For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. |
+| **/uel**:*`<NumberOfDays>`* <br/>or <br/>**/uel**:*`<YYYY/MM/DD>`* <br/>or <br/>**/uel**:0 | **(User exclude based on last logon)** <br/><br/>Migrates only the users that logged onto the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose user account was modified, within the last 30 days from the date when the `ScanState.exe` command is run. You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed into another computer, that sign-in instance isn't considered by USMT. <div class="alert">**Note** <br/>The `/uel` option isn't valid in offline migrations.</div> <br/>Examples:<ul><li>`/uel:0` migrates accounts that were logged on to the source computer when the `ScanState.exe` command was run.</li><li>`/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.</li><li>`/uel:1` migrates users whose accounts have been modified within the last 24 hours.</li><li>`/uel:2020/2/15` migrates users who have logged on or whose accounts have been modified since February 15, 2020.</li></ul> <br/>For example: <br/>`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /uel:0` |
+| **/ue**:*DomainName\UserName* <br/>or <br/>**/ue** *"DomainName\User Name"* <br/>or <br/>**/ue**:*ComputerName\LocalUserName* | **(User exclude)** <br/><br/>Excludes the specified users from the migration. You can specify multiple `/ue` options but you can't use the `/ue` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`). <br/><br/>For example: <br/>`LoadState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /ue:contoso\user1` <br/>For more examples, see the descriptions of the `/uel`, `/ue`, and `/ui` options in this table. |
+| **/md**:*OldDomain*:*NewDomain* <br/>or <br/>**/md**:*LocalComputerName:NewDomain* | **(Move domain)** <br/><br/>Specifies a new domain for the user. Use this option to change the domain for users on a computer or to migrate a local user to a domain account. *OldDomain* may contain the asterisk () wildcard character. <br/><br/>You can specify this option more than once. You may want to specify multiple `/md` options if you're consolidating users across multiple domains to a single domain. For example, you could specify the following to consolidate the users from the Corporate and FarNorth domains into the Fabrikam domain: `/md:corporate:fabrikam` and `/md:farnorth:fabrikam`. <br/><br/>If there are conflicts between two `/md` commands, the first rule that you specify is applied. For example, if you specify the `/md:corporate:fabrikam` and `/md:corporate:farnorth` commands, then Corporate users would be mapped to the Fabrikam domain. <div class="alert"> **Note** <br/>If you specify an *OldDomain* that didn't exist on the source computer, the `LoadState.exe` command will appear to complete successfully, without an error or warning. However, in this case, users won't be moved to *NewDomain* but will remain in their original domain. For example, if you misspell **contoso** and you instead specify **/md:contso:fabrikam**, the users will remain in **contoso** on the destination computer.</div> <br/> For example: <br/>`LoadState.exe  /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore` <br/>` /progress:Progress.log /l:LoadState.log /md:contoso:fabrikam` |
+| **/mu**:*OldDomain OldUserName*:[*NewDomain*]*NewUserName* <br/>or <br/>**/mu**:*OldLocalUserName*:*NewDomain NewUserName* | **(Move user)** <br/><br/>Specifies a new user name for the specified user. If the store contains more than one user, you can specify multiple `/mu` options. You can't use wildcard characters with this option. <br/><br/>For example: <br/>`LoadState.exe  /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore` <br/>`/progress:Progress.log /l:LoadState.log /mu:contoso\user1:fabrikam\user1` |
+| **/lac**:[*Password*] | **(Local account create)** <br/><br/>Specifies that if a user account is a local (non-domain) account, and it doesn't exist on the destination computer, USMT will create the account on the destination computer but it will be disabled. To enable the account, you must also use the `/lae` option. <br/><br/>If the `/lac` option isn't specified, any local user accounts that don't already exist on the destination computer won't be migrated. <br/><br/>*Password* is the password for the newly created account. An empty password is used by default. <div class="alert"> **Caution** <br/>Use the *Password* variable with caution because it's provided in plain text and can be obtained by anyone with access to the computer that is running the `LoadState.exe` command. <br/>Also, if the computer has multiple users, all migrated users will have the same password.</div> <br/>For example: <br/>`LoadState.exe  /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore` <br/><br/>For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). |
+| `/lae` | **(Local account enable)** <br/><br/>Enables the account that was created with the `/lac` option. You must specify the `/lac` option with this option. <br/><br/>For example: <br/>`LoadState.exe  /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore` <br/>`/progress:Progress.log /l:LoadState.log /lac:password /lae` <br/><br/>For instructions, see [Migrate user accounts](usmt-migrate-user-accounts.md). |
 
 ### Examples for the /ui and /ue options
 
@@ -109,24 +111,24 @@ The following examples apply to both the **/ui** and **/ue** options. You can re
 | Exclude all local users. | `/ue:%computername%` |
 | Exclude users in all domains named User1, User2, and so on. | `/ue:\user` |
 
-### Using the Options Together
+### Using the options together
 
-You can use the **/uel**, **/ue** and **/ui** options together to migrate only the users that you want migrated.
+You can use the `/uel`, `/ue` and `/ui` options together to migrate only the users that you want migrated.
 
-**The /ui option has precedence over the /ue and /uel options.** If a user is specified to be included using the **/ui** option, and also specified to be excluded using either the **/ue** or **/uel** options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the **/ui** option takes precedence over the **/ue** option.
+**The /ui option has precedence over the /ue and /uel options.** If a user is included using the `/ui` option and also excluded using either the `/ue` or `/uel` options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the `/ui` option takes precedence over the `/ue` option.
 
-**The /uel option takes precedence over the /ue option.** If a user has logged on within the specified time period set by the **/uel** option, that user's profile will be migrated even if they are excluded by using the **/ue** option. For example, if you specify `/ue:contoso\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days.
+**The /uel option takes precedence over the /ue option.** If a user has logged on within the specified time period set by the `/uel` option, that user's profile will be migrated even if they're excluded by using the `/ue` option. For example, if you specify `/ue:contoso\user1 /uel:14`, the User1 will be migrated if they've logged on to the computer within the last 14 days.
 
 | Behavior | Command |
 |--- |--- |
 | Include only User2 from the Fabrikam domain and exclude all other users. | `/ue:* /ui:fabrikam\user2` |
 | Include only the local user named User1 and exclude all other users. | `/ue:* /ui:user1` |
-| Include only the domain users from Contoso, except Contoso\User1. | This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following:<ul><li>Using the **ScanState** command-line tool, type: `/ue:* /ui:contoso`</li><li>Using the **LoadState** command-line tool, type: `/ue:contoso\user1`</li></ul> |
+| Include only the domain users from Contoso, except Contoso\User1. | This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following options:<ul><li>Using the **ScanState** command-line tool, enter: <br>`/ue:* /ui:contoso`</li><li>Using the **LoadState** command-line tool, enter: <br>`/ue:contoso\user1`</li></ul> |
 | Include only local (non-domain) users. | `/ue: /ui:%computername%*` |
 
-## <a href="" id="bkmk-cloi"></a>Incompatible Command-Line Options
+## Incompatible command-line options
 
-The following table indicates which command-line options are not compatible with the **LoadState** command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options are not compatible. For example, you cannot use the **/nocompress** option with the **/encrypt** option.
+The following table indicates which command-line options aren't compatible with the `LoadState.exe` command. If the table entry for a particular combination is blank, the options are compatible, and you can use them together. The X symbol means that the options aren't compatible. For example, you can't use the `/nocompress` option with the `/encrypt` option.
 
 | Command-Line Option | /keyfile | /nocompress | /genconfig | /all |
 |--- |--- |--- |--- |--- |
@@ -155,8 +157,8 @@ The following table indicates which command-line options are not compatible with
 | **/lac** |  |  |  |  |
 
 > [!NOTE]
-> You must specify either the **/key** or **/keyfile** option with the **/encrypt** option.
+> You must specify either the `/key` or `/keyfile` option with the `/encrypt` option.
 
-## Related topics
+## Related articles
 
-[XML Elements Library](usmt-xml-elements-library.md)
+[XML elements library](usmt-xml-elements-library.md)
diff --git a/windows/deployment/usmt/usmt-log-files.md b/windows/deployment/usmt/usmt-log-files.md
index 86e3f5ec0b..e15edd680e 100644
--- a/windows/deployment/usmt/usmt-log-files.md
+++ b/windows/deployment/usmt/usmt-log-files.md
@@ -1,110 +1,110 @@
 ---
 title: Log Files (Windows 10)
-description: Learn how to use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations.
+description: Learn how to use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Log Files
+# USMT log files
 
-You can use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. This topic describes the available command-line options to enable USMT logs, and new XML elements that configure which types of errors are fatal and should halt the migration, which types are non-fatal and should be skipped so that the migration can continue.
+You can use User State Migration Tool (USMT) 10.0 logs to monitor your migration and to troubleshoot errors and failed migrations. This article describes the available command-line options to enable USMT logs, and new XML elements that configure which types of errors are fatal and should halt the migration, which types are non-fatal and should be skipped so that the migration can continue.
 
-[Log Command-Line Options](#bkmk-commandlineoptions)
+[Log command-line options](#log-command-line-options)
 
-[ScanState and LoadState Logs](#bkmk-scanloadstatelogs)
+[ScanState and LoadState logs](#scanstate-and-loadstate-logs)
 
-[Progress Log](#bkmk-progresslog)
+[Progress log](#progress-log)
 
-[List Files Log](#bkmk-listfileslog)
+[List files log](#list-files-log)
 
-[Diagnostic Log](#bkmk-diagnosticlog)
+[Diagnostic log](#diagnostic-log)
 
-## <a href="" id="bkmk-commandlineoptions"></a>Log Command-Line Options
+## Log command-line options
 
 The following table describes each command-line option related to logs, and it provides the log name and a description of what type of information each log contains.
 
 |Command line Option|File Name|Description|
 |--- |--- |--- |
-|**/l** *[Path]FileName*|Scanstate.log or LoadState.log|Specifies the path and file name of the ScanState.log or LoadState log.|
-|**/progress** *[Path]FileName*|Specifies the path and file name of the Progress log.|Provides information about the status of the migration, by percentage complete.|
-|**/v** *[VerbosityLevel]*|Not applicable|See the "Monitoring Options" section in [ScanState Syntax](usmt-scanstate-syntax.md).|
-|**/listfiles** *[Path]FileName*|Specifies the path and file name of the Listfiles log.|Provides a list of the files that were migrated.|
-|Set the environment variable MIG_ENABLE_DIAG to a path to an XML file.|USMTDiag.xml|The diagnostic log contains detailed system environment information, user environment information, and information about the migration units (migunits) being gathered and their contents.|
+|**/l**"*[Path]FileName*|`ScanState.exe.log` or `LoadState.log`|Specifies the path and file name of the **ScanState** log or **LoadState** log.|
+|**/progress**:*[Path]FileName*|Specifies the path and file name of the Progress log.|Provides information about the status of the migration, by percentage complete.|
+|**/v**:*[VerbosityLevel]*|Not applicable|See [Monitoring options](usmt-scanstate-syntax.md#monitoring-options) in [ScanState syntax](usmt-scanstate-syntax.md).|
+|**/listfiles**:*[Path]FileName*|Specifies the path and file name of the Listfiles log.|Provides a list of the files that were migrated.|
+|Set the environment variable **MIG_ENABLE_DIAG** to a path to an XML file.|`USMTDiag.xml`|The diagnostic log contains detailed system environment information, user environment information, and information about the migration units (migunits) being gathered and their contents.|
 
 > [!NOTE]
 > You cannot store any of the log files in *StorePath*. If you do, the log will be overwritten when USMT is run.
 
-## <a href="" id="bkmk-scanloadstatelogs"></a>ScanState and LoadState Logs
+## ScanState and LoadState logs
 
-ScanState and LoadState logs are text files that are create when you run the ScanState and LoadState tools. You can use these logs to help monitor your migration. The content of the log depends on the command-line options that you use and the verbosity level that you specify. For more information about verbosity levels, see Monitoring Options in [ScanState Syntax](usmt-scanstate-syntax.md).
+ **ScanState** and **LoadState** logs are text files that are create when you run the **ScanState** and **LoadState** tools. You can use these logs to help monitor your migration. The content of the log depends on the command-line options that you use and the verbosity level that you specify. For more information about verbosity levels, see [Monitoring options](usmt-scanstate-syntax.md#monitoring-options) in [ScanState syntax](usmt-scanstate-syntax.md).
 
-## <a href="" id="bkmk-progresslog"></a>Progress Log
+## Progress log
 
-You can create a progress log using the **/progress** option. External tools, such as Microsoft System Center Operations Manager 2007, can parse the progress log to update your monitoring systems. The first three fields in each line are fixed as follows:
+You can create a progress log using the `/progress` option. External tools, such as Microsoft System Center Operations Manager, can parse the progress log to update your monitoring systems. The first three fields in each line are fixed as follows:
 
--   **Date:** Date, in the format of *day* *shortNameOfTheMonth* *year*. For example: 08 Jun 2006.
+- **Date:** Date, in the format of *day* *shortNameOfTheMonth* *year*. For example: 08 Jun 2006.
 
--   **Local time:** Time, in the format of *hrs*:*minutes*:*seconds* (using a 24-hour clock). For example: 13:49:13.
+- **Local time:** Time, in the format of *hrs*:*minutes*:*seconds* (using a 24-hour clock). For example: 13:49:13.
 
--   **Migration time:** Duration of time that USMT was run, in the format of *hrs:minutes:seconds*. For example: 00:00:10.
+- **Migration time:** Duration of time that USMT was run, in the format of *hrs:minutes:seconds*. For example: 00:00:10.
 
 The remaining fields are key/value pairs as indicated in the following table.
 
 | Key | Value |
 |-----|-------|
-| program | ScanState.exe or LoadState.exe. |
-| productVersion | The full product version number of USMT. |
-| computerName | The name of the source or destination computer on which USMT was run. |
-| commandLine | The full command used to run USMT. |
-| PHASE | Reports that a new phase in the migration is starting. This can be one of the following:<ul><li>Initializing</li><li>Scanning</li><li>Collecting</li><li>Saving</li><li>Estimating</li><li>Applying</li></ul> |
-| detectedUser | <ul><li>For the ScanState tool, these are the users USMT detected on the source computer that can be migrated.</li><li>For the LoadState tool, these are the users USMT detected in the store that can be migrated.</li></ul> |
-| includedInMigration | Defines whether the user profile/component is included for migration. Valid values are Yes or No. |
-| forUser | Specifies either of the following:<ul><li>The user state being migrated.</li><li>*This Computer*, meaning files and settings that are not associated with a user.</li></ul> |
-| detectedComponent | Specifies a component detected by USMT.<ul><li>For ScanState, this is a component or application that is installed on the source computer.</li><li>For LoadState, this is a component or application that was detected in the store.</li></ul> |
-| totalSizeInMBToTransfer | Total size of the files and settings to migrate in megabytes (MB). |
-| totalPercentageCompleted | Total percentage of the migration that has been completed by either ScanState or LoadState. |
-| collectingUser | Specifies which user ScanState is collecting files and settings for. |
-| totalMinutesRemaining | Time estimate, in minutes, for the migration to complete. |
-| error | Type of non-fatal error that occurred. This can be one of the following:<ul><li>**UnableToCopy**: Unable to copy to store because the disk on which the store is located is full.</li><li>**UnableToOpen**: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.</li><li>**UnableToCopyCatalog**: Unable to copy because the store is corrupted.</li><li>**UnableToAccessDevice**: Unable to access the device.</li><li>**UnableToApply**: Unable to apply the setting to the destination computer.</li></ul> |
-| objectName | The name of the file or setting that caused the non-fatal error. |
-| action | Action taken by USMT for the non-fatal error. The values are:<ul><li>**Ignore**: Non-fatal error ignored and the migration continued because the **/c** option was specified on the command line.</li><li>**Abort**: Stopped the migration because the **/c** option was not specified.</li></ul> |
-| errorCode | The errorCode or return value. |
-| numberOfIgnoredErrors | The total number of non-fatal errors that USMT ignored. |
-| message | The message corresponding to the errorCode. |
+| *program* | `ScanState.exe` or `LoadState.exe`. |
+| *productVersion* | The full product version number of USMT. |
+| *computerName* | The name of the source or destination computer on which USMT was run. |
+| *commandLine* | The full command used to run USMT. |
+| *PHASE* | Reports that a new phase in the migration is starting. This key can be one of the following values:<ul><li>Initializing</li><li>Scanning</li><li>Collecting</li><li>Saving</li><li>Estimating</li><li>Applying</li></ul> |
+| *detectedUser* | <ul><li>For the **ScanState** tool, this key are the users USMT detected on the source computer that can be migrated.</li><li>For the **LoadState** tool, this key are the users USMT detected in the store that can be migrated.</li></ul> |
+| *includedInMigration* | Defines whether the user profile/component is included for migration. Valid values are **Yes** or **No**. |
+| *forUser* | Specifies either of the following values:<ul><li>The user state being migrated.</li><li>*This Computer*, meaning files and settings that aren't associated with a user.</li></ul> |
+| *detectedComponent* | Specifies a component detected by USMT.<ul><li>For *ScanState*, this key is a component or application that is installed on the source computer.</li><li>For **LoadState**, this key is a component or application that was detected in the store.</li></ul> |
+| *totalSizeInMBToTransfer* | Total size of the files and settings to migrate in megabytes (MB). |
+| *totalPercentageCompleted* | Total percentage of the migration that has been completed by either **ScanState** or **LoadState**. |
+| *collectingUser* | Specifies which user **ScanState** is collecting files and settings for. |
+| *totalMinutesRemaining* | Time estimate, in minutes, for the migration to complete. |
+| *error* | Type of non-fatal error that occurred. This key can be one of the following values:<ul><li>**UnableToCopy**: Unable to copy to store because the disk on which the store is located is full.</li><li>**UnableToOpen**: Unable to open the file for migration because the file is opened in non-shared mode by another application or service.</li><li>**UnableToCopyCatalog**: Unable to copy because the store is corrupted.</li><li>**UnableToAccessDevice**: Unable to access the device.</li><li>**UnableToApply**: Unable to apply the setting to the destination computer.</li></ul> |
+| *objectName* | The name of the file or setting that caused the non-fatal error. |
+| *action* | Action taken by USMT for the non-fatal error. The values are:<ul><li>**Ignore**: Non-fatal error ignored and the migration continued because the **/c** option was specified on the command line.</li><li>**Abort**: Stopped the migration because the **/c** option wasn't specified.</li></ul> |
+| *errorCode* | The errorCode or return value. |
+| *numberOfIgnoredErrors* | The total number of non-fatal errors that USMT ignored. |
+| *message** | The message corresponding to the errorCode. |
 
-## <a href="" id="bkmk-listfileslog"></a>List Files Log
+## List files log
 
-The List files log (Listfiles.txt) provides a list of the files that were migrated. This list can be used to troubleshoot XML issues or can be retained as a record of the files that were gathered into the migration store. The List Files log is only available for ScanState.exe.
+The List files log (`Listfiles.txt`) provides a list of the files that were migrated. This list can be used to troubleshoot XML issues or can be retained as a record of the files that were gathered into the migration store. The List Files log is only available for `ScanState.exe`.
 
-## <a href="" id="bkmk-diagnosticlog"></a>Diagnostic Log
+## Diagnostic log
 
-You can obtain the diagnostic log by setting the environment variable MIG\_ENABLE\_DIAG to a path to an XML file.
+You can obtain the diagnostic log by setting the environment variable **MIG_ENABLE_DIAG** to a path to an XML file.
 
 The diagnostic log contains:
 
--   Detailed system environment information
+- Detailed system environment information
 
--   Detailed user environment information
+- Detailed user environment information
 
--   Information about the migration units (migunits) being gathered and their contents
+- Information about the migration units (migunits) being gathered and their contents
 
 ## Using the Diagnostic Log
 
-The diagnostic log is essentially a report of all the migration units (migunits) included in the migration. A migunit is a collection of data that is identified by the component it is associated with in the XML files. The migration store is made up of all the migunits in the migration. The diagnostic log can be used to verify which migunits were included in the migration and can be used for troubleshooting while authoring migration XML files.
+The diagnostic log is essentially a report of all the migration units (migunits) included in the migration. A migunit is a collection of data that is identified by the component it's associated with in the XML files. The migration store is made up of all the migunits in the migration. The diagnostic log can be used to verify which migunits were included in the migration and can be used for troubleshooting while authoring migration XML files.
 
 The following examples describe common scenarios in which you can use the diagnostic log.
 
 **Why is this file not migrating when I authored an "include" rule for it?**
 
-Let's imagine that we have the following directory structure and that we want the "data" directory to be included in the migration along with the "New Text Document.txt" file in the "New Folder." The directory of **C:\\data** contains:
+Let's imagine that we have the following directory structure and that we want the **data** directory to be included in the migration along with the **New Text Document.txt** file in the **New Folder**. The directory of `C:\data` contains:
 
-```console
+``` console
 01/21/2009  10:08 PM    <DIR>          .
 01/21/2009  10:08 PM    <DIR>          ..
 01/21/2009  10:08 PM    <DIR>          New Folder
@@ -113,9 +113,9 @@ Let's imagine that we have the following directory structure and that we want th
                2 File(s)             26 bytes
 ```
 
-The directory of **C:\\data\\New Folder** contains:
+The directory of `C:\data\New Folder` contains:
 
-```console
+``` console
 01/21/2009  10:08 PM    <DIR>          .
 01/21/2009  10:08 PM    <DIR>          ..
 01/21/2009  10:08 PM                 0 New Text Document.txt
@@ -144,61 +144,61 @@ To migrate these files you author the following migration XML:
 </migration>
 ```
 
-However, upon testing the migration you notice that the "New Text Document.txt" file isn't included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable MIG\_ENABLE\_DIAG set such that the diagnostic log is generated. Upon searching the diagnostic log for the component "DATA1", the following XML section is discovered:
+However, upon testing the migration you notice that the **New Text Document.txt** file isn't included in the migration. To troubleshoot this failure, the migration can be repeated with the environment variable **MIG_ENABLE_DIAG** set such that the diagnostic log is generated. Upon searching the diagnostic log for the component **DATA1**, the following XML section is discovered:
 
 ```xml
 <MigUnitList>
-<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
-<Patterns Type="Include">
-<Pattern Type="File" Path="C:\data [*]"/>
-</Patterns>
-</MigUnit>
+	<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
+		<Patterns Type="Include">
+			<Pattern Type="File" Path="C:\data [*]"/>
+		</Patterns>
+	</MigUnit>
 </MigUnitList>
 <Perform Name="Gather" User="System">
-<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)">
-<Operation Name="Store" Type="File" Path="C:\data" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data [test (1).txt]" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data [test.txt]" SimObj="false" Success="true"/>
-</MigUnit>
+	<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)">
+		<Operation Name="Store" Type="File" Path="C:\data" SimObj="false" Success="true"/>
+		<Operation Name="Store" Type="File" Path="C:\data [test (1).txt]" SimObj="false" Success="true"/>
+		<Operation Name="Store" Type="File" Path="C:\data [test.txt]" SimObj="false" Success="true"/>
+	</MigUnit>
 </Perform>
 ```
 
-Analysis of this XML section reveals the migunit that was created when the migration rule was processed. The &lt;Perform&gt; section details the actual files that were scheduled for gathering and the result of the gathering operation. The "New Text Document.txt" file doesn't appear in this section, which confirms that the migration rule was not correctly authored.
+Analysis of this XML section reveals the migunit that was created when the migration rule was processed. The **&lt;Perform&gt;** section details the actual files that were scheduled for gathering and the result of the gathering operation. The **New Text Document.txt** file doesn't appear in this section, which confirms that the migration rule wasn't correctly authored.
 
-An analysis of the XML elements reference topic reveals that the &lt;pattern&gt; tag needs to be modified as follows:
+An analysis of the [XML elements library](usmt-xml-elements-library.md) reference article reveals that the [**&lt;pattern&gt;**](usmt-xml-elements-library.md#pattern) tag needs to be modified as follows:
 
 ```xml
 <pattern type="File">c:\data\* [*]</pattern>
 ```
 
-When the migration is preformed again with the modified tag, the diagnostic log reveals the following:
+When the migration is performed again with the modified tag, the diagnostic log reveals the following information:
 
 ```xml
 <MigUnitList>
-<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
-<Patterns Type="Include">
-<Pattern Type="File" Path="C:\data\* [*]"/>
-</Patterns>
-</MigUnit>
+  <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
+    <Patterns Type="Include">
+      <Pattern Type="File" Path="C:\data\* [*]"/>
+    </Patterns>
+  </MigUnit>
 </MigUnitList>
 <Perform Name="Gather" User="System">
-<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)">
-<Operation Name="Store" Type="File" Path="C:\data" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data [test (1).txt]" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data [test.txt]" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data\New Folder" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data\New Folder [New Text Document.txt]" SimObj="false" Success="true"/>
-</MigUnit>
+  <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)">
+    <Operation Name="Store" Type="File" Path="C:\data" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data [test (1).txt]" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data [test.txt]" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data\New Folder" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data\New Folder [New Text Document.txt]" SimObj="false" Success="true"/>
+  </MigUnit>
 </Perform>
 ```
 
-This diagnostic log confirms that the modified &lt;pattern&gt; value enables the migration of the file.
+This diagnostic log confirms that the modified **&lt;pattern&gt;** value enables the migration of the file.
 
 **Why is this file migrating when I authored an exclude rule excluding it?**
 
-In this scenario, you have the following directory structure and you want all files in the "data" directory to migrate, except for text files. The **C:\\Data** folder contains:
+In this scenario, you have the following directory structure and you want all files in the **Data** directory to migrate, except for text files. The `C:\Data` folder contains:
 
-```console
+``` console
 Directory of C:\Data
 
 01/21/2009  10:08 PM    <DIR>          .
@@ -209,9 +209,9 @@ Directory of C:\Data
                2 File(s)             26 bytes
 ```
 
-The **C:\\Data\\New Folder\\** contains:
+The `C:\Data\New Folder\` contains:
 
-```console
+``` console
 01/21/2009  10:08 PM    <DIR>          .
 01/21/2009  10:08 PM    <DIR>          ..
 01/21/2009  10:08 PM                 0 New Text Document.txt
@@ -246,33 +246,33 @@ You author the following migration XML:
 </component>
 ```
 
-However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable MIG\_ENABLE\_DIAG set so that the diagnostic log is generated. Upon searching the diagnostic log for the component "DATA1", the following XML section is discovered:
+However, upon testing the migration you notice that all the text files are still included in the migration. In order to troubleshoot this issue, the migration can be performed with the environment variable **MIG_ENABLE_DIAG** set so that the diagnostic log is generated. Upon searching the diagnostic log for the component **DATA1**, the following XML section is discovered:
 
 ```xml
 <MigUnitList>
-<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
-<Patterns Type="Include">
-<Pattern Type="File" Path="C:\data\* [*]"/>
-</Patterns>
-<Patterns Type="Exclude">
-<Pattern Type="File" Path="C:\* [*.txt]"/>
-</Patterns>
-</MigUnit>
+  <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
+    <Patterns Type="Include">
+      <Pattern Type="File" Path="C:\data\* [*]"/>
+    </Patterns>
+    <Patterns Type="Exclude">
+      <Pattern Type="File" Path="C:\* [*.txt]"/>
+    </Patterns>
+  </MigUnit>
 </MigUnitList>
 <Perform Name="Gather" User="System">
-<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)">
-<Operation Name="Store" Type="File" Path="C:\data" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data [test (1).txt]" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data [test.docx]" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data [test.txt]" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data\New Folder" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data\New Folder [New Text Document.txt]" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data\New Folder [test.docx]" SimObj="false" Success="true"/>
-</MigUnit>
+  <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)">
+    <Operation Name="Store" Type="File" Path="C:\data" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data [test (1).txt]" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data [test.docx]" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data [test.txt]" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data\New Folder" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data\New Folder [New Text Document.txt]" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data\New Folder [test.docx]" SimObj="false" Success="true"/>
+  </MigUnit>
 </Perform>
 ```
 
-Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it is a problem with the authored migration XML rule. You author an update to the migration XML script as follows:
+Upon reviewing the diagnostic log, you confirm that the files are still migrating, and that it's a problem with the authored migration XML rule. You author an update to the migration XML script as follows:
 
 ```xml
 <?xml version="1.0" encoding="UTF-8"?>
@@ -307,31 +307,30 @@ Your revised migration XML script excludes the files from migrating, as confirme
 
 ```xml
 <MigUnitList>
-<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
-<Patterns Type="Include">
-<Pattern Type="File" Path="C:\data\* [*]"/>
-</Patterns>
-<Patterns Type="Exclude">
-<Pattern Type="File" Path="C:\data\* [*.txt]"/>
-</Patterns>
-</MigUnit>
+  <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)" Context="System" ConfidenceLevel="100" Group="Applications" Role="UserData" Agent="CMXEAgent" Selected="true" Supported="true">
+    <Patterns Type="Include">
+      <Pattern Type="File" Path="C:\data\* [*]"/>
+    </Patterns>
+    <Patterns Type="Exclude">
+      <Pattern Type="File" Path="C:\data\* [*.txt]"/>
+    </Patterns>
+  </MigUnit>
 </MigUnitList>
 <Perform Name="Gather" User="System">
-<MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)">
-<Operation Name="Store" Type="File" Path="C:\data" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data [test.docx]" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data\New Folder" SimObj="false" Success="true"/>
-<Operation Name="Store" Type="File" Path="C:\data\New Folder [test.docx]" SimObj="false" Success="true"/>
-</MigUnit>
+  <MigUnit Name="&lt;System&gt;\DATA1 (CMXEAgent)">
+    <Operation Name="Store" Type="File" Path="C:\data" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data [test.docx]" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data\New Folder" SimObj="false" Success="true"/>
+    <Operation Name="Store" Type="File" Path="C:\data\New Folder [test.docx]" SimObj="false" Success="true"/>
+  </MigUnit>
 </Perform>
 ```
 
-## Related topics
+## Related articles
 
+[XML elements library](usmt-xml-elements-library.md)
 
-[XML Elements Library](usmt-xml-elements-library.md)
+[ScanState syntax](usmt-scanstate-syntax.md)
 
-[ScanState Syntax](usmt-scanstate-syntax.md)
-
-[LoadState Syntax](usmt-loadstate-syntax.md)
+[LoadState syntax](usmt-loadstate-syntax.md)
 
diff --git a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
index f0a495a6f9..f7f5a3ff7f 100644
--- a/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
+++ b/windows/deployment/usmt/usmt-migrate-efs-files-and-certificates.md
@@ -2,52 +2,46 @@
 title: Migrate EFS Files and Certificates (Windows 10)
 description: Learn how to migrate Encrypting File System (EFS) certificates. Also, learn where to find information about how to identify file types, files, and folders.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Migrate EFS Files and Certificates
+# Migrate EFS files and certificates
 
+This article describes how to migrate Encrypting File System (EFS) certificates. For more information about the `/efs` option, see [Encrypted file options](usmt-scanstate-syntax.md#encrypted-file-options) in [ScanState syntax](usmt-scanstate-syntax.md).
 
-This topic describes how to migrate Encrypting File System (EFS) certificates. For more information about the **/efs** For options, see [ScanState Syntax](usmt-scanstate-syntax.md).
+## To migrate EFS files and certificates
 
-## To Migrate EFS Files and Certificates
+Encrypting File System (EFS) certificates will be migrated automatically. However, by default, the User State Migration Tool (USMT) 10.0 fails if an encrypted file is found unless you specify an `/efs` option. Therefore when a device has EFS encrypted files, you must specify the `/efs` option with any one of the following parameters:
 
+- `abort`
+- `skip`
+- `decryptcopy`
+- `copyraw`
+- `hardlink`
 
-Encrypting File System (EFS) certificates will be migrated automatically. However, by default, the User State Migration Tool (USMT) 10.0 fails if an encrypted file is found (unless you specify an **/efs** option). Therefore, you must specify **/efs:abort | skip | decryptcopy | copyraw | hardlink** with the ScanState command to migrate the encrypted files. Then, when you run the LoadState command on the destination computer, the encrypted file and the EFS certificate will be automatically migrated.
+when running the `ScanState.exe` command to migrate the encrypted files. Then, when you run the `LoadState.exe` command on the destination computer, the encrypted file and the EFS certificate will be automatically migrated.
 
-**Note**  
-The **/efs** options are not used with the LoadState command.
+> [!NOTE]
+> The `/efs` options are not used with the `LoadState.exe` command.
 
- 
+Before using the **ScanState** tool for a migration that includes encrypted files and EFS certificates, you must ensure that all files in an encrypted folder are encrypted as well or remove the encryption attribute from folders that contain unencrypted files. If the encryption attribute has been removed from a file but not from the parent folder, the file will be encrypted during the migration using the credentials of the account used to run the **LoadState** tool.
 
-Before using the ScanState tool for a migration that includes encrypted files and EFS certificates, you must ensure that all files in an encrypted folder are encrypted as well or remove the encryption attribute from folders that contain unencrypted files. If the encryption attribute has been removed from a file but not from the parent folder, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool.
-
-You can run the Cipher tool at a Windows command prompt to review and change encryption settings on files and folders. For example, to remove encryption from a folder, at a command prompt type:
+You can run the [Cipher.exe](/windows-server/administration/windows-commands/cipher) tool at a Windows command prompt to review and change encryption settings on files and folders. For example, to remove encryption from a folder, at a command prompt enter:
 
 ``` syntax
-Cipher /D /S:<PATH>
+cipher.exe /D /S:<PATH>
 ```
 
-Where *&lt;Path&gt;* is the full path of the topmost parent directory where the encryption attribute is set.
-
-## Related topics
-
-
-[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)
-
-[Identify File Types, Files, and Folders](usmt-identify-file-types-files-and-folders.md)
-
- 
-
- 
-
-
+where *&lt;Path&gt;* is the full path of the topmost parent directory where the encryption attribute is set.
 
+## Related articles
 
+[What does USMT migrate?](usmt-what-does-usmt-migrate.md)
 
+[Identify file types, files, and folders](usmt-identify-file-types-files-and-folders.md)
diff --git a/windows/deployment/usmt/usmt-migrate-user-accounts.md b/windows/deployment/usmt/usmt-migrate-user-accounts.md
index 206ef57db5..8c124420e9 100644
--- a/windows/deployment/usmt/usmt-migrate-user-accounts.md
+++ b/windows/deployment/usmt/usmt-migrate-user-accounts.md
@@ -2,93 +2,94 @@
 title: Migrate User Accounts (Windows 10)
 description: Learn how to migrate user accounts and how to specify which users to include and exclude by using the User options on the command line.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Migrate User Accounts
 
+By default, all users are migrated. The only way to specify which users to include and exclude is on the command line by using the User options. You can't specify users in the migration XML files or by using the `Config.xml` file.
 
-By default, all users are migrated. The only way to specify which users to include and exclude is on the command line by using the User options. You cannot specify users in the migration XML files or by using the Config.xml file.
+## To migrate all user accounts and user settings
 
-## In this Topic
+Links to detailed explanations of commands are available in the [Related articles](#related-articles) section.
 
+1. Sign into the source computer as an administrator.
 
--   [To migrate all user accounts and user settings](#bkmk-migrateall)
+2. Enter the following `ScanState.exe` command line in a command prompt window:
 
--   [To migrate two domain accounts (User1 and User2)](#bkmk-migratetwo)
+    ``` syntax
+    ScanState.exe \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml /o
+    ````
 
--   [To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain](#bkmk-migratemoveuserone)
+3. Sign into the destination computer as an administrator.
 
-## <a href="" id="bkmk-migrateall"></a>To migrate all user accounts and user settings
-Links to detailed explanations of commands are available in the Related Topics section.
+4. Enter one of the following `LoadState.exe ` command lines in a command prompt window:
 
-1.  Log on to the source computer as an administrator, and specify the following in a **Command-Prompt** window:
+   - If you're migrating domain accounts, enter:
 
-    `scanstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /o`
+        ``` syntax
+        LoadState.exe  \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml
+        ```
 
-2.  Log on to the destination computer as an administrator.
+   - If you're migrating local accounts along with domain accounts, enter:
 
-3.  Do one of the following:
+        ``` syntax
+        LoadState.exe  \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml /lac /lae
+        ```
 
-    -   If you are migrating domain accounts, specify:
+        > [!NOTE]
+        > You do not have to specify the `/lae` option, which enables the account that was created with the `/lac` option. Instead, you can create a disabled local account by specifying only the `/lac` option, and then a local administrator needs to enable the account on the destination computer.
 
-        `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml`
+## To migrate two domain accounts (User1 and User2)
 
-    -   If you are migrating local accounts along with domain accounts, specify:
+Links to detailed explanations of commands are available in the [Related articles](#related-articles) section.
 
-        `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml /lac /lae`
+1. Sign into the source computer as an administrator.
 
-        **Note**  
-        You do not have to specify the **/lae** option, which enables the account that was created with the **/lac** option. Instead, you can create a disabled local account by specifying only the **/lac** option, and then a local administrator needs to enable the account on the destination computer.
+2. Enter the following `ScanState.exe` command line in a command prompt window:
 
-         
+    ``` syntax
+    ScanState.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml /o
+    ```
 
-## <a href="" id="bkmk-migratetwo"></a>To migrate two domain accounts (User1 and User2)
-Links to detailed explanations of commands are available in the Related Topics section.
+3. Sign into the destination computer as an administrator.
 
-1.  Log on to the source computer as an administrator, and specify:
+4. Enter the following `LoadState.exe ` command line in a command prompt window:
 
-    `scanstate \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:fabrikam\user2 /i:migdocs.xml /i:migapp.xml /o`
+    ``` syntax
+    LoadState.exe  \\server\share\migration\mystore /i:MigDocs.xml /i:MigApp.xml
+    ```
 
-2.  Log on to the destination computer as an administrator.
+## To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain
 
-3.  Specify the following:
+Links to detailed explanations of commands are available in the [Related articles](#related-articles) section.
 
-    `loadstate \\server\share\migration\mystore /i:migdocs.xml /i:migapp.xml`
+1. Sign into the source computer as an administrator.
 
-## <a href="" id="bkmk-migratemoveuserone"></a>To migrate two domain accounts (User1 and User2) and move User1 from the Contoso domain to the Fabrikam domain
-Links to detailed explanations of commands are available in the Related Topics section.
+2. Enter the following `ScanState.exe` command line in a command prompt window:
 
-1.  Log on to the source computer as an administrator, and type the following at the command-line prompt:
+    ``` syntax
+    ScanState.exe \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:MigDocs.xml /i:MigApp.xml /o
+    ```
 
-    `scanstate \\server\share\migration\mystore /ue:*\* /ui:contoso\user1 /ui:contoso\user2 /i:migdocs.xml /i:migapp.xml /o`
+3. Sign into the destination computer as an administrator.
 
-2.  Log on to the destination computer as an administrator.
-
-3.  Specify the following:
-
-    `loadstate \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:migdocs.xml /i:migapp.xml`
-
-## Related topics
-
-
-[Identify Users](usmt-identify-users.md)
-
-[ScanState Syntax](usmt-scanstate-syntax.md)
-
-[LoadState Syntax](usmt-loadstate-syntax.md)
-
- 
-
- 
+4. Enter the following `LoadState.exe ` command line in a command prompt window:
 
+    ``` syntax
+    LoadState.exe  \\server\share\migration\mystore /mu:contoso\user1:fabrikam\user2 /i:MigDocs.xml /i:MigApp.xml
+    ```
 
+## Related articles
 
+[Identify users](usmt-identify-users.md)
 
+[ScanState syntax](usmt-scanstate-syntax.md)
 
+[LoadState syntax](usmt-loadstate-syntax.md)
diff --git a/windows/deployment/usmt/usmt-migration-store-encryption.md b/windows/deployment/usmt/usmt-migration-store-encryption.md
index a5721b75b6..07c5b088c8 100644
--- a/windows/deployment/usmt/usmt-migration-store-encryption.md
+++ b/windows/deployment/usmt/usmt-migration-store-encryption.md
@@ -1,36 +1,36 @@
 ---
 title: Migration Store Encryption (Windows 10)
-description: Learn how the User State Migration Tool (USMT) enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES).
+description: Learn how the User State Migration Tool (USMT) enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Migration Store Encryption
+# Migration store encryption
 
-This topic discusses User State Migration Tool (USMT) 10.0 options for migration store encryption to protect the integrity of user data during a migration.
+This article discusses User State Migration Tool (USMT) 10.0 options for migration store encryption to protect the integrity of user data during a migration.
 
-## USMT Encryption Options
+## USMT encryption options
 
 USMT enables support for stronger encryption algorithms, called Advanced Encryption Standard (AES), in several bit-level options. AES is a National Institute of Standards and Technology (NIST) specification for the encryption of electronic data.
 
-The encryption algorithm you choose must be specified for both the **ScanState** and the **LoadState** commands, so that these commands can create or read the store during encryption and decryption. The new encryption algorithms can be specified on the **ScanState** and the **LoadState** command lines by using the **/encrypt**:*"encryptionstrength"* and the **/decrypt**:*"encryptionstrength"* command-line options. All of the encryption application programming interfaces (APIs) used by USMT are available in Windows 7, Windows 8, and Windows 10 operating systems. However, export restrictions might limit the set of algorithms that are available to computers in certain locales. You can use the Usmtutils.exe file to determine which encryption algorithms are available to the computers' locales before you begin the migration.
+The encryption algorithm you choose must be specified for both the `ScanState.exe` and the `LoadState.exe` commands, so that these commands can create or read the store during encryption and decryption. The new encryption algorithms can be specified on the `ScanState.exe` and the `LoadState.exe` command lines by using the `/encrypt`:*encryptionstrength* and the `/decrypt`:*encryptionstrength* command-line options. All of the encryption application programming interfaces (APIs) used by USMT are available in Windows 7, Windows 8, and Windows 10 operating systems. However, export restrictions might limit the set of algorithms that are available to computers in certain locales. You can use the `UsmtUtils.exe` file to determine which encryption algorithms are available to the computers' locales before you begin the migration.
 
 The following table describes the command-line encryption options in USMT.
 
 |Component|Option|Description|
 |--- |--- |--- |
-|**ScanState**|**/encrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument is not provided, the **ScanState** tool employs the 3DES algorithm.|
-|**LoadState**|**/decrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument is not provided, the **LoadState** tool employs the 3DES algorithm.|
+|*ScanState*|**/encrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the migration store is encrypted and which algorithm to use. When the algorithm argument isn't provided, the **ScanState** tool employs the **3DES** algorithm.|
+|*LoadState*|**/decrypt**<*AES, AES_128, AES_192, AES_256, 3DES, 3DES_112*>|This option and argument specify that the store must be decrypted and which algorithm to use. When the algorithm argument isn't provided, the **LoadState** tool employs the **3DES** algorithm.|
 
-**Important**  
-Some encryption algorithms may not be available on your systems. You can verify which algorithms are available by running the UsmtUtils command with the **/ec** option. For more information see [UsmtUtils Syntax](usmt-utilities.md)
+> [!IMPORTANT]
+> Some encryption algorithms may not be available on your systems. You can verify which algorithms are available by running the `UsmtUtils.exe` command with the `/ec` option. For more information, see [UsmtUtils syntax](usmt-utilities.md).
 
-## Related topics
+## Related articles
 
-[Plan Your Migration](usmt-plan-your-migration.md)
+[Plan your migration](usmt-plan-your-migration.md)
diff --git a/windows/deployment/usmt/usmt-overview.md b/windows/deployment/usmt/usmt-overview.md
index ddecca1043..7609e4e147 100644
--- a/windows/deployment/usmt/usmt-overview.md
+++ b/windows/deployment/usmt/usmt-overview.md
@@ -1,46 +1,46 @@
 ---
 title: User State Migration Tool (USMT) Overview (Windows 10)
 description: Learn about using User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems.
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 10/16/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-deploy
 ---
 
-# User State Migration Tool (USMT) Overview
+# User State Migration Tool (USMT) overview
 
-You can use User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. USMT captures user accounts, user files, operating system settings, and application settings, and then migrates them to a new Windows installation. You can use USMT for both PC replacement and PC refresh migrations. For more information, see [Common Migration Scenarios](usmt-common-migration-scenarios.md).
+You can use User State Migration Tool (USMT) 10.0 to streamline and simplify user state migration during large deployments of Windows operating systems. USMT captures user accounts, user files, operating system settings, and application settings, and then migrates them to a new Windows installation. You can use USMT for both PC replacement and PC refresh migrations. For more information, see [Common migration scenarios](usmt-common-migration-scenarios.md).
 
-USMT enables you to do the following:
+USMT enables you to do the following actions:
 
--   Configure your migration according to your business needs by using the migration rule (.xml) files to control exactly which files and settings are migrated and how they are migrated. For more information about how to modify these files, see [USMT XML Reference](usmt-xml-reference.md).
--   Fit your customized migration into your automated deployment process by using the ScanState and LoadState tools, which control collecting and restoring the user files and settings. For more information, see [User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md).
--   Perform offline migrations. You can run migrations offline by using the ScanState command in Windows Preinstallation Environment (WinPE) or you can perform migrations from previous installations of Windows contained in Windows.old directories. For more information about migration types, see [Choose a Migration Store Type](usmt-choose-migration-store-type.md) and [Offline Migration Reference](offline-migration-reference.md).
+- Configure your migration according to your business needs by using the migration rule (.xml) files to control exactly which files and settings are migrated and how they're migrated. For more information about how to modify these files, see [USMT XML reference](usmt-xml-reference.md).
+- Fit your customized migration into your automated deployment process by using the **ScanState** and **LoadState** tools, which control collecting and restoring the user files and settings. For more information, see [User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md).
+- Perform offline migrations. You can run migrations offline by using the ScanState command in Windows Preinstallation Environment (WinPE) or you can perform migrations from previous installations of Windows contained in Windows.old directories. For more information about migration types, see [Choose a migration store Type](usmt-choose-migration-store-type.md) and [Offline migration reference](offline-migration-reference.md).
 
 ## Benefits
 
 USMT provides the following benefits to businesses that are deploying Windows operating systems:
 
--   Safely migrates user accounts, operating system and application settings.
--   Lowers the cost of deploying Windows by preserving user state.
--   Reduces end-user downtime required to customize desktops and find missing files.
--   Reduces help-desk calls.
--   Reduces the time needed for the user to become familiar with the new operating system.
--   Increases employee satisfaction with the migration experience.
+- Safely migrates user accounts, operating system and application settings.
+- Lowers the cost of deploying Windows by preserving user state.
+- Reduces end-user downtime required to customize desktops and find missing files.
+- Reduces help-desk calls.
+- Reduces the time needed for the user to become familiar with the new operating system.
+- Increases employee satisfaction with the migration experience.
 
 ## Limitations
 
-USMT is intended for administrators who are performing large-scale automated deployments. If you are only migrating the user states of a few computers, you can use [PCmover Express](https://go.microsoft.com/fwlink/?linkid=620915). PCmover is not a free utility. PCmover Express is a tool created by Microsoft's partner, Laplink.
+USMT is intended for administrators who are performing large-scale automated deployments. If you're only migrating the user states of a few computers, you can use [PCmover Express](https://go.microsoft.com/fwlink/?linkid=620915). PCmover isn't a free utility. PCmover Express is a tool created by Microsoft's partner, Laplink.
 
-There are some scenarios in which the use of USMT is not recommended. These include:
+There are some scenarios in which the use of USMT isn't recommended. These scenarios include:
 
--   Migrations that require end-user interaction.
--   Migrations that require customization on a machine-by-machine basis.
+- Migrations that require end-user interaction.
+- Migrations that require customization on a machine-by-machine basis.
 
-## Related topics
+## Related articles
 
-- [User State Migration Tool (USMT) Technical Reference](usmt-technical-reference.md)
+- [User State Migration Tool (USMT) technical reference](usmt-technical-reference.md)
diff --git a/windows/deployment/usmt/usmt-plan-your-migration.md b/windows/deployment/usmt/usmt-plan-your-migration.md
index d66afb281e..6559990881 100644
--- a/windows/deployment/usmt/usmt-plan-your-migration.md
+++ b/windows/deployment/usmt/usmt-plan-your-migration.md
@@ -2,33 +2,33 @@
 title: Plan Your Migration (Windows 10)
 description: Learn how to your plan your migration carefully so your migration can proceed smoothly and so that you reduce the risk of migration failure.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Plan Your Migration
+# Plan your migration
 
-Before you use the User State Migration Tool (USMT) 10.0 to perform your migration, we recommend that you plan your migration carefully. Planning can help your migration proceed smoothly and can reduce the risk of migration failure.
+Before you use the User State Migration Tool (USMT) 10.0 to perform your migration, we recommend that you plan your migration carefully. Planning can help your migration proceed smoothly and can reduce the risk of migration failure.
 
 In migration planning, both organizations and individuals must first identify what to migrate, including user settings, applications and application settings, and personal data files and folders. Identifying the applications to migrate is especially important so that you can avoid capturing data about applications that may be phased out.
 
-One of the most important requirements for migrating settings and data is restoring only the information that the destination computer requires. Although the data that you capture on the source computer may be more comprehensive than the restoration data for backup purposes, restoring data or settings for applications that you will not install on the destination system is redundant. This can also introduce instability in a newly deployed computer.
+One of the most important requirements for migrating settings and data is restoring only the information that the destination computer requires. Although the data that you capture on the source computer may be more comprehensive than the restoration data for backup purposes, restoring data or settings for applications that you won't install on the destination system is redundant. Restoring data or settings for applications that aren't installed can also introduce instability in a newly deployed computer.
 
-## In This Section
+## In this section
 
 | Link | Description |
 |--- |--- |
-|[Common Migration Scenarios](usmt-common-migration-scenarios.md)|Determine whether you will perform a refresh migration or a replace migration.|
-|[What Does USMT Migrate?](usmt-what-does-usmt-migrate.md)|Learn which applications, user data, and operating system components USMT migrates.|
-|[Choose a Migration Store Type](usmt-choose-migration-store-type.md)|Choose an uncompressed, compressed, or hard-link migration store.|
-|[Determine What to Migrate](usmt-determine-what-to-migrate.md)|Identify user accounts, application settings, operating system settings, and files that you want to migrate inside your organization.|
-|[Test Your Migration](usmt-test-your-migration.md)|Test your migration before you deploy Windows to all users.|
+|[Common migration scenarios](usmt-common-migration-scenarios.md)|Determine whether you'll perform a refresh migration or a replace migration.|
+|[What does USMT migrate?](usmt-what-does-usmt-migrate.md)|Learn which applications, user data, and operating system components USMT migrates.|
+|[Choose a migration store type](usmt-choose-migration-store-type.md)|Choose an uncompressed, compressed, or hard-link migration store.|
+|[Determine what to migrate](usmt-determine-what-to-migrate.md)|Identify user accounts, application settings, operating system settings, and files that you want to migrate inside your organization.|
+|[Test your migration](usmt-test-your-migration.md)|Test your migration before you deploy Windows to all users.|
 
-## Related topics
+## Related articles
 
-[USMT XML Reference](usmt-xml-reference.md)
+[USMT XML reference](usmt-xml-reference.md)
diff --git a/windows/deployment/usmt/usmt-recognized-environment-variables.md b/windows/deployment/usmt/usmt-recognized-environment-variables.md
index bab5c90ed1..37172c925e 100644
--- a/windows/deployment/usmt/usmt-recognized-environment-variables.md
+++ b/windows/deployment/usmt/usmt-recognized-environment-variables.md
@@ -1,140 +1,131 @@
 ---
 title: Recognized Environment Variables (Windows 10)
 description: Learn how to use environment variables to identify folders that may be different on different computers.
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-deploy
 ---
 
-# Recognized Environment Variables
+# Recognized environment variables
 
+When using the XML files `MigDocs.xml`, `MigApp.xml`, and `MigUser.xml`, you can use environment variables to identify folders that may be different on different computers. Constant special item ID list (CSIDL) values provide a way to identify folders that applications use frequently but may not have the same name or location on any given computer. For example, the **Documents** folder may be `C:\Users\<Username>\My Documents` on one computer and `C:\Documents and Settings\<username>\My Documents` on another. You can use the asterisk (\*) wildcard character in `MigUser.xml`, `MigApp.xml` and `MigDoc.xml` files. However, you can't use the asterisk (\*) wildcard characters in the `Config.xml` file.
 
-When using the XML files MigDocs.xml, MigApp.xml, and MigUser.xml, you can use environment variables to identify folders that may be different on different computers. Constant special item ID list (CSIDL) values provide a way to identify folders that applications use frequently but may not have the same name or location on any given computer. For example, the documents folder may be C:\\Users\\&lt;Username&gt;\\My Documents on one computer and C:\\Documents and Settings on another. You can use the asterisk (\*) wildcard character in MigUser.xml, MigApp.xml and MigDoc.xml files. However, you cannot use the asterisk (\*) wildcard characters in the Config.xml file.
-
-## In This Topic
-
-
--   [Variables that are processed for the operating system and in the context of each user](#bkmk-1)
-
--   [Variables that are recognized only in the user context](#bkmk-2)
-
-## <a href="" id="bkmk-1"></a>Variables that are processed for the operating system and in the context of each user
-
+## Variables that are processed for the operating system and in the context of each user
 
 You can use these variables within sections in the .xml files with `context=UserAndSystem`, `context=User`, and `context=System`.
 
 |Variable|Explanation|
 |--- |--- |
-|**ALLUSERSAPPDATA**|Same as **CSIDL_COMMON_APPDATA**.|
-|**ALLUSERSPROFILE**|Refers to %**PROFILESFOLDER**%\Public or %**PROFILESFOLDER**%\all users.|
-|**COMMONPROGRAMFILES**|Same as **CSIDL_PROGRAM_FILES_COMMON**.|
-|**COMMONPROGRAMFILES**(X86)|Refers to the C:\Program Files (x86)\Common Files folder on 64-bit systems.|
-|**CSIDL_COMMON_ADMINTOOLS**|Version 10.0. The file-system directory that contains administrative tools for all users of the computer.|
-|**CSIDL_COMMON_ALTSTARTUP**|The file-system directory that corresponds to the non-localized Startup program group for all users.|
-|**CSIDL_COMMON_APPDATA**|The file-system directory that contains application data for all users. A typical path Windows is C:\ProgramData.|
-|**CSIDL_COMMON_DESKTOPDIRECTORY**|The file-system directory that contains files and folders that appear on the desktop for all users. A typical Windows® XP path is C:\Documents and Settings\All Users\Desktop. A typical path is C:\Users\Public\Desktop.|
-|**CSIDL_COMMON_DOCUMENTS**|The file-system directory that contains documents that are common to all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Documents. A typical path is C:\Users\Public\Documents.|
-|**CSIDL_COMMON_FAVORITES**|The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.|
-|**CSIDL_COMMON_MUSIC**|The file-system directory that serves as a repository for music files common to all users. A typical path is C:\Users\Public\Music.|
-|**CSIDL_COMMON_PICTURES**|The file-system directory that serves as a repository for image files common to all users. A typical path is C:\Users\Public\Pictures.|
-|**CSIDL_COMMON_PROGRAMS**|The file-system directory that contains the directories for the common program groups that appear on the **Start** menu for all users. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs.|
-|**CSIDL_COMMON_STARTMENU**|The file-system directory that contains the programs and folders which appear on the **Start** menu for all users. A typical path in Windows is C:\ProgramData\Microsoft\Windows\Start Menu.|
-|**CSIDL_COMMON_STARTUP**|The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path in Windows XP is C:\Documents and Settings\All Users\Start Menu\Programs\Startup. A typical path is C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup.|
-|**CSIDL_COMMON_TEMPLATES**|The file-system directory that contains the templates that are available to all users. A typical path is C:\ProgramData\Microsoft\Windows\Templates.|
-|**CSIDL_COMMON_VIDEO**|The file-system directory that serves as a repository for video files common to all users. A typical path is C:\Users\Public\Videos.|
-|**CSIDL_DEFAULT_APPDATA**|Refers to the Appdata folder inside %**DEFAULTUSERPROFILE**%.|
-|C**SIDL_DEFAULT_LOCAL_APPDATA**|Refers to the local Appdata folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_COOKIES**|Refers to the Cookies folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_CONTACTS**|Refers to the Contacts folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_DESKTOP**|Refers to the Desktop folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_DOWNLOADS**|Refers to the Downloads folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_FAVORITES**|Refers to the Favorites folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_HISTORY**|Refers to the History folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_INTERNET_CACHE**|Refers to the Internet Cache folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_PERSONAL**|Refers to the Personal folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_MYDOCUMENTS**|Refers to the My Documents folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_MYPICTURES**|Refers to the My Pictures folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_MYMUSIC**|Refers to the My Music folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_MYVIDEO**|Refers to the My Videos folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_RECENT**|Refers to the Recent folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_SENDTO**|Refers to the Send To folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_STARTMENU**|Refers to the Start Menu folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_PROGRAMS**|Refers to the Programs folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_STARTUP**|Refers to the Startup folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_TEMPLATES**|Refers to the Templates folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_DEFAULT_QUICKLAUNCH**|Refers to the Quick Launch folder inside %**DEFAULTUSERPROFILE**%.|
-|**CSIDL_FONTS**|A virtual folder containing fonts. A typical path is C:\Windows\Fonts.|
-|**CSIDL_PROGRAM_FILESX86**|The Program Files folder on 64-bit systems. A typical path is C:\Program Files(86).|
-|**CSIDL_PROGRAM_FILES_COMMONX86**|A folder for components that are shared across applications on 64-bit systems. A typical path is C:\Program Files(86)\Common.|
-|**CSIDL_PROGRAM_FILES**|The Program Files folder. A typical path is C:\Program Files.|
-|**CSIDL_PROGRAM_FILES_COMMON**|A folder for components that are shared across applications. A typical path is C:\Program Files\Common.|
-|**CSIDL_RESOURCES**|The file-system directory that contains resource data. A typical path is C:\Windows\Resources.|
-|**CSIDL_SYSTEM**|The Windows System folder. A typical path is C:\Windows\System32.|
-|**CSIDL_WINDOWS**|The Windows directory or system root. This corresponds to the %**WINDIR**% or %**SYSTEMROOT**% environment variables. A typical path is C:\Windows.|
-|**DEFAULTUSERPROFILE**|Refers to the value in **HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile]**.|
-|**PROFILESFOLDER**|Refers to the value in **HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory]**.|
-|**PROGRAMFILES**|Same as **CSIDL_PROGRAM_FILES**.|
-|**PROGRAMFILES(X86)**|Refers to the C:\Program Files (x86) folder on 64-bit systems.|
-|**SYSTEM**|Refers to %**WINDIR**%\system32.|
-|**SYSTEM16**|Refers to %**WINDIR**%\system.|
-|**SYSTEM32**|Refers to %**WINDIR**%\system32.|
-|**SYSTEMDRIVE**|The drive that holds the Windows folder. Note that this is a drive name and not a folder name (`C:` not `C:\`).|
-|**SYSTEMPROFILE**|Refers to the value in **HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath]**.|
-|**SYSTEMROOT**|Same as **WINDIR**.|
-|**WINDIR**|Refers to the Windows folder located on the system drive.|
+|*ALLUSERSAPPDATA*|Same as **CSIDL_COMMON_APPDATA**.|
+|*ALLUSERSPROFILE*|Refers to `%PROFILESFOLDER%\Public` or `%PROFILESFOLDER%\all users`.|
+|*COMMONPROGRAMFILES*|Same as **CSIDL_PROGRAM_FILES_COMMON**.|
+|*COMMONPROGRAMFILES*(X86)|Refers to the `C:\Program Files (x86)\Common Files` folder on 64-bit systems.|
+|*CSIDL_COMMON_ADMINTOOLS*|Version 10.0. The file-system directory that contains administrative tools for all users of the computer.|
+|*CSIDL_COMMON_ALTSTARTUP*|The file-system directory that corresponds to the non-localized Startup program group for all users.|
+|*CSIDL_COMMON_APPDATA*|The file-system directory that contains application data for all users. A typical path Windows is `C:\ProgramData`.|
+|*CSIDL_COMMON_DESKTOPDIRECTORY*|The file-system directory that contains files and folders that appear on the desktop for all users. A typical path is `C:\Users\Public\Desktop`.|
+|*CSIDL_COMMON_DOCUMENTS*|The file-system directory that contains documents that are common to all users. A typical path is `C:\Users\Public\Documents`.|
+|*CSIDL_COMMON_FAVORITES*|The file-system directory that serves as a common repository for favorites common to all users. A typical path is C:\Users\Public\Favorites.|
+|*CSIDL_COMMON_MUSIC*|The file-system directory that serves as a repository for music files common to all users. A typical path is `C:\Users\Public\Music`.|
+|*CSIDL_COMMON_PICTURES*|The file-system directory that serves as a repository for image files common to all users. A typical path is `C:\Users\Public\Pictures`.|
+|*CSIDL_COMMON_PROGRAMS*|The file-system directory that contains the directories for the common program groups that appear on the **Start** menu for all users. A typical path is `C:\ProgramData\Microsoft\Windows\Start Menu\Programs`.|
+|*CSIDL_COMMON_STARTMENU*|The file-system directory that contains the programs and folders that appear on the **Start** menu for all users. A typical path in Windows is `C:\ProgramData\Microsoft\Windows\Start Menu`.|
+|*CSIDL_COMMON_STARTUP*|The file-system directory that contains the programs that appear in the Startup folder for all users. A typical path is `C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup`.|
+|*CSIDL_COMMON_TEMPLATES*|The file-system directory that contains the templates that are available to all users. A typical path is `C:\ProgramData\Microsoft\Windows\Templates`.|
+|*CSIDL_COMMON_VIDEO*|The file-system directory that serves as a repository for video files common to all users. A typical path is `C:\Users\Public\Videos`.|
+|*CSIDL_DEFAULT_APPDATA*|Refers to the Appdata folder inside `%DEFAULTUSERPROFILE%`.|
+|C*SIDL_DEFAULT_LOCAL_APPDATA*|Refers to the local Appdata folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_COOKIES*|Refers to the Cookies folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_CONTACTS*|Refers to the Contacts folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_DESKTOP*|Refers to the Desktop folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_DOWNLOADS*|Refers to the Downloads folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_FAVORITES*|Refers to the Favorites folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_HISTORY*|Refers to the History folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_INTERNET_CACHE*|Refers to the Internet Cache folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_PERSONAL*|Refers to the Personal folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_MYDOCUMENTS*|Refers to the My Documents folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_MYPICTURES*|Refers to the My Pictures folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_MYMUSIC*|Refers to the My Music folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_MYVIDEO*|Refers to the My Videos folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_RECENT*|Refers to the Recent folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_SENDTO*|Refers to the Send To folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_STARTMENU*|Refers to the Start Menu folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_PROGRAMS*|Refers to the Programs folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_STARTUP*|Refers to the Startup folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_TEMPLATES*|Refers to the Templates folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_DEFAULT_QUICKLAUNCH*|Refers to the Quick Launch folder inside `%DEFAULTUSERPROFILE%`.|
+|*CSIDL_FONTS*|A virtual folder containing fonts. A typical path is `C:\Windows\Fonts`.|
+|*CSIDL_PROGRAM_FILESX86*|The Program Files folder on 64-bit systems. A typical path is `C:\Program Files(86)`.|
+|*CSIDL_PROGRAM_FILES_COMMONX86*|A folder for components that are shared across applications on 64-bit systems. A typical path is `C:\Program Files(86)\Common`.|
+|*CSIDL_PROGRAM_FILES*|The Program Files folder. A typical path is `C:\Program Files`.|
+|*CSIDL_PROGRAM_FILES_COMMON*|A folder for components that are shared across applications. A typical path is `C:\Program Files\Common`.|
+|*CSIDL_RESOURCES*|The file-system directory that contains resource data. A typical path is `C:\Windows\Resources`.|
+|*CSIDL_SYSTEM*|The Windows System folder. A typical path is `C:\Windows\System32`.|
+|*CSIDL_WINDOWS*|The Windows directory or system root path. This value corresponds to the `%WINDIR%` or `%SYSTEMROOT%` environment variables. A typical path is `C:\Windows`.|
+|*DEFAULTUSERPROFILE*|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [DefaultUserProfile]`.|
+|*PROFILESFOLDER*|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList [ProfilesDirectory]`.|
+|*PROGRAMFILES*|Same as **CSIDL_PROGRAM_FILES**.|
+|*PROGRAMFILES(X86)*|Refers to the `C:\Program Files (x86)` folder on 64-bit systems.|
+|*SYSTEM*|Refers to `%WINDIR%\system32`.|
+|*SYSTEM16*|Refers to `%WINDIR%\system`.|
+|*SYSTEM32*|Refers to `%WINDIR%\system32`.|
+|*SYSTEMDRIVE*|The drive that holds the Windows folder. This value is a drive name and not a folder name (`C:` not `C:\`).|
+|*SYSTEMPROFILE*|Refers to the value in `HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18 [ProfileImagePath]`.|
+|*SYSTEMROOT*|Same as **WINDIR**.|
+|*WINDIR*|Refers to the Windows folder located on the system drive.|
 
-## <a href="" id="bkmk-2"></a>Variables that are recognized only in the user context
+## Variables that are recognized only in the user context
 
 You can use these variables in the .xml files within sections with `context=User` and `context=UserAndSystem`.
 
 |Variable|Explanation|
 |--- |--- |
-|**APPDATA**|Same as **CSIDL_APPDATA**.|
-|**CSIDL_ADMINTOOLS**|The file-system directory that is used to store administrative tools for an individual user. The Microsoft® Management Console (MMC) saves customized consoles to this directory, which roams with the user profile.|
-|**CSIDL_ALTSTARTUP**|The file-system directory that corresponds to the user's non-localized Startup program group.|
-|**CSIDL_APPDATA**|The file-system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\username\Application Data or C:\Users\username\AppData\Roaming.|
-|**CSIDL_BITBUCKET**|The virtual folder that contains the objects in the user's Recycle Bin.|
-|**CSIDL_CDBURN_AREA**|The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning.|
-|**CSIDL_CONNECTIONS**|The virtual folder representing Network Connections that contains network and dial-up connections.|
-|**CSIDL_CONTACTS**|This refers to the Contacts folder in %**CSIDL_PROFILE**%.|
-|**CSIDL_CONTROLS**|The virtual folder that contains icons for the Control Panel items.|
-|**CSIDL_COOKIES**|The file-system directory that serves as a common repository for Internet cookies. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Cookies.|
-|**CSIDL_DESKTOP**|The virtual folder representing the Windows desktop.|
-|**CSIDL_DESKTOPDIRECTORY**|The file-system directory used to physically store file objects on the desktop, which should not be confused with the desktop folder itself. A typical path is C:\Users\username\Desktop.|
-|**CSIDL_DRIVES**|The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.|
-|**CSIDL_FAVORITES**|The file-system directory that serves as a common repository for the user's favorites. A typical path is C:\Users\Username\Favorites.|
-|**CSIDL_HISTORY**|The file-system directory that serves as a common repository for Internet history items.|
-|**CSIDL_INTERNET**|A virtual folder for Internet Explorer.|
-|**CSIDL_INTERNET_CACHE**|The file-system directory that serves as a common repository for temporary Internet files. A typical path is C:\Users\username\AppData\Local\Microsoft\Windows\Temporary Internet Files|
-|**CSIDL_LOCAL_APPDATA**|The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is C:\Users\username\AppData\Local.|
-|**CSIDL_MYDOCUMENTS**|The virtual folder representing My Documents.A typical path is C:\Users\Username\Documents.|
-|**CSIDL_MYMUSIC**|The file-system directory that serves as a common repository for music files. A typical path is C:\Users\Username\Music.|
-|**CSIDL_MYPICTURES**|The file-system directory that serves as a common repository for image files. A typical path is C:\Users\Username\Pictures.|
-|**CSIDL_MYVIDEO**|The file-system directory that serves as a common repository for video files. A typical path is C:\Users\Username\Videos.|
-|**CSIDL_NETHOOD**|A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It is not the same as CSIDL_NETWORK, which represents the network namespace root. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Network Shortcuts.|
-|**CSIDL_NETWORK**|A virtual folder representing My Network Places, the root of the network namespace hierarchy.|
-|**CSIDL_PERSONAL**|The virtual folder representing the My Documents desktop item. This is equivalent to **CSIDL_MYDOCUMENTS**. <br/>A typical path is C:\Documents and Settings\username\My Documents.|
-|**CSIDL_PLAYLISTS**|The virtual folder used to store play albums, typically C:\Users\username\My Music\Playlists.|
-|**CSIDL_PRINTERS**|The virtual folder that contains installed printers.|
-|**CSIDL_PRINTHOOD**|The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Printer Shortcuts.|
-|**CSIDL_PROFILE**|The user's profile folder. A typical path is C:\Users\Username.|
-|**CSIDL_PROGRAMS**|The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs.|
-|**CSIDL_RECENT**|The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Recent.|
-|**CSIDL_SENDTO**|The file-system directory that contains **Send To** menu items. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\SendTo.|
-|**CSIDL_STARTMENU**|The file-system directory that contains **Start** menu items. A typical path in Windows XP is C:\Documents and Settings\username\Start Menu. A typical path in Windows Vista, Windows 7, or Windows 8 is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu.|
-|**CSIDL_STARTUP**|The file-system directory that corresponds to the user's Startup program group. A typical path is C:\Users\Username\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup.|
-|**CSIDL_TEMPLATES**|The file-system directory that serves as a common repository for document templates. A typical path is C:\Users\username\AppData\Roaming\Microsoft\Windows\Templates.|
-|**HOMEPATH**|Same as the standard environment variable.|
-|**TEMP**|The temporary folder on the computer. A typical path is %**USERPROFILE**%\AppData\Local\Temp.|
-|**TMP**|The temporary folder on the computer. A typical path is %**USERPROFILE**%\AppData\Local\Temp.|
-|**USERPROFILE**|Same as **CSIDL_PROFILE**.|
-|**USERSID**|Represents the current user-account security identifier (SID). For example, <br/>S-1-5-21-1714567821-1326601894-715345443-1026.|
+|*APPDATA*|Same as **CSIDL_APPDATA**.|
+|*CSIDL_ADMINTOOLS*|The file-system directory that is used to store administrative tools for an individual user. The Microsoft® Management Console (MMC) saves customized consoles to this directory, which roams with the user profile.|
+|*CSIDL_ALTSTARTUP*|The file-system directory that corresponds to the user's non-localized Startup program group.|
+|*CSIDL_APPDATA*|The file-system directory that serves as a common repository for application-specific data. A typical path is `C:\Users\<username>\AppData\Roaming`.|
+|*CSIDL_BITBUCKET*|The virtual folder that contains the objects in the user's Recycle Bin.|
+|*CSIDL_CDBURN_AREA*|The file-system directory acting as a staging area for files waiting to be written to CD. A typical path is `C:\Users\<username>\AppData\Local\Microsoft\Windows\MasteredBurning\Disc Burning`.|
+|*CSIDL_CONNECTIONS*|The virtual folder representing Network Connections that contains network and dial-up connections.|
+|*CSIDL_CONTACTS*|This value refers to the Contacts folder in **%CSIDL_PROFILE%**.|
+|*CSIDL_CONTROLS*|The virtual folder that contains icons for the Control Panel items.|
+|*CSIDL_COOKIES*|The file-system directory that serves as a common repository for Internet cookies. A typical path is `C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Cookies`.|
+|*CSIDL_DESKTOP*|The virtual folder representing the Windows desktop.|
+|*CSIDL_DESKTOPDIRECTORY*|The file-system directory used to physically store file objects on the desktop, which shouldn't be confused with the desktop folder itself. A typical path is `C:\Users\<username>\Desktop`.|
+|*CSIDL_DRIVES*|The virtual folder representing My Computer that contains everything on the local computer: storage devices, printers, and Control Panel. The folder may also contain mapped network drives.|
+|*CSIDL_FAVORITES*|The file-system directory that serves as a common repository for the user's favorites. A typical path is `C:\Users\<username>\Favorites`.|
+|*CSIDL_HISTORY*|The file-system directory that serves as a common repository for Internet history items.|
+|*CSIDL_INTERNET*|A virtual folder for Internet Explorer.|
+|*CSIDL_INTERNET_CACHE*|The file-system directory that serves as a common repository for temporary Internet files. A typical path is `C:\Users\<username>\AppData\Local\Microsoft\Windows\Temporary Internet Files`|
+|*CSIDL_LOCAL_APPDATA*|The file-system directory that serves as a data repository for local, non-roaming applications. A typical path is `C:\Users\<username>\AppData\Local`.|
+|*CSIDL_MYDOCUMENTS*|The virtual folder representing My Documents.A typical path is `C:\Users\<username>\Documents`.|
+|*CSIDL_MYMUSIC*|The file-system directory that serves as a common repository for music files. A typical path is `C:\Users\<username>\Music`.|
+|*CSIDL_MYPICTURES*|The file-system directory that serves as a common repository for image files. A typical path is `C:\Users\<username>\Pictures`.|
+|*CSIDL_MYVIDEO*|The file-system directory that serves as a common repository for video files. A typical path is `C:\Users\<username>\Videos`.|
+|*CSIDL_NETHOOD*|A file-system directory that contains the link objects that may exist in the My Network Places virtual folder. It isn't the same as *CSIDL_NETWORK*, which represents the network namespace root. A typical path is `C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Network Shortcuts`.|
+|*CSIDL_NETWORK*|A virtual folder representing My Network Places, the root of the network namespace hierarchy.|
+|*CSIDL_PERSONAL*|The virtual folder representing the My Documents desktop item. This value is equivalent to **CSIDL_MYDOCUMENTS**. A typical path is `C:\Documents and Settings\<username>\My Documents`.|
+|*CSIDL_PLAYLISTS*|The virtual folder used to store play albums, typically `C:\Users\<username>\My Music\Playlists`.|
+|*CSIDL_PRINTERS*|The virtual folder that contains installed printers.|
+|*CSIDL_PRINTHOOD*|The file-system directory that contains the link objects that can exist in the Printers virtual folder. A typical path is `C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Printer Shortcuts`.|
+|*CSIDL_PROFILE*|The user's profile folder. A typical path is `C:\Users\<username>`.|
+|*CSIDL_PROGRAMS*|The file-system directory that contains the user's program groups, which are themselves file-system directories. A typical path is `C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs`.|
+|*CSIDL_RECENT*|The file-system directory that contains shortcuts to the user's most recently used documents. A typical path is `C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Recent`.|
+|*CSIDL_SENDTO*|The file-system directory that contains **Send To** menu items. A typical path is `C:\Users\<username>\AppData\Roaming\Microsoft\Windows\SendTo`.|
+|*CSIDL_STARTMENU*|The file-system directory that contains **Start** menu items. A typical path is `C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu`.|
+|*CSIDL_STARTUP*|The file-system directory that corresponds to the user's Startup program group. A typical path is `C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup`.|
+|*CSIDL_TEMPLATES*|The file-system directory that serves as a common repository for document templates. A typical path is `C:\Users\<username>\AppData\Roaming\Microsoft\Windows\Templates`.|
+|*HOMEPATH*|Same as the standard environment variable.|
+|*TEMP*|The temporary folder on the computer. A typical path is `%USERPROFILE%\AppData\Local\Temp`.|
+|*TMP*|The temporary folder on the computer. A typical path is `%USERPROFILE%\AppData\Local\Temp`.|
+|*USERPROFILE*|Same as **CSIDL_PROFILE**.|
+|*USERSID*|Represents the current user-account security identifier (SID). For example, `S-1-5-21-1714567821-1326601894-715345443-1026`.|
 
-## Related topics
+## Related articles
 
-[USMT XML Reference](usmt-xml-reference.md)
+[USMT XML reference](usmt-xml-reference.md)
diff --git a/windows/deployment/usmt/usmt-reference.md b/windows/deployment/usmt/usmt-reference.md
index f7a3cc1d14..9c2604adf1 100644
--- a/windows/deployment/usmt/usmt-reference.md
+++ b/windows/deployment/usmt/usmt-reference.md
@@ -2,33 +2,33 @@
 title: User State Migration Toolkit (USMT) Reference (Windows 10)
 description: Use this User State Migration Toolkit (USMT) article to learn details about USMT, like operating system, hardware, and software requirements, and user prerequisites.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# User State Migration Toolkit (USMT) Reference
+# User State Migration Toolkit (USMT) reference
 
-## In This Section
+## In this section
 
 | Link | Description |
 |--- |--- |
-|[USMT Requirements](usmt-requirements.md)|Describes operating system, hardware, and software requirements, and user prerequisites.|
-|[USMT Best Practices](usmt-best-practices.md)|Discusses general and security-related best practices when using USMT.|
-|[How USMT Works](usmt-how-it-works.md)|Learn about the processes behind the ScanState and LoadState tools.|
-|[Plan Your Migration](usmt-plan-your-migration.md)|Choose what to migrate and the best migration scenario for your enterprise.|
-|[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)|Explore command-line options for the ScanState, LoadState, and UsmtUtils tools.|
-|[USMT XML Reference](usmt-xml-reference.md)|Learn about customizing a migration with XML files.|
-|[Offline Migration Reference](offline-migration-reference.md)|Find requirements, best practices, and other considerations for performing a migration offline.|
+|[USMT requirements](usmt-requirements.md)|Describes operating system, hardware, and software requirements, and user prerequisites.|
+|[USMT best practices](usmt-best-practices.md)|Discusses general and security-related best practices when using USMT.|
+|[How USMT works](usmt-how-it-works.md)|Learn about the processes behind the ScanState and LoadState tools.|
+|[Plan your migration](usmt-plan-your-migration.md)|Choose what to migrate and the best migration scenario for your enterprise.|
+|[User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md)|Explore command-line options for the ScanState, LoadState, and UsmtUtils tools.|
+|[USMT XML reference](usmt-xml-reference.md)|Learn about customizing a migration with XML files.|
+|[Offline Migration reference](offline-migration-reference.md)|Find requirements, best practices, and other considerations for performing a migration offline.|
 
-## Related topics
+## Related articles
 
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+[User State Migration Tool (USMT) overview topics](usmt-topics.md)
 
-[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
+[User State Migration Tool (USMT) how-to topics](usmt-how-to.md)
 
-[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
+[User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md)
diff --git a/windows/deployment/usmt/usmt-requirements.md b/windows/deployment/usmt/usmt-requirements.md
index d0cc3d2e50..d0f86bfc08 100644
--- a/windows/deployment/usmt/usmt-requirements.md
+++ b/windows/deployment/usmt/usmt-requirements.md
@@ -2,101 +2,93 @@
 title: USMT Requirements (Windows 10)
 description: While the User State Migration Tool (USMT) doesn't have many requirements, these tips and tricks can help smooth the migration process.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 05/03/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# USMT Requirements
+# USMT requirements
 
-## In This Topic
+## Supported operating systems
 
--   [Supported Operating Systems](#bkmk-1)
--   [Windows PE](#windows-pe)
--   [Credentials](#credentials)
--   [Config.xml](#configxml)
--   [LoadState](#loadstate)
--   [Hard Disk Requirements](#bkmk-3)
--   [User Prerequisites](#bkmk-userprereqs)
-
-## <a href="" id="bkmk-1"></a>Supported Operating Systems
-
-The User State Migration Tool (USMT) 10.0 does not have any explicit RAM or CPU speed requirements for either the source or destination computers. If your computer complies with the system requirements of the operating system, it also complies with the requirements for USMT. You need an intermediate store location large enough to hold all of the migrated data and settings, and the same amount of hard disk space on the destination computer for the migrated files and settings.
+The User State Migration Tool (USMT) 10.0 doesn't have any explicit RAM or CPU speed requirements for either the source or destination computers. If your computer complies with the system requirements of the operating system, it also complies with the requirements for USMT. You need an intermediate store location large enough to hold all of the migrated data and settings, and the same amount of hard disk space on the destination computer for the migrated files and settings.
 
 The following table lists the operating systems supported in USMT.
 
-|Operating Systems|ScanState (source computer)|LoadState (destination computer)|
+|Operating Systems|ScanState (source computer)|LoadState (destination computer)|
 |--- |--- |--- |
-|32-bit versions of Windows 7|✔️|✔️|
-|64-bit versions of Windows 7|✔️|✔️|
-|32-bit versions of Windows 8|✔️|✔️|
-|64-bit versions of Windows 8|✔️|✔️|
-|32-bit versions of Windows 10|✔️|✔️|
-|64-bit versions of Windows 10|✔️|✔️|
+|32-bit versions of Windows 7|✔️|✔️|
+|64-bit versions of Windows 7|✔️|✔️|
+|32-bit versions of Windows 8|✔️|✔️|
+|64-bit versions of Windows 8|✔️|✔️|
+|32-bit versions of Windows 10|✔️|✔️|
+|64-bit versions of Windows 10|✔️|✔️|
 
 > [!NOTE]
 > You can migrate a 32-bit operating system to a 64-bit operating system. However, you cannot migrate a 64-bit operating system to a 32-bit operating system.
 
-USMT does not support any of the Windows Server® operating systems, Windows 2000, Windows XP, or any of the starter editions for Windows Vista or Windows 7.
+## Unsupported scenarios
 
-USMT for Windows 10 should not be used for migrating from Windows 7 to Windows 8.1. It is meant to migrate to Windows 10.
-For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User’s Guide](/previous-versions/windows/server/dd560801(v=ws.10)).
+- USMT doesn't support any of the Windows Server® operating systems.
+- USMT for Windows 10 shouldn't be used for migrating between previous versions of Windows. USMT for Windows 10 is only meant to migrate to Windows 10 or between Windows 10 versions. For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) overview](/previous-versions/windows/hh825227(v=win.10)).
 
 ## Windows PE
 
-- **Must use latest version of Windows PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](/windows-hardware/manufacture/desktop/whats-new-in-windows-pe-s14).
+- **Must use latest version of Windows PE.** For example, to migrate to Windows 10, you'll need Windows PE 5.1. For more info, see [What's New in Windows PE](/windows-hardware/manufacture/desktop/whats-new-in-windows-pe-s14).
 
 ## Credentials
 
 - **Run as administrator**
-    When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8, or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you do not run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration.
+    When manually running the **ScanState** and **LoadState** tools on Windows 7, Windows 8, or Windows 10 you must run them from an elevated command prompt to ensure that all specified users are migrated. If you don't run USMT from an elevated prompt, only the user profile that is logged on will be included in the migration.
 
 To open an elevated command prompt:
 
-1. Click **Start**.
-2. Enter **cmd** in the search function.
-3. Depending on the OS you are using, **cmd** or **Command Prompt** is displayed.
-3. Right-click **cmd** or **Command Prompt**, and then click **Run as administrator**.
-4. If the current user is not already an administrator, you will be prompted to enter administrator credentials.
+1. Select **Start**.
+2. Enter `cmd` in the search function.
+3. Depending on the OS you're using, **cmd** or **Command Prompt** is displayed.
+4. Right-click **cmd** or **Command Prompt**, and then select **Run as administrator**.
+5. If the current user isn't already an administrator, you'll be prompted to enter administrator credentials.
 
 > [!IMPORTANT]
 > You must run USMT using an account with full administrative permissions, including the following privileges:
-
-- SeBackupPrivilege (Back up files and directories)
-- SeDebugPrivilege (Debug programs)
-- SeRestorePrivilege (Restore files and directories)
-- SeSecurityPrivilege (Manage auditing and security log)
-- SeTakeOwnership Privilege (Take ownership of files or other objects)
+>
+> - SeBackupPrivilege (Back up files and directories)
+> - SeDebugPrivilege (Debug programs)
+> - SeRestorePrivilege (Restore files and directories)
+> - SeSecurityPrivilege (Manage auditing and security log)
+> - SeTakeOwnership Privilege (Take ownership of files or other objects)
 
 ## Config.xml
 
--  **Specify the /c option and &lt;ErrorControl&gt; settings in the Config.xml file.**<BR>
-    USMT will fail if it cannot migrate a file or setting, unless you specify the **/c** option. When you specify the **/c** option, USMT logs an error each time it encounters a file that is in use that did not migrate, but the migration will not be interrupted. In USMT, you can specify in the Config.xml file, which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **&lt;ErrorControl&gt;** element, see [Config.xml File](usmt-configxml-file.md), [Log Files](usmt-log-files.md), and [XML Elements Library](usmt-xml-elements-library.md).
+### Specify the `/c` option and &lt;ErrorControl&gt; settings in the `Config.xml` file
+
+USMT will fail if it can't migrate a file or setting, unless you specify the `/c` option. When you specify the `/c` option, USMT logs an error each time it encounters a file that is in use that didn't migrate, but the migration won't be interrupted. In USMT, you can specify in the `Config.xml` file, which types of errors should allow the migration to continue, and which should cause the migration to fail. For more information about error reporting, and the **&lt;ErrorControl&gt;** element, see [Config.xml file](usmt-configxml-file.md#errorcontrol), [Log files](usmt-log-files.md), and [XML elements library](usmt-xml-elements-library.md).
 
 ## LoadState
 
--  **Install applications before running the LoadState command.**<BR>
-    Install all applications on the destination computer before restoring the user state. This ensures that migrated settings are preserved.
+### Install applications before running the LoadState command
 
-## <a href="" id="bkmk-3"></a>Hard-Disk Requirements
+Install all applications on the destination computer before restoring the user state. Installing applications before running the `LoadState.exe` command ensures that migrated settings are preserved.
 
-Ensure that there is enough available space in the migration-store location and on the source and destination computers. For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).
+## Hard-disk requirements
 
-## <a href="" id="bkmk-userprereqs"></a>User Prerequisites
+Ensure that there's enough available space in the migration-store location and on the source and destination computers. For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).
 
-This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following:
+## User prerequisites
 
--   The navigation and hierarchy of the Windows registry.
--   The files and file types that applications use.
--   The methods to extract application and setting information manually from applications created by internal software-development groups and non-Microsoft software vendors.
--   XML-authoring basics.
+This documentation assumes that IT professionals using USMT understand command-line tools. The documentation also assumes that IT professionals using USMT to author MigXML rules understand the following concepts:
 
-## Related topics
+- The navigation and hierarchy of the Windows registry.
+- The files and file types that applications use.
+- The methods to extract application and setting information manually from applications created by internal software-development groups and non-Microsoft software publishers.
+- XML-authoring basics.
 
-[Plan Your Migration](usmt-plan-your-migration.md)<BR>
-[Estimate Migration Store Size](usmt-estimate-migration-store-size.md)<BR>
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)<BR>
+## Related articles
+
+- [Plan your migration](usmt-plan-your-migration.md)
+- [Estimate migration store size](usmt-estimate-migration-store-size.md)
+- [User State Migration Tool (USMT) overview topics](usmt-topics.md)
diff --git a/windows/deployment/usmt/usmt-reroute-files-and-settings.md b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
index c059c077b9..ba1aa306c6 100644
--- a/windows/deployment/usmt/usmt-reroute-files-and-settings.md
+++ b/windows/deployment/usmt/usmt-reroute-files-and-settings.md
@@ -1,62 +1,51 @@
 ---
 title: Reroute Files and Settings (Windows 10)
-description: Learn how to create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines to reroute files and settings.
+description: Learn how to create a custom .xml file and specify this file name on both the ScanState and LoadState command lines to reroute files and settings.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # Reroute Files and Settings
 
+To reroute files and settings, create a custom .xml file and specify the .xml file name on both the `ScanState.exe` and `LoadState.exe` command-lines. Th custom .xml file enables you to keep your changes separate from the default .xml files, so that it's easier to track your modifications.
 
-To reroute files and settings, create a custom .xml file and specify this file name on both the ScanState and LoadState commandlines. This enables you to keep your changes separate from the default .xml files, so that it is easier to track your modifications.
+## Reroute a folder
 
-In this topic:
-
--   [Reroute a Folder](#bkmk-reroutefolder)
-
--   [Reroute a Specific File Type](#bkmk-reroutespecfiletype)
-
--   [Reroute a Specific File](#bkmk-reroutespecificfile)
-
-## <a href="" id="bkmk-reroutefolder"></a>Reroute a Folder
-
-
-The following custom .xml file migrates the directories and files from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS.
+The following custom .xml file migrates the directories and files from `C:\EngineeringDrafts` into the **My Documents** folder of every user. **%CSIDL_PERSONAL%** is the virtual folder representing the **My Documents** desktop item, which is equivalent to **CSIDL_MYDOCUMENTS**.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
 <component type="Documents" context="User">
   <displayName>Engineering Drafts Documents to Personal Folder</displayName>
   <role role="Data">
-    <rules>
+    <rules>
       <!-- Migrate all directories and files present in c:\EngineeringDrafts folder -->
       <include>
         <objectSet>
           <pattern type="File">C:\EngineeringDrafts\* [*]</pattern>
         </objectSet>
-      </include>
-      <!-- This migrates all files and directories from C:\EngineeringDrafts to every user’s personal folder.-->
+      </include>
+      <!-- This migrates all files and directories from C:\EngineeringDrafts to every user's personal folder.-->
       <locationModify script="MigXmlHelper.RelativeMove('C:\EngineeringDrafts','%CSIDL_PERSONAL%')">
         <objectSet>
           <pattern type="File">C:\EngineeringDrafts\* [*]</pattern>
         </objectSet>
-      </locationModify>
-    </rules>
+      </locationModify>
+    </rules>
   </role>
 </component>
 </migration>
 ```
 
-## <a href="" id="bkmk-reroutespecfiletype"></a>Reroute a Specific File Type
+## Reroute a specific file type
 
-
-The following custom .xml file reroutes .mp3 files located in the fixed drives on the source computer into the C:\\Music folder on the destination computer.
+The following custom .xml file reroutes .mp3 files located in the fixed drives on the source computer into the `C:\Music` folder on the destination computer.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
@@ -81,10 +70,9 @@ The following custom .xml file reroutes .mp3 files located in the fixed drives o
 </migration> 
 ```
 
-## <a href="" id="bkmk-reroutespecificfile"></a>Reroute a Specific File
+## Reroute a specific file
 
-
-The following custom .xml file migrates the Sample.doc file from C:\\EngineeringDrafts into the My Documents folder of every user. %CSIDL\_PERSONAL% is the virtual folder representing the My Documents desktop item, which is equivalent to CSIDL\_MYDOCUMENTS.
+The following custom .xml file migrates the `Sample.doc` file from `C:\EngineeringDrafts` into the **My Documents** folder of every user. **%CSIDL_PERSONAL%** is the virtual folder representing the **My Documents** desktop item, which is equivalent to **CSIDL_MYDOCUMENTS**.
 
 ``` xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/test">
@@ -108,20 +96,10 @@ The following custom .xml file migrates the Sample.doc file from C:\\Engineering
 </migration>
 ```
 
-## Related topics
-
-
-[Customize USMT XML Files](usmt-customize-xml-files.md)
-
-[Conflicts and Precedence](usmt-conflicts-and-precedence.md)
-
-[USMT XML Reference](usmt-xml-reference.md)
-
- 
-
- 
-
-
+## Related articles
 
+[Customize USMT XML files](usmt-customize-xml-files.md)
 
+[Conflicts and precedence](usmt-conflicts-and-precedence.md)
 
+[USMT XML reference](usmt-xml-reference.md)
diff --git a/windows/deployment/usmt/usmt-resources.md b/windows/deployment/usmt/usmt-resources.md
index 4ce47e1590..ac1cc27168 100644
--- a/windows/deployment/usmt/usmt-resources.md
+++ b/windows/deployment/usmt/usmt-resources.md
@@ -2,42 +2,35 @@
 title: USMT Resources (Windows 10)
 description: Learn about User State Migration Tool (USMT) online resources, including Microsoft Visual Studio and forums.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# USMT Resources
+# USMT resources
 
+## USMT online resources
 
-## USMT Online Resources
+- [ADK Release Notes](/windows-hardware/get-started/what-s-new-in-kits-and-tools)
 
+- Microsoft Visual Studio
 
--   [ADK Release Notes](/windows-hardware/get-started/what-s-new-in-kits-and-tools)
+  - You can use the User State Migration Tool (USMT) XML schema (the `MigXML.xsd` file) to validate the migration .xml files using an XML authoring tool such as Microsoft® Visual Studio®.
+  
+    For more information about how to use the schema with your XML authoring environment, see the environment's documentation.
 
--   Microsoft Visual Studio
+- [Ask the Directory Services Team blog](https://techcommunity.microsoft.com/t5/ask-the-directory-services-team/bg-p/AskDS)
 
-    -   You can use the User State Migration Tool (USMT) XML schema (the MigXML.xsd file) to validate the migration .xml files using an XML authoring tool such as Microsoft® Visual Studio®.
+- Forums:
 
-        For more information about how to use the schema with your XML authoring environment, see the environment’s documentation.
+  - [Microsoft Deployment Toolkit forum](/answers/topics/mem-mdt.html)
 
--   [Ask the Directory Services Team blog](/archive/blogs/askds/)
+  - [Configuration Manager Operating System Deployment forum](/answers/topics/mem-cm-osd.html)
 
--   Forums:
+## Related articles
 
-    -   [Microsoft Deployment Toolkit](https://go.microsoft.com/fwlink/p/?LinkId=226386)
-
-    -   [Configuration Manager Operating System Deployment](https://go.microsoft.com/fwlink/p/?LinkId=226388)
-
-## Related topics
-
-
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
-
- 
-
- 
+[User State Migration Tool (USMT) overview topics](usmt-topics.md)
diff --git a/windows/deployment/usmt/usmt-return-codes.md b/windows/deployment/usmt/usmt-return-codes.md
index 551ed21158..c2fbd59cd6 100644
--- a/windows/deployment/usmt/usmt-return-codes.md
+++ b/windows/deployment/usmt/usmt-return-codes.md
@@ -1,275 +1,339 @@
 ---
 title: Return Codes (Windows 10)
-description: Learn about User State Migration Tool (USMT) 10.0 return codes and error messages. Also view a list of USMT return codes and their associated migration steps.
+description: Learn about User State Migration Tool (USMT) 10.0 return codes and error messages. Also view a list of USMT return codes and their associated migration steps.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Return Codes
+# Return codes
 
-This topic describes User State Migration Tool (USMT) 10.0 return codes and error messages. Also included is a table listing the USMT return codes with their associated mitigation steps. In addition, this topic provides tips to help you use the logfiles to determine why you received an error.
+This article describes User State Migration Tool (USMT) 10.0 return codes and error messages. Also included is a table listing the USMT return codes with their associated mitigation steps. In addition, this article provides tips to help you use the logfiles to determine why you received an error.
 
 Understanding the requirements for running USMT can help minimize errors in your USMT migrations. For more information, see [USMT Requirements](usmt-requirements.md).
 
-## In This Topic
-
-[USMT Return Codes](#bkmk-returncodes)
-
-[USMT Error Messages](#bkmk-errormessages)
-
-[Troubleshooting Return Codes and Error Messages](#bkmk-tscodeserrors)
-
-## <a href="" id="bkmk-returncodes"></a>USMT Return Codes
+## USMT return codes
 
 If you encounter an error in your USMT migration, you can use return codes and the more specific information provided in the associated USMT error messages to troubleshoot the issue and to identify mitigation steps.
 
 Return codes are grouped into the following broad categories that describe their area of error reporting:
 
-Success or User Cancel
+- Success or User Cancel
 
-Invalid Command Lines
+- Invalid Command Lines
 
-Setup and Initialization
+- Setup and Initialization
 
-Non-fatal Errors
+- Non-fatal Errors
 
-Fatal Errors
+- Fatal Errors
 
-As a best practice, we recommend that you set verbosity level to 5, **/v**<em>:5</em>, on the **ScanState**, **LoadState**, and **USMTUtils** command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger.
+As a best practice, we recommend that you set verbosity level to 5, `v:5`, on the `ScanState.exe`, `LoadState.exe`, and `UsmtUtils.exe` command lines so that the most detailed reporting is available in the respective USMT logs. You can use a higher verbosity level if you want the log files output to go to a debugger.
 
-## <a href="" id="bkmk-errormessages"></a>USMT Error Messages
+## USMT error messages
 
-Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **USMTUtils** tool might return a code of "11” (for “USMT\_INVALID\_PARAMETERS") and a related error message that reads "/key and /keyfile both specified". The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **USMTUtils** log files to help you determine why the return code was received.
+Error messages provide more detailed information about the migration problem than the associated return code. For example, the **ScanState**, **LoadState**, or **UsmtUtils** tool might return a code of **11** (for **USMT_INVALID_PARAMETERS**) and a related error message that reads **/key and /keyfile both specified**. The error message is displayed at the command prompt and is identified in the **ScanState**, **LoadState**, or **UsmtUtils** log files to help you determine why the return code was received.
 
-You can obtain more information about any listed Windows application programming interface (API) system error codes by typing **net helpmsg** on the command line and, then typing the error code number. For more information about System Error Codes, see [this Microsoft Web site](/windows/win32/debug/system-error-codes--0-499-).
+You can obtain more information about any listed **Windows** system error codes by typing in a command prompt window `net.exe helpmsg <error_number>`  where *<error_number>* is the error code number generated by the error message. For more information about System Error Codes, see [System Error Codes (0-499)](/windows/win32/debug/system-error-codes--0-499-).
 
-## <a href="" id="bkmk-tscodeserrors"></a>Troubleshooting Return Codes and Error Messages
+## Troubleshooting return codes and error messages
 
 The following information lists each return code by numeric value, along with the associated error messages and suggested troubleshooting actions.
 
-- **0: USMT_SUCCESS**
-  - **Error message**: Successful run
+### 0: USMT_SUCCESS
 
-- **1: USMT_DISPLAY_HELP**
-  - **Error message**: Command line help requested
+- **Category**: Success or User Cancel
 
-- **2: USMT_STATUS_CANCELED**
-  - **Error message**: 
-    - Gather was aborted because of an EFS file
-    - User chose to cancel (such as pressing CTRL+C)
-
-- **3: USMT_WOULD_HAVE_FAILED**
-  - **Error message**: At least one error was skipped as a result of /c.
-  - **Troubleshooting, mitigation, workarounds**: Review ScanState, LoadState, or UsmtUtils log for details about command-line errors.
-
-- **11: USMT_INVALID_PARAMETERS**
-
-  | Error message | Troubleshooting, mitigation, workarounds |
+| Error message | Troubleshooting, mitigation, workarounds |
   | --- |  --- |
-  | /all conflicts with /ui, /ue or /uel | Review ScanState log or LoadState log for details about command-line errors. |
-  | /auto expects an optional parameter for the script folder | Review ScanState log or LoadState log for details about command-line errors. |
-  | /encrypt can't be used with /nocompress | Review ScanState log or LoadState log for details about command-line errors. |
-  | /encrypt requires /key or /keyfile | Review ScanState log or LoadState log for details about command-line errors. |
-  | /genconfig can't be used with most other options | Review ScanState log or LoadState log for details about command-line errors. |
-  | /genmigxml can't be used with most other options | Review ScanState log or LoadState log for details about command-line errors. |
-  | /hardlink requires /nocompress | Review ScanState log or LoadState log for details about command-line errors. |
-  | /key and /keyfile both specified | Review ScanState log or LoadState log for details about command-line errors. |
-  | /key or /keyfile used without enabling encryption | Review ScanState log or LoadState log for details about command-line errors. |
-  | /lae is only used with /lac | Review ScanState log or LoadState log for details about command-line errors. |
-  | /listfiles cannot be used with /p | Review ScanState log or LoadState log for details about command-line errors. |
-  | /offline requires a valid path to an XML file describing offline paths | Review ScanState log or LoadState log for details about command-line errors. |
-  | /offlinewindir requires a valid path to offline windows folder | Review ScanState log or LoadState log for details about command-line errors. |
-  | /offlinewinold requires a valid path to offline windows folder | Review ScanState log or LoadState log for details about command-line errors. |
-  | A command was already specified | Verify that the command-line syntax is correct and that there are no duplicate commands. |
-  | An option argument is missing | Review ScanState log or LoadState log for details about command-line errors. |
-  | An option is specified more than once and is ambiguous | Review ScanState log or LoadState log for details about command-line errors. |
-  | By default /auto selects all users and uses the highest log verbosity level. Switches like /all, /ui, /ue, /v are not allowed. | Review ScanState log or LoadState log for details about command-line errors. |
-  | Command line arguments are required. Specify /? for options. | Review ScanState log or LoadState log for details about command-line errors. |
-  | Command line option is not valid | Review ScanState log or LoadState log for details about command-line errors. |
-  | EFS parameter specified is not valid for /efs | Review ScanState log or LoadState log for details about command-line errors. |
-  | File argument is invalid for /genconfig | Review ScanState log or LoadState log for details about command-line errors. |
-  | File argument is invalid for /genmigxml | Review ScanState log or LoadState log for details about command-line errors. |
-  | Invalid space estimate path. Check the parameters and/or file system permissions | Review ScanState log or LoadState log for details about command-line errors. |
-  | List file path argument is invalid for /listfiles | Review ScanState log or LoadState log for details about command-line errors. |
-  | Retry argument must be an integer | Review ScanState log or LoadState log for details about command-line errors. |
-  | Settings store argument specified is invalid | Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set. |
-  | Specified encryption algorithm is not supported | Review ScanState log or LoadState log for details about command-line errors. |
-  | The /efs:hardlink requires /hardlink | Review ScanState log or LoadState log for details about command-line errors. |
-  | The /targetWindows7 option is only available for Windows XP, Windows Vista, and Windows 7 | Review ScanState log or LoadState log for details about command-line errors. |
-  | The store parameter is required but not specified | Review ScanState log or LoadState log for details about command-line errors. |
-  | The source-to-target domain mapping is invalid for /md | Review ScanState log or LoadState log for details about command-line errors. |
-  | The source-to-target user account mapping is invalid for /mu | Review ScanState log or LoadState log for details about command-line errors. |
-  | Undefined or incomplete command line option | Review ScanState log or LoadState log for details about command-line errors. <br/><br/>Category: Invalid Command Lines|
-  | Use /nocompress, or provide an XML file path with /p"pathtoafile" to get a compressed store size estimate | Review ScanState log or LoadState log for details about command-line errors. |
-  | User exclusion argument is invalid | Review ScanState log or LoadState log for details about command-line errors. |
-  | Verbosity level must be specified as a sum of the desired log options: Verbose (0x01), Record Objects (0x04), Echo to debug port (0x08) | Review ScanState log or LoadState log for details about command-line errors. |
-  | Volume shadow copy feature is not supported with a hardlink store | Review ScanState log or LoadState log for details about command-line errors. |
-  | Wait delay argument must be an integer | Review ScanState log or LoadState log for details about command-line errors. |
+  | **Successful run** | NA |
 
-- **12: USMT_ERROR_OPTION_PARAM_TOO_LARGE**
+### 1: USMT_DISPLAY_HELP
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | Command line arguments cannot exceed 256 characters | Review ScanState log or LoadState log for details about command-line errors.<br/><br/>Category: Invalid Command Lines |
-  | Specified settings store path exceeds the maximum allowed length of 256 characters | Review ScanState log or LoadState log for details about command-line errors. |
+- **Category**: Success or User Cancel
 
-- **13: USMT_INIT_LOGFILE_FAILED**
-  - **Error message**: Log path argument is invalid for /l
-  - **Troubleshooting, mitigation, workarounds**: When /l is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct.
-  - **Category**: Invalid Command Lines
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Command line help requested** | NA |
 
-- **14: USMT_ERROR_USE_LAC**
-  - **Error message**: Unable to create a local account because /lac was not specified
-  - **Troubleshooting, mitigation, workarounds**: When creating local accounts, the command-line options /lac and /lae should be used.
-  - **Category**: Invalid Command Lines
+### 2: USMT_STATUS_CANCELED
 
-- **26: USMT_INIT_ERROR**
+- **Category**: Success or User Cancel
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | Multiple Windows installations found | Listfiles.txt could not be created. Verify that the location you specified for the creation of this file is valid. <br/><br/>Category: Setup and Initialization |
-  | Software malfunction or unknown exception | Check all loaded .xml files for errors, common error when using /I to load the Config.xml file. |
-  | Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries | Verify that the offline input file is present and that it has valid entries. USMT could not find valid offline operating system. Verify your offline directory mapping. |
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Gather was aborted because of an EFS file** | NA |
+| **User chose to cancel (such as pressing CTRL+C)** | NA |
 
-- **27: USMT_INVALID_STORE_LOCATION**
+### 3: USMT_WOULD_HAVE_FAILED
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | A store path can't be used because an existing store exists; specify /o to overwrite | Specify /o to overwrite an existing intermediate or migration store. <br/><br/>Category: Setup and Initialization |
-  | A store path is missing or has incomplete data | Make sure that the store path is accessible and that the proper permission levels are set. |
-  | An error occurred during store creation | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. |
-  | An inappropriate device such as a floppy disk was specified for the store | Make sure that the store path is accessible and that the proper permission levels are set. |
-  | Invalid store path; check the store parameter and/or file system permissions | Invalid store path; check the store parameter and/or file system permissions. |
-  | The file layout and/or file content is not recognized as a valid store | Make sure that the store path is accessible and that the proper permission levels are set. Specify /o to overwrite an existing intermediate or migration store. |
-  | The store path holds a store incompatible with the current USMT version | Make sure that the store path is accessible and that the proper permission levels are set. |
-  | The store save location is read-only or does not support a requested storage option | Make sure that the store path is accessible and that the proper permission levels are set. |
+- **Category**:
 
-- **28: USMT_UNABLE_GET_SCRIPTFILES**
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **At least one error was skipped as a result of /c.** | Review ScanState, LoadState, or UsmtUtils log for details about command-line errors. |
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | Script file is invalid for /i | Check all specified migration .xml files for errors. This is a common error when using /i to load the Config.xml file. <br/><br/>Category: Setup and Initialization |
-  | Unable to find a script file specified by /i | Verify the location of your script files, and ensure that the command-line options are correct. |
+### 11: USMT_INVALID_PARAMETERS
 
-- **29: USMT_FAILED_MIGSTARTUP**
+- **Category**: Invalid Command Lines
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | A minimum of 250 MB of free space is required for temporary files | Verify that the system meets the minimum temporary disk space requirement of 250 MB. As a workaround, you can set the environment variable `USMT_WORKING_DIR=<path>` to redirect the temporary files working directory. <br/><br/>Category: Setup and Initialization |
-  | Another process is preventing migration; only one migration tool can run at a time | Check the ScanState log file for migration .xml file errors. |
-  | Failed to start main processing, look in log for system errors or check the installation | Check the ScanState log file for migration .xml file errors. |
-  | Migration failed because of an XML error; look in the log for specific details | Check the ScanState log file for migration .xml file errors. |
-  | Unable to automatically map the drive letters to match the online drive letter layout; Use /offline to provide a mapping table | Check the ScanState log file for migration .xml file errors. |
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **/all conflicts with /ui, /ue or /uel** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/auto expects an optional parameter for the script folder** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/encrypt can't be used with /nocompress** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/encrypt requires /key or /keyfile** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/genconfig can't be used with most other options** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/genmigxml can't be used with most other options** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/hardlink requires /nocompress** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/key and /keyfile both specified** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/key or /keyfile used without enabling encryption** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/lae is only used with /lac** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/listfiles cannot be used with /p** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/offline requires a valid path to an XML file describing offline paths** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/offlinewindir requires a valid path to offline windows folder** | Review ScanState log or LoadState log for details about command-line errors. |
+| **/offlinewinold requires a valid path to offline windows folder** | Review ScanState log or LoadState log for details about command-line errors. |
+| **A command was already specified** | Verify that the command-line syntax is correct and that there are no duplicate commands. |
+| **An option argument is missing** | Review ScanState log or LoadState log for details about command-line errors. |
+| **An option is specified more than once and is ambiguous** | Review ScanState log or LoadState log for details about command-line errors. |
+| **By default /auto selects all users and uses the highest log verbosity level. Switches like /all, /ui, /ue, /v are not allowed.** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Command line arguments are required. Specify /? for options.** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Command line option is not valid** | Review ScanState log or LoadState log for details about command-line errors. |
+| **EFS parameter specified is not valid for /efs** | Review ScanState log or LoadState log for details about command-line errors. |
+| **File argument is invalid for /genconfig** | Review ScanState log or LoadState log for details about command-line errors. |
+| **File argument is invalid for /genmigxml** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Invalid space estimate path. Check the parameters and/or file system permissions** | Review ScanState log or LoadState log for details about command-line errors. |
+| **List file path argument is invalid for /listfiles** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Retry argument must be an integer** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Settings store argument specified is invalid** | Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set. |
+| **Specified encryption algorithm is not supported** | Review ScanState log or LoadState log for details about command-line errors. |
+| **The /efs:hardlink requires /hardlink** | Review ScanState log or LoadState log for details about command-line errors. |
+| **The /targetWindows7 option is only available for Windows XP, Windows Vista, and Windows 7** | Review ScanState log or LoadState log for details about command-line errors. |
+| **The store parameter is required but not specified** | Review ScanState log or LoadState log for details about command-line errors. |
+| **The source-to-target domain mapping is invalid for /md** | Review ScanState log or LoadState log for details about command-line errors. |
+| **The source-to-target user account mapping is invalid for /mu** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Undefined or incomplete command line option** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Use /nocompress, or provide an XML file path with /p"pathtoafile" to get a compressed store size estimate** | Review ScanState log or LoadState log for details about command-line errors. |
+| **User exclusion argument is invalid** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Verbosity level must be specified as a sum of the desired log options: Verbose (0x01), Record Objects (0x04), Echo to debug port (0x08)** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Volume shadow copy feature is not supported with a hardlink store** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Wait delay argument must be an integer** | Review ScanState log or LoadState log for details about command-line errors. |
 
-- **31: USMT_UNABLE_FINDMIGUNITS**
+### 12: USMT_ERROR_OPTION_PARAM_TOO_LARGE
 
-  - **Error message**: An error occurred during the discover phase; the log should have more specific information
-  - **Troubleshooting, mitigation, workarounds**: Check the ScanState log file for migration .xml file errors.
-  - **Category**: Setup and Initialization
+- **Category**: Invalid Command Lines
 
-- **32: USMT_FAILED_SETMIGRATIONTYPE**
-  - **Error message**: An error occurred processing the migration system
-  - **Troubleshooting, mitigation, workarounds**: Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line.
-  - **Category**: Setup and Initialization
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Command line arguments cannot exceed 256 characters** | Review ScanState log or LoadState log for details about command-line errors. |
+| **Specified settings store path exceeds the maximum allowed length of 256 characters** | Review ScanState log or LoadState log for details about command-line errors. |
 
-- **33: USMT_UNABLE_READKEY**
+### 13: USMT_INIT_LOGFILE_FAILED
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | Error accessing the file specified by the /keyfile parameter | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. <br/><br/>Category: Setup and Initialization |
-  | The encryption key must have at least one character | Check the ScanState log file for migration .xml file errors, or use online Help by typing /? on the command line. |
+- **Category**: Invalid Command Lines
 
-- **34: USMT_ERROR_INSUFFICIENT_RIGHTS**
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Log path argument is invalid for /l** | When `/l` is specified in the ScanState command line, USMT validates the path. Verify that the drive and other information, for example file system characters, are correct. |
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | Directory removal requires elevated privileges | Log on as Administrator, and run with elevated privileges. <br/><br/>Category: Setup and Initialization |
-  | No rights to create user profiles; log in as Administrator; run with elevated privileges | Log on as Administrator, and run with elevated privileges. |
-  | No rights to read or delete user profiles; log in as Administrator, run with elevated privileges | Log on as Administrator, and run with elevated privileges. |
+### 14: USMT_ERROR_USE_LAC
 
-- **35: USMT_UNABLE_DELETE_STORE**
+- **Category**: Invalid Command Lines
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | A reboot is required to remove the store | Reboot to delete any files that could not be deleted when the command was executed. <br/><br/>Category: Setup and Initialization |
-  | A store path can't be used because it contains data that could not be overwritten | A migration store could not be deleted. If you are using a hardlink migration store you might have a locked file in it. You should manually delete the store, or use **USMTUtils /rd** command to delete the store. |
-  | There was an error removing the store | Review ScanState log or LoadState log for details about command-line errors. |
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Unable to create a local account because /lac was not specified** | When creating local accounts, the command-line options `/lac` and `/lae` should be used. |
 
-- **36: USMT_ERROR_UNSUPPORTED_PLATFORM**
+### 26: USMT_INIT_ERROR
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | Compliance check failure; please check the logs for details | Investigate whether there is an active temporary profile on the system. <br/><br/>Category: Setup and Initialization |
-  | Use of /offline is not supported during apply | The **/offline** command was not used while running in the Windows Preinstallation Environment (WinPE). |
-  | Use /offline to run gather on this platform | The **/offline** command was not used while running in WinPE. |
+- **Category**: Setup and Initialization
 
-- **37: USMT_ERROR_NO_INVALID_KEY**
-  - **Error message**: The store holds encrypted data but the correct encryption key was not provided
-  - **Troubleshooting, mitigation, workarounds**: Verify that you have included the correct encryption /key or /keyfile.
-  - **Category**: Setup and Initialization
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Multiple Windows installations found** | Listfiles.txt couldn't be created. Verify that the location you specified for the creation of this file is valid. |
+| **Software malfunction or unknown exception** | Check all loaded .xml files for errors, common error when using `/i` to load the `Config.xml` file. |
+| **Unable to find a valid Windows directory to proceed with requested offline operation; Check if offline input file is present and has valid entries** | Verify that the offline input file is present and that it has valid entries. USMT couldn't find valid offline operating system. Verify your offline directory mapping. |
 
-- **38: USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE**
-  - **Error message**: An error occurred during store access
-  - **Troubleshooting, mitigation, workarounds**: Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set.
-  - **Category**: Setup and Initialization
+### 27: USMT_INVALID_STORE_LOCATION
 
-- **39: USMT_UNABLE_TO_READ_CONFIG_FILE**
+- **Category**: Setup and Initialization
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | Error reading Config.xml | Review ScanState log or LoadState log for details about command-line errors in the Config.xml file. <br/><br/>Category: Setup and Initialization |
-  | File argument is invalid for /config | Check the command line you used to load the Config.xml file. You can use online Help by typing /? on the command line. |
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **A store path can't be used because an existing store exists; specify /o to overwrite** | Specify `/o` to overwrite an existing intermediate or migration store. |
+| **A store path is missing or has incomplete data** | Make sure that the store path is accessible and that the proper permission levels are set. |
+| **An error occurred during store creation** | Make sure that the store path is accessible and that the proper permission levels are set. Specify `/o` to overwrite an existing intermediate or migration store. |
+| **An inappropriate device such as a floppy disk was specified for the store** | Make sure that the store path is accessible and that the proper permission levels are set. |
+| **Invalid store path; check the store parameter and/or file system permissions** | Invalid store path; check the store parameter and/or file system permissions. |
+| **The file layout and/or file content is not recognized as a valid store** | Make sure that the store path is accessible and that the proper permission levels are set. Specify `/o` to overwrite an existing intermediate or migration store. |
+| **The store path holds a store incompatible with the current USMT version** | Make sure that the store path is accessible and that the proper permission levels are set. |
+| **The store save location is read-only or does not support a requested storage option** | Make sure that the store path is accessible and that the proper permission levels are set. |
 
-- **40: USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG**
+### 28: USMT_UNABLE_GET_SCRIPTFILES
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | Error writing to the progress log | The Progress log could not be created. Verify that the location is valid and that you have write access. <br/><br/>Category: Setup and Initialization |
-  | Progress log argument is invalid for /progress | The Progress log could not be created. Verify that the location is valid and that you have write access. |
+- **Category**: Setup and Initialization
 
-- **41: USMT_PREFLIGHT_FILE_CREATION_FAILED**
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Script file is invalid for /i** | Check all specified migration .xml files for errors. This error is common when using `/i` to load the `Config.xml` file. |
+| **Unable to find a script file specified by /i** | Verify the location of your script files, and ensure that the command-line options are correct. |
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | Can't overwrite existing file | The Progress log could not be created. Verify that the location is valid and that you have write access. <br/><br/>Category: Setup and Initialization |
-  | Invalid space estimate path. Check the parameters and/or file system permissions | Review ScanState log or LoadState log for details about command-line errors. |
+### 29: USMT_FAILED_MIGSTARTUP
 
-- **42: USMT_ERROR_CORRUPTED_STORE**
-  - **Error message**: The store contains one or more corrupted files
-  - **Troubleshooting, mitigation, workarounds**: Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that are not corrupted, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).
+- **Category**: Setup and Initialization
 
-- **61: USMT_MIGRATION_STOPPED_NONFATAL**
-  - **Error message**: Processing stopped due to an I/O error
-  - **Troubleshooting, mitigation, workarounds**: USMT exited but can continue with the /c command-line option, with the optional configurable &lt;ErrorControl&gt; section or by using the /vsc command-line option.
-  - **Category**: Non-fatal Errors
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **A minimum of 250 MB of free space is required for temporary files** | Verify that the system meets the minimum temporary disk space requirement of 250 MB. As a workaround, you can set the environment variable `USMT_WORKING_DIR=<path>` to redirect the temporary files working directory. |
+| **Another process is preventing migration; only one migration tool can run at a time** | Check the ScanState log file for migration .xml file errors. |
+| **Failed to start main processing, look in log for system errors or check the installation** | Check the ScanState log file for migration .xml file errors. |
+| **Migration failed because of an XML error; look in the log for specific details** | Check the ScanState log file for migration .xml file errors. |
+| **Unable to automatically map the drive letters to match the online drive letter layout; Use /offline to provide a mapping table** | Check the ScanState log file for migration .xml file errors. |
 
-- **71: USMT_INIT_OPERATING_ENVIRONMENT_FAILED**
+### 31: USMT_UNABLE_FINDMIGUNITS
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | A Windows Win32 API error occurred | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. <br/><br/>Category: Fatal Errors |
-  | An error occurred when attempting to initialize the diagnostic mechanisms such as the log | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. |
-  | Failed to record diagnostic information | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. |
-  | Unable to start. Make sure you are running USMT with elevated privileges | Exit USMT and log in again with elevated privileges. |
+- **Category**: Setup and Initialization
 
-- **72: USMT_UNABLE_DOMIGRATION**
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **An error occurred during the discover phase; the log should have more specific information** | Check the ScanState log file for migration .xml file errors. |
 
-  | Error message | Troubleshooting, mitigation, workarounds |
-  | --- |  --- |
-  | An error occurred closing the store | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. <br/><br/>Category: Fatal Errors|
-  | An error occurred in the apply process | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. |
-  | An error occurred in the gather process | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. |
-  | Out of disk space while writing the store | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. |
-  | Out of temporary disk space on the local system | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. |
+### 32: USMT_FAILED_SETMIGRATIONTYPE
 
-## Related topics
+- **Category**: Setup and Initialization
 
-[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **An error occurred processing the migration system** | Check the ScanState log file for migration .xml file errors, or use online Help by typing `/?` on the command line. |
 
-[Log Files](usmt-log-files.md)
+### 33: USMT_UNABLE_READKEY
+
+- **Category**: Setup and Initialization
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Error accessing the file specified by the /keyfile parameter** | Check the ScanState log file for migration .xml file errors, or use online Help by typing `/?` on the command line. |
+| **The encryption key must have at least one character** | Check the ScanState log file for migration .xml file errors, or use online Help by typing `/?` on the command line. |
+
+### 34: USMT_ERROR_INSUFFICIENT_RIGHTS
+
+- **Category**: Setup and Initialization
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Directory removal requires elevated privileges** | Sign in as Administrator, and run with elevated privileges. |
+| **No rights to create user profiles; log in as Administrator; run with elevated privileges** | Sign in as Administrator, and run with elevated privileges. |
+| **No rights to read or delete user profiles; log in as Administrator, run with elevated privileges** | Sign in as Administrator, and run with elevated privileges. |
+
+### 35: USMT_UNABLE_DELETE_STORE
+
+- **Category**: Setup and Initialization
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **A reboot is required to remove the store** | Reboot to delete any files that couldn't be deleted when the command was executed. |
+| **A store path can't be used because it contains data that could not be overwritten** | A migration store couldn't be deleted. If you're using a hardlink migration store, you might have a locked file in it. You should manually delete the store, or use `UsmtUtils.exe /rd` command to delete the store. |
+| **There was an error removing the store** | Review ScanState log or LoadState log for details about command-line errors. |
+
+### 36: USMT_ERROR_UNSUPPORTED_PLATFORM
+
+- **Category**: Setup and Initialization
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Compliance check failure; please check the logs for details** | Investigate whether there's an active temporary profile on the system. |
+| **Use of /offline is not supported during apply** | The `/offline` command wasn't used while running in the Windows Preinstallation Environment (WinPE). |
+| **Use /offline to run gather on this platform** | The `/offline` command wasn't used while running in WinPE. |
+
+### 37: USMT_ERROR_NO_INVALID_KEY
+
+- **Category**: Setup and Initialization
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **The store holds encrypted data but the correct encryption key was not provided** | Verify that the correct encryption key or keyfile was included with the `/key` or `/keyfile` option. |
+
+### 38: USMT_ERROR_CORRUPTED_NOTENCRYPTED_STORE
+
+- **Category**: Setup and Initialization
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **An error occurred during store access** | Review ScanState log or LoadState log for details about command-line errors. Make sure that the store path is accessible and that the proper permission levels are set. |
+
+### 39: USMT_UNABLE_TO_READ_CONFIG_FILE
+
+- **Category**: Setup and Initialization
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Error reading Config.xml** | Review ScanState log or LoadState log for details about command-line errors in the `Config.xml` file. |
+| **File argument is invalid for /config** | Check the command line you used to load the `Config.xml` file. You can use online Help by typing `/?` on the command line. |
+
+### 40: USMT_ERROR_UNABLE_CREATE_PROGRESS_LOG
+
+- **Category**: Setup and Initialization
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Error writing to the progress log** | The Progress log couldn't be created. Verify that the location is valid and that you have write access. |
+| **Progress log argument is invalid for /progress** | The Progress log couldn't be created. Verify that the location is valid and that you have write access. |
+
+### 41: USMT_PREFLIGHT_FILE_CREATION_FAILED
+
+- **Category**: Setup and Initialization
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **Can't overwrite existing file** | The Progress log couldn't be created. Verify that the location is valid and that you have write access. |
+| **Invalid space estimate path. Check the parameters and/or file system permissions** | Review ScanState log or LoadState log for details about command-line errors. |
+
+### 42: USMT_ERROR_CORRUPTED_STORE
+
+- **Category**:
+
+| Error message | The store contains one or more corrupted files |
+| --- |  --- |
+| **The store holds encrypted data but the correct encryption key was not provided** | Review UsmtUtils log for details about the corrupted files. For information on how to extract the files that aren't corrupted, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md). |
+
+### 61: USMT_MIGRATION_STOPPED_NONFATAL
+
+- **Category**: Non-fatal Errors
+
+| Error message | The store contains one or more corrupted files |
+| --- |  --- |
+| **Processing stopped due to an I/O error** | USMT exited but can continue with the `/c` command-line option, with the optional configurable **&lt;ErrorControl&gt;** section or by using the `/vsc` command-line option. |
+
+### 71: USMT_INIT_OPERATING_ENVIRONMENT_FAILED
+
+- **Category**: Fatal Errors
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **A Windows Win32 API error occurred** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. |
+| **An error occurred when attempting to initialize the diagnostic mechanisms such as the log** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. |
+| **Failed to record diagnostic information** | Data transfer has begun, and there was an error during the creation of migration store or during the apply phase. Review the ScanState log or LoadState log for details. |
+| **Unable to start. Make sure you are running USMT with elevated privileges** | Exit USMT and sign in again with elevated privileges. |
+
+### 72: USMT_UNABLE_DOMIGRATION
+
+- **Category**: Fatal Errors
+
+| Error message | Troubleshooting, mitigation, workarounds |
+| --- |  --- |
+| **An error occurred closing the store** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. |
+| **An error occurred in the apply process** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. |
+| **An error occurred in the gather process** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. |
+| **Out of disk space while writing the store** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. |
+| **Out of temporary disk space on the local system** | Data transfer has begun, and there was an error during migration-store creation or during the apply phase. Review the ScanState log or LoadState log for details. |
+
+## Related articles
+
+[User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md)
+
+[USMT log files](usmt-log-files.md)
diff --git a/windows/deployment/usmt/usmt-scanstate-syntax.md b/windows/deployment/usmt/usmt-scanstate-syntax.md
index 88a99b7a43..a05ce994e0 100644
--- a/windows/deployment/usmt/usmt-scanstate-syntax.md
+++ b/windows/deployment/usmt/usmt-scanstate-syntax.md
@@ -2,163 +2,147 @@
 title: ScanState Syntax (Windows 10)
 description: The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# ScanState Syntax
+# ScanState syntax
 
-The ScanState command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store.
+The `ScanState.exe` command is used with the User State Migration Tool (USMT) 10.0 to scan the source computer, collect the files and settings, and create a store. This article discusses the `ScanState.exe` command syntax and the options available with it.
 
-## In This Topic
+## Before you begin
 
-[Before You Begin](#bkmk-beforeyoubegin)
+Before you run the `ScanState.exe` command, note the  items:
 
-[Syntax](#bkmk-syntax)
+- To ensure that all operating system settings migrate, in most cases you must run the `ScanState.exe` commands in administrator mode from an account with administrative credentials.
 
-[Storage Options](#bkmk-storageoptions)
+- If you encrypt the migration store, you'll be required to enter an encryption key or a path to a file containing the encryption key. Be sure to make note of the key or the key file location, because this information isn't kept anywhere in the migration store. You'll need this information when you run the `LoadState.exe` command to decrypt the migration store, or if you need to run the recovery utility. An incorrect or missing key or key file results in an error message.
 
-[Migration Rule Options](#bkmk-migrationruleoptions)
+- For information about software requirements for running the `ScanState.exe` command, see [USMT requirements](usmt-requirements.md).
 
-[Monitoring Options](#bkmk-monitoringoptions)
+- Unless otherwise noted, you can use each option only once when running a tool on the command line.
 
-[User Options](#bkmk-useroptions)
+- You can gather domain accounts without the source computer having domain controller access. This functionality is available without any extra configuration.
 
-[Encrypted File Options](#bkmk-efs)
+- The [Incompatible command-line options](#incompatible-command-line-options) table lists which options you can use together and which command-line options are incompatible.
 
-[Incompatible Command-Line Options](#bkmk-iclo)
+- The directory location where you save the migration store will be excluded from the scan. For example, if you save the migration store to the root of the D drive, the D drive and all of its subdirectories will be excluded from the scan.
 
-## <a href="" id="bkmk-beforeyoubegin"></a>Before You Begin
+## Syntax
 
-Before you run the **ScanState** command, note the following:
+This section explains the syntax and usage of the command-line options available when you use the `ScanState.exe` command. The options can be specified in any order. If the option contains a parameter, you can use either a colon or a space separator.
 
--   To ensure that all operating system settings migrate, in most cases you must run the **ScanState** commands in administrator mode from an account with administrative credentials.
+The `ScanState.exe` command's syntax is:
 
--   If you encrypt the migration store, you will be required to enter an encryption key or a path to a file containing the encryption key. Be sure to make note of the key or the key file location, because this information is not kept anywhere in the migration store. You will need this information when you run the LoadState command to decrypt the migration store, or if you need to run the recovery utility. An incorrect or missing key or key file results in an error message.
+> ScanState.exe \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\]
 
--   For information about software requirements for running the **ScanState** command, see [USMT Requirements](usmt-requirements.md).
+For example, to create a `Config.xml` file in the current directory, use:
 
--   Unless otherwise noted, you can use each option only once when running a tool on the command line.
+``` syntax
+ScanState.exe /i:MigApp.xml /i:MigDocs.xml /genconfig:Config.xml /v:13
+```
 
--   You can gather domain accounts without the source computer having domain controller access. This functionality is available without any extra configuration.
+To create an encrypted store using the `Config.xml` file and the default migration .xml files, use:
 
--   The [Incompatible Command-Line Options](#bkmk-iclo) table lists which options you can use together and which command-line options are incompatible.
+`ScanState.exe \\server\share\migration\mystore /i:MigApp.xml /i:MigDocs.xml /o /config:Config.xml /v:13 /encrypt /key:"mykey"`
 
--   The directory location where you save the migration store will be excluded from the scan. For example, if you save the migration store to the root of the D drive, the D drive and all of its subdirectories will be excluded from the scan.
-
-## <a href="" id="bkmk-syntax"></a>Syntax
-
-This section explains the syntax and usage of the **ScanState** command-line options. The options can be specified in any order. If the option contains a parameter, you can use either a colon or a space separator.
-
-The **ScanState** command's syntax is:
-
-> scanstate \[*StorePath*\] \[/apps\] \[/ppkg:*FileName*\] \[/i:\[*Path*\\\]*FileName*\] \[/o\] \[/v:*VerbosityLevel*\] \[/nocompress\] \[/localonly\] \[/encrypt /key:*KeyString*|/keyfile:\[Path\\\]*FileName*\] \[/l:\[*Path*\\\]*FileName*\] \[/progress:\[*Path*\\\]*FileName*\] \[/r:*TimesToRetry*\] \[/w:*SecondsBeforeRetry*\] \[/c\] \[/p\] \[/all\] \[/ui:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/ue:\[*DomainName*|*ComputerName*\\\]*UserName*\] \[/uel:*NumberOfDays*|*YYYY/MM/DD*|0\] \[/efs:abort|skip|decryptcopy|copyraw\] \[/genconfig:\[*Path*\\\]*FileName*\[/config:\[*Path*\\\]*FileName*\] \[/?|help\]
-
-For example, to create a Config.xml file in the current directory, use:
-
-`scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13`
-
-To create an encrypted store using the Config.xml file and the default migration .xml files, use:
-
-`scanstate \\server\share\migration\mystore /i:migapp.xml /i:migdocs.xml /o /config:config.xml /v:13 /encrypt /key:"mykey"`
-
-## <a href="" id="bkmk-storageoptions"></a>Storage Options
+## Storage options
 
 | Command-Line Option | Description |
 |-----|-----|
-| *StorePath* | Indicates a folder where files and settings will be saved. Note that *StorePath* cannot be **C:&#92;**. You must specify the *StorePath* option in the **ScanState** command, except when using the **/genconfig** option. You cannot specify more than one *StorePath* location. |
+| *StorePath* | Indicates a folder where files and settings will be saved. *StorePath* can't be `C:\`. You must specify the *StorePath* option in the `ScanState.exe` command, except when using the `/genconfig` option. You can't specify more than one *StorePath* location. |
 | **/apps** | Scans the image for apps and includes them and their associated registry settings. |
 | **/ppkg** [*&lt;FileName&gt;*] | Exports to a specific file location. |
-| **/o** | Required to overwrite any existing data in the migration store or Config.xml file. If not specified, the **ScanState** command will fail if the migration store already contains data. You cannot use this option more than once on a command line. |
-| **/vsc** | This option enables the volume shadow-copy service to migrate files that are locked or in use. This command-line option eliminates most file-locking errors that are typically encountered by the **&lt;ErrorControl&gt;** section. <br/><br/>This option can be used only with the ScanState executable file and cannot be combined with the **/hardlink** option. |
-| **/hardlink** | Enables the creation of a hard-link migration store at the specified location. The **/nocompress** option must be specified with the **/hardlink** option. |
-| **/encrypt** [{**/key:** *&lt;KeyString&gt;* &#124; **/keyfile**:*&lt;file&gt;*]} | Encrypts the store with the specified key. Encryption is disabled by default. With this option, you will need to specify the encryption key-in one of the following ways: <ul><li>**/key:** *KeyString* specifies the encryption key. If there is a space in *KeyString*, you will need to surround *KeyString* with quotation marks.</li><li>**/keyfile:** *FilePathAndName* specifies a text (.txt) file that contains the encryption key.</li></ul> <br/>We recommend that *KeyString* be at least eight characters long, but it cannot exceed 256 characters. The **/key** and **/keyfile** options cannot be used on the same command line. The **/encrypt** and **/nocompress** options cannot be used on the same command line. <div class="alert">**Important**<br/>You should use caution with this option, because anyone who has access to the **ScanState** command-line script will also have access to the encryption key.</div> <br/>The following example shows the ScanState command and the **/key** option: <br/>`scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /encrypt /key:mykey` |
-| **/encrypt**:*&lt;EncryptionStrength&gt;* | The **/encrypt** option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). |
-| **/nocompress** | Disables compression of data and saves the files to a hidden folder named &quot;File&quot; at *StorePath*\USMT. Compression is enabled by default. Combining the **/nocompress** option with the **/hardlink** option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you are combining the **/nocompress** option with the **/hardlink** option. <br/><br/>The **/nocompress** and **/encrypt** options cannot be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the **LoadState** command will migrate each file directly from the store to the correct location on the destination computer without a temporary location. <br/><br/>For example:<br/>`scanstate /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /nocompress` |
+| **/o** | Required to overwrite any existing data in the migration store or `Config.xml` file. If not specified, the `ScanState.exe` command will fail if the migration store already contains data. You can't use this option more than once on a command line. |
+| **/vsc** | This option enables the volume shadow-copy service to migrate files that are locked or in use. This command-line option eliminates most file-locking errors that are typically encountered by the **&lt;ErrorControl&gt;** section. <br/><br/>This option is only used with the **ScanState** executable file and can't be combined with the `/hardlink` option. |
+| **/hardlink** | Enables the creation of a hard-link migration store at the specified location. The `/nocompress` option must be specified with the `/hardlink` option. |
+| **/encrypt** [{**/key:** *&lt;KeyString&gt;* &#124; **/keyfile**:*&lt;file&gt;*]} | Encrypts the store with the specified key. Encryption is disabled by default. With this option, you'll need to specify the encryption key-in one of the following ways: <ul><li>`/key`: *KeyString* specifies the encryption key. If there's a space in *KeyString*, you'll need to surround *KeyString* with quotation marks (`"`).</li><li>`/keyfile`: *FilePathAndName* specifies a text (`.txt`) file that contains the encryption key.</li></ul> <br/>*KeyString* is recommended to be at least eight characters long, but it can't exceed 256 characters. The `/key` and `/keyfile` options can't be used on the same command line. The `/encrypt` and `/nocompress` options can't be used on the same command line. <div class="alert">**Important**<br/>Use caution when using the `/key` or `keyfile` options. For example, anyone who has access to scripts that run the `ScanState.exe` command with these options will also have access to the encryption key.</div> <br/>The following example shows the `ScanState.exe` command and the `/key` option: <br/>`ScanState.exe /i:MigDocs.xml /i:MigApp.xml \server\share\migration\mystore /encrypt /key:mykey` |
+| **/encrypt**:*&lt;EncryptionStrength&gt;* | The `/encrypt` option accepts a command-line parameter to define the encryption strength to be used for encryption of the migration store. For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). |
+| **/nocompress** | Disables compression of data and saves the files to a hidden folder named &quot;File&quot; at *StorePath*\USMT. Compression is enabled by default. Combining the `/nocompress` option with the `/hardlink` option generates a hard-link migration store. You can use the uncompressed store to view what USMT stored, troubleshoot a problem, or run an antivirus utility against the files. You should use this option only in testing environments, because we recommend that you use a compressed store during your actual migration, unless you're combining the `/nocompress` option with the `/hardlink` option. <br/><br/>The `/nocompress` and `/encrypt` options can't be used together in one statement on the command line. However, if you do choose to migrate an uncompressed store, the `LoadState.exe` command will migrate each file directly from the store to the correct location on the destination computer without a temporary location. <br/><br/>For example:<br/>`ScanState.exe /i:MigDocs.xml /i:MigApp.xml \server\share\migration\mystore /nocompress` |
 
-## <a href="" id="run-the-scanstate-command-on-an-offline-windows-system-"></a>Run the ScanState Command on an Offline Windows System
+## Run the ScanState command on an offline Windows system
 
-You can run the **ScanState** command in Windows Preinstallation Environment (WinPE). In addition, USMT supports migrations from previous installations of Windows contained in Windows.old directories. The offline directory can be a Windows directory when you run the **ScanState** command in WinPE or a Windows.old directory when you run the **ScanState** command in Windows.
+You can run the `ScanState.exe` command in Windows Preinstallation Environment (WinPE). In addition, USMT supports migrations from previous installations of Windows contained in Windows.old directories. The offline directory can be a Windows directory when you run the `ScanState.exe` command in WinPE or a Windows.old directory when you run the `ScanState.exe` command in Windows.
 
-There are several benefits to running the **ScanState** command on an offline Windows image, including:
+There are several benefits to running the `ScanState.exe` command on an offline Windows image, including:
 
--   **Improved Performance.**
+- **Improved performance.**
 
-    Because WinPE is a thin operating system, there are fewer running services. In this environment, the **ScanState** command has more access to the local hardware resources, enabling **ScanState** to perform migration operations more quickly.
+    Because WinPE is a thin operating system, there are fewer running services. In this environment, the `ScanState.exe` command has more access to the local hardware resources, enabling **ScanState** to perform migration operations more quickly.
 
--   **Simplified end to end deployment process.**
+- **Simplified end to end deployment process.**
 
     Migrating data from Windows.old simplifies the end-to-end deployment process by enabling the migration process to occur after the new operating system is installed.
 
--   **Improved success of migration.**
+- **Improved success of migration.**
 
-    The migration success rate is increased because files will not be locked for editing while offline, and because WinPE provides administrator access to files in the offline Windows file system, eliminating the need for administrator-level access to the online system.
+    The migration success rate is increased because files won't be locked for editing while offline, and because WinPE provides administrator access to files in the offline Windows file system, eliminating the need for administrator-level access to the online system.
 
--   **Ability to recover an unbootable computer.**
+- **Ability to recover an unbootable computer.**
 
     It might be possible to recover and migrate data from an unbootable computer.
 
-## Offline Migration Options
+## Offline migration options
 
 |Command-Line Option|Definition|
 |--- |--- |
-|**/offline:** *"path to an offline.xml file"*|This option is used to define a path to an offline .xml file that might specify other offline migration options, for example, an offline Windows directory or any domain or folder redirection required in your migration.|
-|**/offlinewindir:** *"path to a Windows directory"*|This option specifies the offline Windows directory that the **ScanState** command gathers user state from. The offline directory can be Windows.old when you run the **ScanState** command in Windows or a Windows directory when you run the **ScanState** command in WinPE.|
-|**/offlinewinold:** *"Windows.old directory"*|This command-line option enables the offline migration mode and starts the migration from the location specified. It is only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.|
+|**/offline:** *"path to an Offline.xml file"*|This option is used to define a path to an offline .xml file that might specify other offline migration options, for example, an offline Windows directory or any domain or folder redirection required in your migration.|
+|**/offlinewindir:** *"path to a Windows directory"*|This option specifies the offline Windows directory that the `ScanState.exe` command gathers user state from. The offline directory can be Windows.old when you run the `ScanState.exe` command in Windows or a Windows directory when you run the `ScanState.exe` command in WinPE.|
+|**/offlinewinold:** *"Windows.old directory"*|This command-line option enables the offline migration mode and starts the migration from the location specified. It's only intended to be used in Windows.old migration scenarios, where the migration is occurring from a Windows.old directory.|
 
-## <a href="" id="bkmk-migrationruleoptions"></a>Migration Rule Options
+## Migration rule options
 
 USMT provides the following options to specify what files you want to migrate.
 
 | Command-Line Option | Description |
 |-----|-----|
-| **/i:**[*Path*]*FileName* | **(include)** <br/><br/>Specifies an .xml file that contains rules that define what user, application, or system state to migrate. You can specify this option multiple times to include all of your .xml files (MigApp.xml, MigDocs.xml, and any custom .xml files that you create). *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* must be located in the current directory. For more information about which files to specify, see the &quot;XML Files&quot; section of the [Frequently Asked Questions](usmt-faq.yml) topic. |
-| **/genconfig:**[*Path*]*FileName* | (Generate **Config.xml**) <br/><br/>Generates the optional Config.xml file, but does not create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications, and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the **/i** option, when you specify this option.<br/><br/>After you create this file, you will need to make use of it with the **ScanState** command using the **/config** option.<br/><br/>The only options that you can specify with this option are the **/i**, **/v**, and **/l** options. You cannot specify *StorePath*, because the **/genconfig** option does not create a store. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory.<br/><br/>Examples: <ul><li>The following example creates a Config.xml file in the current directory:<br/>`scanstate /i:migapp.xml /i:migdocs.xml /genconfig:config.xml /v:13`</li></ul> |
-| **/config:**[*Path*]*FileName* | Specifies the Config.xml file that the **ScanState** command should use to create the store. You cannot use this option more than once on the command line. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* must be located in the current directory.<br/><br/>The following example creates a store using the Config.xml file, MigDocs.xml, and MigApp.xml files:<br/>`scanstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:scan.log`<br/><br/>The following example migrates the files and settings to the destination computer using the **Config.xml**, **MigDocs.xml**, and **MigApp.xml** files:<br/>`loadstate \server\share\migration\mystore /config:config.xml /i:migdocs.xml /i:migapp.xml /v:13 /l:load.log` |
-| **/auto:** *path to script files* | This option enables you to specify the location of the default .xml files and then begin the migration. If no path is specified, USMT will reference the directory where the USMT binaries are located. The **/auto** option has the same effect as using the following options: **/i: MigDocs.xml** **/i:MigApp.xml /v:5**. |
-| **/genmigxml:** *path to a file* | This option specifies that the **ScanState** command should use the document finder to create and export an .xml file that defines how to migrate all of the files on the computer on which the **ScanState** command is running. |
-| **/targetwindows8** | Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command-line option in the following scenarios: <ul><li>**To create a Config.xml file by using the /genconfig option.** Using the **/targetwindows8** option optimizes the Config.xml file so that it only contains components that relate to Windows 8 or Windows 8.1.</li><li>**To create a migration store.** Using the **/targetwindows8** option ensures that the ScanState tool gathers the correct set of operating system settings. Without the **/targetwindows8** command-line option, some settings can be lost during the migration.</li></ul> |
-| **/targetwindows7** | Optimizes Scanstate.exe when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command-line option in the following scenarios: <ul><li>**To create a Config.xml file by using the /genconfig option.** Using the **/targetwindows7** option optimizes the Config.xml file so that it only contains components that relate to Windows 7.</li><li>**To create a migration store.** Using the **/targetwindows7** option ensures that the ScanState tool gathers the correct set of operating system settings. Without the **/targetwindows7** command-line option, some settings can be lost during the migration.</li></ul> |
-| **/localonly** | Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the **/localonly** option is not specified, then the **ScanState** command will copy files from these removable or network drives into the store.<br/><br/>Anything that is not considered a fixed drive by the OS will be excluded by **/localonly**. In some cases large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom.xml file. For more information about how to exclude all files on a specific drive, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md).<br/><br/>The **/localonly** command-line option includes or excludes data in the migration as identified in the following:<ul><li>**Removable drives such as a USB flash drive** - Excluded</li><li>**Network drives** - Excluded</li><li>**Fixed drives** - Included</li></ul>|
+| **/i:**[*Path*]*FileName* | **(include)** <br/><br/>Specifies an .xml file that contains rules that define what user, application, or system state to migrate. You can specify this option multiple times to include all of your .xml files (`MigApp.xml`, `MigDocs.xml`, and any custom .xml files that you create). *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory. For more information about which files to specify, see the &quot;XML Files&quot; section of the [Frequently asked questions](usmt-faq.yml) article. |
+| **/genconfig:**[*Path*]*FileName* | (Generate **Config.xml**) <br/><br/>Generates the optional `Config.xml` file, but doesn't create a migration store. To ensure that this file contains every component, application and setting that can be migrated, you should create this file on a source computer that contains all the components, applications, and settings that will be present on the destination computers. In addition, you should specify the other migration .xml files, using the **/i** option, when you specify this option.<br/><br/>After you create this file, you'll need to make use of it with the `ScanState.exe` command using the **/config** option.<br/><br/>The only options that you can specify with this option are the `/i`, `/v`, and `/l` options. You can't specify *StorePath*, because the `/genconfig` option doesn't create a store. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.<br/><br/>Examples: <ul><li>The following example creates a `Config.xml` file in the current directory:<br/>`ScanState.exe /i:MigApp.xml /i:MigDocs.xml /genconfig:Config.xml /v:13`</li></ul> |
+| **/config:**[*Path*]*FileName* | Specifies the `Config.xml` file that the `ScanState.exe` command should use to create the store. You can't use this option more than once on the command line. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* must be located in the current directory.<br/><br/>The following example creates a store using the `Config.xml` file, `MigDocs.xml`, and `MigApp.xml` files:<br/>`ScanState.exe \server\share\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:ScanState.log`<br/><br/>The following example migrates the files and settings to the destination computer using the `Config.xml`, `MigDocs.xml`, and `MigApp.xml` files:<br/>`LoadState.exe  \server\share\migration\mystore /config:Config.xml /i:MigDocs.xml /i:MigApp.xml /v:13 /l:LoadState.log` |
+| **/auto:** *path to script files* | This option enables you to specify the location of the default .xml files and then begin the migration. If no path is specified, USMT will reference the directory where the USMT binaries are located. The `/auto` option has the same effect as using the following options: `/i: MigDocs.xml /i:MigApp.xml /v:5`. |
+| **/genmigxml:** *path to a file* | This option specifies that the `ScanState.exe` command should use the document finder to create and export an .xml file that defines how to migrate all of the files on the computer on which the `ScanState.exe` command is running. |
+| **/targetwindows8** | Optimizes `ScanState.exe` when using USMT 10.0 to migrate a user state to Windows 8 or Windows 8.1 instead of Windows 10. You should use this command-line option in the following scenarios: <ul><li>**To create a `Config.xml` file by using the `/genconfig` option.** Using the `/targetwindows8` option optimizes the `Config.xml` file so that it only contains components that relate to Windows 8 or Windows 8.1.</li><li>**To create a migration store.** Using the `/targetwindows8` option ensures that the **ScanState** tool gathers the correct set of operating system settings. Without the `/targetwindows8` command-line option, some settings can be lost during the migration.</li></ul> |
+| **/targetwindows7** | Optimizes `ScanState.exe` when using USMT 10.0 to migrate a user state to Windows 7 instead of Windows 10. You should use this command-line option in the following scenarios: <ul><li>**To create a `Config.xml` file by using the `/genconfig` option.** Using the **/targetwindows7** option optimizes the `Config.xml` file so that it only contains components that relate to Windows 7.</li><li>**To create a migration store.** Using the `/targetwindows7` option ensures that the **ScanState** tool gathers the correct set of operating system settings. Without the `/targetwindows7` command-line option, some settings can be lost during the migration.</li></ul> |
+| **/localonly** | Migrates only files that are stored on the local computer, regardless of the rules in the .xml files that you specify on the command line. You should use this option when you want to exclude the data from removable drives on the source computer, such as USB flash drives (UFDs), some external hard drives, and so on, and when there are network drives mapped on the source computer. If the `/localonly` option isn't specified, then the `ScanState.exe` command will copy files from these removable or network drives into the store.<br/><br/>Anything that isn't considered a fixed drive by the OS will be excluded by `/localonly`. In some cases, large external hard drives are considered fixed drives. These drives can be explicitly excluded from migration by using a custom .xml file. For more information about how to exclude all files on a specific drive, see [Exclude files and settings](usmt-exclude-files-and-settings.md).<br/><br/>The `/localonly` command-line option includes or excludes data in the migration as identified in the following storage locations:<ul><li>**Removable drives such as a USB flash drive** - Excluded</li><li>**Network drives** - Excluded</li><li>**Fixed drives** - Included</li></ul>|
 
-## <a href="" id="bkmk-monitoringoptions"></a>Monitoring Options
+## Monitoring options
 
 USMT provides several options that you can use to analyze problems that occur during migration.
 
 > [!NOTE]
-> The ScanState log is created by default, but you can specify the name and location of the log with the **/l** option.
+> The **ScanState** log is created by default, but you can specify the name and location of the log with the **/l** option.
 
 | Command-Line Option | Description |
 |-----|-----|
-| **/listfiles**:&lt;FileName&gt; | You can use the **/listfiles** command-line option with the **ScanState** command to generate a text file that lists all of the files included in the migration. |
-| **/l:**[*Path*]*FileName* | Specifies the location and name of the ScanState log. <br/><br/>You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then the log will be created in the current directory. You can use the **/v** option to adjust the amount of output. <br/><br/>If you run the **ScanState** or **LoadState** commands from a shared network resource, you must specify this option or USMT will fail with the following error: &quot;USMT was unable to create the log file(s)&quot;. To fix this issue, use the /**l: scan.log** command. |
-| **/v:***&lt;VerbosityLevel&gt;* | **(Verbosity)**<br/><br/>Enables verbose output in the ScanState log file. The default value is 0. <br/><br/>You can set the *VerbosityLevel* to one of the following levels: <ul><li>**0** - Only the default errors and warnings are enabled.</li><li>**1** - Enables verbose output.</li><li>**4** - Enables error and status output.</li><li>**5** - Enables verbose and status output.</li><li>**8** - Enables error output to a debugger.</li><li>**9** - Enables verbose output to a debugger.</li><li>**12** - Enables error and status output to a debugger.</li><li>**13** - Enables verbose, status, and debugger output.</li></ul> <br/>For example: <br/>`scanstate \server\share\migration\mystore /v:13 /i:migdocs.xml /i:migapp.xml`|
-| /**progress**:[*Path*]*FileName* | Creates the optional progress log. You cannot store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you do not specify the *Path* variable, then *FileName* will be created in the current directory.<br/><br/>For example: <br/>`scanstate /i:migapp.xml /i:migdocs.xml \server\share\migration\mystore /progress:prog.log /l:scanlog.log` |
-| **/c** | When this option is specified, the **ScanState** command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there is a large file that will not fit in the store, the **ScanState** command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the **/c** option, the **ScanState** command will exit on the first error.<br/><br/>You can use the new &lt;**ErrorControl**&gt; section in the Config.xml file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This advantage in the Config.xml file enables the /**c** command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /**genconfig** option now generates a sample &lt;**ErrorControl**&gt; section that is enabled by specifying error messages and desired behaviors in the Config.xml file. |
-| **/r:***&lt;TimesToRetry&gt;* | **(Retry)**<br/><br/>Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity is not reliable.<br/><br/>While storing the user state, the **/r** option will not be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. |
+| **/listfiles**:&lt;FileName&gt; | You can use the `/listfiles` command-line option with the `ScanState.exe` command to generate a text file that lists all of the files included in the migration. |
+| **/l:**[*Path*]*FileName* | Specifies the location and name of the **ScanState** log. <br/><br/>You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then the log will be created in the current directory. You can use the `/v` option to adjust the amount of output. <br/><br/>If you run the `ScanState.exe` command from a shared network resource, you must specify the `/l` option, or USMT will fail with the following error:<br><br>***USMT was unable to create the log file(s)***<br><br>To fix this issue, make sure to specify the `/l` option when running `ScanState.exe` from a shared network resource. |
+| **/v:***&lt;VerbosityLevel&gt;* | **(Verbosity)**<br/><br/>Enables verbose output in the **ScanState** log file. The default value is 0. <br/><br/>You can set the *VerbosityLevel* to one of the following levels: <ul><li>**0** - Only the default errors and warnings are enabled.</li><li>**1** - Enables verbose output.</li><li>**4** - Enables error and status output.</li><li>**5** - Enables verbose and status output.</li><li>**8** - Enables error output to a debugger.</li><li>**9** - Enables verbose output to a debugger.</li><li>**12** - Enables error and status output to a debugger.</li><li>**13** - Enables verbose, status, and debugger output.</li></ul> <br/>For example: <br/>`ScanState.exe \server\share\migration\mystore /v:13 /i:MigDocs.xml /i:MigApp.xml`|
+| **/progress**:[*Path*]*FileName* | Creates the optional progress log. You can't store any of the log files in *StorePath*. *Path* can be either a relative or full path. If you don't specify the *Path* variable, then *FileName* will be created in the current directory.<br/><br/>For example: <br/>`ScanState.exe /i:MigApp.xml /i:MigDocs.xml \server\share\migration\mystore /progress:Progress.log /l:scanlog.log` |
+| **/c** | When this option is specified, the `ScanState.exe` command will continue to run, even if non-fatal errors occur. Any files or settings that cause an error are logged in the progress log. For example, if there's a large file that won't fit in the store, the `ScanState.exe` command will log an error and continue with the migration. In addition, if a file is open or in use by an application, USMT may not be able to migrate the file and will log an error. Without the `/c` option, the `ScanState.exe` command will exit on the first error.<br/><br/>You can use the new &lt;**ErrorControl**&gt; section in the `Config.xml` file to specify which file or registry read/write errors can be safely ignored and which might cause the migration to fail. This advantage in the `Config.xml` file enables the `/c` command-line option to safely skip all input/output (I/O) errors in your environment. In addition, the /`genconfig` option now generates a sample &lt;**ErrorControl**&gt; section that is enabled by specifying error messages and desired behaviors in the `Config.xml` file. |
+| **/r:***&lt;TimesToRetry&gt;* | **(Retry)**<br/><br/>Specifies the number of times to retry when an error occurs while saving the user state to a server. The default is three times. This option is useful in environments where network connectivity isn't reliable.<br/><br/>While storing the user state, the `/r` option won't be able to recover data that is lost due to a network-hardware failure, such as a faulty or disconnected network cable, or when a virtual private network (VPN) connection fails. The retry option is intended for large, busy networks where connectivity is satisfactory, but communication latency is a problem. |
 | **/w:***&lt;SecondsBeforeRetry&gt;* | **(Wait)**<br/><br/>Specifies the time to wait, in seconds, before retrying a network file operation. The default is 1 second. |
-| **/p:***&lt;pathToFile&gt;* | When the **ScanState** command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:<br/>`Scanstate.exe C:\MigrationLocation [additional parameters]`<br/>`/p:"C:\MigrationStoreSize.xml"`<br/><br/>For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).<br/><br/>To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the **/p** option, without specifying *&quot;pathtoafile&quot;*, in USMT. If you specify only the **/p** option, the storage space estimations are created in the same manner as with USMT3.x releases. |
-| /**?** or /**help** | Displays Help at the command line. |
+| **/p:***&lt;pathToFile&gt;* | When the `ScanState.exe` command runs, it will create an .xml file in the path specified. This .xml file includes improved space estimations for the migration store. The following example shows how to create this .xml file:<br/>`ScanState.exe C:\MigrationLocation [additional parameters]`<br/>`/p:"C:\MigrationStoreSize.xml"`<br/><br/>For more information, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md).<br/><br/>To preserve the functionality of existing applications or scripts that require the previous behavior of USMT, you can use the `/p` option, without specifying *&quot;pathtoafile&quot;*, in USMT. If you specify only the `/p` option, the storage space estimations are created in the same manner as with USMT3.x releases. |
+| **/?** or **/help** | Displays Help at the command line. |
 
-## <a href="" id="bkmk-useroptions"></a>User Options
+## User options
 
-By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You cannot exclude users in the migration .xml files or using the Config.xml file. For more information, see [Identify Users](usmt-identify-users.md) and [Migrate User Accounts](usmt-migrate-user-accounts.md).
+By default, all users are migrated. The only way to specify which users to include and exclude is by using the following options. You can't exclude users in the migration .xml files or using the `Config.xml` file. For more information, see [Identify users](usmt-identify-users.md) and [Migrate user accounts](usmt-migrate-user-accounts.md).
 
 | Command-Line Option | Description |
 |-----|-----|
-| /**all** | Migrates all of the users on the computer. <br/><br/>USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the /**ue** or /**uel** options. For this reason, you do not need to specify this option on the command line. However, if you choose to specify the /**all** option, you cannot also use the /**ui**, /**ue** or /**uel** options. |
-| /**ui**:*&lt;DomainName&gt;*&#92;*&lt;UserName&gt;*<br/>or<br/>/**ui**:*&lt;ComputerName&gt;*&#92;*&lt;LocalUserName&gt;* | **(User include)** <br/><br/>Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the /**ue** or /**uel** options. You can specify multiple /**ui** options, but you cannot use the /**ui** option with the /**all** option. *DomainName* and *UserName* can contain the asterisk (<em>) wildcard character. When you specify a user name that contains spaces, you will need to surround it with quotation marks. <div class="alert">**Note**<br/>If a user is specified for inclusion with the /**ui** option, and also is specified to be excluded with either the /**ue** or /**uel** options, the user will be included in the migration.</div><br/>For example:<br/><ul><li>To include only User2 from the Fabrikam domain, type:<br/>`/ue:*\* /ui:fabrikam\user2`</li><li>To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, type:<br/>`/uel:30 /ui:fabrikam\*`<br/>In this example, a user account from the Contoso domain that was last modified two months ago will not be migrated.</li></ul><br/>For more examples, see the descriptions of the /**ue** and /**ui** options in this table. |
-| /**uel**:*&lt;NumberOfDays&gt;*<br/>or<br/>/**uel**:*&lt;YYYY/MM/DD&gt;*<br/>or<br/>**/uel:0** | **(User exclude based on last logon)**<br/><br/>Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The /**uel** option acts as an include rule. For example, the **/uel:30** option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the ScanState command is run.<br/><br/>You can specify the number of days or you can specify a date. You cannot use this option with the /**all** option. USMT retrieves the last logon information from the local computer, so the computer does not need to be connected to the network when you run this option. In addition, if a domain user has signed in to another computer, that sign-in instance is not considered by USMT. <div class="alert">**Note**<br/>The /**uel** option is not valid in offline migrations.</div><ul><li>**/uel:0** migrates any users who are currently logged on.</li><li>**/uel:90** migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.</li><li>**/uel:1** migrates users whose account has been modified within the last 24 hours.</li><li>**/uel:2002/1/15** migrates users who have logged on or been modified January 15, 2002 or afterwards.</li></ul> <br/>For example: <br/>`scanstate /i:migapp.xml /i:migdocs.xml \\server\share\migration\mystore /uel:0` |
-| /**ue**:*&lt;DomainName&gt;*&#92;*&lt;UserName&gt;*<br/>-or-<br/><br/>/**ue**:*&lt;ComputerName&gt;*&#92;*&lt;LocalUserName&gt;* | **(User exclude)**<br/><br/>Excludes the specified users from the migration. You can specify multiple /**ue** options. You cannot use this option with the /**all** option. *&lt;DomainName&gt;* and *&lt;UserName&gt;* can contain the asterisk (</em>) wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks.<br/><br/>For example:<br/>`scanstate /i:migdocs.xml /i:migapp.xml \\server\share\migration\mystore /ue:contoso\user1` |
+| **/all** | Migrates all of the users on the computer. <br/><br/>USMT migrates all user accounts on the computer, unless you specifically exclude an account with either the `/ue` or `/uel` options. For this reason, you don't need to specify this option on the command line. However, if you choose to specify the `/all` option, you can't also use the `/ui`, `/ue` or `/uel` options. |
+| **/ui**:*&lt;DomainName&gt;*&#92;*&lt;UserName&gt;*<br/>or<br/>**/ui**:*&lt;ComputerName&gt;*&#92;*&lt;LocalUserName&gt;* | **(User include)** <br/><br/>Migrates the specified users. By default, all users are included in the migration. Therefore, this option is helpful only when used with the `/ue` or `/uel` options. You can specify multiple `/ui` options, but you can't use the `/ui` option with the `/all` option. *DomainName* and *UserName* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you'll need to surround it with quotation marks (`"`). <div class="alert">**Note**<br/>If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration.</div><br/>For example:<br/><ul><li>To include only **User2** from the Fabrikam domain, enter:<br/><br/>`/ue:*\* /ui:fabrikam\user2`<br/><br/></li><li>To migrate all users from the Fabrikam domain, and only the user accounts from other domains that have been active or otherwise modified in the last 30 days, enter:<br/><br/>`/uel:30 /ui:fabrikam\*`<br/><br/>In this example, a user account from the Contoso domain that was last modified two months ago won't be migrated.</li></ul><br/>For more examples, see the descriptions of the `/ue` and `/ui` options in this table. |
+| **/uel**:*&lt;NumberOfDays&gt;*<br/>or<br/>**/uel**:*&lt;YYYY/MM/DD&gt;*<br/>or<br/>**/uel:0** | **(User exclude based on last logon)**<br/><br/>Migrates the users that logged on to the source computer within the specified time period, based on the **Last Modified** date of the Ntuser.dat file on the source computer. The `/uel` option acts as an include rule. For example, the `/uel:30` option migrates users who logged on, or whose account was modified, within the last 30 days from the date when the `ScanState.exe` command is run.<br/><br/>You can specify the number of days or you can specify a date. You can't use this option with the `/all` option. USMT retrieves the last sign-in information from the local computer, so the computer doesn't need to be connected to the network when you run this option. In addition, if a domain user has signed in to another computer, that sign-in instance isn't considered by USMT. <div class="alert">**Note**<br/>The `/uel` option isn't valid in offline migrations.</div><ul><li>`/uel:0` migrates any users who are currently logged on.</li><li>`/uel:90` migrates users who have logged on, or whose accounts have been otherwise modified, within the last 90 days.</li><li>`/uel:1` migrates users whose account has been modified within the last 24 hours.</li><li>`/uel:2020/2/15` migrates users who have logged on or been modified February 15, 2020 or afterwards.</li></ul> <br/>For example: <br/>`ScanState.exe /i:MigApp.xml /i:MigDocs.xml \\server\share\migration\mystore /uel:0` |
+| **/ue**:*&lt;DomainName&gt;*&#92;*&lt;UserName&gt;*<br/>-or-<br/><br/>**/ue**:*&lt;ComputerName&gt;*&#92;*&lt;LocalUserName&gt;* | **(User exclude)**<br/><br/>Excludes the specified users from the migration. You can specify multiple `/ue` options. You can't use this option with the `/all` option. *&lt;DomainName&gt;* and *&lt;UserName&gt;* can contain the asterisk (`*`) wildcard character. When you specify a user name that contains spaces, you need to surround it with quotation marks (`"`).<br/><br/>For example:<br/>`ScanState.exe /i:MigDocs.xml /i:MigApp.xml \\server\share\migration\mystore /ue:contoso\user1` |
 
-## How to Use /ui and /ue
+## How to use /ui and /ue
 
-The following examples apply to both the /**ui** and /**ue** options. You can replace the /**ue** option with the /**ui** option to include, rather than exclude, the specified users.
+The following examples apply to both the `/ui` and `/ue` options. You can replace the `/ue` option with the `/ui` option to include, rather than exclude, the specified users.
 
 |Behavior|Command|
 |--- |--- |
@@ -169,73 +153,73 @@ The following examples apply to both the /**ui** and /**ue** options. You can re
 |Exclude all local users.|`/ue:%computername%\*`|
 |Exclude users in all domains named User1, User2, and so on.|`/ue:*\user*`|
 
-## Using the Options Together
+## Using the options together
 
-You can use the /**uel**, /**ue** and /**ui** options together to migrate only the users that you want migrated.
+You can use the `/uel`, `/ue` and `/ui` options together to migrate only the users that you want migrated.
 
-The /**ui** option has precedence over the /**ue** and /**uel** options. If a user is specified to be included using the /**ui** option, and also specified to be excluded using either the /**ue** or /**uel** options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then User1 will be migrated, because the /**ui** option takes precedence over the /**ue** option.
+The `/ui` option has precedence over the `/ue` and `/uel` options. If a user is specified for inclusion with the `/ui` option and also specified to be excluded with either the `/ue` or `/uel` options, the user will be included in the migration. For example, if you specify `/ui:contoso\* /ue:contoso\user1`, then **User1** will be migrated, because the `/ui` option takes precedence over the `/ue` option.
 
-The /**uel** option takes precedence over the /**ue** option. If a user has logged on within the specified time period set by the /**uel** option, that user’s profile will be migrated even if they are excluded by using the /**ue** option. For example, if you specify `/ue:fixed\user1 /uel:14`, the User1 will be migrated if they have logged on to the computer within the last 14 days.
+The `/uel` option takes precedence over the `/ue` option. If a user has logged on within the specified time period set by the `/uel` option, that user's profile will be migrated even if they're excluded by using the `/ue` option. For example, if you specify `/ue:fixed\user1 /uel:14`, the User1 will be migrated if they've logged on to the computer within the last 14 days.
 
 |Behavior|Command|
 |--- |--- |
 |Include only User2 from the Fabrikam domain and exclude all other users.|`/ue:*\* /ui:fabrikam\user2`|
 |Include only the local user named User1 and exclude all other users.|`/ue:*\* /ui:user1`|
-|Include only the domain users from Contoso, except Contoso\User1.|This behavior cannot be completed using a single command. Instead, to migrate this set of users, you will need to specify the following commands: <ul><li>On the **ScanState** command line, type: `/ue:*\* /ui:contoso\*`</li><li>On the **LoadState** command line, type: `/ue:contoso\user1`</li></ul>|
+|Include only the domain users from Contoso, except Contoso\User1.|This behavior can't be completed using a single command. Instead, to migrate this set of users, you'll need to specify the following commands: <ul><li>On the `ScanState.exe` command line, enter:<br/> `/ue:*\* /ui:contoso\*`<br/></li><li>On the `LoadState.exe` command line, enter:<br/>`/ue:contoso\user1`</li></ul>|
 |Include only local (non-domain) users.|`/ue:*\* /ui:%computername%\*`|
 
-## <a href="" id="bkmk-efs"></a>Encrypted File Options
+## Encrypted file options
 
-You can use the following options to migrate encrypted files. In all cases, by default, USMT fails if an encrypted file is found unless you specify an /**efs** option. To migrate encrypted files, you must change the default behavior.
+You can use the following options to migrate encrypted files. In all cases, by default, USMT fails if an encrypted file is found unless you specify an `/efs` option. To migrate encrypted files, you must change the default behavior.
 
 For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).
 
-> [!NOTE] 
-> EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the /**efs:copyraw** option with the **ScanState** command to migrate the encrypted files
+> [!NOTE]
+> EFS certificates will be migrated automatically when migrating to Windows 7, Windows 8 or Windows 10. Therefore, you should specify the `/efs:copyraw` option with the `ScanState.exe` command to migrate the encrypted files
 
-> [!CAUTION] 
+> [!CAUTION]
 > Take caution when migrating encrypted files. If you migrate an encrypted file without also migrating the certificate, end users will not be able to access the file after the migration.
 
 | Command-Line Option | Explanation |
 |----|----|
-| **/efs:hardlink** | Creates a hard link to the EFS file instead of copying it. Use only with the **/hardlink** and the **/nocompress** options. |
-| **/efs:abort** | Causes the **ScanState** command to fail with an error code, if an Encrypting File System (EFS) file is found on the source computer. Enabled by default. |
-| **/efs:skip** | Causes the **ScanState** command to ignore EFS files. |
-| /**efs:decryptcopy** | Causes the **ScanState** command to decrypt the file, if possible, before saving it to the migration store, and to fail if the file cannot be decrypted. If the **ScanState** command succeeds, the file will be unencrypted in the migration store, and once you run the **LoadState** command, the file will be copied to the destination computer. |
-| **/efs:copyraw** | Causes the **ScanState** command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an **/efs** option. Therefore you should specify the **/efs:copyraw** option with the **ScanState** command to migrate the encrypted file. Then, when you run the **LoadState** command, the encrypted file and the EFS certificate will be automatically migrated.<br/><br/>For example: <br/>`ScanState /i:migdocs.xml /i:migapp.xml \server\share\migration\mystore /efs:copyraw` <div class="alert">**Important** <br/>All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the LoadState tool. For more information, see [Migrate EFS Files and Certificates](usmt-migrate-efs-files-and-certificates.md).</div>|
+| **/efs:hardlink** | Creates a hard link to the EFS file instead of copying it. Use only with the `/hardlink` and the `/nocompress` options. |
+| **/efs:abort** | Causes the `ScanState.exe` command to fail with an error code, if an Encrypting File System (EFS) file is found on the source computer. Enabled by default. |
+| **/efs:skip** | Causes the `ScanState.exe` command to ignore EFS files. |
+| **/efs:decryptcopy** | Causes the `ScanState.exe` command to decrypt the file, if possible, before saving it to the migration store, and to fail if the file can't be decrypted. If the `ScanState.exe` command succeeds, the file will be unencrypted in the migration store, and once you run the `LoadState.exe` command, the file will be copied to the destination computer. |
+| **/efs:copyraw** | Causes the `ScanState.exe` command to copy the files in the encrypted format. The files will be inaccessible on the destination computer until the EFS certificates are migrated. EFS certificates will be automatically migrated; however, by default USMT fails if an encrypted file is found, unless you specify an `/efs` option. Therefore you should specify the `/efs:copyraw` option with the `ScanState.exe` command to migrate the encrypted file. Then, when you run the `LoadState.exe` command, the encrypted file and the EFS certificate will be automatically migrated.<br/><br/>For example: <br/>`ScanState.exe /i:MigDocs.xml /i:MigApp.xml \server\share\migration\mystore /efs:copyraw` <div class="alert">**Important** <br/>All files must be encrypted if the parent folder is encrypted. If the encryption attribute on a file inside an encrypted folder has been removed, the file will be encrypted during the migration using the credentials of the account used to run the **LoadState** tool. For more information, see [Migrate EFS files and certificates](usmt-migrate-efs-files-and-certificates.md).</div>|
 
-## <a href="" id="bkmk-iclo"></a>Incompatible Command-Line Options
+## Incompatible command-line options
 
-The following table indicates which command-line options are not compatible with the **ScanState** command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options are not compatible. For example, you cannot use the **/nocompress** option with the **/encrypt** option.
+The following table indicates which command-line options aren't compatible with the `ScanState.exe` command. If the table entry for a particular combination is blank, the options are compatible and you can use them together. The X symbol means that the options aren't compatible. For example, you can't use the `/nocompress` option with the `/encrypt` option.
 
 |Command-Line Option|/keyfile|/nocompress|/genconfig|/all|
 |--- |--- |--- |--- |--- |
 |**/i**|||||
 |**/o**|||||
 |**/v**|||||
-|/**nocompress**||||N/A|
-|/**localonly**|||X||
-|/**key**|X||X||
-|/**encrypt**|Required*|X|X||
-|/**keyfile**|N/A||X||
-|/**l**|||||
-|/**progress**|||X||
-|/**r**|||X||
-|/**w**|||X||
-|/**c**|||X||
-|/**p**|||X|N/A|
-|/**all**|||X||
-|/**ui**|||X|X|
-|/**ue**|||X|X|
-|/**uel**|||X|X|
-|/**efs**:*&lt;option&gt;*|||X||
-|/**genconfig**|||N/A||
-|/**config**|||X||
+|**/nocompress**||||N/A|
+|**/localonly**|||X||
+|**/key**|X||X||
+|**/encrypt**|Required*|X|X||
+|**/keyfile**|N/A||X||
+|**/l**|||||
+|**/progress**|||X||
+|**/r**|||X||
+|**/w**|||X||
+|**/c**|||X||
+|**/p**|||X|N/A|
+|**/all**|||X||
+|**/ui**|||X|X|
+|**/ue**|||X|X|
+|**/uel**|||X|X|
+|**/efs**:*&lt;option&gt;*|||X||
+|**/genconfig**|||N/A||
+|**/config**|||X||
 |*&lt;StorePath&gt;*|||X||
 
-> [!NOTE] 
-> You must specify either the /**key** or /**keyfile** option with the /**encrypt** option.
+> [!NOTE]
+> You must specify either the `/key` or `/keyfile` option with the `/encrypt` option.
 
-## Related topics
+## Related articles
 
 [XML Elements Library](usmt-xml-elements-library.md)
diff --git a/windows/deployment/usmt/usmt-technical-reference.md b/windows/deployment/usmt/usmt-technical-reference.md
index e28e3bc9ca..2504eabb75 100644
--- a/windows/deployment/usmt/usmt-technical-reference.md
+++ b/windows/deployment/usmt/usmt-technical-reference.md
@@ -2,52 +2,53 @@
 title: User State Migration Tool (USMT) Technical Reference (Windows 10)
 description: The User State Migration Tool (USMT) provides a highly customizable user-profile migration experience for IT professionals.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.technology: itpro-deploy
 ---
 
-# User State Migration Tool (USMT) Technical Reference
-The User State Migration Tool (USMT) is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
+# User State Migration Tool (USMT) technical reference
 
-Download the Windows ADK [from this website](/windows-hardware/get-started/adk-install).
+The User State Migration Tool (USMT) is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals.
 
-**USMT support for Microsoft Office**
->USMT in the Windows ADK for Windows 10, version 1511 (10.1.10586.0) supports migration of user settings for installations of Microsoft Office 2003, 2007, 2010, and 2013.<BR>
->USMT in the Windows ADK for Windows 10, version 1607 (10.1.14393.0) adds support for migration of user settings for installations of Microsoft Office 2016.
+Download the Windows ADK [from this website](/windows-hardware/get-started/adk-install).
+
+## USMT support for Microsoft Office
+
+- USMT in the Windows ADK for Windows 10, version 1511 (10.1.10586.0) supports migration of user settings for installations of Microsoft Office 2003, 2007, 2010, and 2013.
+
+- USMT in the Windows ADK for Windows 10, version 1607 (10.1.14393.0) adds support for migration of user settings for installations of Microsoft Office 2016.
 
 USMT includes three command-line tools:
 
--   ScanState.exe<BR>
--   LoadState.exe<BR>
--   UsmtUtils.exe
+- ScanState.exe
+- LoadState.exe
+- UsmtUtils.exe
 
 USMT also includes a set of three modifiable .xml files:
 
--   MigApp.xml<BR>
--   MigDocs.xml<BR>
--   MigUser.xml
+- MigApp.xml
+- MigDocs.xml
+- MigUser.xml
 
-Additionally, you can create custom .xml files to support your migration needs. You can also create a Config.xml file to specify files or settings to exclude from the migration.
+Additionally, you can create custom .xml files to support your migration needs. You can also create a `Config.xml` file to specify files or settings to exclude from the migration.
 
-USMT tools can be used on several versions of Windows operating systems, for more information, see [USMT Requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) 4.0 User's Guide](/previous-versions/windows/server/dd560801(v=ws.10)).
+USMT tools can be used on several versions of Windows operating systems, for more information, see [USMT requirements](usmt-requirements.md). For more information about previous releases of the USMT tools, see [User State Migration Tool (USMT) overview](/previous-versions/windows/hh825227(v=win.10)).
 
 ## In this section
-|Topic |Description|
-|------|-----------|
-|[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)|Describes what's new in USMT, how to get started with USMT, and the benefits and limitations of using USMT.|
-|[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)|Includes step-by-step instructions for using USMT, as well as how-to topics for conducting tasks in USMT.|
-|[User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)|Provides answers to frequently asked questions and common issues in USMT, as well as a reference for return codes used in USMT.|
-|[User State Migration Toolkit (USMT) Reference](usmt-reference.md)|Includes reference information for migration planning, migration best practices, command-line syntax, using XML, and requirements for using USMT.|
 
-## Related topics
+| Link | Description |
+|------ |----------- |
+|[User State Migration Tool (USMT) overview topics](usmt-topics.md)|Describes what's new in USMT, how to get started with USMT, and the benefits and limitations of using USMT.|
+|[User State Migration Tool (USMT) how-to topics](usmt-how-to.md)|Includes step-by-step instructions for using USMT and how-to topics for conducting tasks in USMT.|
+|[User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md)|Provides answers to frequently asked questions and common issues in USMT and a reference for return codes used in USMT.|
+|[User State Migration Toolkit (USMT) reference](usmt-reference.md)|Includes reference information for migration planning, migration best practices, command-line syntax, using XML, and requirements for using USMT.|
+
+## Related articles
+
 - [Windows Assessment and Deployment Kit](/previous-versions/windows/it-pro/windows-8.1-and-8/dn247001(v=win.10))
-
- 
-
- 
diff --git a/windows/deployment/usmt/usmt-test-your-migration.md b/windows/deployment/usmt/usmt-test-your-migration.md
index 6406cfc2c4..19bd789bda 100644
--- a/windows/deployment/usmt/usmt-test-your-migration.md
+++ b/windows/deployment/usmt/usmt-test-your-migration.md
@@ -2,41 +2,35 @@
 title: Test Your Migration (Windows 10)
 description: Learn about testing your migration plan in a controlled laboratory setting before you deploy it to your entire organization.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Test Your Migration
+# Test your migration
 
+Always test your migration plan in a controlled laboratory setting before you deploy it to your entire organization. In your test environment, you need at least one computer for each type of operating system from which you're migrating data.
 
-Always test your migration plan in a controlled laboratory setting before you deploy it to your entire organization. In your test environment, you need at least one computer for each type of operating system from which you are migrating data.
+After you've thoroughly tested the entire migration process on a single computer running each of your source operating systems, conduct a pilot migration with a small group of users. After migrating a few typical user states to the intermediate store, note the space required and adjust your initial calculations accordingly. For details about estimating the space needed for your migration, see [Estimate migration store size](usmt-estimate-migration-store-size.md). You might also need to adjust the registry-setting and file-location information in your migration-rule files. If you make changes, test the migration again. Then verify that all data and settings have migrated as expected. A pilot migration also gives you an opportunity to test your space estimates for the intermediate store.
 
-After you have thoroughly tested the entire migration process on a single computer running each of your source operating systems, conduct a pilot migration with a small group of users. After migrating a few typical user states to the intermediate store, note the space required and adjust your initial calculations accordingly. For details about estimating the space needed for your migration, see [Estimate Migration Store Size](usmt-estimate-migration-store-size.md). You might also need to adjust the registry-setting and file-location information in your migration-rule files. If you make changes, test the migration again. Then verify that all data and settings have migrated as expected. A pilot migration also gives you an opportunity to test your space estimates for the intermediate store.
+If your test migration encounters any errors, examine the **ScanState** and **LoadState** logs to obtain the exact User State Migration Tool (USMT) 10.0 return code and associated error messages or Windows application programming interface (API) error message. For more information about USMT return codes and error messages, see [Return codes](usmt-return-codes.md). You can obtain more information about any listed **Windows** system error codes by typing in a command prompt window `net.exe helpmsg <error_number>`  where *<error_number>* is the error code number generated by the error message. For more information about System Error Codes, see [System Error Codes (0-499)](/windows/win32/debug/system-error-codes--0-499-).
 
-If your test migration encounters any errors, examine the ScanState and LoadState logs to obtain the exact User State Migration Tool (USMT) 10.0 return code and associated error messages or Windows application programming interface (API) error message. For more information about USMT return codes and error messages, see [Return Codes](usmt-return-codes.md). You can also obtain more information about a Windows API error message by typing **net helpmsg** and the error message number on the command line.
+In most cases, the **ScanState** and **LoadState** logs indicate why a USMT migration is failing. We recommend that you use the `/v:5` option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger.
 
-In most cases, the ScanState and LoadState logs indicate why a USMT migration is failing. We recommend that you use the **/v**<em>:5</em> option when testing your migration. This verbosity level can be adjusted in a production migration. Reducing the verbosity level might make it more difficult to diagnose failures that are encountered during production migrations. You can use a higher verbosity level if you want the log files output to go to a debugger.
+> [!NOTE]
+> Running the **ScanState** and **LoadState** tools with the `/v:5` option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred.
 
-**Note**  
-Running the ScanState and LoadState tools with the **/v**<em>:5</em> option creates a detailed log file. Although this option makes the log file large, it is helpful in determining where migration errors occurred.
+After you've determined that the pilot migration successfully migrated the specified files and settings, you're ready to add USMT to the server that is running Microsoft Configuration Manager, or a non-Microsoft management technology. For more information, see [Manage user state in Configuration Manager](/configmgr/osd/get-started/manage-user-state).
 
- 
+> [!NOTE]
+> For testing purposes, you can create an uncompressed store using the `/hardlink /nocompress` option. When compression is disabled, the **ScanState** tool saves the files and settings to a hidden folder named **File** at `<StorePath>\USMT`. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the `/listfiles` command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration.
 
-After you have determined that the pilot migration successfully migrated the specified files and settings, you are ready to add USMT to the server that is running Microsoft Endpoint Configuration Manager, or a non-Microsoft management technology. For more information, see [Manage user state in Configuration Manager](/configmgr/osd/get-started/manage-user-state).
+## Related articles
 
-**Note**  
-For testing purposes, you can create an uncompressed store using the **/hardlink /nocompress** option. When compression is disabled, the ScanState tool saves the files and settings to a hidden folder named "File" at *StorePath*\\USMT. You can use the uncompressed store to view what USMT has stored or to troubleshoot a problem, or you can run an antivirus utility against the files. Additionally, you can also use the **/listfiles** command-line option and the diagnostic log to list the files that were gathered and to troubleshoot problems with your migration.
+[Plan your migration](usmt-plan-your-migration.md)
 
- 
-
-## Related topics
-
-
-[Plan Your Migration](usmt-plan-your-migration.md)
-
-[Log Files](usmt-log-files.md)
+[Log files](usmt-log-files.md)
diff --git a/windows/deployment/usmt/usmt-topics.md b/windows/deployment/usmt/usmt-topics.md
index e3a456a033..755df2c928 100644
--- a/windows/deployment/usmt/usmt-topics.md
+++ b/windows/deployment/usmt/usmt-topics.md
@@ -1,28 +1,30 @@
 ---
 title: User State Migration Tool (USMT) Overview Topics (Windows 10)
-description: Learn about User State Migration Tool (USMT) overview topics that describe USMT as a highly customizable user-profile migration experience for IT professionals.
+description: Learn about User State Migration Tool (USMT) overview articles that describe USMT as a highly customizable user-profile migration experience for IT professionals.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# User State Migration Tool (USMT) Overview Topics
-The User State Migration Tool (USMT) 10.0 provides a highly customizable user-profile migration experience for IT professionals. USMT includes three command-line tools: ScanState.exe, LoadState.exe, and UsmtUtils.exe. USMT also includes a set of three modifiable .xml files: MigApp.xml, MigDocs.xml, and MigUser.xml. Additionally, you can create custom .xml files to support your migration needs. You can also create a Config.xml file to specify files or settings to exclude from the migration.
+# User State Migration Tool (USMT) overview topics
 
-## In This Section
+The User State Migration Tool (USMT) 10.0 provides a highly customizable user-profile migration experience for IT professionals. USMT includes three command-line tools: `ScanState.exe`, `LoadState.exe`, and `UsmtUtils.exe`. USMT also includes a set of three modifiable .xml files: `MigApp.xml`, `MigDocs.xml`, and `MigUser.xml`. Additionally, you can create custom .xml files to support your migration needs. You can also create a `Config.xml` file to specify files or settings to exclude from the migration.
 
-|Topic |Description|
-|------|-----------|
-|[User State Migration Tool (USMT) Overview](usmt-overview.md)|Describes the benefits and limitations of using USMT.|
-|[Getting Started with the User State Migration Tool (USMT)](getting-started-with-the-user-state-migration-tool.md)|Describes the general process to follow to migrate files and settings, and provides links to more information.|
-|[Windows Upgrade and Migration Considerations](../upgrade/windows-upgrade-and-migration-considerations.md)|Discusses the Microsoft® tools you can use to move files and settings between installations, as well as special considerations for performing an upgrade or migration.|
+## In this section
 
-## Related topics
-- [User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
-- [User State Migration Tool (USMT) Troubleshooting](usmt-troubleshooting.md)
-- [User State Migration Toolkit (USMT) Reference](usmt-reference.md)
+| Link | Description |
+|------ |----------- |
+|[User State Migration Tool (USMT) overview](usmt-overview.md)|Describes the benefits and limitations of using USMT.|
+|[Getting started with the User State Migration Tool (USMT)](getting-started-with-the-user-state-migration-tool.md)|Describes the general process to follow to migrate files and settings, and provides links to more information.|
+|[Windows upgrade and migration considerations](../upgrade/windows-upgrade-and-migration-considerations.md)|Discusses the Microsoft® tools you can use to move files and settings between installations and special considerations for performing an upgrade or migration.|
+
+## Related articles
+
+- [User State Migration Tool (USMT) how-to topics](usmt-how-to.md)
+- [User State Migration Tool (USMT) troubleshooting](usmt-troubleshooting.md)
+- [User State Migration Toolkit (USMT) reference](usmt-reference.md)
diff --git a/windows/deployment/usmt/usmt-troubleshooting.md b/windows/deployment/usmt/usmt-troubleshooting.md
index e3b1162419..e215207ede 100644
--- a/windows/deployment/usmt/usmt-troubleshooting.md
+++ b/windows/deployment/usmt/usmt-troubleshooting.md
@@ -1,21 +1,21 @@
 ---
 title: User State Migration Tool (USMT) Troubleshooting (Windows 10)
-description: Learn about topics that address common User State Migration Tool (USMT) 10.0 issues and questions to assist in troubleshooting.
+description: Learn about topics that address common User State Migration Tool (USMT) 10.0 issues and questions to help troubleshooting.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# User State Migration Tool (USMT) Troubleshooting
+# User State Migration Tool (USMT) troubleshooting
 
-The following table describes topics that address common User State Migration Tool (USMT) 10.0 issues and questions. These topics describe tools that you can use to troubleshoot issues that arise during your migration.
+The following table describes articles that address common User State Migration Tool (USMT) 10.0 issues and questions. These articles describe tools that you can use to troubleshoot issues that arise during your migration.
 
-## In This Section
+## In this section
 
 | Link | Description |
 |--- |--- |
@@ -25,12 +25,12 @@ The following table describes topics that address common User State Migration To
 |[Return Codes](usmt-return-codes.md)|Learn how to use return codes to identify problems in USMT.|
 |[USMT Resources](usmt-resources.md)|Find more information and support for using USMT.|
 
-## Related topics
+## Related articles
 
-[USMT Best Practices](usmt-best-practices.md)
+[USMT best practices](usmt-best-practices.md)
 
-[User State Migration Tool (USMT) Overview Topics](usmt-topics.md)
+[User State Migration Tool (USMT) overview topics](usmt-topics.md)
 
-[User State Migration Tool (USMT) How-to topics](usmt-how-to.md)
+[User State Migration Tool (USMT) how-to topics](usmt-how-to.md)
 
-[User State Migration Toolkit (USMT) Reference](usmt-reference.md)
+[User State Migration Toolkit (USMT) reference](usmt-reference.md)
diff --git a/windows/deployment/usmt/usmt-utilities.md b/windows/deployment/usmt/usmt-utilities.md
index feac03f881..9568ca5337 100644
--- a/windows/deployment/usmt/usmt-utilities.md
+++ b/windows/deployment/usmt/usmt-utilities.md
@@ -1,109 +1,100 @@
 ---
 title: UsmtUtils Syntax (Windows 10)
-description: Learn about the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface.
+description: Learn about the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # UsmtUtils Syntax
 
-This topic describes the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. These utilities:
+This article describes the syntax for the utilities available in User State Migration Tool (USMT) 10.0 through the command-line interface. These utilities:
 
--   Improve your ability to determine cryptographic options for your migration.
+- Improve your ability to determine cryptographic options for your migration.
 
--   Assist in removing hard-link stores that cannot otherwise be deleted due to a sharing lock.
+- Help removing hard-link stores that can't otherwise be deleted due to a sharing lock.
 
--   Verify whether the catalog file or any of the other files in the compressed migration store have become corrupted.
+- Verify whether the catalog file or any of the other files in the compressed migration store have become corrupted.
 
--   Extract files from the compressed migration store when you migrate files and settings to the destination computer.
+- Extract files from the compressed migration store when you migrate files and settings to the destination computer.
 
-## In This Topic
+## UsmtUtils.exe
 
-[Usmtutils.exe](#bkmk-usmtutils-exe)
+The following table lists command-line options for `UsmtUtils.exe`. The sections that follow provide further command-line options for the `/verify` and the `/extract` options.
 
-[Verify Options](#bkmk-verifyoptions)
+The syntax for `UsmtUtils.exe` is:
 
-[Extract Options](#bkmk-extractoptions)
-
-## <a href="" id="bkmk-usmtutils-exe"></a>Usmtutils.exe
-
-The following table lists command-line options for USMTutils.exe. The sections that follow provide further command-line options for the **/verify** and the **/extract** options.
-
-The syntax for UsmtUtils.exe is:
-
-usmtutils \[/ec | /rd *&lt;storeDir&gt;* | /verify *&lt;filepath&gt;* \[options\] | /extract *&lt;filepath&gt;* *&lt;destinationPath&gt;* \[options\]\]
+> UsmtUtils.exe \[/ec | /rd *&lt;storeDir&gt;* | /verify *&lt;filepath&gt;* \[options\] | /extract *&lt;filepath&gt;* *&lt;destinationPath&gt;* \[options\]\]
 
 |Command-line Option|Description|
 |--- |--- |
-|**/ec**|Returns a list of supported cryptographic algorithms (AlgIDs) on the current system. You can use this on a destination computer to determine which algorithm to use with the **/encrypt** command before you run the ScanState tool on the source computer.|
-|**/rd** *&lt;storeDir&gt;* |Removes the directory path specified by the *&lt;storeDir&gt;* argument on the computer. You can use this command to delete hard-link migration stores that cannot otherwise be deleted at a command prompt due to a sharing lock. If the migration store spans multiple volumes on a given drive, it will be deleted from all of these volumes. <br/><br/>For example:<br/>`usmtutils /rd D:\MyHardLinkStore`|
-|**/y**|Overrides the accept deletions prompt when used with the **/rd** option. When you use the **/y** option with the **/rd** option, you will not be prompted to accept the deletions before USMT deletes the directories.|
-|**/verify**|Returns information on whether the compressed migration store is intact or whether it contains corrupted files or a corrupted catalog. <br/><br/>See [Verify Options](#bkmk-verifyoptions) for syntax and options to use with **/verify**.|
-|**/extract**|Recovers files from a compressed USMT migration store. <br/><br/>See [Extract Options](#bkmk-extractoptions) for syntax and options to use with **/extract**.|
+|**/ec**|Returns a list of supported cryptographic algorithms (AlgIDs) on the current system. You can use this option on a destination computer to determine which algorithm to use with the `/encrypt` command before you run the **ScanState** tool on the source computer.|
+|**/rd** *&lt;storeDir&gt;* |Removes the directory path specified by the *&lt;storeDir&gt;* argument on the computer. You can use this command to delete hard-link migration stores that can't otherwise be deleted at a command prompt due to a sharing lock. If the migration store spans multiple volumes on a given drive, it will be deleted from all of these volumes. <br/><br/>For example:<br/>`UsmtUtils.exe /rd D:\MyHardLinkStore`|
+|**/y**|Overrides the accept deletions prompt when used with the `/rd` option. When you use the `/y` option with the `/rd` option, you won't be prompted to accept the deletions before USMT deletes the directories.|
+|**/verify**|Returns information on whether the compressed migration store is intact or whether it contains corrupted files or a corrupted catalog. <br/><br/>See [Verify options](#verify-options) for syntax and options to use with `/verify`.|
+|**/extract**|Recovers files from a compressed USMT migration store. <br/><br/>See [Extract options](#extract-options) for syntax and options to use with `/extract`.|
 
-## <a href="" id="bkmk-verifyoptions"></a>Verify Options
+## Verify options
 
-Use the **/verify** option when you want to determine whether a compressed migration store is intact or whether it contains corrupted files or a corrupted catalog. For more information on how to use the **/verify** option, see [Verify the Condition of a Compressed Migration Store](verify-the-condition-of-a-compressed-migration-store.md).
+Use the `/verify` option when you want to determine whether a compressed migration store is intact or whether it contains corrupted files or a corrupted catalog. For more information on how to use the `/verify` option, see [Verify the condition of a compressed migration store](verify-the-condition-of-a-compressed-migration-store.md).
 
-The syntax for **/verify** is:
+The syntax for `/verify` is:
 
-usmtutils /verify\[:*&lt;reportType&gt;*\] *&lt;filePath&gt;* \[/l:*&lt;logfile&gt;*\] \[/v:*VerbosityLevel*\] \[/decrypt \[:*&lt;AlgID&gt;*\] {/key:*&lt;keystring&gt;* | /keyfile:*&lt;filename&gt;*}\]
+> UsmtUtils.exe /verify\[:*&lt;reportType&gt;*\] *&lt;filePath&gt;* \[/l:*&lt;logfile&gt;*\] \[/v:*VerbosityLevel*\] \[/decrypt \[:*&lt;AlgID&gt;*\] {/key:*&lt;keystring&gt;* | /keyfile:*&lt;filename&gt;*}\]
 
 | Command-line Option | Description |
 |-----|--------|
-| *&lt;reportType&gt;* | Specifies whether to report on all files, corrupted files only, or the status of the catalog. <ul><li>**Summary**. Returns both the number of files that are intact and the number of files that are corrupted in the migration store. If no algorithm is specified, the summary report is displayed as a default.</li><li>**all**. Returns a tab-delimited list of all of the files in the compressed migration store and the status for each file. Each line contains the file name followed by a tab spacing, and either “CORRUPTED” or “OK” depending on the status of the file. The last entry reports the corruption status of the &quot;CATALOG&quot; of the store. A catalog file contains metadata for all files in a migration store. The LoadState tool requires a valid catalog file in order to open the migration store. Returns &quot;OK&quot; if the catalog file is intact and LoadState can open the migration store and &quot;CORRUPTED&quot; if the migration store is corrupted.</li><li>**failureonly**. Returns a tab-delimited list of only the files that are corrupted in the compressed migration store.</li><li>**Catalog**. Returns only the status of the catalog file.</li></ul> |
+| *&lt;reportType&gt;* | Specifies whether to report on all files, corrupted files only, or the status of the catalog. <ul><li>**Summary**. Returns both the number of files that are intact and the number of files that are corrupted in the migration store. If no algorithm is specified, the summary report is displayed as a default.</li><li>**all**. Returns a tab-delimited list of all of the files in the compressed migration store and the status for each file. Each line contains the file name followed by a tab spacing, and either **CORRUPTED** or **OK** depending on the status of the file. The last entry reports the corruption status of the **CATALOG** of the store. A catalog file contains metadata for all files in a migration store. The **LoadState** tool requires a valid catalog file in order to open the migration store. Returns &quot;OK&quot; if the catalog file is intact and **LoadState** can open the migration store and &quot;CORRUPTED&quot; if the migration store is corrupted.</li><li>**failureonly**. Returns a tab-delimited list of only the files that are corrupted in the compressed migration store.</li><li>**Catalog**. Returns only the status of the catalog file.</li></ul> |
 | **/l:** <br/>*&lt;logfilePath&gt;* | Specifies the location and name of the log file. |
-| **/v:** *&lt;VerbosityLevel&gt;* | **(Verbosity)**<br/><br/>Enables verbose output in the UsmtUtils log file. The default value is 0.<br/><br/>You can set the *VerbosityLevel* to one of the following levels:<br/><ul><li>**0** - Only the default errors and warnings are enabled.</li><li>**1** - Enables verbose output.</li><li>**4** - Enables error and status output.</li><li>**5** - Enables verbose and status output.</li><li>**8** - Enables error output to a debugger.</li><li>**9** - Enables verbose output to a debugger.</li><li>**12** - Enables error and status output to a debugger.</li><li>**13** - Enables verbose, status, and debugger output.</li></ul> |
-| **/decrypt** *&lt;AlgID&gt;* **/**:*&lt;KeyString&gt;*<br/>or<br/>**/decrypt** *&lt;AlgID&gt;* **/**:*&lt;“Key String”&gt;*<br/>or<br/>**/decrypt:** *&lt;AlgID&gt;* **/keyfile**:*&lt;FileName&gt;* | Specifies that the **/encrypt** option was used to create the migration store with the ScanState tool. To decrypt the migration store, specify a **/key** or **/keyfile** option as follows:<br/><ul><li>*&lt;AlgID&gt;* specifies the cryptographic algorithm that was used to create the migration store on the ScanState command line. If no algorithm is specified, ScanState and UsmtUtils use the 3DES algorithm as a default.<br/>*&lt;AlgID&gt;* valid values include: AES_128, AES_192, AES_256, 3DES, or 3DES_112.</li><li>**/key:** *&lt;KeyString&gt;* specifies the encryption key. If there is a space in *&lt;KeyString&gt;*, you must surround the argument with quotation marks.</li><li>**/keyfile**: *&lt;FileName&gt;* specifies the location and name of a text (.txt) file that contains the encryption key.</li></ul><br/>For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md) |
+| **/v:** *&lt;VerbosityLevel&gt;* | **(Verbosity)**<br/><br/>Enables verbose output in the **UsmtUtils** log file. The default value is 0.<br/><br/>You can set the *VerbosityLevel* to one of the following levels:<br/><ul><li>**0** - Only the default errors and warnings are enabled.</li><li>**1** - Enables verbose output.</li><li>**4** - Enables error and status output.</li><li>**5** - Enables verbose and status output.</li><li>**8** - Enables error output to a debugger.</li><li>**9** - Enables verbose output to a debugger.</li><li>**12** - Enables error and status output to a debugger.</li><li>**13** - Enables verbose, status, and debugger output.</li></ul> |
+| **/decrypt** *&lt;AlgID&gt;* **/**:*&lt;KeyString&gt;*<br/>or<br/>**/decrypt** *&lt;AlgID&gt;* **/**:*&lt;"Key String"&gt;*<br/>or<br/>**/decrypt:** *&lt;AlgID&gt;* **/keyfile**:*&lt;FileName&gt;* | Specifies that the `/encrypt` option was used to create the migration store with the **ScanState** tool. To decrypt the migration store, specify a `/key` or `/keyfile` option as follows:<br/><ul><li>*&lt;AlgID&gt;* specifies the cryptographic algorithm that was used to create the migration store on the `ScanState.exe` command line. If no algorithm is specified, **ScanState** and **UsmtUtils** use the 3DES algorithm as a default.<br/>*&lt;AlgID&gt;* valid values include: `AES_128`, `AES_192`, `AES_256`, `3DES`, or `3DES_112`.</li><li> `/key:` *&lt;KeyString&gt;* specifies the encryption key. If there's a space in *&lt;KeyString&gt;*, you must surround the argument with quotation marks.</li><li> `/keyfile`: *&lt;FileName&gt;* specifies the location and name of a text (.txt) file that contains the encryption key.</li></ul><br/>For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md) |
 
-Some examples of **/verify** commands:
+Some examples of `/verify` commands:
 
--   `usmtutils /verify D:\MyMigrationStore\store.mig`
+- `UsmtUtils.exe /verify D:\MyMigrationStore\store.mig`
 
--   `usmtutils /verify:catalog D:\MyMigrationStore\store.mig`
+- `UsmtUtils.exe /verify:catalog D:\MyMigrationStore\store.mig`
 
--   `usmtutils /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt`
+- `UsmtUtils.exe /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt`
 
--   `usmtutils /verify:failureonly D:\MyMigrationStore\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt`
+- `UsmtUtils.exe /verify:failureonly D:\MyMigrationStore\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt`
 
-## <a href="" id="bkmk-extractoptions"></a>Extract Options
+## Extract options
 
+Use the `/extract` option to recover files from a compressed USMT migration store if it will not restore normally with **LoadState**. For more information on how to use the `/extract` option, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md).
 
-Use the **/extract** option to recover files from a compressed USMT migration store if it will not restore normally with loadstate. For more information on how to use the **/extract** option, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).
+The syntax for `/extract` is:
 
-The syntax for **/extract** is:
-
-/extract *&lt;filePath&gt;* *&lt;destinationPath&gt;* \[/i:*&lt;includePattern&gt;*\] \[/e: *&lt;excludePattern&gt;*\] \[/l: *&lt;logfile&gt;*\] \[/v: *VerbosityLevel&gt;*\] \[/decrypt\[:*&lt;AlgID&gt;*\] {key: *&lt;keystring&gt;* | /keyfile: *&lt;filename&gt;*}\] \[/o\]
+> /extract *&lt;filePath&gt;* *&lt;destinationPath&gt;* \[/i:*&lt;includePattern&gt;*\] \[/e: *&lt;excludePattern&gt;*\] \[/l: *&lt;logfile&gt;*\] \[/v: *VerbosityLevel&gt;*\] \[/decrypt\[:*&lt;AlgID&gt;*\] {key: *&lt;keystring&gt;* | /keyfile: *&lt;filename&gt;*}\] \[/o\]
 
 | Command-line Option | Description |
 |-------|-----|
 | *&lt;filePath&gt;* | Path to the USMT migration store. <br/><br/>For example:<br/>`D:\MyMigrationStore\USMT\store.mig` |
 | *&lt;destinationPath&gt;* | Path to the folder where the tool puts the individual files. |
-| **/i**:*&lt;includePattern&gt;* | Specifies a pattern for files to include in the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use **/i**: *&lt;includePattern&gt;* and **/e**: *&lt;excludePattern&gt;* options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns. |
-| **/e**:*&lt;excludePattern&gt;* | Specifies a pattern for files to omit from the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use **/i**: *&lt;includePattern&gt;* and **/e**: *&lt;excludePattern&gt;* options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns. |
+| **/i**:*&lt;includePattern&gt;* | Specifies a pattern for files to include in the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use `/i`: *&lt;includePattern&gt;* and `/e`: *&lt;excludePattern&gt;* options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns. |
+| **/e**:*&lt;excludePattern&gt;* | Specifies a pattern for files to omit from the extraction. You can specify more than one pattern. Separate patterns with a comma or a semicolon. You can use `/i`: *&lt;includePattern&gt;* and `/e`: *&lt;excludePattern&gt;* options in the same command. When both include and exclude patterns are used on the command line, include patterns take precedence over exclude patterns. |
 | **/l**:*&lt;logfilePath&gt;* | Specifies the location and name of the log file. |
-| **/v:***&lt;VerbosityLevel&gt;* | **(Verbosity)**<br/><br/>Enables verbose output in the UsmtUtils log file. The default value is 0.<br/><br/>You can set the *VerbosityLevel* to one of the following levels:<br/><ul><li>**0** - Only the default errors and warnings are enabled.</li><li>**1** - Enables verbose output.</li><li>**4** - Enables error and status output.</li><li>**5** - Enables verbose and status output.</li><li>**8** - Enables error output to a debugger.</li><li>**9** - Enables verbose output to a debugger.</li><li>**12** - Enables error and status output to a debugger.</li><li>**13** - Enables verbose, status, and debugger output.</li></ul> |
-| **/decrypt***&lt;AlgID&gt;***/key**:*&lt;KeyString&gt;*<br/>or<br/>**/decrypt***&lt;AlgID&gt;***/**:*&lt;“Key String”&gt;*<br/>or<br/>**/decrypt:***&lt;AlgID&gt;***/keyfile**:*&lt;FileName&gt;* | Specifies that the **/encrypt** option was used to create the migration store with the ScanState tool. To decrypt the migration store, you must also specify a **/key** or **/keyfile** option as follows:<br/><ul><li>*&lt;AlgID&gt;* specifies the cryptographic algorithm that was used to create the migration store on the ScanState command line. If no algorithm is specified, ScanState and UsmtUtils use the 3DES algorithm as a default.<br/>*&lt;AlgID&gt;* valid values include: AES_128, AES_192, AES_256, 3DES, or 3DES_112.</li><li>**/key**: *&lt;KeyString&gt;* specifies the encryption key. If there is a space in *&lt;KeyString&gt;*, you must surround the argument with quotation marks.</li><li>**/keyfile**:*&lt;FileName&gt;* specifies a text (.txt) file that contains the encryption key</li></ul><br/>For more information about supported encryption algorithms, see [Migration Store Encryption](usmt-migration-store-encryption.md). |
+| **/v:***&lt;VerbosityLevel&gt;* | **(Verbosity)**<br/><br/>Enables verbose output in the **UsmtUtils** log file. The default value is 0.<br/><br/>You can set the *VerbosityLevel* to one of the following levels:<br/><ul><li>**0** - Only the default errors and warnings are enabled.</li><li>**1** - Enables verbose output.</li><li>**4** - Enables error and status output.</li><li>**5** - Enables verbose and status output.</li><li>**8** - Enables error output to a debugger.</li><li>**9** - Enables verbose output to a debugger.</li><li>**12** - Enables error and status output to a debugger.</li><li>**13** - Enables verbose, status, and debugger output.</li></ul> |
+| **/decrypt***&lt;AlgID&gt;***/key**:*&lt;KeyString&gt;*<br/>or<br/>**/decrypt***&lt;AlgID&gt;***/**:*&lt;"Key String"&gt;*<br/>or<br/>**/decrypt:***&lt;AlgID&gt;***/keyfile**:*&lt;FileName&gt;* | Specifies that the `/encrypt` option was used to create the migration store with the **ScanState** tool. To decrypt the migration store, you must also specify the `/key` or `/keyfile` option as follows:<br/><ul><li>*&lt;AlgID&gt;* specifies the cryptographic algorithm that was used to create the migration store on the `ScanState.exe` command line. If no algorithm is specified, **ScanState** and **UsmtUtils** use the 3DES algorithm as a default.<br/>*&lt;AlgID&gt;* valid values include: `AES_128`, `AES_192`, `AES_256`, `3DES`, or `3DES_112`.</li><li>`/key`: *&lt;KeyString&gt;* specifies the encryption key. If there's a space in *&lt;KeyString&gt;*, you must surround the argument with quotation marks.</li><li>`/keyfile`:*&lt;FileName&gt;* specifies a text (.txt) file that contains the encryption key</li></ul><br/>For more information about supported encryption algorithms, see [Migration store encryption](usmt-migration-store-encryption.md). |
 | **/o** | Overwrites existing output files. |
 
-Some examples of **/extract** commands:
+Some examples of `/extract` commands:
 
--   `usmtutils /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore`
+- `UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig C:\ExtractedStore`
 
--   `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt, *.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt`
+- `UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:"*.txt, *.pdf" C:\ExtractedStore /decrypt /keyfile:D:\encryptionKey.txt`
 
--   `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtlog.txt`
+- `UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /e:*.exe C:\ExtractedStore /decrypt:AES_128 /key:password /l:C:\usmtlog.txt`
 
--   `usmtutils /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o`
+- `UsmtUtils.exe /extract D:\MyMigrationStore\USMT\store.mig /i:myProject.* /e:*.exe C:\ExtractedStore /o`
 
-## Related topics
+## Related articles
 
-[User State Migration Tool (USMT) Command-line Syntax](usmt-command-line-syntax.md)
+[User State Migration Tool (USMT) command-line syntax](usmt-command-line-syntax.md)
 
-[Return Codes](usmt-return-codes.md)
+[Return codes](usmt-return-codes.md)
diff --git a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
index 92b200dc38..b4964f369a 100644
--- a/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
+++ b/windows/deployment/usmt/usmt-what-does-usmt-migrate.md
@@ -1,146 +1,161 @@
 ---
 title: What does USMT migrate (Windows 10)
-description: Learn how User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language.
+description: Learn how User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 09/12/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
 # What does USMT migrate?
 
-## <a href="" id="bkmk-defaultmigscripts"></a>Default migration scripts
+## Default migration scripts
 
-The User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. USMT provides the following sample scripts:
+The User State Migration Tool (USMT) 10.0 is designed so that an IT engineer can precisely define migrations using the USMT .xml scripting language. USMT provides the following sample scripts:
 
--   **MigApp.XML.** Rules to migrate application settings.
+- **MigApp.XML** - Rules to migrate application settings.
 
--   **MigDocs.XML.** Rules that use the **MigXmlHelper.GenerateDocPatterns** helper function, which can be used to automatically find user documents on a computer without the need to author extensive custom migration .xml files.
+- **MigDocs.XML** - Rules that use the **MigXmlHelper.GenerateDocPatterns** helper function, which can be used to automatically find user documents on a computer without the need to author extensive custom migration .xml files.
 
--   **MigUser.XML.** Rules to migrate user profiles and user data.
+- **MigUser.XML** - Rules to migrate user profiles and user data.
 
-  MigUser.xml gathers everything in a user’s profile and then does a file extension- based search of most of the system for other user data. If data doesn’t match either of these criteria, the data won’t be migrated. For the most part, this file describes a "core" migration.
+  `MigUser.xml` gathers everything in a user's profile and then does a file extension- based search of most of the system for other user data. If data doesn't match either of these criteria, the data won't be migrated. Usually, this file describes a core migration.
 
-  The following data does not migrate with MigUser.xml:
+  The following data doesn't migrate with `MigUser.xml`:
 
-  - Files outside the user profile that don’t match one of the file extensions in MigUser.xml.
+  - Files outside the user profile that don't match one of the file extensions in `MigUser.xml`.
   - Access control lists (ACLs) for folders outside the user profile.
 
-## <a href="" id="bkmk-3"></a>User data
+## User data
 
-This section describes the user data that USMT migrates by default, using the MigUser.xml file. It also defines how to migrate ACLs.
+This section describes the user data that USMT migrates by default, using the `MigUser.xml` file. It also defines how to migrate access control lists (ACLs).
 
--   **Folders from each user profile.** When you specify the MigUser.xml file, USMT migrates everything in a user’s profiles including the following:
+- **Folders from each user profile.** When you specify the `MigUser.xml` file, USMT migrates everything in a user's profiles including the following items:
 
-  My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites.
+  - My Documents
+
+  - My Video
+
+  - My Music
+
+  - My Pictures
+
+  - Desktop files
+
+  - Start menu
+
+  - Quick Launch settings
+
+  - Favorites
 
   > [!IMPORTANT]
-  > Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-does-not-migrate-the-start-layout).
+  > Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-doesnt-migrate-the-start-layout).
 
--   **Folders from the All Users and Public profiles.** When you specify the MigUser.xml file, USMT also migrates the following from the **All Users** profile in Windows® XP, or the **Public** profile in Windows Vista, Windows 7, or Windows 8:
+- **Folders from the All Users and Public profiles.** When you specify the `MigUser.xml` file, USMT also migrates the following from the **Public** profile in Windows Vista, Windows 7, Windows 8, or Windows 10:
 
-    -   Shared Documents
+  - Shared Documents
 
-    -   Shared Video
+  - Shared Video
 
-    -   Shared Music
+  - Shared Music
 
-    -   Shared desktop files
+  - Shared desktop files
 
-    -   Shared Pictures
+  - Shared Pictures
 
-    -   Shared Start menu
+  - Shared Start menu
 
-    -   Shared Favorites
+  - Shared Favorites
 
--   **File types.** When you specify the MigUser.xml file, the ScanState tool searches the fixed drives, collects, and then migrates files with any of the following file extensions:
+- **File types.** When you specify the `MigUser.xml` file, the **ScanState** tool searches the fixed drives, collects, and then migrates files with any of the following file extensions:
 
-  **.accdb, .ch3, .csv, .dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*.**
+   `.accdb`, `.ch3`, `.csv`, `.dif`, `.doc*`, `.dot*`, `.dqy`, `.iqy`, `.mcw`, `.mdb*`, `.mpp`, `.one*`, `.oqy`, `.or6`, `.pot*`, `.ppa`, `.pps*`, `.ppt*`, `.pre`, `.pst`, `.pub`, `.qdf`, `.qel`, `.qph`, `.qsd`, `.rqy`, `.rtf`, `.scd`, `.sh3`, `.slk`, `.txt`, `.vl*`, `.vsd`, `.wk*`, `.wpd`, `.wps`, `.wq1`, `.wri`, `.xl*`, `.xla`, `.xlb`, `.xls*`
 
   > [!NOTE]
-  > The asterisk (\*) stands for zero or more characters.
+  > The asterisk (`*`) stands for zero or more characters.
 
--   **Access control lists.** USMT migrates ACLs for specified files and folders from computers running both Windows® XP and Windows Vista. For example, if you migrate a file named File1.txt that is read-only for User1 and read/write for User2, these settings will still apply on the destination computer after the migration.
+- **Access control lists.** USMT migrates access control lists (ACLs) for specified files and folders from computers running both Windows® XP and Windows Vista. For example, if you migrate a file named `File1.txt` that is **read-only** for **User1** and **read/write** for **User2**, these settings will still apply on the destination computer after the migration.
 
-> [!IMPORTANT]
-> To migrate ACLs, you must specify the directory to migrate in the MigUser.xml file. Using file patterns like \*.doc will not migrate a directory. The source ACL information is migrated only when you explicitly specify the directory. For example, `<pattern type="File">c:\test docs</pattern>`.
+  > [!IMPORTANT]
+  > To migrate ACLs, you must specify the directory to migrate in the MigUser.xml file. Using file patterns like \*.doc will not migrate a directory. The source ACL information is migrated only when you explicitly specify the directory. For example, `<pattern type="File">c:\test docs</pattern>`.
 
-## <a href="" id="bkmk-4"></a>Operating-system components
+## Operating-system components
 
-USMT migrates operating-system components to a destination computer from computers running Windows 7 and Windows 8
+USMT migrates operating-system components to a destination computer from computers running Windows 7 and Windows 8
 
 The following components are migrated by default using the manifest files:
 
--   Accessibility settings
+- Accessibility settings
 
--   Address book
+- Address book
 
--   Command-prompt settings
+- Command-prompt settings
 
--   \*Desktop wallpaper
+- Desktop wallpaper **¹**
 
--   EFS files
+- EFS files
 
--   Favorites
+- Favorites
 
--   Folder options
+- Folder options
 
--   Fonts
+- Fonts
 
--   Group membership. USMT migrates users’ group settings. The groups to which a user belongs can be found by right-clicking **My Computer** on the Start menu and then selecting **Manage**. When running an offline migration, the use of a **&lt;ProfileControl&gt;** section in the Config.xml file is required.
+- Group membership. USMT migrates users' group settings. The groups to which a user belongs can be found by right-clicking **My Computer** on the Start menu and then selecting **Manage**. When running an offline migration, the use of a **&lt;ProfileControl&gt;** section in the `Config.xml` file is required.
 
--   \*Windows Internet Explorer® settings
+- Windows Internet Explorer® settings **¹**
 
--   Microsoft® Open Database Connectivity (ODBC) settings
+- Microsoft® Open Database Connectivity (ODBC) settings
 
--   Mouse and keyboard settings
+- Mouse and keyboard settings
 
--   Network drive mapping
+- Network drive mapping
 
--   \*Network printer mapping
+- Network printer mapping **¹**
 
--   \*Offline files
+- Offline files **¹**
 
--   \*Phone and modem options
+- Phone and modem options **¹**
 
--   RAS connection and phone book (.pbk) files
+- RAS connection and phone book (.pbk) files
 
--   \*Regional settings
+- Regional settings **¹**
 
--   Remote Access
+- Remote Access
 
--   \*Taskbar settings
+- Taskbar settings **¹**
 
--   User personal certificates (all)
+- User personal certificates (all)
 
--   Windows Mail.
+- Windows Mail
 
--   \*Windows Media Player
+- Windows Media Player **¹**
 
--   Windows Rights Management
+- Windows Rights Management
 
-\* These settings aren't available for an offline migration. For more information, see [Offline Migration Reference](offline-migration-reference.md).
+  **¹** These settings aren't available for an offline migration. For more information, see [Offline migration reference](offline-migration-reference.md).
 
 > [!IMPORTANT]
 > This list may not be complete. There may be additional components that are migrated.
 
 > [!NOTE]
-> Some settings, such as fonts, aren't applied by the LoadState tool until after the destination computer has been restarted. For this reason, restart the destination computer after you run the LoadState tool.
+> Some settings, such as fonts, aren't applied by the **LoadState** tool until after the destination computer has been restarted. For this reason, restart the destination computer after you run the **LoadState** tool.
 
-## <a href="" id="bkmk-2"></a>Supported applications
+## Supported applications
 
 Even though it's not required for all applications, it's good practice to install all applications on the destination computer before restoring the user state. Installing applications before migrating settings helps to ensure that migrated settings aren't overwritten by the application installers.
 
 > [!NOTE]
-> 
-> - The versions of installed applications must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office.
-> - USMT migrates only the settings that have been used or modified by the user. If there is an application setting on the source computer that was not touched by the user, the setting may not migrate.
+> The versions of installed applications must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office.
 
-When you specify the MigApp.xml file, USMT migrates the settings for the following applications:
+> [!NOTE]
+> USMT migrates only the settings that have been used or modified by the user. If there is an application setting on the source computer that was not touched by the user, the setting may not migrate.
+
+When you specify the `MigApp.xml` file, USMT migrates the settings for the following applications:
 
 |Product|Version|
 |--- |--- |
@@ -156,7 +171,7 @@ When you specify the MigApp.xml file, USMT migrates the settings for the followi
 |Google Picasa|3|
 |Google Talk|beta|
 |IBM Lotus 1-2-3|9|
-|IBM Lotus Notes|6,7, 8|
+|IBM Lotus Notes|6, 7, 8|
 |IBM Lotus Organizer|5|
 |IBM Lotus WordPro|9.9|
 |Intuit Quicken Deluxe|2009|
@@ -189,54 +204,52 @@ When you specify the MigApp.xml file, USMT migrates the settings for the followi
 |Yahoo Messenger|9|
 |Microsoft Zune™ Software|3|
 
-## <a href="" id="no"></a>What USMT doesn't migrate
+## What USMT doesn't migrate
 
-The following is a list of the settings that USMT doesn't migrate. If you are having a problem that isn't listed here, see [Common Issues](usmt-common-issues.md).
+The following items are settings that USMT doesn't migrate. If you're having a problem that isn't listed here, see [Common issues](usmt-common-issues.md).
 
 ### Application settings
 
-USMT does not migrate the following application settings:
+USMT doesn't migrate the following application settings:
 
--   Settings from earlier versions of an application. The versions of each application must match on the source and destination computers. USMT does not support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. USMT can migrate from an earlier version of Microsoft Office to a later version.
+- Settings from earlier versions of an application. The versions of each application must match on the source and destination computers. USMT doesn't support migrating the settings of an earlier version of an application to a later version, except for Microsoft Office. USMT can migrate from an earlier version of Microsoft Office to a later version.
 
--   Application settings and some operating-system settings when a local account is created. For example, if you run /lac to create a local account on the destination computer, USMT will migrate the user data, but only some of the operating-system settings, such as wallpaper and screensaver settings, and no application settings will migrate.
+- Application settings and some operating-system settings when a local account is created. For example, if you run `/lac` to create a local account on the destination computer, USMT will migrate the user data, but only some of the operating-system settings, such as wallpaper and screensaver settings, and no application settings will migrate.
 
--   Microsoft Project settings, when migrating from Office 2003 to Office 2007 system.
+- Microsoft Project settings, when migrating from Office 2003 to Office 2007 system.
 
--   ICQ Pro settings, if ICQ Pro is installed in a different location on the destination computer. To successfully migrate the settings of ICQ Pro, you must install ICQ Pro in the same location on the destination computer as it was on the source computer. Otherwise, after you run the LoadState tool, the application won't start. You may encounter problems when:
+- ICQ Pro settings, if ICQ Pro is installed in a different location on the destination computer. To successfully migrate the settings of ICQ Pro, you must install ICQ Pro in the same location on the destination computer as it was on the source computer. Otherwise, after you run the **LoadState** tool, the application won't start. You may encounter problems when:
 
-    -   You change the default installation location on 32-bit destination computers.
+  - You change the default installation location on 32-bit destination computers.
 
-    -   You attempt to migrate from a 32-bit computer to a 64-bit computer. This is because the ICQ Pro default installation directory is different on the two types of computers. When you install ICQ Pro on a 32-bit computer, the default location is "C:\\Program Files\\...". The ICQ Pro default installation directory on an x64-based computer, however, is “C:\\Program Files (x86)\\...”.
+  - You attempt to migrate from a 32-bit computer to a 64-bit computer. Attempting to migrate settings between different architectures doesn't work because the ICQ Pro default installation directory is different on the two types of computers. When you install ICQ Pro on a 32-bit computer, the default location is `C:\Program Files\...`. The ICQ Pro default installation directory on an x64-based computer, however, is `C:\Program Files (x86)\...`.
 
 ### Operating-System settings
 
-USMT does not migrate the following operating-system settings.
+USMT doesn't migrate the following operating-system settings.
 
--   Local printers, hardware-related settings, drivers, passwords, application binary files, synchronization files, DLL files, or other executable files.
+- Local printers, hardware-related settings, drivers, passwords, application binary files, synchronization files, DLL files, or other executable files.
 
--   Permissions for shared folders. After migration, you must manually reshare any folders that were shared on the source computer.
+- Permissions for shared folders. After migration, you must manually re-share any folders that were shared on the source computer.
 
--   Files and settings migrating between operating systems with different languages. The operating system of the source computer must match the language of the operating system on the destination computer.
+- Files and settings migrating between operating systems with different languages. The operating system of the source computer must match the language of the operating system on the destination computer.
 
--   Customized icons for shortcuts may not migrate.
+- Customized icons for shortcuts may not migrate.
 
--   Taskbar settings, when the source computer is running Windows XP.
+You should also note the following items:
 
-You should also note the following:
+- You should run USMT from an account with administrative credentials. Otherwise, some data won't migrate. When running the **ScanState** and **LoadState** tools, you must run the tools in Administrator mode from an account with administrative credentials. If you don't run USMT in Administrator mode, only the user profile that is logged on will be included in the migration.
 
--   You should run USMT from an account with administrative credentials. Otherwise, some data will not migrate. When running the ScanState and LoadState tools you must run the tools in Administrator mode from an account with administrative credentials. If you don't run USMT in Administrator mode, only the user profile that is logged on will be included in the migration. In addition, you must run the ScanState tool on Windows XP from an account with administrative credentials. Otherwise, some operating-system settings will not migrate. To run in Administrator mode, select **Start**, **All Programs**, **Accessories**, right-click **Command Prompt**, and then select **Run as administrator**.
-
--   You can use the /**localonly** option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify /**localonly**, see [ScanState Syntax](usmt-scanstate-syntax.md).
+- You can use the `/localonly` option to exclude the data from removable drives and network drives mapped on the source computer. For more information about what is excluded when you specify `/localonly`, see [ScanState syntax](usmt-scanstate-syntax.md).
 
 ### Start menu layout
 
-Starting in Windows 10, version 1607 the USMT does not migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-does-not-migrate-the-start-layout).
+Starting in Windows 10, version 1607 the USMT doesn't migrate the Start menu layout. To migrate a user's Start menu, you must export and then import settings using the Windows PowerShell cmdlets **Export-StartLayout** and **Import-StartLayout**. For more information, see [USMT common issues](./usmt-common-issues.md#usmt-doesnt-migrate-the-start-layout).
 
 ### User profiles from Active Directory to Azure Active Directory
 
 USMT doesn't support migrating user profiles from Active Directory to Azure Active Directory.
 
-## Related topics
+## Related articles
 
 [Plan your migration](usmt-plan-your-migration.md)
diff --git a/windows/deployment/usmt/usmt-xml-elements-library.md b/windows/deployment/usmt/usmt-xml-elements-library.md
index 5537ec22e6..34115d72da 100644
--- a/windows/deployment/usmt/usmt-xml-elements-library.md
+++ b/windows/deployment/usmt/usmt-xml-elements-library.md
@@ -2,52 +2,40 @@
 title: XML Elements Library (Windows 10)
 description: Learn about the XML elements and helper functions that you can employ to author migration .xml files to use with User State Migration Tool (USMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# XML Elements Library
+# XML elements library
 
 This topic describes the XML elements and helper functions that you can employ to author migration .xml files to use with User State Migration Tool (USMT). It is assumed that you understand the basics of XML.
 
-## In this topic
+In addition to XML elements and helper functions, this article describes how to specify encoded locations and locations patterns, functions that are for internal USMT use only, and the version tags that you can use with helper functions.
 
-In addition to XML elements and helper functions, this topic describes how to specify encoded locations and locations patterns, functions that are for internal USMT use only, and the version tags that you can use with helper functions.
-
--   [Elements and helper functions](#elements)
-
--   [Appendix](#appendix)
-
-    -   [Specifying locations](#locations)
-
-    -   [Internal USMT functions](#internalusmtfunctions)
-
-    -   [Valid version tags](#allowed)
-
-## <a href="" id="elements"></a>Elements and Helper Functions
+## Elements and helper functions
 
 The following table describes the XML elements and helper functions you can use with USMT.
 
 | Elements A-K | Elements L-Z | Helper functions |
 |-----|----|-----|
-| [&lt;addObjects&gt;](#addobjects) <br/>[&lt;attributes&gt;](#attribute) <br/>[&lt;bytes&gt;](#bytes) <br/>[&lt;commandLine&gt;](#commandline) <br/>[&lt;component&gt;](#component) <br/>[&lt;condition&gt;](#condition) <br/>[&lt;conditions&gt;](#conditions) <br/>[&lt;content&gt;](#content) <br/>[&lt;contentModify&gt;](#contentmodify) <br/>[&lt;description&gt;](#description) <br/>[&lt;destinationCleanup&gt;](#destinationcleanup) <br/>[&lt;detect&gt;](#detect) <br/>[&lt;detects&gt;](#detects) <br/>[&lt;detection&gt;](#detection) <br/>[&lt;displayName&gt;](#displayname) <br/>[&lt;environment&gt;](#bkmk-environment) <br/>[&lt;exclude&gt;](#exclude) <br/>[&lt;excludeAttributes&gt;](#excludeattributes) <br/>[&lt;extensions&gt;](#extensions) <br/>[&lt;extension&gt;](#extension) <br/>[&lt;externalProcess&gt;](#externalprocess) <br/>[&lt;icon&gt;](#icon) <br/>[&lt;include&gt;](#include) <br/>[&lt;includeAttribute&gt;](#includeattributes) | [&lt;library&gt;](#library) <br/>[&lt;location&gt;](#location) <br/>[&lt;locationModify&gt;](#locationmodify) <br/>[&lt;_locDefinition&gt;](#locdefinition) <br/>[&lt;manufacturer&gt;](#manufacturer) <br/>[&lt;merge&gt;](#merge) <br/>[&lt;migration&gt;](#migration) <br/>[&lt;namedElements&gt;](#namedelements) <br/>[&lt;object&gt;](#object) <br/>[&lt;objectSet&gt;](#objectset) <br/>[&lt;path&gt;](#path) <br/>[&lt;paths&gt;](#paths) <br/>[&lt;pattern&gt;](#pattern) <br/>[&lt;processing&gt;](#processing) <br/>[&lt;plugin&gt;](#plugin) <br/>[&lt;role&gt;](#role) <br/>[&lt;rules&gt;](#rules) <br/>[&lt;script&gt;](#script) <br/>[&lt;text&gt;](#text) <br/>[&lt;unconditionalExclude&gt;](#unconditionalexclude) <br/>[&lt;variable&gt;](#variable) <br/>[&lt;version&gt;](#version) <br/>[&lt;windowsObjects&gt;](#windowsobjects) | [&lt;condition&gt; functions](#conditionfunctions) <br/>[&lt;content&gt; functions](#contentfunctions) <br/>[&lt;contentModify&gt; functions](#contentmodifyfunctions) <br/>[&lt;include&gt; and &lt;exclude&gt; filter functions](#persistfilterfunctions) <br/>[&lt;locationModify&gt; functions](#locationmodifyfunctions) <br/>[&lt;merge&gt; functions](#mergefunctions) <br/>[&lt;script&gt; functions](#scriptfunctions) <br/>[Internal USMT functions](#internalusmtfunctions) |
+| [&lt;addObjects&gt;](#addobjects) <br/>[&lt;attributes&gt;](#attributes) <br/>[&lt;bytes&gt;](#bytes) <br/>[&lt;commandLine&gt;](#commandline) <br/>[&lt;component&gt;](#component) <br/>[&lt;condition&gt;](#condition) <br/>[&lt;conditions&gt;](#conditions) <br/>[&lt;content&gt;](#content) <br/>[&lt;contentModify&gt;](#contentmodify) <br/>[&lt;description&gt;](#description) <br/>[&lt;destinationCleanup&gt;](#destinationcleanup) <br/>[&lt;detect&gt;](#detect) <br/>[&lt;detects&gt;](#detects) <br/>[&lt;detection&gt;](#detection) <br/>[&lt;displayName&gt;](#displayname) <br/>[&lt;environment&gt;](#environment) <br/>[&lt;exclude&gt;](#exclude) <br/>[&lt;excludeAttributes&gt;](#excludeattributes) <br/>[&lt;extensions&gt;](#extensions) <br/>[&lt;extension&gt;](#extension) <br/>[&lt;externalProcess&gt;](#externalprocess) <br/>[&lt;icon&gt;](#icon) <br/>[&lt;include&gt;](#include) <br/>[&lt;includeAttribute&gt;](#includeattributes) | [&lt;library&gt;](#library) <br/>[&lt;location&gt;](#location) <br/>[&lt;locationModify&gt;](#locationmodify) <br/>[&lt;_locDefinition&gt;](#_locdefinition) <br/>[&lt;manufacturer&gt;](#manufacturer) <br/>[&lt;merge&gt;](#merge) <br/>[&lt;migration&gt;](#migration) <br/>[&lt;namedElements&gt;](#namedelements) <br/>[&lt;object&gt;](#object) <br/>[&lt;objectSet&gt;](#objectset) <br/>[&lt;path&gt;](#path) <br/>[&lt;paths&gt;](#paths) <br/>[&lt;pattern&gt;](#pattern) <br/>[&lt;processing&gt;](#processing) <br/>[&lt;plugin&gt;](#plugin) <br/>[&lt;role&gt;](#role) <br/>[&lt;rules&gt;](#rules) <br/>[&lt;script&gt;](#script) <br/>[&lt;text&gt;](#text) <br/>[&lt;unconditionalExclude&gt;](#unconditionalexclude) <br/>[&lt;variable&gt;](#variable) <br/>[&lt;version&gt;](#version) <br/>[&lt;windowsObjects&gt;](#windowsobjects) | [&lt;condition&gt; functions](#condition-functions) <br/>[&lt;content&gt; functions](#content-functions) <br/>[&lt;contentModify&gt; functions](#contentmodify-functions) <br/>[&lt;include&gt; and &lt;exclude&gt; filter functions](#include-and-exclude-filter-functions) <br/>[&lt;locationModify&gt; functions](#locationmodify-functions) <br/>[&lt;merge&gt; functions](#merge-functions) <br/>[&lt;script&gt; functions](#script-functions) <br/>[Internal USMT functions](#internal-usmt-functions) |
 
-## <a href="" id="addobjects"></a>&lt;addObjects&gt;
+## &lt;addObjects&gt;
 
-The &lt;addObjects&gt; element emulates the existence of one or more objects on the source computer. The child &lt;object&gt; elements provide the details of the emulated objects. If the content is a &lt;script&gt; element, the result of the invocation will be an array of objects.
+The **&lt;addObjects&gt;** element emulates the existence of one or more objects on the source computer. The child **&lt;object&gt;** elements provide the details of the emulated objects. If the content is a **&lt;script&gt;** element, the result of the invocation will be an array of objects.
 
--   **Number of occurrences:** unlimited
+- **Number of occurrences:** unlimited
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Required child elements:** [&lt;object&gt;](#object) In addition, you must specify [&lt;location&gt;](#location) and [&lt;attribute&gt;](#attribute) as child elements of this &lt;object&gt; element.
+- **Required child elements:** [&lt;object&gt;](#object) In addition, you must specify [&lt;location&gt;](#location) and [&lt;attribute&gt;](#attributes) as child elements of this **&lt;object&gt;** element.
 
--   **Optional child elements:**[&lt;conditions&gt;](#conditions), &lt;condition&gt;, [&lt;script&gt;](#script)
+- **Optional child elements:** [&lt;conditions&gt;](#conditions), [&lt;condition&gt;](#condition), [&lt;script&gt;](#script)
 
 Syntax:
 
@@ -56,7 +44,7 @@ Syntax:
 </addObjects>
 ```
 
-The following example is from the MigApp.xml file:
+The following example is from the `MigApp.xml` file:
 
 ```xml
 <addObjects>
@@ -73,15 +61,15 @@ The following example is from the MigApp.xml file:
 </addObjects>
 ```
 
-## <a href="" id="attribute"></a>&lt;attributes&gt;
+## &lt;attributes&gt;
 
-The &lt;attributes&gt; element defines the attributes for a registry key or file.
+The **&lt;attributes&gt;** element defines the attributes for a registry key or file.
 
--   **Number of occurrences:** once for each &lt;object&gt;
+- **Number of occurrences:** once for each [&lt;object&gt;](#object)
 
--   **Parent elements:**[&lt;object&gt;](#object)
+- **Parent elements:** [&lt;object&gt;](#object)
 
--   **Child elements:** none
+- **Child elements:** none
 
 Syntax:
 
@@ -93,7 +81,7 @@ Syntax:
 |------|-----|----|
 | *Content* | Yes | The content depends on the type of object specified. <br/><ul><li>For files, the content can be a string containing any of the following attributes separated by commas:<ul><li>Archive</li><li>Read-only</li><li>System</li><li>Hidden</li></ul></li><li>For registry keys, the content can be one of the following types:<ul><li>None</li><li>String</li><li>ExpandString</li><li>Binary</li><li>Dword</li><li>REG_SZ</li></ul></li></ul>|
 
-The following example is from the MigApp.xml file:
+The following example is from the `MigApp.xml` file:
 
 ```xml
 <object>
@@ -103,15 +91,15 @@ The following example is from the MigApp.xml file:
 </object> 
 ```
 
-## <a href="" id="bytes"></a>&lt;bytes&gt;
+## &lt;bytes&gt;
 
-You must specify the &lt;bytes&gt; element only for files because, if &lt;location&gt; corresponds to a registry key or a directory, then &lt;bytes&gt; will be ignored.
+You must specify the **&lt;bytes&gt;** element only for files because, if **&lt;location&gt;** corresponds to a registry key or a directory, then **&lt;bytes&gt;** will be ignored.
 
--   **Number of occurrences:** zero or one
+- **Number of occurrences:** zero or one
 
--   **Parent elements:**[&lt;object&gt;](#object)
+- **Parent elements:** [&lt;object&gt;](#object)
 
--   **Child elements:** none
+- **Child elements:** none
 
 Syntax:
 
@@ -122,10 +110,10 @@ Syntax:
 |Setting|Required?|Value|
 |--- |--- |--- |
 |string|No, default is No|Determines whether *Content* should be interpreted as a string or as bytes.|
-|expand|No (default = Yes|When the expand parameter is Yes, the content of the &lt;bytes&gt; element is first expanded in the context of the source computer and then interpreted.|
-|*Content*|Yes|Depends on the value of the string.<ul><li>When the string is Yes: the content of the &lt;bytes&gt; element is interpreted as a string.</li><li>When the string is No: the content of the &lt;bytes&gt; element is interpreted as bytes. Each two characters represent the hexadecimal value of a byte. For example, &quot;616263&quot; is the representation for the &quot;abc&quot; ANSI string. A complete representation of the UNICODE string &quot;abc&quot; including the string terminator would be: &quot;6100620063000000&quot;.</li></ul>|
+|expand|No (default = Yes|When the expand parameter is **Yes**, the content of the **&lt;bytes&gt;** element is first expanded in the context of the source computer and then interpreted.|
+|*Content*|Yes|Depends on the value of the string.<ul><li>When the string is **Yes**: the content of the **&lt;bytes&gt;** element is interpreted as a string.</li><li>When the string is **No**: the content of the **&lt;bytes&gt;** element is interpreted as bytes. Each two characters represent the hexadecimal value of a byte. For example, `616263` is the representation for the `abc` ANSI string. A complete representation of the UNICODE string `abc` including the string terminator would be: `6100620063000000`.</li></ul>|
 
-The following example is from the MigApp.xml file:
+The following example is from the `MigApp.xml` file:
 
 ```xml
 <object>
@@ -135,16 +123,15 @@ The following example is from the MigApp.xml file:
 </object> 
 ```
 
-## <a href="" id="commandline"></a>&lt;commandLine&gt;
+## &lt;commandLine&gt;
 
+You might want to use the **&lt;commandLine&gt;** element if you want to start or stop a service or application before or after you run the **ScanState** and **LoadState** tools.
 
-You might want to use the &lt;commandLine&gt; element if you want to start or stop a service or application before or after you run the ScanState and LoadState tools.
+- **Number of occurrences:** unlimited
 
--   **Number of occurrences:** unlimited
+- **Parent elements:** [&lt;externalProcess&gt;](#externalprocess)
 
--   **Parent elements:**[&lt;externalProcess&gt;](#externalprocess)
-
--   **Child elements:** none****
+- **Child elements:** none
 
 Syntax:
 
@@ -156,19 +143,22 @@ Syntax:
 |--- |--- |--- |
 |*CommandLineString*|Yes|A valid command line.|
 
-## <a href="" id="component"></a>&lt;component&gt;
+## &lt;component&gt;
 
-The &lt;component&gt; element is required in a custom .xml file. This element defines the most basic construct of a migration .xml file. For example, in the MigApp.xml file, "Microsoft&reg; Office 2003" is a component that contains another component, "Microsoft Office Access&reg; 2003". You can use the child elements to define the component.
+The **&lt;component&gt;** element is required in a custom .xml file. This element defines the most basic construct of a migration .xml file. For example, in the `MigApp.xml` file, "Microsoft Office 2003" is a component that contains another component, "Microsoft Office Access 2003". You can use the child elements to define the component.
 
-A component can be nested inside another component; that is, the &lt;component&gt; element can be a child of the &lt;role&gt; element within the &lt;component&gt; element in two cases: 1) when the parent &lt;component&gt; element is a container or 2) if the child &lt;component&gt; element has the same role as the parent &lt;component&gt; element.
+A component can be nested inside another component; that is, the **&lt;component&gt;** element can be a child of the **&lt;role&gt;** element within the **&lt;component&gt;** element in two cases:
 
--   **Number of occurrences:** Unlimited
+1. When the parent **&lt;component&gt;** element is a container
+2. If the child **&lt;component&gt;** element has the same role as the parent **&lt;component&gt;** element.
 
--   **Parent elements:**[&lt;migration&gt;](#migration), [&lt;role&gt;](#role)
+- **Number of occurrences:** Unlimited
 
--   **Required child elements:**[&lt;role&gt;](#role), [&lt;displayName&gt;](#displayname)
+- **Parent elements:** [&lt;migration&gt;](#migration), [&lt;role&gt;](#role)
 
--   **Optional child elements:**[&lt;manufacturer&gt;](#manufacturer), [&lt;version&gt;](#version), [&lt;description&gt;](#description), [&lt;paths&gt;](#paths), [&lt;icon&gt;](#icon), [&lt;environment&gt;](#bkmk-environment), [&lt;extensions&gt;](#extensions)
+- **Required child elements:** [&lt;role&gt;](#role), [&lt;displayName&gt;](#displayname)
+
+- **Optional child elements:** [&lt;manufacturer&gt;](#manufacturer), [&lt;version&gt;](#version), [&lt;description&gt;](#description), [&lt;paths&gt;](#paths), [&lt;icon&gt;](#icon), [&lt;environment&gt;](#environment), [&lt;extensions&gt;](#extensions)
 
 Syntax:
 
@@ -180,26 +170,26 @@ hidden="Yes|No">
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| type | Yes | You can use the following to group settings, and define the type of the component. <ul><li>**System:** Operating system settings. All Windows&reg; components are defined by this type. <br/>When type=&quot;System&quot; and defaultSupported=&quot;FALSE&quot; the settings will not migrate unless there is an equivalent component in the .xml files that is specified on the LoadState command line. For example, the default MigSys.xml file contains components with type=&quot;System&quot; and defaultSupported=&quot;FALSE&quot;. If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name. Otherwise, the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers.</li><li>**Application:** Settings for an application.</li><li>**Device:** Settings for a device.</li><li>**Documents:** Specifies files.</li></ul> |
-| context | No <br/>Default = UserAndSystem | Defines the scope of this parameter; that is, whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the &lt;component&gt; element. For example, if a &lt;component&gt; element has a context of User and a &lt;rules&gt; element had a context of UserAndSystem, then the &lt;rules&gt; element would act as though it has a context of User. If a &lt;rules&gt; element has a context of System, it would act as though the &lt;rules&gt; element is not there. <ul><li>**User**. Evaluates the component for each user.</li><li>**System**. Evaluates the component only once for the system.</li><li>**UserAndSystem**. Evaluates the component for the entire operating system and each user.</li></ul> |
-| defaultSupported | No <br/>(default = TRUE) | Can be any of TRUE, FALSE, YES, or NO. If this parameter is FALSE (or NO), the component will not be migrated unless there is an equivalent component on the destination computer. <br/>When type=&quot;System&quot; and defaultSupported=&quot;FALSE&quot; the settings will not migrate unless there is an equivalent component in the .xml files that are specified on the LoadState command line. For example, the default MigSys.xml file contains components with type=&quot;System&quot; and defaultSupported=&quot;FALSE&quot;. If you specify this file on the ScanState command line, you must also specify the file on the LoadState command line for the settings to migrate. This is because the LoadState tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name or the LoadState tool will not migrate those settings from the store. This is helpful when the source computer is running Windows XP, and you are migrating to both Windows Vista and Windows XP because you can use the same store for both destination computers. |
+| type | Yes | You can use the following to group settings, and define the type of the component.<ul><li>**System:** Operating system settings. All Windows components are defined by this type. <br/>When **type=&quot;System&quot;** and **defaultSupported=&quot;FALSE&quot;** the settings will not migrate unless there is an equivalent component in the .xml files that is specified on the `LoadState.exe` command line. For example, the default `MigSys.xml` file contains components with **type=&quot;System&quot;** and **defaultSupported=&quot;FALSE&quot;**. If you specify this file on the `ScanState.exe` command line, you must also specify the file on the `LoadState.exe` command line for the settings to migrate. This is because the `LoadState.exe` tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name. Otherwise, the **LoadState** tool will not migrate those settings from the store. This is helpful because you can use the same store for destination computers that are the same version of Windows and a different version of Windows as the source computer.</li><li>**Application:** Settings for an application.</li><li>**Device:** Settings for a device.</li><li>**Documents:** Specifies files.</li></ul> |
+| context | No <br/>Default = UserAndSystem | Defines the scope of this parameter; that is, whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the **&lt;component&gt;** element. For example, if a **&lt;component&gt;** element has a context of **User** and a **&lt;rules&gt;** element had a context of **UserAndSystem**, then the **&lt;rules&gt;** element would act as though it has a context of **User**. If a **&lt;rules&gt;** element has a context of **System**, it would act as though the **&lt;rules&gt;** element is not there. <ul><li>**User**: Evaluates the component for each user.</li><li>**System**: Evaluates the component only once for the system.</li><li>**UserAndSystem**: Evaluates the component for the entire operating system and each user.</li></ul> |
+| defaultSupported | No <br/>(default = TRUE) | Can be any of **TRUE**, **FALSE**, **YES**, or **NO**. If this parameter is **FALSE** (or **NO**), the component will not be migrated unless there is an equivalent component on the destination computer. <br/>When **type=&quot;System&quot;** and **defaultSupported=&quot;FALSE&quot;** the settings will not migrate unless there is an equivalent component in the .xml files that are specified on the `LoadState.exe` command line. For example, the default `MigSys.xml` file contains components with **type=&quot;System&quot;** and **defaultSupported=&quot;FALSE&quot;**. If you specify this file on the `ScanState.exe` command line, you must also specify the file on the `LoadState.exe` command line for the settings to migrate. This is because the **LoadState** tool must detect an equivalent component. That is, the component must have the same migration urlid of the .xml file and an identical display name or the **LoadState** tool will not migrate those settings from the store. This is helpful because you can use the same store for destination computers that are the same version of Windows and a different version of Windows as the source computer. |
 | hidden |   | This parameter is for internal USMT use only. |
 
 For an example, see any of the default migration .xml files.
 
-## <a href="" id="condition"></a>&lt;condition&gt;
+## &lt;condition&gt;
 
-Although the &lt;condition&gt; element under the &lt;detect&gt;, &lt;objectSet&gt;, and &lt;addObjects&gt; elements is supported, we recommend that you do not use it. This element might be deprecated in future versions of USMT, requiring you to rewrite your scripts. We recommend that, if you need to use a condition within the &lt;objectSet&gt; and &lt;addObjects&gt; elements, you use the more powerful [&lt;conditions&gt;](#conditions) element, which allows you to formulate complex Boolean statements.
+Although the **&lt;condition&gt;** element under the **&lt;detect&gt;**, **&lt;objectSet&gt;**, and **&lt;addObjects&gt;** elements is still supported, it is recommend to no longer use the **&lt;condition&gt;** element because it may be deprecated in future versions of USMT. If the **&lt;condition&gt;** element were depecated, it would require a rewrite of any scripts that use the **&lt;condition&gt;** element. Instead, if you need to use a condition within the **&lt;objectSet&gt;** and **&lt;addObjects&gt;** elements, it is recommended to use the more powerful **[&lt;conditions&gt;](#conditions)** element. The **&lt;conditions&gt;** element allows for formulation of complex Boolean statements.
 
-The &lt;condition&gt; element has a Boolean result. You can use this element to specify the conditions in which the parent element will be evaluated. If any of the present conditions return FALSE, the parent element will not be evaluated.
+The **&lt;condition&gt;** element has a Boolean result. You can use this element to specify the conditions in which the parent element will be evaluated. If any of the present conditions return **FALSE**, the parent element will not be evaluated.
 
--   **Number of occurrences:** unlimited.
+- **Number of occurrences:** unlimited.
 
--   **Parent elements:**[&lt;conditions&gt;](#conditions), &lt;detect&gt;, &lt;objectSet&gt;, &lt;addObjects&gt;
+- **Parent elements:** [&lt;conditions&gt;](#conditions), [&lt;detect&gt;](#detect), [&lt;objectSet&gt;](#objectset), [&lt;addObjects&gt;](#addobjects)
 
--   **Child elements:** none
+- **Child elements:** none
 
--   **Helper functions:** You can use the following [&lt;condition&gt; functions](#conditionfunctions) with this element: DoesOSMatch, IsNative64Bit(), IsOSLaterThan, IsOSEarlierThan, DoesObjectExist, DoesFileVersionMatch, IsFileVersionAbove, IsFileVersionBelow, IsSystemContext, DoesStringContentEqual, DoesStringContentContain, IsSameObject, IsSameContent, and IsSameStringContent.
+- **Helper functions:** You can use the following [&lt;condition&gt; functions](#condition-functions) with this element: `DoesOSMatch`, `IsNative64Bit()`, `IsOSLaterThan`, `IsOSEarlierThan`, `DoesObjectExist`, `DoesFileVersionMatch`, `IsFileVersionAbove`, `IsFileVersionBelow`, `IsSystemContext`, `DoesStringContentEqual`, `DoesStringContentContain`, `IsSameObject`, `IsSameContent`, and `IsSameStringContent`.
 
 Syntax:
 
@@ -209,12 +199,10 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-|negation|No <br/>Default = No|"Yes" reverses the True/False value of the condition.|
+|negation|No <br/>Default = No|**"Yes"** reverses the True/False value of the condition.|
 |*ScriptName*|Yes|A script that has been defined within this migration section.|
 
-For example,
-
-In the code sample below, the &lt;condition&gt; elements, A and B, are joined together by the AND operator because they are in separate &lt;conditions&gt; sections. For example:
+For example, in the code sample below, the **&lt;condition&gt;** elements, **A** and **B**, are joined together by the **AND** operator because they are in separate **&lt;conditions&gt;** sections:
 
 ```xml
 <detection>
@@ -227,7 +215,7 @@ In the code sample below, the &lt;condition&gt; elements, A and B, are joined to
 </detection>
 ```
 
-However, in the code sample below, the &lt;condition&gt; elements, A and B, are joined together by the OR operator because they are in the same &lt;conditions&gt; section.
+However, in the code sample below, the **&lt;condition&gt;** elements, **A** and **B**, are joined together by the **OR** operator because they are in the same **&lt;conditions&gt;** section.
 
 ```xml
 <detection>
@@ -238,17 +226,17 @@ However, in the code sample below, the &lt;condition&gt; elements, A and B, are
 </detection>
 ```
 
-### <a href="" id="conditionfunctions"></a>&lt;condition&gt; functions
+### &lt;condition&gt; functions
 
-The &lt;condition&gt; functions return a Boolean value. You can use these elements in &lt;addObjects&gt; conditions.
+The **&lt;condition&gt;** functions return a Boolean value. You can use these elements in **&lt;addObjects&gt;** conditions.
 
--   [Operating system version functions](#operatingsystemfunctions)
+- [Operating system version functions](#operating-system-version-functions)
 
--   [Object content functions](#objectcontentfunctions)
+- [Object content functions](#object-content-functions)
 
-### <a href="" id="operatingsystemfunctions"></a>Operating system version functions
+### Operating system version functions
 
--   **DoesOSMatch**
+- **DoesOSMatch**
 
     All matches are case insensitive.
 
@@ -256,8 +244,8 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*OSType*|Yes|The only valid value for this setting is **NT**. Note, however, that you must set this setting for the &lt;condition&gt; functions to work correctly.|
-    |*OSVersion*|Yes|The major version, minor version, build number and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version with a pattern. For example, `5.0.*`.|
+    |*OSType*|Yes|The only valid value for this setting is **NT**. Note, however, that you must set this setting for the **&lt;condition&gt;** functions to work correctly.|
+    |*OSVersion*|Yes|The major version, minor version, build number and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version with a pattern such as `5.0.*`.|
 
   For example:
 
@@ -265,11 +253,11 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
   <condition>MigXmlHelper.DoesOSMatch("NT","\*")</condition>
   ```
 
--   **IsNative64Bit**
+- **IsNative64Bit**
 
-    The IsNative64Bit function returns TRUE if the migration process is running as a native 64-bit process; that is, a process running on a 64-bit system without Windows on Windows (WOW). Otherwise, it returns FALSE.
+    The **IsNative64Bit** function returns **TRUE** if the migration process is running as a native 64-bit process; that is, a process running on a 64-bit system without Windows on Windows (WOW). Otherwise, it returns **FALSE**.
 
--   **IsOSLaterThan**
+- **IsOSLaterThan**
 
     All comparisons are case insensitive.
 
@@ -277,8 +265,8 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and *OSType* is "9x", the result will be FALSE.|
-    |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed. For example, `5.0`. <br/><br/>The IsOSLaterThan function returns TRUE if the current operating system is later than or equal to *OSVersion*.|
+    |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns **FALSE**. For example, if the current operating system is Windows NT-based and *OSType* is **"9x"**, the result will be **FALSE**.|
+    |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed such as `5.0`. <br/><br/>The **IsOSLaterThan** function returns **TRUE** if the current operating system is later than or equal to *OSVersion*.|
 
   For example:
 
@@ -286,7 +274,7 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
   <condition negation="Yes">MigXmlHelper.IsOSLaterThan("NT","6.0")</condition>
   ```
 
--   **IsOSEarlierThan**
+- **IsOSEarlierThan**
 
     All comparisons are case insensitive.
 
@@ -294,24 +282,23 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns FALSE. For example, if the current operating system is Windows NT-based and *OSType* is "9x" the result will be FALSE.|
-    |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed. For example, `5.0`. <br/><br/>The IsOSEarlierThan function returns TRUE if the current operating system is earlier than *OSVersion*.|
+    |*OSType*|Yes|Can be **9x** or **NT**. If *OSType* does not match the type of the current operating system, then it returns **FALSE**. For example, if the current operating system is Windows NT-based and *OSType* is **"9x"** the result will be **FALSE**.|
+    |*OSVersion*|Yes|The major version, minor version, build number, and corrected service diskette version separated by periods. For example, `5.0.2600.Service Pack 1`. You can also specify partial specification of the version but no pattern is allowed such as `5.0`. <br/><br/>The **IsOSEarlierThan** function returns **TRUE** if the current operating system is earlier than *OSVersion*.|
 
-
-### <a href="" id="objectcontentfunctions"></a>Object content functions
+### Object content functions
 
 - **DoesObjectExist**
 
-  The DoesObjectExist function returns TRUE if any object exists that matches the location pattern. Otherwise, it returns FALSE. The location pattern is expanded before attempting the enumeration.
+  The DoesObjectExist function returns **TRUE** if any object exists that matches the location pattern. Otherwise, it returns **FALSE**. The location pattern is expanded before attempting the enumeration.
 
   Syntax: `DoesObjectExist("ObjectType","EncodedLocationPattern")`
 
    |Setting|Required?|Value|
    |--- |--- |--- |
    |*ObjectType*|Yes|Defines the object type. Can be File or Registry.|
-   |*EncodedLocationPattern*|Yes|The [location pattern](#locations). Environment variables are allowed.|
+   |*EncodedLocationPattern*|Yes|The **[location pattern](#specifying-locations)**. Environment variables are allowed.|
 
-  For an example of this element, see the MigApp.xml file.
+  For an example of this element, see the `MigApp.xml` file.
 
 - **DoesFileVersionMatch**
 
@@ -321,8 +308,8 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*EncodedFileLocation*|Yes|The [location pattern](#locations) for the file that will be checked. Environment variables are allowed.|
-    |*VersionTag*|Yes|The [version tag](#allowed) value that will be checked.|
+    |*EncodedFileLocation*|Yes|The **[location pattern](#specifying-locations)** for the file that will be checked. Environment variables are allowed.|
+    |*VersionTag*|Yes|The **[version tag](#valid-version-tags)** value that will be checked.|
     |*VersionValue*|Yes|A string pattern. For example, "Microsoft*".|
 
   For example:
@@ -333,14 +320,14 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
 
 - **IsFileVersionAbove**
 
-  The IsFileVersionAbove function returns TRUE if the version of the file is higher than *VersionValue*.
+  The **IsFileVersionAbove** function returns **TRUE** if the version of the file is higher than *VersionValue*.
 
   Syntax: `IsFileVersionAbove("EncodedFileLocation","VersionTag","VersionValue")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*EncodedFileLocation*|Yes|The [location pattern](#locations) for the file that will be checked. Environment variables are allowed.|
-    |*VersionTag*|Yes|The [version tag](#allowed) value that will be checked.|
+    |*EncodedFileLocation*|Yes|The **[location pattern](#specifying-locations)** for the file that will be checked. Environment variables are allowed.|
+    |*VersionTag*|Yes|The **[version tag](#valid-version-tags)** value that will be checked.|
     |*VersionValue*|Yes|The value to compare to. You cannot specify a pattern.|
 
 - **IsFileVersionBelow**
@@ -349,26 +336,26 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*EncodedFileLocation*|Yes|The [location pattern](#locations) for the file that will be checked. Environment variables are allowed.|
-    |*VersionTag*|Yes|The [version tag](#allowed) value that will be checked.|
+    |*EncodedFileLocation*|Yes|The **[location pattern](#specifying-locations)** for the file that will be checked. Environment variables are allowed.|
+    |*VersionTag*|Yes|The **[version tag](#valid-version-tags)** value that will be checked.|
     |*VersionValue*|Yes|The value to compare to. You cannot specify a pattern.|
 
 - **IsSystemContext**
 
-  The IsSystemContext function returns TRUE if the current context is "System". Otherwise, it returns FALSE.
+  The **IsSystemContext** function returns **TRUE** if the current context is **"System"**. Otherwise, it returns **FALSE**.
 
   Syntax: `IsSystemContext()`
 
 - **DoesStringContentEqual**
 
-  The DoesStringContentEqual function returns TRUE if the string representation of the given object is identical to `StringContent`.
+  The **DoesStringContentEqual** function returns **TRUE** if the string representation of the given object is identical to `StringContent`.
 
   Syntax: `DoesStringContentEqual("ObjectType","EncodedLocation","StringContent")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
     |*ObjectType*|Yes|Defines the type of object. Can be File or Registry.|
-    |*EncodedLocationPattern*|Yes|The [encoded location](#locations) for the object that will be examined. You can specify environment variables.|
+    |*EncodedLocationPattern*|Yes|The **[encoded location](#specifying-locations)** for the object that will be examined. You can specify environment variables.|
     |StringContent|Yes|The string that will be checked against.|
 
   For example:
@@ -379,27 +366,27 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
 
 - **DoesStringContentContain**
 
-  The DoesStringContentContain function returns TRUE if there is at least one occurrence of *StrToFind* in the string representation of the object.
+  The **DoesStringContentContain** function returns **TRUE** if there is at least one occurrence of *StrToFind* in the string representation of the object.
 
   Syntax: `DoesStringContentContain("ObjectType","EncodedLocation","StrToFind")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
     |*ObjectType*|Yes|Defines the type of object. Can be File or Registry.|
-    |*EncodedLocationPattern*|Yes|The [encoded location](#locations) for the object that will be examined. You can specify environment variables.|
+    |*EncodedLocationPattern*|Yes|The **[encoded location](#specifying-locations)** for the object that will be examined. You can specify environment variables.|
     |*StrToFind*|Yes|A string that will be searched inside the content of the given object.|
 
 - **IsSameObject**
 
-  The IsSameObject function returns TRUE if the given encoded locations resolve to the same physical object. Otherwise, it returns FALSE.
+  The **IsSameObject** function returns **TRUE** if the given encoded locations resolve to the same physical object. Otherwise, it returns **FALSE**.
 
   Syntax: `IsSameObject("ObjectType","EncodedLocation1","EncodedLocation2")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
     |*ObjectType*|Yes|Defines the type of object. Can be File or Registry.|
-    |*EncodedLocation1*|Yes|The [encoded location](#locations) for the first object. You can specify environment variables.|
-    |*EncodedLocation2*|Yes|The [encoded location](#locations) for the second object. You can specify environment variables.|
+    |*EncodedLocation1*|Yes|The **[encoded location](#specifying-locations)** for the first object. You can specify environment variables.|
+    |*EncodedLocation2*|Yes|The **[encoded location](#specifying-locations)** for the second object. You can specify environment variables.|
 
   For example:
 
@@ -412,39 +399,39 @@ The &lt;condition&gt; functions return a Boolean value. You can use these elemen
 
 - **IsSameContent**
 
-  The IsSameContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be compared byte by byte.
+  The **IsSameContent** function returns **TRUE** if the given objects have the same content. Otherwise, it returns **FALSE**. The content will be compared byte by byte.
 
   Syntax: `IsSameContent("ObjectType1","EncodedLocation1","ObjectType2","EncodedLocation2")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
     |*ObjectType1*|Yes|Defines the type of the first object. Can be File or Registry.|
-    |*EncodedLocation1*|Yes|The [encoded location](#locations) for the first object. You can specify environment variables.|
+    |*EncodedLocation1*|Yes|The **[encoded location](#specifying-locations)** for the first object. You can specify environment variables.|
     |*ObjectType2*|Yes|Defines the type of the second object. Can be File or Registry.|
-    |*EncodedLocation2*|Yes|The [encoded location](#locations) for the second object. You can specify environment variables.|
+    |*EncodedLocation2*|Yes|The **[encoded location](#specifying-locations)** for the second object. You can specify environment variables.|
 
 - **IsSameStringContent**
 
-  The IsSameStringContent function returns TRUE if the given objects have the same content. Otherwise, it returns FALSE. The content will be interpreted as a string.
+  The **IsSameStringContent** function returns **TRUE** if the given objects have the same content. Otherwise, it returns **FALSE**. The content will be interpreted as a string.
 
   Syntax: `IsSameStringContent("ObjectType1","EncodedLocation1","ObjectType2","EncodedLocation2")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
     |*ObjectType1*|Yes|Defines the type of the first object. Can be File or Registry.|
-    |*EncodedLocation1*|Yes|The [encoded location](#locations) for the first object. You can specify environment variables.|
+    |*EncodedLocation1*|Yes|The **[encoded location](#specifying-locations)** for the first object. You can specify environment variables.|
     |*ObjectType2*|Yes|Defines the type of the second object. Can be File or Registry.|
-    |*EncodedLocation2*|Yes|The [encoded location](#locations) for the second object. You can specify environment variables.|
+    |*EncodedLocation2*|Yes|The **[encoded location](#specifying-locations)** for the second object. You can specify environment variables.|
 
-## <a href="" id="conditions"></a>&lt;conditions&gt;
+## &lt;conditions&gt;
 
-The &lt;conditions&gt; element returns a Boolean result that is used to specify the conditions in which the parent element is evaluated. USMT evaluates the child elements, and then joins their results using the operators AND or OR according to the **operation** parameter.
+The **&lt;conditions&gt;** element returns a Boolean result that is used to specify the conditions in which the parent element is evaluated. USMT evaluates the child elements, and then joins their results using the operators **AND** or **OR** according to the operation parameter.
 
--   **Number of occurrences:** Unlimited inside another &lt;conditions&gt; element. Limited to one occurrence in [&lt;detection&gt;](#detection), [&lt;rules&gt;](#rules), [&lt;addObjects&gt;](#addobjects), and [&lt;objectSet&gt;](#objectset)
+- **Number of occurrences:** Unlimited inside another **&lt;conditions&gt;** element. Limited to one occurrence in [&lt;detection&gt;](#detection), [&lt;rules&gt;](#rules), [&lt;addObjects&gt;](#addobjects), and [&lt;objectSet&gt;](#objectset)
 
--   **Parent elements:**[&lt;conditions&gt;](#conditions), [&lt;detection&gt;](#detection), [&lt;environment&gt;](#bkmk-environment), [&lt;rules&gt;](#rules), [&lt;addObjects&gt;](#addobjects), and [&lt;objectSet&gt;](#objectset)
+- **Parent elements:** [&lt;conditions&gt;](#conditions), [&lt;detection&gt;](#detection), [&lt;environment&gt;](#environment), [&lt;rules&gt;](#rules), [&lt;addObjects&gt;](#addobjects), and [&lt;objectSet&gt;](#objectset)
 
--   **Child elements:**[&lt;conditions&gt;](#conditions), [&lt;condition&gt;](#condition)
+- **Child elements:** [&lt;conditions&gt;](#conditions), [&lt;condition&gt;](#condition)
 
 Syntax:
 
@@ -457,7 +444,7 @@ Syntax:
 |--- |--- |--- |
 |operation|No, default = AND|Defines the Boolean operation that is performed on the results that are obtained from the child elements.|
 
-The following example is from the MigApp.xml file:
+The following example is from the `MigApp.xml` file:
 
 ```xml
 <environment name="GlobalEnv">
@@ -470,17 +457,17 @@ The following example is from the MigApp.xml file:
 </environment>
 ```
 
-## <a href="" id="content"></a>&lt;content&gt;
+## &lt;content&gt;
 
-You can use the &lt;content&gt; element to specify a list of object patterns to obtain an object set from the source computer. Each &lt;objectSet&gt; within a &lt;content&gt; element is evaluated. For each resulting object pattern list, the objects that match it are enumerated and their content is filtered by the filter parameter. The resulting string array is the output for the &lt;content&gt; element. The filter script returns an array of locations. The parent &lt;objectSet&gt; element can contain multiple child &lt;content&gt; elements.
+You can use the **&lt;content&gt;** element to specify a list of object patterns to obtain an object set from the source computer. Each **&lt;objectSet&gt;** within a **&lt;content&gt;** element is evaluated. For each resulting object pattern list, the objects that match it are enumerated and their content is filtered by the filter parameter. The resulting string array is the output for the **&lt;content&gt;** element. The filter script returns an array of locations. The parent **&lt;objectSet&gt;** element can contain multiple child **&lt;content&gt;** elements.
 
--   **Number of occurrences:** unlimited
+- **Number of occurrences:** unlimited
 
--   **Parent elements:**[&lt;objectSet&gt;](#objectset)
+- **Parent elements:** [&lt;objectSet&gt;](#objectset)
 
--   **Child elements:**[&lt;objectSet&gt;](#objectset)
+- **Child elements:** [&lt;objectSet&gt;](#objectset)
 
--   **Helper functions:** You can use the following [&lt;content&gt; functions](#contentfunctions) with this element: ExtractSingleFile, ExtractMultipleFiles, and ExtractDirectory.
+- **Helper functions:** You can use the following [&lt;content&gt; functions](#content-functions) with this element: `ExtractSingleFile`, `ExtractMultipleFiles`, and `ExtractDirectory`.
 
 Syntax:
 
@@ -491,22 +478,22 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-|filter|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/>The script is called for each object that is enumerated by the object sets in the &lt;include&gt; rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.|
+|filter|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/>The script is called for each object that is enumerated by the object sets in the **&lt;include&gt;** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.|
 
-### <a href="" id="contentfunctions"></a>&lt;content&gt; functions
+### &lt;content&gt; functions
 
-The following functions generate patterns out of the content of an object. These functions are called for every object that the parent &lt;ObjectSet&gt; element is enumerating.
+The following functions generate patterns out of the content of an object. These functions are called for every object that the parent **&lt;ObjectSet&gt;** element is enumerating.
 
--   **ExtractSingleFile**
+- **ExtractSingleFile**
 
-    If the registry value is a MULTI-SZ, only the first segment is processed. The returned pattern is the encoded location for a file that must exist on the system. If the specification is correct in the registry value, but the file does not exist, this function returns NULL.
+    If the registry value is a **MULTI-SZ**, only the first segment is processed. The returned pattern is the encoded location for a file that must exist on the system. If the specification is correct in the registry value, but the file does not exist, this function returns **NULL**.
 
     Syntax: `ExtractSingleFile(Separators,PathHints)`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*Separators*|Yes|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. You can specify NULL.|
-    |*PathHints*|Yes|A list of extra paths, separated by colons (;), where the function will look for a file matching the current content. For example, if the content is "Notepad.exe" and the path is the %Path% environment variable, the function will find Notepad.exe in %windir% and returns "c:\Windows [Notepad.exe]". You can specify NULL.|
+    |*Separators*|Yes|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is **"C:\Windows\Notepad.exe,-2"**, the separator is a comma. You can specify **NULL**.|
+    |*PathHints*|Yes|A list of extra paths, separated by colons (`;`), where the function will look for a file matching the current content. For example, if the content is **"Notepad.exe"** and the path is the **%Path%** environment variable, the function will find **Notepad.exe** in `%windir%` and returns **"c:\Windows [Notepad.exe]"**. You can specify **NULL**.|
 
   For example:
 
@@ -520,9 +507,9 @@ The following functions generate patterns out of the content of an object. These
   <content filter="MigXmlHelper.ExtractSingleFile(NULL,'%CSIDL_COMMON_FONTS%')">
   ```
 
--   **ExtractMultipleFiles**
+- **ExtractMultipleFiles**
 
-    The ExtractMultipleFiles function returns multiple patterns, one for each file that is found in the content of the given registry value. If the registry value is a MULTI-SZ, the MULTI-SZ separator is considered a separator by default. therefore, for MULTI-SZ, the &lt;Separators&gt; argument must be NULL.
+    The **ExtractMultipleFiles** function returns multiple patterns, one for each file that is found in the content of the given registry value. If the registry value is a **MULTI-SZ**, the **MULTI-SZ** separator is considered a separator by default. therefore, for **MULTI-SZ**, the **&lt;Separators&gt;** argument must be **NULL**.
 
     The returned patterns are the encoded locations for files that must exist on the source computer. If the specification is correct in the registry value but the file does not exist, it will not be included in the resulting list.
 
@@ -530,18 +517,18 @@ The following functions generate patterns out of the content of an object. These
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*Separators*|Yes|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. This parameter must be NULL when processing MULTI-SZ registry values.|
-    |*PathHints*|Yes|A list of extra paths, separated by colons (;), where the function will look for a file matching the current content. For example, if the content is "Notepad.exe" and the path is the %Path% environment variable, the function will find Notepad.exe in %windir% and returns "c:\Windows [Notepad.exe]". You can specify NULL.|
+    |*Separators*|Yes|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is **"C:\Windows\Notepad.exe,-2"**, the separator is a comma. This parameter must be NULL when processing **MULTI-SZ** registry values.|
+    |*PathHints*|Yes|A list of extra paths, separated by colons (`;`), where the function will look for a file matching the current content. For example, if the content is **"Notepad.exe"** and the path is the **%Path%** environment variable, the function will find **Notepad.exe** in `%windir%` and returns **"c:\Windows [Notepad.exe]"**. You can specify **NULL**.|
 
--   **ExtractDirectory**
+- **ExtractDirectory**
 
-    The ExtractDirectory function returns a pattern that is the encoded location for a directory that must exist on the source computer. If the specification is correct in the registry value, but the directory does not exist, this function returns NULL. If it is processing a registry value that is a MULTI-SZ, only the first segment will be processed.
+    The **ExtractDirectory** function returns a pattern that is the encoded location for a directory that must exist on the source computer. If the specification is correct in the registry value, but the directory does not exist, this function returns **NULL**. If it is processing a registry value that is a **MULTI-SZ**, only the first segment will be processed.
 
     Syntax: `ExtractDirectory(Separators,LevelsToTrim,PatternSuffix)`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*Separators*|No|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is "C:\Windows\Notepad.exe,-2", the separator is a comma. You must specify NULL when processing MULTI-SZ registry values.|
+    |*Separators*|No|A list of possible separators that might follow the file specification in this registry value name. For example, if the content is **"C:\Windows\Notepad.exe,-2"**, the separator is a comma. You must specify **NULL** when processing **MULTI-SZ** registry values.|
     |*LevelsToTrim*|Yes|The number of levels to delete from the end of the directory specification. Use this function to extract a root directory when you have a registry value that points inside that root directory in a known location.|
     |*PatternSuffix*|Yes|The pattern to add to the directory specification. For example, `* [*]`.|
 
@@ -557,17 +544,17 @@ The following functions generate patterns out of the content of an object. These
   </objectSet>
   ```
 
-## <a href="" id="contentmodify"></a>&lt;contentModify&gt;
+## &lt;contentModify&gt;
 
-The &lt;contentModify&gt; element modifies the content of an object before it is written to the destination computer. For each &lt;contentModify&gt; element there can be multiple &lt;objectSet&gt; elements. This element returns the new content of the object that is being processed.
+The **&lt;contentModify&gt;** element modifies the content of an object before it is written to the destination computer. For each **&lt;contentModify&gt;** element there can be multiple **&lt;objectSet&gt;** elements. This element returns the new content of the object that is being processed.
 
--   **Number of occurrences:** Unlimited
+- **Number of occurrences:** Unlimited
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Required child elements:**[&lt;objectSet&gt;](#objectset)
+- **Required child elements:** [&lt;objectSet&gt;](#objectset)
 
--   **Helper functions**: You can use the following [&lt;contentModify&gt; functions](#contentmodifyfunctions) with this element: ConvertToDWORD, ConvertToString, ConvertToBinary, KeepExisting, OffsetValue, SetValueByTable, MergeMultiSzContent, and MergeDelimitedContent.
+- **Helper functions**: You can use the following [&lt;contentModify&gt; functions](#contentmodify-functions) with this element: **ConvertToDWORD**, **ConvertToString**, **ConvertToBinary**, **KeepExisting**, **OffsetValue**, **SetValueByTable**, **MergeMultiSzContent**, and **MergeDelimitedContent**.
 
 Syntax:
 
@@ -578,31 +565,31 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2").` <br/><br/>The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.|
+|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2").` <br/><br/>The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.|
 
-### <a href="" id="contentmodifyfunctions"></a>&lt;contentModify&gt; functions
+### &lt;contentModify&gt; functions
 
-The following functions change the content of objects as they are migrated. These functions are called for every object that the parent &lt;ObjectSet&gt; element is enumerating.
+The following functions change the content of objects as they are migrated. These functions are called for every object that the parent **&lt;ObjectSet&gt;** element is enumerating.
 
--   **ConvertToDWORD**
+- **ConvertToDWORD**
 
-    The ConvertToDWORD function converts the content of registry values that are enumerated by the parent &lt;ObjectSet&gt; element to a DWORD. For example, ConvertToDWORD will convert the string "1" to the DWORD 0x00000001. If the conversion fails, then the value of DefaultValueOnError will be applied.
+    The **ConvertToDWORD** function converts the content of registry values that are enumerated by the parent **&lt;ObjectSet&gt;** element to a DWORD. For example, **ConvertToDWORD** will convert the string `"1"` to the DWORD `0x00000001`. If the conversion fails, then the value of **DefaultValueOnError** will be applied.
 
     Syntax: `ConvertToDWORD(DefaultValueOnError)`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*DefaultValueOnError*|No|The value that will be written into the value name if the conversion fails. You can specify NULL, and 0 will be written if the conversion fails.|
+    |*DefaultValueOnError*|No|The value that will be written into the value name if the conversion fails. You can specify **NULL**, and `0` will be written if the conversion fails.|
 
--   **ConvertToString**
+- **ConvertToString**
 
-    The ConvertToString function converts the content of registry values that match the parent &lt;ObjectSet&gt; element to a string. For example, it will convert the DWORD 0x00000001 to the string "1". If the conversion fails, then the value of DefaultValueOnError will be applied.
+    The **ConvertToString** function converts the content of registry values that match the parent **&lt;ObjectSet&gt;** element to a string. For example, it will convert the DWORD `0x00000001` to the string **"1"**. If the conversion fails, then the value of **DefaultValueOnError** will be applied.
 
     Syntax: `ConvertToString(DefaultValueOnError)`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*DefaultValueOnError*|No|The value that will be written into the value name if the conversion fails. You can specify NULL, and 0 will be written if the conversion fails.|
+    |*DefaultValueOnError*|No|The value that will be written into the value name if the conversion fails. You can specify **NULL**, and `0` will be written if the conversion fails.|
 
   For example:
 
@@ -614,15 +601,15 @@ The following functions change the content of objects as they are migrated. Thes
   </contentModify>
   ```
 
--   **ConvertToBinary**
+- **ConvertToBinary**
 
-    The ConvertToBinary function converts the content of registry values that match the parent &lt;ObjectSet&gt; element to a binary type.
+    The **ConvertToBinary** function converts the content of registry values that match the parent **&lt;ObjectSet&gt;** element to a binary type.
 
     Syntax: `ConvertToBinary ()`
 
--   **OffsetValue**
+- **OffsetValue**
 
-    The OffsetValue function adds or subtracts *Value* from the value of the migrated object, and then writes the result back into the registry value on the destination computer. For example, if the migrated object is a DWORD with a value of 14, and the *Value* is "-2", the registry value will be 12 on the destination computer.
+    The **OffsetValue** function adds or subtracts *Value* from the value of the migrated object, and then writes the result back into the registry value on the destination computer. For example, if the migrated object is a DWORD with a value of `14`, and the *Value* is **"-2"**, the registry value will be `12` on the destination computer.
 
     Syntax: `OffsetValue(Value)`
 
@@ -630,9 +617,9 @@ The following functions change the content of objects as they are migrated. Thes
     |--- |--- |--- |
     |*Value*|Yes|The string representation of a numeric value. It can be positive or negative. For example, `OffsetValue(2)`.|
 
--   **SetValueByTable**
+- **SetValueByTable**
 
-    The SetValueByTable function matches the value from the source computer to the source table. If the value is there, the equivalent value in the destination table will be applied. If the value is not there, or if the destination table has no equivalent value, the *DefaultValueOnError* will be applied.
+    The **SetValueByTable** function matches the value from the source computer to the source table. If the value is there, the equivalent value in the destination table will be applied. If the value is not there, or if the destination table has no equivalent value, the *DefaultValueOnError* will be applied.
 
     Syntax: `SetValueByTable(SourceTable,DestinationTable,DefaultValueOnError)`
 
@@ -640,21 +627,21 @@ The following functions change the content of objects as they are migrated. Thes
     |--- |--- |--- |
     |*SourceTable*|Yes|A list of values separated by commas that are possible for the source registry values.|
     |*DestinationTable*|No|A list of translated values separated by commas.|
-    |*DefaultValueOnError*|No|The value that will be applied to the destination computer if either 1) the value for the source computer does not match *SourceTable*, or 2) *DestinationTable* has no equivalent value. <br/><br/>If DefaultValueOnError is NULL, the value will not be changed on the destination computer.|
+    |*DefaultValueOnError*|No|The value that will be applied to the destination computer if either <ol><li>The value for the source computer does not match *SourceTable*</li><li>*DestinationTable* has no equivalent value.</li></ol><br>If **DefaultValueOnError** is **NULL**, the value will not be changed on the destination computer.|
 
--   **KeepExisting**
+- **KeepExisting**
 
-    You can use the KeepExisting function when there are conflicts on the destination computer. This function will keep (not overwrite) the specified attributes for the object that is on the destination computer.
+    You can use the **KeepExisting** function when there are conflicts on the destination computer. This function will keep (not overwrite) the specified attributes for the object that is on the destination computer.
 
     Syntax: `KeepExisting("OptionString","OptionString","OptionString",…)`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    | *OptionString* | Yes | *OptionString* can be **Security**, **TimeFields**, or **FileAttrib**:*Letter*. You can specify one of each type of *OptionStrings*. Do not specify multiple *OptionStrings* with the same value. If you do, the right-most option of that type will be kept. For example, do not specify **(&quot;FileAttrib:H&quot;, &quot;FileAttrib:R&quot;)** because only Read-only will be evaluated. Instead specify **(&quot;FileAttrib:HR&quot;)** and both Hidden and Read-only attributes will be kept on the destination computer. <ul><li>**Security**. Keeps the destination object's security descriptor if it exists.</li><li>**TimeFields**. Keeps the destination object's time stamps. This parameter is for files only.</li><li>**FileAttrib:** *Letter*. Keeps the destination object's attribute value, either On or OFF, for the specified set of file attributes. This parameter is for files only. The following are case-insensitive, but USMT will ignore any values that are invalid, repeated, or if there is a space after &quot;FileAttrib:&quot;. You can specify any combination of the following attributes: <ul><li>**A** = Archive</li><li>**C** = Compressed</li><li>**E** = Encrypted</li><li>**H** = Hidden</li><li>**I** = Not Content Indexed</li><li>**O** = Offline</li><li>**R** = Read-Only</li><li>**S** = System</li><li>**T** = Temporary</li></ul></li></ul> |
+    | *OptionString* | Yes | *OptionString* can be **Security**, **TimeFields**, or **FileAttrib**:*Letter*. You can specify one of each type of *OptionStrings*. Do not specify multiple *OptionStrings* with the same value. If you do, the right-most option of that type will be kept. For example, do not specify **(&quot;FileAttrib:H&quot;, &quot;FileAttrib:R&quot;)** because only Read-only will be evaluated. Instead specify **(&quot;FileAttrib:HR&quot;)** and both Hidden and Read-only attributes will be kept on the destination computer. <ul><li>**Security**: Keeps the destination object's security descriptor if it exists.</li><li>**TimeFields**: Keeps the destination object's time stamps. This parameter is for files only.</li><li>**FileAttrib:&lt;Letter&gt;**: Keeps the destination object's attribute value, either **ON** or **OFF**, for the specified set of file attributes. This parameter is for files only. The following are case-insensitive, but USMT will ignore any values that are invalid, repeated, or if there is a space after **FileAttrib:**. You can specify any combination of the following attributes: <ul><li>**A** = Archive</li><li>**C** = Compressed</li><li>**E** = Encrypted</li><li>**H** = Hidden</li><li>**I** = Not Content Indexed</li><li>**O** = Offline</li><li>**R** = Read-Only</li><li>**S** = System</li><li>**T** = Temporary</li></ul></li></ul> |
 
--   **MergeMultiSzContent**
+- **MergeMultiSzContent**
 
-    The MergeMultiSzContent function merges the MULTI-SZ content of the registry values that are enumerated by the parent &lt;ObjectSet&gt; element with the content of the equivalent registry values that already exist on the destination computer. `Instruction` and `String` either remove or add content to the resulting MULTI-SZ. Duplicate elements will be removed.
+    The **MergeMultiSzContent** function merges the **MULTI-SZ** content of the registry values that are enumerated by the parent **&lt;ObjectSet&gt;** element with the content of the equivalent registry values that already exist on the destination computer. `Instruction` and `String` either remove or add content to the resulting **MULTI-SZ**. Duplicate elements will be removed.
 
     Syntax: `MergeMultiSzContent (Instruction,String,Instruction,String,…)`
 
@@ -663,27 +650,27 @@ The following functions change the content of objects as they are migrated. Thes
     | *Instruction* | Yes | Can be one of the following: <ul><li>**Add**. Adds the corresponding String to the resulting MULTI-SZ if it is not already there.</li><li>**Remove**. Removes the corresponding String from the resulting MULTI-SZ.</li></ul> |
     | *String* | Yes | The string to be added or removed. |
 
--   **MergeDelimitedContent**
+- **MergeDelimitedContent**
 
-    The MergeDelimitedContent function merges the content of the registry values that are enumerated by the parent &lt;ObjectSet&gt; element with the content of the equivalent registry values that already exist on the destination computer. The content is considered a list of elements separated by one of the characters in the Delimiters parameter. Duplicate elements will be removed.
+    The **MergeDelimitedContent** function merges the content of the registry values that are enumerated by the parent **&lt;ObjectSet&gt;** element with the content of the equivalent registry values that already exist on the destination computer. The content is considered a list of elements separated by one of the characters in the Delimiters parameter. Duplicate elements will be removed.
 
     Syntax: `MergeDelimitedContent(Delimiters,Instruction,String,…)`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    | *Delimiters* | Yes | A single character that will be used to separate the content of the object that is being processed. The content will be considered as a list of elements that is separated by the *Delimiters*. <br/>For example, &quot;.&quot; will separate the string based on a period. |
-    | *Instruction* | Yes | Can one of the following: <ul><li>**Add.** Adds *String* to the resulting MULTI-SZ if it is not already there.</li><li>**Remove.** Removes *String* from the resulting MULTI-SZ.</li></ul> |
+    | *Delimiters* | Yes | A single character that will be used to separate the content of the object that is being processed. The content will be considered as a list of elements that is separated by the *Delimiters*. <br/>For example, `"."` will separate the string based on a period. |
+    | *Instruction* | Yes | Can be one of the following: <ul><li>**Add**: Adds *String* to the resulting MULTI-SZ if it is not already there.</li><li>**Remove**: Removes *String* from the resulting MULTI-SZ.</li></ul> |
     | *String* | Yes | The string to be added or removed. |
 
-## <a href="" id="description"></a>&lt;description&gt;
+## &lt;description&gt;
 
-The &lt;description&gt; element defines a description for the component but does not affect the migration.
+The **&lt;description&gt;** element defines a description for the component but does not affect the migration.
 
--   **Number of occurrences:** zero or one
+- **Number of occurrences:** zero or one
 
--   **Parent elements:**[&lt;component&gt;](#component)
+- **Parent elements:** [&lt;component&gt;](#component)
 
--   **Child elements:** none
+- **Child elements:** none
 
 Syntax:
 
@@ -701,22 +688,20 @@ The following code sample shows how the &lt;description&gt; element defines the
 <description>My custom component<description>
 ```
 
-## <a href="" id="destinationcleanup"></a>&lt;destinationCleanup&gt;
+## &lt;destinationCleanup&gt;
 
-The &lt;destinationCleanup&gt; element deletes objects, such as files and registry keys, from the destination computer before applying the objects from the source computer. This element is evaluated only when the LoadState tool is run on the destination computer. That is, this element is ignored by the ScanState tool.
+The **&lt;destinationCleanup&gt;** element deletes objects, such as files and registry keys, from the destination computer before applying the objects from the source computer. This element is evaluated only when the **LoadState** tool is run on the destination computer. That is, this element is ignored by the **ScanState** tool.
 
 > [!IMPORTANT]
 > Use this option with extreme caution because it will delete objects from the destination computer.
 
+For each **&lt;destinationCleanup&gt;** element there can be multiple **&lt;objectSet&gt;** elements. A common use for this element is if there is a missing registry key on the source computer and you want to ensure that a component is migrated. In this case, you can delete all of the component's registry keys before migrating the source registry keys. This will ensure that if there is a missing key on the source computer, it will also be missing on the destination computer.
 
+- **Number of occurrences:** Unlimited
 
-For each &lt;destinationCleanup&gt; element there can be multiple &lt;objectSet&gt; elements. A common use for this element is if there is a missing registry key on the source computer and you want to ensure that a component is migrated. In this case, you can delete all of the component's registry keys before migrating the source registry keys. This will ensure that if there is a missing key on the source computer, it will also be missing on the destination computer.
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Number of occurrences:** Unlimited
-
--   **Parent elements:**[&lt;rules&gt;](#rules)
-
--   **Child elements:**[&lt;objectSet&gt;](#objectset) (Note that the destination computer will delete all child elements.)
+- **Child elements:** [&lt;objectSet&gt;](#objectset) (Note that the destination computer will delete all child elements.)
 
 Syntax:
 
@@ -727,7 +712,7 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-|filter|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/><br/>The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.|
+|filter|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/><br/>The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.|
 
 For example:
 
@@ -740,21 +725,21 @@ For example:
 </destinationCleanup>
 ```
 
-## <a href="" id="detect"></a>&lt;detect&gt;
+## &lt;detect&gt;
 
-Although the &lt;detect&gt; element is still supported, we do not recommend using it because it may be deprecated in future versions of USMT. In that case, you would have to rewrite your scripts. Instead, we recommend that you use the [&lt;detection&gt;](#detection)**element.**
+Although the **&lt;detect&gt;** element is still supported, it is recommend to no longer use the **&lt;detect&gt;** element because it may be deprecated in future versions of USMT. If the **&lt;detect&gt;** element were depecated, it would require a rewrite of any scripts that use the **&lt;detect&gt;** element. Instead, it is recommend to use the **[&lt;detection&gt;](#detection)** element. The **&lt;detection&gt;** element allows for more clearly formulated complex Boolean statements
 
-You use the &lt;detect&gt; element to determine if the component is present on a system. If all child &lt;detect&gt; elements within a &lt;detect&gt; element resolve to TRUE, then the &lt;detect&gt; element resolves to TRUE. If any child &lt;detect&gt; elements resolve to FALSE, then their parent &lt;detect&gt; element resolves to FALSE. If there is no &lt;detect&gt; element section, then USMT will assume that the component is present.
+The **&lt;detect&gt;** element can be used to determine if the component is present on a system. If all child **&lt;detect&gt;** elements within a **&lt;detect&gt;** element resolve to **TRUE**, then the **&lt;detect&gt;** element resolves to **TRUE**. If any child **&lt;detect&gt;** elements resolve to **FALSE**, then their parent **&lt;detect&gt;** element resolves to **FALSE**. If there is no **&lt;detect&gt;** element section, then USMT will assume that the component is present.
 
-For each &lt;detect&gt; element there can be multiple child &lt;condition&gt; or &lt;objectSet&gt; elements, which will be logically joined by an OR operator. If at least one &lt;condition&gt; or &lt;objectSet&gt; element evaluates to TRUE, then the &lt;detect&gt; element evaluates to TRUE.
+For each **&lt;detect&gt;** element there can be multiple child **&lt;condition&gt;** or **&lt;objectSet&gt;** elements, which will be logically joined by an **OR** operator. If at least one **&lt;condition&gt;** or **&lt;objectSet&gt;** element evaluates to **TRUE**, then the **&lt;detect&gt;** element evaluates to **TRUE**.
 
--   **Number of occurrences:** unlimited
+- **Number of occurrences:** unlimited
 
--   **Parent elements:** &lt;detects&gt;, [&lt;namedElements&gt;](#namedelements)
+- **Parent elements:** [&lt;detects&gt;](#detects), [&lt;namedElements&gt;](#namedelements)
 
--   **Required child elements:**[&lt;condition&gt;](#condition)
+- **Required child elements:** [&lt;condition&gt;](#condition)
 
--   **Optional child elements:**[&lt;objectSet&gt;](#objectset)
+- **Optional child elements:** [&lt;objectSet&gt;](#objectset)
 
 Syntax:
 
@@ -765,16 +750,16 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| name | Yes, when &lt;detect&gt; is a child to &lt;namedElements&gt; <br/>No, when &lt;detect&gt; is a child to &lt;detects&gt; | When *ID* is specified, any child elements are not processed. Instead, any other &lt;detect&gt; elements with the same name that are declared within the &lt;namedElements&gt; element are processed. |
-| context | No <br/>(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the component element. For example, if a &lt;component&gt; element has a context of User, and a &lt;rules&gt; element had a context of UserAndSystem, then the &lt;rules&gt; element would act as though it had a context of User. If the &lt;rules&gt; element had a context of System, it would act as though the &lt;rules&gt; element were not there. <ul><li>**User.** Evaluates the variables for each user.</li><li>**System.** Evaluates the variables only once for the system.</li><li>**UserAndSystem.** Evaluates the variables for the entire operating system and each user.</li></ul> |
+| name | Yes, when **&lt;detect&gt;** is a child to **&lt;namedElements&gt;** <br/>No, when **&lt;detect&gt;** is a child to &lt;detects&gt; | When *ID* is specified, any child elements are not processed. Instead, any other **&lt;detect&gt;** elements with the same name that are declared within the **&lt;namedElements&gt;** element are processed. |
+| context | No <br/>(default = UserAndSystem) | Defines the scope of this parameter which are whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the component element. For example, if a **&lt;component&gt;** element has a context of **User**, and a **&lt;rules&gt;** element had a context of **UserAndSystem**, then the **&lt;rules&gt;** element would act as though it had a context of **User**. If the **&lt;rules&gt;** element had a context of **System**, it would act as though the **&lt;rules&gt;** element were not there. <ul><li>**User**: Evaluates the variables for each user.</li><li>**System**: Evaluates the variables only once for the system.</li><li>**UserAndSystem**: Evaluates the variables for the entire operating system and each user.</li></ul> |
 
 For examples, see the examples for [&lt;detection&gt;](#detection).
 
-## <a href="" id="detects"></a>&lt;detects&gt;
+## &lt;detects&gt;
 
-Although the &lt;detects&gt; element is still supported, we recommend that you do not use it because it may be deprecated in future versions of USMT, which would require you to rewrite your scripts. Instead, we recommend that you use the [&lt;detection&gt;](#detection) element if the parent element is &lt;role&gt; or &lt;namedElements&gt;, and we recommend that you use the &lt;conditions&gt; element if the parent element is &lt;rules&gt;. Using &lt;detection&gt; allows you to more clearly formulate complex Boolean statements.
+Although the **&lt;detects&gt;** element is still supported, it is recommend to no longer use the **&lt;detects&gt;** element because it may be deprecated in future versions of USMT. If the **&lt;detects&gt;** element were deprecated, it would require a rewrite of any scripts that use the **&lt;detects&gt;** element. Instead, it is recommend to use the **[&lt;detection&gt;](#detection)** element if the parent element is **&lt;role&gt;** or **&lt;namedElements&gt;**, or use the **[&lt;conditions&gt;](#conditions)** element if the parent element is **&lt;rules&gt;**. The **&lt;detection&gt;** element allows for more clearly formulated complex Boolean statements and the **&lt;conditions&gt;** element allows for formulation of complex Boolean statements.
 
-The &lt;detects&gt; element is a container for one or more &lt;detect&gt; elements. If all of the child &lt;detect&gt; elements within a &lt;detects&gt; element resolve to TRUE, then &lt;detects&gt; resolves to TRUE. If any of the child &lt;detect&gt; elements resolve to FALSE, then &lt;detects&gt; resolves to FALSE. If you do not want to write the &lt;detects&gt; elements within a component, then you can create the &lt;detects&gt; element under the &lt;namedElements&gt; element, and then refer to it. If there is no &lt;detects&gt; element section, then USMT will assume that the component is present. The results from each &lt;detects&gt; element are joined together by the OR operator to form the rule used to detect the parent element.
+The **&lt;detects&gt;** element is a container for one or more **&lt;detect&gt;** elements. If all of the child **&lt;detect&gt;** elements within a **&lt;detects&gt;** element resolve to **TRUE**, then **&lt;detects&gt;** resolves to **TRUE**. If any of the child **&lt;detect&gt;** elements resolve to **FALSE**, then **&lt;detects&gt;** resolves to **FALSE**. If you do not want to write the **&lt;detects&gt;** elements within a component, then you can create the **&lt;detects&gt;** element under the **&lt;namedElements&gt;** element, and then refer to it. If there is no **&lt;detects&gt;** element section, then USMT will assume that the component is present. The results from each **&lt;detects&gt;** element are joined together by the **OR** operator to form the rule used to detect the parent element.
 
 Syntax:
 
@@ -783,18 +768,18 @@ Syntax:
 </detects>
 ```
 
--   **Number of occurrences:** Unlimited.
+- **Number of occurrences:** Unlimited.
 
--   **Parent elements:**[&lt;role&gt;](#role), [&lt;rules&gt;](#rules), [&lt;namedElements&gt;](#namedelements)
+- **Parent elements:** [&lt;role&gt;](#role), [&lt;rules&gt;](#rules), [&lt;namedElements&gt;](#namedelements)
 
--   **Required child elements:** &lt;detect&gt;
+- **Required child elements:** [&lt;detect&gt;](#detect)
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| name | Yes, when &lt;detects&gt; is a child to &lt;namedElements&gt; <br/>No, when &lt;detects&gt; is a child to &lt;role&gt; or &lt;rules&gt; | When *ID* is specified, no child &lt;detect&gt; elements are processed. Instead, any other &lt;detects&gt; elements with the same name that are declared within the &lt;namedElements&gt; element are processed. |
-| context | No <br/>(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the &lt;component element&gt;. For example, if a &lt;component&gt; element has a context of User and a &lt;rules&gt; element had a context of UserAndSystem, then the &lt;rules&gt; element would act as though it had a context of User. If the &lt;rules&gt; element had a context of System, it would act as though the &lt;rules&gt; element were not there. <ul><li>**User.** Evaluates the variables for each user.</li><li>**System.** Evaluates the variables only once for the system.</li><li>**UserAndSystem.** Evaluates the variables for the entire operating system and each user.</li></ul> <br/>The context parameter is ignored for &lt;detects&gt; elements that are inside &lt;rules&gt; elements. |
+| name | Yes, when &lt;detects&gt; is a child to **&lt;namedElements&gt;** <br/>No, when &lt;detects&gt; is a child to **&lt;role&gt;** or **&lt;rules&gt;** | When *ID* is specified, no child **&lt;detect&gt;** elements are processed. Instead, any other **&lt;detects&gt;** elements with the same name that are declared within the **&lt;namedElements&gt;** element are processed. |
+| context | No <br/>(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the **&lt;component element&gt;**. For example, if a **&lt;component&gt;** element has a context of **User** and a **&lt;rules&gt;** element had a context of **UserAndSystem**, then the **&lt;rules&gt;** element would act as though it had a context of **User**. If the **&lt;rules&gt;** element had a context of **System**, it would act as though the **&lt;rules&gt;** element were not there. <ul><li>**User**: Evaluates the variables for each user.</li><li>**System**: Evaluates the variables only once for the system.</li><li>**UserAndSystem**: Evaluates the variables for the entire operating system and each user.</li></ul> <br/>The context parameter is ignored for **&lt;detects&gt;** elements that are inside **&lt;rules&gt;** elements. |
 
-The following example is from the MigApp.xml file.
+The following example is from the `MigApp.xml` file.
 
 ```xml
 <detects>
@@ -807,20 +792,19 @@ The following example is from the MigApp.xml file.
 </detects>
 ```
 
-## <a href="" id="detection"></a>&lt;detection&gt;
+## &lt;detection&gt;
 
+The  **&lt;detection&gt;** element is a container for one **&lt;conditions&gt;** element. The result of the child **&lt;condition&gt;** elements, located underneath the **&lt;conditions&gt;** element, determines the result of this element. For example, if all of the child **&lt;conditions&gt;** elements within the  **&lt;detection&gt;** element resolve to **TRUE**, then the  **&lt;detection&gt;** element resolves to **TRUE**. If any of the child **&lt;conditions&gt;** elements resolve to **FALSE**, then the  **&lt;detection&gt;** element resolves to **FALSE**.
 
-The &lt;detection&gt; element is a container for one &lt;conditions&gt; element. The result of the child &lt;condition&gt; elements, located underneath the &lt;conditions&gt; element, determines the result of this element. For example, if all of the child &lt;conditions&gt; elements within the &lt;detection&gt; element resolve to TRUE, then the &lt;detection&gt; element resolves to TRUE. If any of the child &lt;conditions&gt; elements resolve to FALSE, then the &lt;detection&gt; element resolves to FALSE.
+In addition, the results from each  **&lt;detection&gt;** section within the **&lt;role&gt;** element are joined together by the **OR** operator to form the detection rule of the parent element. That is, if one of the  **&lt;detection&gt;** sections resolves to **TRUE**, then the **&lt;role&gt;** element will be processed. Otherwise, the **&lt;role&gt;** element will not be processed.
 
-In addition, the results from each &lt;detection&gt; section within the &lt;role&gt; element are joined together by the OR operator to form the detection rule of the parent element. That is, if one of the &lt;detection&gt; sections resolves to TRUE, then the &lt;role&gt; element will be processed. Otherwise, the &lt;role&gt; element will not be processed.
+Use the  **&lt;detection&gt;** element under the **&lt;namedElements&gt;** element if you do not want to write it within a component. Then include a matching  **&lt;detection&gt;** section under the **&lt;role&gt;** element to control whether the component is migrated. If there is not a  **&lt;detection&gt;** section for a component, then USMT will assume that the component is present.
 
-Use the &lt;detection&gt; element under the &lt;namedElements&gt; element if you do not want to write it within a component. Then include a matching &lt;detection&gt; section under the &lt;role&gt; element to control whether the component is migrated. If there is not a &lt;detection&gt; section for a component, then USMT will assume that the component is present.
+- **Number of occurrences:** Unlimited.
 
--   **Number of occurrences:** Unlimited.
+- **Parent elements:** [&lt;role&gt;](#role), [&lt;namedElements&gt;](#namedelements)
 
--   **Parent elements:**[&lt;role&gt;](#role), [&lt;namedElements&gt;](#namedelements)
-
--   **Child elements:**[&lt;conditions&gt;](#conditions)
+- **Child elements:** [&lt;conditions&gt;](#conditions)
 
 Syntax:
 
@@ -831,8 +815,8 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| name | <ul><li>Yes, when &lt;detection&gt; is declared under &lt;namedElements&gt;</li><li>Optional, when declared under &lt;role&gt;</li></ul> | If declared, the content of the &lt;detection&gt; element is ignored and the content of the &lt;detection&gt; element with the same name that is declared in the &lt;namedElements&gt; element will be evaluated. |
-| context | No, default = UserAndSystem | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both. <ul><li>**User.** Evaluates the component for each user.</li><li>**System.** Evaluates the component only once for the system.</li><li>**UserAndSystem.** Evaluates the component for the entire operating system and each user.</li></ul> |
+| name | <ul><li>Yes, when **&lt;detection&gt;** is declared under **&lt;namedElements&gt;**</li><li>Optional, when declared under **&lt;role&gt;**</li></ul> | If declared, the content of the  **&lt;detection&gt;** element is ignored and the content of the  **&lt;detection&gt;** element with the same name that is declared in the **&lt;namedElements&gt;** element will be evaluated. |
+| context | No, default = UserAndSystem | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both. <ul><li>**User**: Evaluates the component for each user.</li><li>**System**: Evaluates the component only once for the system.</li><li>**UserAndSystem**: Evaluates the component for the entire operating system and each user.</li></ul> |
 
 For example:
 
@@ -857,16 +841,15 @@ and
    </detection>
 ```
 
-## <a href="" id="displayname"></a>&lt;displayName&gt;
+## &lt;displayName&gt;
 
+The **&lt;displayName&gt;** element is a required field within each **&lt;component&gt;** element.
 
-The &lt;displayName&gt; element is a required field within each &lt;component&gt; element.
+- **Number of occurrences:** once for each component
 
--   **Number of occurrences:** once for each component
+- **Parent elements:** [&lt;component&gt;](#component)
 
--   **Parent elements:**[&lt;component&gt;](#component)
-
--   **Child elements:** none
+- **Child elements:** none
 
 Syntax:
 
@@ -885,17 +868,17 @@ For example:
 <displayName>Command Prompt settings</displayName>
 ```
 
-## <a href="" id="bkmk-environment"></a>&lt;environment&gt;
+## &lt;environment&gt;
 
-The &lt;environment&gt; element is a container for &lt;variable&gt; elements in which you can define variables to use in your .xml file. All environment variables defined this way will be private. That is, they will be available only for their child components and the component in which they were defined. For two example scenarios, see [Examples](#envex).
+The **&lt;environment&gt;** element is a container for **&lt;variable&gt;** elements in which you can define variables to use in your .xml file. All environment variables defined this way will be private. That is, they will be available only for their child components and the component in which they were defined. For two example scenarios, see [Examples](#examples).
 
--   **Number of occurrences:** unlimited
+- **Number of occurrences:** unlimited
 
--   **Parent elements:**[&lt;role&gt;](#role), [&lt;component&gt;](#component), [&lt;namedElements&gt;](#namedelements)
+- **Parent elements:** [&lt;role&gt;](#role), [&lt;component&gt;](#component), [&lt;namedElements&gt;](#namedelements)
 
--   **Required child elements:**[&lt;variable&gt;](#variable)
+- **Required child elements:** [&lt;variable&gt;](#variable)
 
--   **Optional child elements:**[conditions](#conditions)
+- **Optional child elements:** [&lt;conditions&gt;](#conditions)
 
 Syntax:
 
@@ -906,14 +889,14 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| name | Yes, when &lt;environment&gt; is a child of &lt;namedElements&gt; <br/>No, when &lt;environment&gt; is a child of &lt;role&gt; or &lt;component&gt; | When declared as a child of the &lt;role&gt; or &lt;component&gt; elements, if *ID* is declared, USMT ignores the content of the &lt;environment&gt; element and the content of the &lt;environment&gt; element with the same name declared in the &lt;namedElements&gt; element is processed. |
-| context | No <br/>(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the &lt;component&gt; element. For example, if a &lt;component&gt; element has a context of User and a &lt;rules&gt; element had a context of UserAndSystem, then the &lt;rules&gt; element would act as though it had a context of User. If the &lt;rules&gt; element had a context of System, it would act as though &lt;rules&gt; were not there. <ul><li>**User.** Evaluates the variables for each user.</li><li>**System.** Evaluates the variables only once for the system.</li><li>**UserAndSystem.** Evaluates the variables for the entire operating system and each user.</li></ul> |
+| name | Yes, when **&lt;environment&gt;** is a child of **&lt;namedElements&gt;** <br/>No, when **&lt;environment&gt;** is a child of **&lt;role&gt;** or **&lt;component&gt;** | When declared as a child of the **&lt;role&gt;** or **&lt;component&gt;** elements, if *ID* is declared, USMT ignores the content of the **&lt;environment&gt;** element and the content of the **&lt;environment&gt;** element with the same name declared in the **&lt;namedElements&gt;** element is processed. |
+| context | No <br/>(default = UserAndSystem) | Defines the scope of this parameter: whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the **&lt;component&gt;** element. For example, if a **&lt;component&gt;** element has a context of **User** and a **&lt;rules&gt;** element had a context of **UserAndSystem**, then the **&lt;rules&gt;** element would act as though it had a context of **User**. If the **&lt;rules&gt;** element had a context of **System**, it would act as though **&lt;rules&gt;** were not there. <ul><li>**User**: Evaluates the variables for each user.</li><li>**System**: Evaluates the variables only once for the system.</li><li>**UserAndSystem**: Evaluates the variables for the entire operating system and each user.</li></ul> |
 
-## <a href="" id="envex"></a>
+## Examples
 
 ### Example scenario 1
 
-In this scenario, you want to generate the location of objects at run time depending on the configuration of the destination computer. For example, you must do this if an application writes data in the directory where it is installed, and users can install the application anywhere on the computer. If the application writes a registry value hklm\\software\\companyname\\install \[path\] and then updates this value with the location where the application is installed, then the only way for you to migrate the required data correctly is to define an environment variable. For example:
+In this scenario, you want to generate the location of objects at run time depending on the configuration of the destination computer. For example, you must do this if an application writes data in the directory where it is installed, and users can install the application anywhere on the computer. If the application writes a registry value `hklm\software\companyname\install [path\]` and then updates this value with the location where the application is installed, then the only way for you to migrate the required data correctly is to define an environment variable. For example:
 
 ```xml
 <environment>
@@ -923,7 +906,7 @@ In this scenario, you want to generate the location of objects at run time depen
 </environment>
 ```
 
-Then you can use an include rule as follows. You can use any of the [&lt;script&gt; functions](#scriptfunctions) to perform similar tasks.
+Then you can use an include rule as follows. You can use any of the [&lt;script&gt; functions](#script-functions) to perform similar tasks.
 
 ```xml
 <include>
@@ -933,7 +916,7 @@ Then you can use an include rule as follows. You can use any of the [&lt;script&
 </include>
 ```
 
-Second, you can also filter registry values that contain data that you need. The following example extracts the first string (before the separator ",") in the value of the registry Hklm\\software\\companyname\\application\\ \[Path\].
+Second, you can also filter registry values that contain data that you need. The following example extracts the first string (before the separator "`,`") in the value of the registry `Hklm\software\companyname\application\ [Path\]`.
 
 ```xml
 <environment>
@@ -949,9 +932,9 @@ Second, you can also filter registry values that contain data that you need. The
 </environment>
 ```
 
-### Example scenario 2:
+### Example scenario 2
 
-In this scenario, you want to migrate five files named File1.txt, File2.txt, and so on, from %SYSTEMDRIVE%\\data\\userdata\\dir1\\dir2\\. To do this you must have the following &lt;include&gt; rule in an .xml file:
+In this scenario, you want to migrate five files named `File1.txt`, `File2.txt`, and so on, from `%SYSTEMDRIVE%\data\userdata\dir1\dir2\`. To do this you must have the following **&lt;include&gt;** rule in an .xml file:
 
 ```xml
 <include>
@@ -975,7 +958,7 @@ Instead of typing the path five times, you can create a variable for the locatio
 </environment>
 ```
 
-Then, you can specify the variable in an &lt;include&gt; rule as follows:
+Then, you can specify the variable in an **&lt;include&gt;** rule as follows:
 
 ```xml
 <include>
@@ -989,18 +972,17 @@ Then, you can specify the variable in an &lt;include&gt; rule as follows:
 </include>
 ```
 
-## <a href="" id="exclude"></a>&lt;exclude&gt;
+## &lt;exclude&gt;
 
+The **&lt;exclude&gt;** element determines what objects will not be migrated, unless there is a more specific **&lt;include&gt;** element that migrates an object. If there is an **&lt;include&gt;** and **&lt;exclude&gt;** element for the same object, the object will be included. For each **&lt;exclude&gt;** element there can be multiple child **&lt;objectSet&gt;** elements.
 
-The &lt;exclude&gt; element determines what objects will not be migrated, unless there is a more specific &lt;include&gt; element that migrates an object. If there is an &lt;include&gt; and &lt;exclude&gt; element for the same object, the object will be included. For each &lt;exclude&gt; element there can be multiple child &lt;objectSet&gt; elements.
+- **Number of occurrences:** Unlimited
 
--   **Number of occurrences:** Unlimited
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
+- **Child elements:** [&lt;objectSet&gt;](#objectset)
 
--   **Child elements:**[&lt;objectSet&gt;](#objectset)
-
--   **Helper functions:** You can use the following [&lt;exclude&gt; filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, NeverRestore, and SameRegContent.
+- **Helper functions:** You can use the following [&lt;exclude&gt; filter functions](#include-and-exclude-filter-functions) with this element: `CompareStringContent`, `IgnoreIrrelevantLinks`, `AnswerNo`, `NeverRestore`, and `SameRegContent`.
 
 Syntax:
 
@@ -1011,10 +993,9 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-|filter|No <br/>(default = No)|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/><br/>The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.|
+|filter|No <br/>(default = No)|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/><br/>The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.|
 
-
-For example, from the MigUser.xml file:
+For example, from the `MigUser.xml` file:
 
 ```xml
 <exclude>
@@ -1026,16 +1007,15 @@ For example, from the MigUser.xml file:
 </exclude>
 ```
 
-## <a href="" id="excludeattributes"></a>&lt;excludeAttributes&gt;
+## &lt;excludeAttributes&gt;
 
+You can use the **&lt;excludeAttributes&gt;** element to determine which parameters associated with an object will not be migrated. If there are conflicts between the **&lt;includeAttributes&gt;** and **&lt;excludeAttributes&gt;** elements, the most specific pattern determines the patterns that will not be migrated. If an object does not have an **&lt;includeAttributes&gt;** or **&lt;excludeAttributes&gt;** element, then all of its parameters will be migrated.
 
-You can use the &lt;excludeAttributes&gt; element to determine which parameters associated with an object will not be migrated. If there are conflicts between the &lt;includeAttributes&gt; and &lt;excludeAttributes&gt; elements, the most specific pattern determines the patterns that will not be migrated. If an object does not have an &lt;includeAttributes&gt; or &lt;excludeAttributes&gt; element, then all of its parameters will be migrated.
+- **Number of occurrences:** Unlimited
 
--   **Number of occurrences:** Unlimited
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
-
--   **Child elements:**[&lt;objectSet&gt;](#objectset)
+- **Child elements:** [&lt;objectSet&gt;](#objectset)
 
 Syntax:
 
@@ -1075,7 +1055,7 @@ Example:
                      <pattern type="File">%SYSTEMDRIVE%\ [aa.txt]</pattern>
                   </objectSet>
                </includeAttributes>
-<!-- Logoff the user after loadstate successfully completed. -->
+<!-- Logoff the user after LoadState successfully completed. -->
                <externalProcess when="post-apply">
                   <commandLine>
                      logoff
@@ -1099,16 +1079,15 @@ Example:
 </migration>
 ```
 
-## <a href="" id="extensions"></a>&lt;extensions&gt;
-
+## &lt;extensions&gt;
 
 The &lt;extensions&gt; element is a container for one or more &lt;extension&gt; elements.
 
--   **Number of occurrences:** zero or one
+- **Number of occurrences:** zero or one
 
--   **Parent elements:**[&lt;component&gt;](#component)
+- **Parent elements:** [&lt;component&gt;](#component)
 
--   **Required child elements:**[&lt;extension&gt;](#extension)
+- **Required child elements:** [&lt;extension&gt;](#extension)
 
 Syntax:
 
@@ -1117,16 +1096,15 @@ Syntax:
 </extensions>
 ```
 
-## <a href="" id="extension"></a>&lt;extension&gt;
-
+## &lt;extension&gt;
 
 You can use the &lt;extension&gt; element to specify documents of a specific extension.
 
--   **Number of occurrences:** unlimited
+- **Number of occurrences:** unlimited
 
--   **Parent elements:**[&lt;extensions&gt;](#extensions)
+- **Parent elements:** [&lt;extensions&gt;](#extensions)
 
--   **Child elements:** none
+- **Child elements:** none
 
 Syntax:
 
@@ -1138,7 +1116,7 @@ Syntax:
 |--- |--- |--- |
 |*FilenameExtension*|Yes|A file name extension.|
 
-For example, if you want to migrate all \*.doc files from the source computer, specifying the following code under the &lt;component&gt; element:
+For example, if you want to migrate all \*.doc files from the source computer, specifying the following code under the **&lt;component&gt;** element:
 
 ```xml
 <extensions> 
@@ -1146,7 +1124,7 @@ For example, if you want to migrate all \*.doc files from the source computer, s
 <extensions> 
 ```
 
-is the same as specifying the following code below the &lt;rules&gt; element:
+is the same as specifying the following code below the **&lt;rules&gt;** element:
 
 ```xml
 <include> 
@@ -1158,16 +1136,15 @@ is the same as specifying the following code below the &lt;rules&gt; element:
 
 For another example of how to use the &lt;extension&gt; element, see the example for [&lt;excludeAttributes&gt;](#excludeattributes).
 
-## <a href="" id="externalprocess"></a>&lt;externalProcess&gt;
+## &lt;externalProcess&gt;
 
+You can use the &lt;externalProcess&gt; element to run a command line during the migration process. For example, you may want to run a command after the **LoadState** process completes.
 
-You can use the &lt;externalProcess&gt; element to run a command line during the migration process. For example, you may want to run a command after the LoadState process completes.
+- **Number of occurrences:** Unlimited
 
--   **Number of occurrences:** Unlimited
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
-
--   **Required child elements:**[&lt;commandLine&gt;](#commandline)
+- **Required child elements:** [&lt;commandLine&gt;](#commandline)
 
 Syntax:
 
@@ -1182,21 +1159,21 @@ Syntax:
 
 For an example of how to use the &lt;externalProcess&gt; element, see the example for [&lt;excludeAttributes&gt;](#excludeattributes).
 
-## <a href="" id="icon"></a>&lt;icon&gt;
+## &lt;icon&gt;
 
 This is an internal USMT element. Do not use this element.
 
-## <a href="" id="include"></a>&lt;include&gt;
+## &lt;include&gt;
 
-The &lt;include&gt; element determines what to migrate, unless there is a more specific [&lt;exclude&gt;](#exclude) rule. You can specify a script to be more specific to extend the definition of what you want to collect. For each &lt;include&gt; element there can be multiple &lt;objectSet&gt; elements.
+The **&lt;include&gt;** element determines what to migrate, unless there is a more specific [&lt;exclude&gt;](#exclude) rule. You can specify a script to be more specific to extend the definition of what you want to collect. For each **&lt;include&gt;** element there can be multiple **&lt;objectSet&gt;** elements.
 
--   **Number of occurrences:** Unlimited
+- **Number of occurrences:** Unlimited
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Required child element:**[&lt;objectSet&gt;](#objectset)
+- **Required child element:** [&lt;objectSet&gt;](#objectset)
 
--   **Helper functions:** You can use the following [&lt;include&gt; filter functions](#persistfilterfunctions) with this element: CompareStringContent, IgnoreIrrelevantLinks, AnswerNo, and NeverRestore.
+- **Helper functions:** You can use the following [&lt;include&gt; filter functions](#include-and-exclude-filter-functions) with this element: `CompareStringContent`, `IgnoreIrrelevantLinks`, `AnswerNo`, and `NeverRestore`.
 
 Syntax:
 
@@ -1207,7 +1184,7 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| filter | No. <br/>If this parameter is not specified, then all patterns that are inside the child &lt;ObjectSet&gt; element will be processed. | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript (&quot;Arg1&quot;,&quot;Arg2&quot;)`. <br/>The script will be called for each object that is enumerated by the object sets in the &lt;include&gt; rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated. |
+| filter | No. <br/>If this parameter is not specified, then all patterns that are inside the child **&lt;objectSet&gt;** element will be processed. | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript (&quot;Arg1&quot;,&quot;Arg2&quot;)`. <br/>The script will be called for each object that is enumerated by the object sets in the **&lt;include&gt;** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated. |
 
 The following example is from the MigUser.xml file:
 
@@ -1239,28 +1216,28 @@ The following example is from the MigUser.xml file:
     </component>
 ```
 
-### <a href="" id="persistfilterfunctions"></a>&lt;include&gt; and &lt;exclude&gt; filter functions
+### &lt;include&gt; and **&lt;exclude&gt;** filter functions
 
 The following functions return a Boolean value. You can use them to migrate certain objects based on when certain conditions are met.
 
--   **AnswerNo**
+- **AnswerNo**
 
-    This filter always returns FALSE.
+    This filter always returns **FALSE**.
 
     Syntax: `AnswerNo ()`
 
--   **CompareStringContent**
+- **CompareStringContent**
 
     Syntax: `CompareStringContent("StringContent","CompareType")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
     | *StringContent* | Yes | The string to check against. |
-    | *CompareType* | Yes | A string. Use one of the following values: <ul><li>**Equal** (case insensitive). The function returns TRUE if the string representation of the current object that is processed by the migration engine is identical to `StringContent`.</li><li>**NULL** **or any other value**. The function returns TRUE if the string representation of the current object that is processed by the migration engine does not match `StringContent`.</li></ul> |
+    | *CompareType* | Yes | A string. Use one of the following values: <ul><li>**Equal** (case insensitive). The function returns **TRUE** if the string representation of the current object that is processed by the migration engine is identical to `StringContent`.</li><li>**NULL** **or any other value**. The function returns **TRUE** if the string representation of the current object that is processed by the migration engine does not match `StringContent`.</li></ul> |
 
--   **IgnoreIrrelevantLinks**
+- **IgnoreIrrelevantLinks**
 
-    This filter screens out the .lnk files that point to an object that is not valid on the destination computer. Note that the screening takes place on the destination computer, so all .lnk files will be saved to the store during ScanState. Then they will be screened out when you run the LoadState tool.
+    This filter screens out the .lnk files that point to an object that is not valid on the destination computer. Note that the screening takes place on the destination computer, so all .lnk files will be saved to the store during **ScanState**. Then they will be screened out when you run the **LoadState** tool.
 
     Syntax: `IgnoreIrrelevantLinks ()`
 
@@ -1274,9 +1251,9 @@ The following functions return a Boolean value. You can use them to migrate cert
     </include>
     ```
 
--   **NeverRestore**
+- **NeverRestore**
 
-    You can use this function to collect the specified objects from the source computer but then not migrate the objects to the destination computer. When run with the ScanState tool, this function evaluates to TRUE. When run with the LoadState tool, this function evaluates to FALSE. You may want to use this function when you want to check an object's value on the destination computer but do not intend to migrate the object to the destination.
+    You can use this function to collect the specified objects from the source computer but then not migrate the objects to the destination computer. When run with the **ScanState** tool, this function evaluates to **TRUE**. When run with the **LoadState** tool, this function evaluates to **FALSE**. You may want to use this function when you want to check an object's value on the destination computer but do not intend to migrate the object to the destination.
 
     Syntax: `NeverRestore()`
 
@@ -1290,16 +1267,15 @@ The following functions return a Boolean value. You can use them to migrate cert
     </include>
     ```
 
-## <a href="" id="includeattributes"></a>&lt;includeAttributes&gt;
+## &lt;includeAttributes&gt;
 
+You can use the **&lt;includeAttributes&gt;** element to determine whether certain parameters associated with an object will be migrated along with the object itself. If there are conflicts between the **&lt;includeAttributes&gt;** and **&lt;excludeAttributes&gt;** elements, the most specific pattern will determine which parameters will be migrated. If an object does not have an **&lt;includeAttributes&gt;** or **&lt;excludeAttributes&gt;** element, then all of its parameters will be migrated.
 
-You can use the &lt;includeAttributes&gt; element to determine whether certain parameters associated with an object will be migrated along with the object itself. If there are conflicts between the &lt;includeAttributes&gt; and &lt;excludeAttributes&gt; elements, the most specific pattern will determine which parameters will be migrated. If an object does not have an &lt;includeAttributes&gt; or &lt;excludeAttributes&gt; element, then all of its parameters will be migrated.
+- **Number of occurrences:** unlimited
 
--   **Number of occurrences:** unlimited
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
-
--   **Child elements:**[&lt;objectSet&gt;](#objectset)
+- **Child elements:** [&lt;objectSet&gt;](#objectset)
 
 Syntax:
 
@@ -1310,23 +1286,23 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| attributes | Yes | Specifies the attributes to be included with a migrated object. You can specify one of the following, or both separated by quotes; for example, `"Security","TimeFields"`: <ul><li>Security can be one of the following values: <ul><li>**Owner.** The owner of the object (SID).</li><li>**Group.** The primary group for the object (SID).</li><li>**DACL** (discretionary access control list). An access control list that is controlled by the owner of an object and that specifies the access particular users or groups can have to the object.</li><li>**SACL** (system access control list). An ACL that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object&#39;s SACL is controlled by a privilege typically held only by system administrators.</li></ul></li><li>TimeFields can be one of the following: <ul><li>**CreationTime.** Specifies when the file or directory was created.</li><li>**LastAccessTime.** Specifies when the file is last read from, written to, or, in the case of executable files, run.</li><li>**LastWrittenTime.** Specifies when the file is last written to, truncated, or overwritten.</li></ul></li></ul> |
+| attributes | Yes | Specifies the attributes to be included with a migrated object. You can specify one of the following, or both separated by quotes; for example, `"Security","TimeFields"`: <ul><li>Security can be one of the following values: <ul><li>**Owner**: The owner of the object (SID).</li><li>**Group**: The primary group for the object (SID).</li><li>**DACL** (discretionary access control list): An access control list that is controlled by the owner of an object and that specifies the access particular users or groups can have to the object.</li><li>**SACL** (system access control list): An ACL that controls the generation of audit messages for attempts to access a securable object. The ability to get or set an object&#39;s SACL is controlled by a privilege typically held only by system administrators.</li></ul></li><li>TimeFields can be one of the following: <ul><li>**CreationTime**: Specifies when the file or directory was created.</li><li>**LastAccessTime**: Specifies when the file is last read from, written to, or, in the case of executable files, run.</li><li>**LastWrittenTime**: Specifies when the file is last written to, truncated, or overwritten.</li></ul></li></ul> |
 
-For an example of how to use the &lt;includeAttributes&gt; element, see the example for [&lt;excludeAttributes&gt;](#excludeattributes).
+For an example of how to use the **&lt;includeAttributes&gt;** element, see the example for [&lt;excludeAttributes&gt;](#excludeattributes).
 
-## <a href="" id="library"></a>&lt;library&gt;
+## &lt;library&gt;
 
 This is an internal USMT element. Do not use this element.
 
-## <a href="" id="location"></a>&lt;location&gt;
+## &lt;location&gt;
 
-The &lt;location&gt; element defines the location of the &lt;object&gt; element.
+The **&lt;location&gt;** element defines the location of the **&lt;object&gt;** element.
 
--   **Number of occurrences:** once for each &lt;object&gt;
+- **Number of occurrences:** once for each **&lt;object&gt;**
 
--   **Parent elements:**[&lt;object&gt;](#object)
+- **Parent elements:** [&lt;object&gt;](#object)
 
--   **Child elements:**[&lt;script&gt;](#script)
+- **Child elements:** [&lt;script&gt;](#script)
 
 Syntax:
 
@@ -1339,7 +1315,7 @@ Syntax:
 |type|Yes|*typeID* can be Registry or File.|
 |*ObjectLocation*|Yes|The location of the object.|
 
-The following example is from the MigApp.xml file:
+The following example is from the `MigApp.xml` file:
 
 ```xml
 <addObjects>
@@ -1356,17 +1332,17 @@ The following example is from the MigApp.xml file:
 </addObjects>
 ```
 
-## <a href="" id="locationmodify"></a>&lt;locationModify&gt;
+## &lt;locationModify&gt;
 
-You can use the &lt;locationModify&gt; element to change the location and name of an object before it is migrated to the destination computer. The &lt;locationModify&gt; element is processed only when the LoadState tool is run on the destination computer. In other words, this element is ignored by the ScanState tool. The &lt;locationModify&gt; element will create the appropriate folder on the destination computer if it does not already exist.
+You can use the **&lt;locationModify&gt;** element to change the location and name of an object before it is migrated to the destination computer. The **&lt;locationModify&gt;** element is processed only when the **LoadState** tool is run on the destination computer. In other words, this element is ignored by the **ScanState** tool. The **&lt;locationModify&gt;** element will create the appropriate folder on the destination computer if it does not already exist.
 
 **Number of occurrences:** Unlimited
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Required child element:**[&lt;objectSet&gt;](#objectset)
+- **Required child element:** [&lt;objectSet&gt;](#objectset)
 
--   **Helper functions:** You can use the following [&lt;locationModify&gt; functions](#locationmodifyfunctions) with this element: ExactMove, RelativeMove, and Move.
+- **Helper functions:** You can use the following [&lt;locationModify&gt; functions](#locationmodify-functions) with this element: `ExactMove`, `RelativeMove`, and `Move`.
 
 Syntax:
 
@@ -1377,9 +1353,9 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/><br/>The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.|
+|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/><br/>The script will be called for each object that is enumerated by the object sets in the include rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.|
 
-The following example is from the MigApp.xml file:
+The following example is from the `MigApp.xml` file:
 
 ```xml
 <locationModify script="MigXmlHelper.RelativeMove('%CSIDL_APPDATA%\Microsoft\Office','%CSIDL_APPDATA%')">
@@ -1389,19 +1365,19 @@ The following example is from the MigApp.xml file:
 </locationModify>
 ```
 
-### <a href="" id="locationmodifyfunctions"></a>&lt;locationModify&gt; functions
+### &lt;locationModify&gt; functions
 
-The following functions change the location of objects as they are migrated when using the &lt;locationModify&gt; element. These functions are called for every object that the parent &lt;ObjectSet&gt; element is enumerating. The &lt;locationModify&gt; element will create the appropriate folder on the destination computer if it does not already exist.
+The following functions change the location of objects as they are migrated when using the **&lt;locationModify&gt;** element. These functions are called for every object that the parent **&lt;objectSet&gt;** element is enumerating. The **&lt;locationModify&gt;** element will create the appropriate folder on the destination computer if it does not already exist.
 
 - **ExactMove**
 
-  The ExactMove function moves all of the objects that are matched by the parent &lt;ObjectSet&gt; element into the given *ObjectEncodedLocation*. You can use this function when you want to move a single file to a different location on the destination computer. If the destination location is a node, all of the matching source objects will be written to the node without any subdirectories. If the destination location is a leaf, the migration engine will migrate all of the matching source objects to the same location. If a collision occurs, the normal collision algorithms will apply.
+  The ExactMove function moves all of the objects that are matched by the parent **&lt;objectSet&gt;** element into the given *ObjectEncodedLocation*. You can use this function when you want to move a single file to a different location on the destination computer. If the destination location is a node, all of the matching source objects will be written to the node without any subdirectories. If the destination location is a leaf, the migration engine will migrate all of the matching source objects to the same location. If a collision occurs, the normal collision algorithms will apply.
 
   Syntax: `ExactMove(ObjectEncodedLocation)`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*ObjectEncodedLocation*|Yes|The destination [location](#locations) for all of the source objects.|
+    |*ObjectEncodedLocation*|Yes|The destination [location](#specifying-locations) for all of the source objects.|
 
   For example:
 
@@ -1413,7 +1389,7 @@ The following functions change the location of objects as they are migrated when
   </locationModify>
   ```
 
--   **Move**
+- **Move**
 
     The Move function moves objects to a different location on the destination computer. In addition, this function creates subdirectories that were above the longest CSIDL in the source object name.
 
@@ -1423,7 +1399,7 @@ The following functions change the location of objects as they are migrated when
     |--- |--- |--- |
     |*DestinationRoot*|Yes|The location where the source objects will be moved. If needed, this function will create any subdirectories that were above the longest CSIDL in the source object name.|
 
--   **RelativeMove**
+- **RelativeMove**
 
     You can use the RelativeMove function to collect and move data. Note that you can use environment variables in source and destination roots, but they may be defined differently on the source and destination computers.
 
@@ -1431,7 +1407,7 @@ The following functions change the location of objects as they are migrated when
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*SourceRoot*|Yes|The location from where the objects will be moved. Any source objects that are enumerated by the parent &lt;ObjectSet&gt; element that are not in this location will not be moved.|
+    |*SourceRoot*|Yes|The location from where the objects will be moved. Any source objects that are enumerated by the parent **&lt;objectSet&gt;** element that are not in this location will not be moved.|
     |*DestinationRoot*|Yes|The location where the source objects will be moved to on the destination computer. If needed, this function will create any subdirectories that were above *SourceRoot*.|
 
 For example:
@@ -1449,21 +1425,19 @@ For example:
 </locationModify>
 ```
 
-## <a href="" id="locdefinition"></a>&lt;\_locDefinition&gt;
-
+## &lt;\_locDefinition&gt;
 
 This is an internal USMT element. Do not use this element.
 
-## <a href="" id="manufacturer"></a>&lt;manufacturer&gt;
+## &lt;manufacturer&gt;
 
+The **&lt;manufacturer&gt;** element defines the manufacturer for the component, but does not affect the migration.
 
-The &lt;manufacturer&gt; element defines the manufacturer for the component, but does not affect the migration.
+- **Number of occurrences:** zero or one
 
--   **Number of occurrences:** zero or one
+- **Parent elements:** [&lt;component&gt;](#component)
 
--   **Parent elements:**[&lt;component&gt;](#component)
-
--   **Child elements:** none
+- **Child elements:** none
 
 Syntax:
 
@@ -1475,19 +1449,19 @@ Syntax:
 |--- |--- |--- |
 |*Name*|Yes|The name of the manufacturer for the component.|
 
-## <a href="" id="merge"></a>&lt;merge&gt;
+## &lt;merge&gt;
 
-The &lt;merge&gt; element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to "OriginalFileName(1).OriginalExtension". This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify &lt;include&gt; rules along with the &lt;merge&gt; element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a &lt;merge&gt; rule C:\\\* \[\*\] set to &lt;sourcePriority&gt; and a &lt;merge&gt; rule C:\\subfolder\\\* \[\*\] set to &lt;destinationPriority&gt;, then USMT would use the &lt;destinationPriority&gt; rule because it is the more specific.
+The **&lt;merge&gt;** element determines what will happen when a collision occurs. A collision is when an object that is migrated is already present on the destination computer. If you do not specify this element, the default behavior for the registry is for the source object to overwrite the destination object. The default behavior for files is for the source file to be renamed to `OriginalFileName(1).OriginalExtension`. This element specifies only what should be done when a collision occurs. It does not include objects. Therefore, for your objects to migrate, you must specify **&lt;include&gt;** rules along with the **&lt;merge&gt;** element. When an object is processed and a collision is detected, USMT will select the most specific merge rule and apply it to resolve the conflict. For example, if you have a **&lt;merge&gt;** rule `C:\* [*]` set to **&lt;sourcePriority&gt;** and a **&lt;merge&gt;** rule `C:\subfolder\* [*]` set to **&lt;destinationPriority&gt;**, then USMT would use the **&lt;destinationPriority&gt;** rule because it is the more specific.
 
-For an example of this element, see [Conflicts and Precedence](usmt-conflicts-and-precedence.md).
+For an example of this element, see [Conflicts and precedence](usmt-conflicts-and-precedence.md).
 
--   **Number of occurrences:** Unlimited
+- **Number of occurrences:** Unlimited
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Required child element:**[&lt;objectSet&gt;](#objectset)
+- **Required child element:** [&lt;objectSet&gt;](#objectset)
 
--   **Helper functions:** You can use the following [&lt;merge&gt; functions](#mergefunctions) with this element: SourcePriority, DestinationPriority, FindFilePlaceByPattern, LeafPattern, NewestVersion, HigherValue(), and LowerValue().
+- **Helper functions:** You can use the following [&lt;merge&gt; functions](#merge-functions) with this element: `SourcePriority`, `DestinationPriority`, `FindFilePlaceByPattern`, `LeafPattern`, `NewestVersion`, `HigherValue()`, and `LowerValue()`.
 
 Syntax:
 
@@ -1498,7 +1472,7 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/><br/>The script will be called for each object that is enumerated by the object sets in the &lt;include&gt; rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated.|
+|script|Yes|A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript ("Arg1","Arg2")`. <br/><br/>The script will be called for each object that is enumerated by the object sets in the **&lt;include&gt;** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated.|
 
 The following example is from the MigUser.xml file:
 
@@ -1517,11 +1491,11 @@ The following example is from the MigUser.xml file:
 </rules>
 ```
 
-### <a href="" id="mergefunctions"></a>&lt;merge&gt; functions
+### &lt;merge&gt; functions
 
 These functions control how collisions are resolved.
 
--   **DestinationPriority**
+- **DestinationPriority**
 
     Specifies to keep the object that is on the destination computer and not migrate the object from the source computer.
 
@@ -1537,17 +1511,17 @@ These functions control how collisions are resolved.
     </merge>
     ```
 
--   **FindFilePlaceByPattern**
+- **FindFilePlaceByPattern**
 
-    The FindFilePlaceByPattern function saves files with an incrementing counter when a collision occurs. It is a string that contains one of each constructs: &lt;F&gt;, &lt;E&gt;, &lt;N&gt; in any order.
+    The FindFilePlaceByPattern function saves files with an incrementing counter when a collision occurs. It is a string that contains one of each constructs: **&lt;F&gt;**, **&lt;E&gt;**, **&lt;N&gt;** in any order.
 
     Syntax: `FindFilePlaceByPattern(FilePattern)`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    | *FilePattern* | Yes | <ul><li>**&lt;F&gt;** will be replaced by the original file name.</li><li>**&lt;N&gt;** will be replaced by an incrementing counter until there is no collision with the objects on the destination computer.</li><li>**&lt;E&gt;** will be replaced by the original file name extension.</li></ul> <br/>For example, `<F> (<N>).<E>` will change the source file MyDocument.doc into MyDocument (1).doc on the destination computer. |
+    | *FilePattern* | Yes | <ul><li>**&lt;F&gt;** will be replaced by the original file name.</li><li>**&lt;N&gt;** will be replaced by an incrementing counter until there is no collision with the objects on the destination computer.</li><li>**&lt;E&gt;** will be replaced by the original file name extension.</li></ul> <br/>For example, `<F> (<N>).<E>` will change the source file `MyDocument.doc` into `MyDocument (1).doc` on the destination computer. |
 
--   **NewestVersion**
+- **NewestVersion**
 
     The NewestVersion function will resolve conflicts on the destination computer based on the version of the file.
 
@@ -1555,17 +1529,17 @@ These functions control how collisions are resolved.
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    |*VersionTag*|Yes|The version field that will be checked. This can be "FileVersion" or "ProductVersion". The file with the highest *VersionTag* version determines which conflicts will be resolved based on the file's version. For example, if Myfile.txt contains FileVersion 1 and the same file on the destination computer contains FileVersion 2, the file on destination will remain.|
+    |*VersionTag*|Yes|The version field that will be checked. This can be `FileVersion` or `ProductVersion`. The file with the highest *VersionTag* version determines which conflicts will be resolved based on the file's version. For example, if `Myfile.txt` contains FileVersion 1 and the same file on the destination computer contains FileVersion 2, the file on destination will remain.|
 
--   **HigherValue()**
+- **HigherValue()**
 
     You can use this function for merging registry values. The registry values will be evaluated as numeric values, and the one with the higher value will determine which registry values will be merged.
 
--   **LowerValue()**
+- **LowerValue()**
 
     You can use this function for merging registry values. The registry values will be evaluated as numeric values and the one with the lower value will determine which registry values will be merged.
 
--   **SourcePriority**
+- **SourcePriority**
 
     Specifies to migrate the object from the source computer, and to delete the object that is on the destination computer.
 
@@ -1581,17 +1555,17 @@ These functions control how collisions are resolved.
     </merge>
     ```
 
-## <a href="" id="migration"></a>&lt;migration&gt;
+## &lt;migration&gt;
 
-The &lt;migration&gt; element is the single root element of a migration .xml file and is required. Each .xml file must have a unique migration urlid. The urlid of each file that you specify on the command line must be unique. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following at the beginning of each file: &lt;CustomFileName&gt; is the name of the file; for example, "CustomApp".
+The **&lt;migration&gt;** element is the single root element of a migration .xml file and is required. Each .xml file must have a unique migration urlid. The urlid of each file that you specify on the command line must be unique. This is because USMT uses the urlid to define the components within the file. For example, you must specify the following at the beginning of each file: &lt;CustomFileName&gt; is the name of the file; for example, "CustomApp".
 
--   **Number of occurrences:** one
+- **Number of occurrences:** one
 
--   **Parent elements:** none
+- **Parent elements:** none
 
--   **Required child elements:**[&lt;component&gt;](#component)
+- **Required child elements:** [&lt;component&gt;](#component)
 
--   **Optional child elements:**[&lt;library&gt;](#library), [&lt;namedElements&gt;](#namedelements)
+- **Optional child elements:** [&lt;library&gt;](#library), [&lt;namedElements&gt;](#namedelements)
 
 Syntax:
 
@@ -1605,7 +1579,7 @@ Syntax:
 |urlid|Yes|*UrlID* is a string identifier that uniquely identifies this .xml file. This parameter must be a no-colon-name as defined by the XML Namespaces specification. Each migration .xml file must have a unique urlid. If two migration .xml files have the same urlid, the second .xml file that is specified on the command line will not be processed. For more information about XML Namespaces, see [Use XML Namespaces](/previous-versions/windows/desktop/ms754539(v=vs.85)).|
 |Name|No|Although not required, it is good practice to use the name of the .xml file.|
 
-The following example is from the MigApp.xml file:
+The following example is from the `MigApp.xml` file:
 
 ```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/migapp">
@@ -1638,9 +1612,9 @@ This filter helper function can be used to filter the migration of files based o
 </component>
 ```
 
-## <a href="" id="namedelements"></a>&lt;namedElements&gt;
+## &lt;namedElements&gt;
 
-You can use the **&lt;namedElements&gt;** element to define named elements. You can use these elements in any component throughout your .xml file. For an example of how to use this element, see the MigApp.xml file.
+You can use the **&lt;namedElements&gt;** element to define named elements. You can use these elements in any component throughout your .xml file. For an example of how to use this element, see the `MigApp.xml` file.
 
 Syntax:
 
@@ -1649,25 +1623,25 @@ Syntax:
 </namedElements>
 ```
 
--   **Number of occurrences:** Unlimited
+- **Number of occurrences:** Unlimited
 
--   **Parent elements:**[&lt;migration&gt;](#migration)
+- **Parent elements:** [&lt;migration&gt;](#migration)
 
--   **Child elements:**[&lt;environment&gt;](#bkmk-environment), [&lt;rules&gt;](#rules), [&lt;conditions&gt;](#conditions), [&lt;detection&gt;](#detection), &lt;detects&gt;, &lt;detect&gt;
+- **Child elements:** [&lt;environment&gt;](#environment), [&lt;rules&gt;](#rules), [&lt;conditions&gt;](#conditions), [&lt;detection&gt;](#detection), [&lt;detects&gt;](#detects), [&lt;detect&gt;](#detect)
 
-For an example of this element, see the MigApp.xml file.
+For an example of this element, see the `MigApp.xml` file.
 
-## <a href="" id="object"></a>&lt;object&gt;
+## &lt;object&gt;
 
-The &lt;object&gt; element represents a file or registry key.
+The **&lt;object&gt;** element represents a file or registry key.
 
--   **Number of occurrences:** Unlimited
+- **Number of occurrences:** Unlimited
 
--   **Parent elements:**[&lt;addObjects&gt;](#addobjects)
+- **Parent elements:** [&lt;addObjects&gt;](#addobjects)
 
--   **Required child elements:**[&lt;location&gt;](#location), [&lt;attributes&gt;](#attribute)
+- **Required child elements:** [&lt;location&gt;](#location), [&lt;attributes&gt;](#attributes)
 
--   **Optional child elements:**[&lt;bytes&gt;](#bytes)
+- **Optional child elements:** [&lt;bytes&gt;](#bytes)
 
 Syntax:
 
@@ -1676,7 +1650,7 @@ Syntax:
 </object>
 ```
 
-The following example is from the MigApp.xml file:
+The following example is from the `MigApp.xml` file:
 
 ```xml
 <addObjects>
@@ -1693,18 +1667,17 @@ The following example is from the MigApp.xml file:
 </addObjects>
 ```
 
-## <a href="" id="objectset"></a>&lt;objectSet&gt;
+## &lt;objectSet&gt;
 
+The **&lt;objectSet&gt;** element contains a list of object patterns ; for example, file paths, registry locations, and so on. Any child **&lt;conditions&gt;** elements will be evaluated first. If all child **&lt;conditions&gt;** elements return **FALSE**, the **&lt;objectSet&gt;** element will evaluate to an empty set. For each parent element, there can be only multiple **&lt;objectSet&gt;** elements.
 
-The &lt;objectSet&gt; element contains a list of object patterns ; for example, file paths, registry locations, and so on. Any child &lt;conditions&gt; elements will be evaluated first. If all child &lt;conditions&gt; elements return FALSE, the &lt;objectSet&gt; element will evaluate to an empty set. For each parent element, there can be only multiple &lt;objectSet&gt; elements.
+- **Number of occurrences:** Unlimited
 
--   **Number of occurrences:** Unlimited
+- **Parent elements:** [&lt;variable&gt;](#variable), [&lt;content&gt;](#content), [&lt;include&gt;](#include), [&lt;exclude&gt;](#exclude), [&lt;merge&gt;](#merge), [&lt;contentModify&gt;](#contentmodify), [&lt;locationModify&gt;](#locationmodify), [&lt;destinationCleanup&gt;](#destinationcleanup), [&lt;includeAttributes&gt;](#includeattributes), [&lt;excludeAttributes&gt;](#excludeattributes), [&lt;unconditionalExclude&gt;](#unconditionalexclude), [&lt;detect&gt;](#detect)
 
--   **Parent elements:**[&lt;variable&gt;](#variable), [&lt;content&gt;](#content), [&lt;include&gt;](#include), [&lt;exclude&gt;](#exclude), [&lt;merge&gt;](#merge), [&lt;contentModify&gt;](#contentmodify), [&lt;locationModify&gt;](#locationmodify), [&lt;destinationCleanup&gt;](#destinationcleanup), [&lt;includeAttributes&gt;](#includeattributes), [&lt;excludeAttributes&gt;](#excludeattributes), [&lt;unconditionalExclude&gt;](#unconditionalexclude), &lt;detect&gt;
+- **Required child elements:** either [&lt;script&gt;](#script) or [&lt;pattern&gt;](#pattern)
 
--   **Required child elements:** either [&lt;script&gt;](#script) or [&lt;pattern&gt;](#pattern)
-
--   **Optional child elements:**[&lt;content&gt;](#content), [conditions](#conditions), &lt;condition&gt;
+- **Optional child elements:** [&lt;content&gt;](#content), [&lt;conditions&gt;](#conditions), [&lt;condition&gt;](#condition)
 
 Syntax:
 
@@ -1743,31 +1716,28 @@ The following example is from the MigUser.xml file:
 </component>
 ```
 
-## <a href="" id="path"></a>&lt;path&gt;
-
+## &lt;path&gt;
 
 This is an internal USMT element. Do not use this element.
 
-## <a href="" id="paths"></a>&lt;paths&gt;
-
+## &lt;paths&gt;
 
 This is an internal USMT element. Do not use this element.
 
-## <a href="" id="pattern"></a>&lt;pattern&gt;
+## &lt;pattern&gt;
 
-
-You can use this element to specify multiple objects. You can specify multiple &lt;pattern&gt; elements for each &lt;objectSet&gt; element and they will be combined. If you are specifying files, you may want to use GenerateDrivePatterns with &lt;script&gt; instead. GenerateDrivePatterns is basically the same as a &lt;pattern&gt; rule, without the drive letter specification. For example, the following two lines of code are similar:
+You can use this element to specify multiple objects. You can specify multiple **&lt;pattern&gt;** elements for each **&lt;objectSet&gt;** element and they will be combined. If you are specifying files, you may want to use `GenerateDrivePatterns` with **&lt;script&gt;** instead. `GenerateDrivePatterns` is basically the same as a **&lt;pattern&gt;** rule, without the drive letter specification. For example, the following two lines of code are similar:
 
 ```xml
 <pattern type="File">C:\Folder\* [Sample.doc]</pattern>
 <script>MigXmlHelper.GenerateDrivePatterns("\Folder\* [Sample.doc]","Fixed"</script>
 ```
 
--   **Number of occurrences:** Unlimited
+- **Number of occurrences:** Unlimited
 
--   **Parent elements:**[&lt;objectSet&gt;](#objectset)
+- **Parent elements:** [&lt;objectSet&gt;](#objectset)
 
--   **Child elements:** none but *Path* \[*object*\] must be valid.
+- **Child elements:** none but *Path* \[*object*\] must be valid.
 
 Syntax:
 
@@ -1778,49 +1748,49 @@ Syntax:
 |Setting|Required?|Value|
 |--- |--- |--- |
 | type | Yes | *typeID* can be Registry, File, or Ini. If *typeId* is Ini, then you cannot have a space between *Path* and *object*. For example, the following is correct when type=&quot;Ini&quot;: <br/>**&lt;pattern type=&quot;Ini&quot;&gt;%WinAmp5InstPath%\Winamp.ini&#124;WinAmp[keeponscreen]&lt;/pattern&gt;** |
-| *Path* [*object*] | Yes | A valid registry or file path pattern, followed by at least one space, followed by brackets [] that contain the object to be migrated. <ul><li>*Path* can contain the asterisk (*) wildcard character or can be an [Recognized Environment Variables](usmt-recognized-environment-variables.md). You cannot use the question mark as a wildcard character.You can use HKCU and HKLM to refer to HKEY_CURRENT_USER and HKEY_LOCAL_MACHINE respectively.</li><li>*Object* can contain the asterisk () wildcard character. However, you cannot use the question mark as a wildcard character. For example: <br/> **`C:\Folder\ [*]`** enumerates all files in C:&lt;em&gt;Path* but no subfolders of C:\Folder. <br/> **`C:\Folder* [*]`** enumerates all files and subfolders of C:\Folder. <br/> **`C:\Folder\ [*.mp3]`** enumerates all .mp3 files in C:\Folder. <br/> **`C:\Folder\ [Sample.doc]`** enumerates only the Sample.doc file located in C:\Folder. <div class="alert">**Note**<br/>If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named &quot;file].txt&quot;, you must specify `<pattern type="File">c:\documents\mydocs [file^].txt]</pattern>` instead of `<pattern type="File">c:\documents\mydocs [file].txt]</pattern>`.</div></li></ul> |
+| *Path* [*object*] | Yes | A valid registry or file path pattern, followed by at least one space, followed by brackets [] that contain the object to be migrated. <ul><li>*Path* can contain the asterisk (`*`) wildcard character or can be an [Recognized environment variables](usmt-recognized-environment-variables.md). You cannot use the question mark as a wildcard character. You can use `HKCU` and `HKLM` to refer to `HKEY_CURRENT_USER` and `HKEY_LOCAL_MACHINE` respectively.</li><li>*Object* can contain the asterisk (`*`) wildcard character. However, you cannot use the question mark as a wildcard character. For example: <br/> **`C:\Folder\ [*]`** enumerates all files in `C:\Folder` but no subfolders of `C:\Folder`. <br/> **`C:\Folder* [*]`** enumerates all files and subfolders of `C:\Folder`. <br/> **`C:\Folder\ [*.mp3]`** enumerates all `.mp3` files in `C:\Folder`. <br/> **`C:\Folder\ [Sample.doc]`** enumerates only the `Sample.doc` file located in C:\Folder. <div class="alert">**Note**<br/>If you are migrating a file that has a square bracket character ([ or ]) in the file name, you must insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named &quot;file].txt&quot;, you must specify `<pattern type="File">c:\documents\mydocs [file^].txt]</pattern>` instead of `<pattern type="File">c:\documents\mydocs [file].txt]</pattern>`.</div></li></ul> |
 
 For example:
 
--   To migrate a single registry key:
+- To migrate a single registry key:
 
     ```xml
     <pattern type="Registry">HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache [Persistent]</pattern>
     ```
 
--   To migrate the EngineeringDrafts folder and any subfolders from the C: drive:
+- To migrate the `C:\EngineeringDrafts` folder and any subfolders from the C: drive:
 
     ```xml
     <pattern type="File">C:\EngineeringDrafts\* [*]</pattern>
     ```
 
--   To migrate only the EngineeringDrafts folder, excluding any subfolders, from the C: drive:
+- To migrate only the `C:\EngineeringDrafts` folder, excluding any subfolders, from the C: drive:
 
-    [Reroute Files and Settings](usmt-reroute-files-and-settings.md)
+    [Reroute files and settings](usmt-reroute-files-and-settings.md)
 
--   To migrate the Sample.doc file from C:\\EngineeringDrafts:
+- To migrate the `Sample.doc` file from `C:\EngineeringDrafts`:
 
     ```xml
     <pattern type="File"> C:\EngineeringDrafts\ [Sample.doc]</pattern>
     ```
 
--   To migrate the Sample.doc file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated.
+- To migrate the `Sample.doc` file from where ever it exists on the C: drive use pattern in the following way. If multiple files exist with the same name on the C: drive, then all of these files will be migrated.
 
     ```xml
     <pattern type="File"> C:\* [Sample.doc] </pattern>
     ```
 
--   For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), [Include Files and Settings](usmt-include-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md).
+- For more examples of how to use this element, see [Exclude files and settings](usmt-exclude-files-and-settings.md), [Reroute files and settings](usmt-reroute-files-and-settings.md), [Include files and settings](usmt-include-files-and-settings.md), and [Custom XML examples](usmt-custom-xml-examples.md).
 
-## <a href="" id="processing"></a>&lt;processing&gt;
+## &lt;processing&gt;
 
 You can use this element to run a script during a specific point within the migration process. Return values are not expected from the scripts that you specify, and if there are return values, they will be ignored.
 
--   **Number of occurrences:** unlimited
+- **Number of occurrences:** unlimited
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Required child element:**[&lt;script&gt;](#script)
+- **Required child element:** [&lt;script&gt;](#script)
 
 Syntax:
 
@@ -1833,21 +1803,21 @@ Syntax:
 |--- |--- |--- |
 | when | Yes | Indicates when the script should be run. This value can be one of the following: <ul><li>**pre-scan** means before the scanning process begins.</li><li>**scan-success** means after the scanning process has finished successfully.</li><li>**post-scan** means after the scanning process has finished, whether it was successful or not.</li><li>**pre-apply** means before the apply process begins.</li><li>**apply-success** means after the apply process has finished successfully.</li><li>**post-apply** means after the apply process has finished, whether it was successful or not.</li></ul> |
 
-## <a href="" id="plugin"></a>&lt;plugin&gt;
+## &lt;plugin&gt;
 
 This is an internal USMT element. Do not use this element.
 
-## <a href="" id="role"></a>&lt;role&gt;
+## &lt;role&gt;
 
-The &lt;role&gt; element is required in a custom .xml file. By specifying the &lt;role&gt; element, you can create a concrete component. The component will be defined by the parameters specified at the &lt;component&gt; level, and with the role that you specify here.
+The **&lt;role&gt;** element is required in a custom .xml file. By specifying the **&lt;role&gt;** element, you can create a concrete component. The component will be defined by the parameters specified at the **&lt;component&gt;** level, and with the role that you specify here.
 
--   **Number of occurrences:** Each &lt;component&gt; can have one, two or three child &lt;role&gt; elements.
+- **Number of occurrences:** Each **&lt;component&gt;** can have one, two or three child **&lt;role&gt;** elements.
 
--   **Parent elements:**[&lt;component&gt;](#component), [&lt;role&gt;](#role)
+- **Parent elements:** [&lt;component&gt;](#component), [&lt;role&gt;](#role)
 
--   **Required child elements:**[&lt;rules&gt;](#rules)
+- **Required child elements:** [&lt;rules&gt;](#rules)
 
--   **Optional child elements:**[&lt;environment&gt;](#bkmk-environment), [&lt;detection&gt;](#detection), [&lt;component&gt;](#component), [&lt;role&gt;](#role), &lt;detects&gt;, &lt;plugin&gt;,
+- **Optional child elements:** [&lt;environment&gt;](#environment), [&lt;detection&gt;](#detection), [&lt;component&gt;](#component), [&lt;role&gt;](#role), [&lt;detects&gt;](#detects), [&lt;plugin&gt;](#plugin)
 
 Syntax:
 
@@ -1858,9 +1828,9 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| role | Yes | Defines the role for the component. Role can be one of: <ul><li>**Container**</li><li>**Binaries**</li><li>**Settings**</li><li>**Data**</li></ul> You can either: <ol><li>Specify up to three &lt;role&gt; elements within a &lt;component&gt; — one "Binaries" role element, one "Settings" role element and one "Data" role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these &lt;role&gt; elements, but each nested element must be of the same role parameter.</li><li>Specify one "Container" &lt;role&gt; element within a &lt;component&gt; element. In this case, you cannot specify any child &lt;rules&gt; elements, only other &lt;component&gt; elements. And each child &lt;component&gt; element must have the same type as that of parent &lt;component&gt; element. For example:</li></ol> <pre class="syntax"><code>&lt;component context=&quot;UserAndSystem&quot; type=&quot;Application&quot;&gt; <br/>  &lt;displayName _locID=&quot;migapp.msoffice2003&quot;&gt;Microsoft Office 2003&lt;/displayName&gt; <br/>  &lt;environment name=&quot;GlobalEnv&quot; /&gt; <br/>  &lt;role role=&quot;Container&quot;&gt;<br/>    &lt;detection name=&quot;AnyOffice2003Version&quot; /&gt; <br/>    &lt;detection name=&quot;FrontPage2003&quot; /&gt; <br/>    &lt;!-- <br/> Office 2003 Common Settings <br/>  --&gt; <br/>     &lt;component context=&quot;UserAndSystem&quot; type=&quot;Application&quot;&gt;</code></pre> |
+| role | Yes | Defines the role for the component. Role can be one of: <ul><li>**Container**</li><li>**Binaries**</li><li>**Settings**</li><li>**Data**</li></ul> You can either: <ol><li>Specify up to three **&lt;role&gt;** elements within a **&lt;component&gt;** — one "Binaries" role element, one "Settings" role element and one "Data" role element. These parameters do not change the migration behavior — their only purpose is to help you categorize the settings that you are migrating. You can nest these **&lt;role&gt;** elements, but each nested element must be of the same role parameter.</li><li>Specify one "Container" **&lt;role&gt;** element within a **&lt;component&gt;** element. In this case, you cannot specify any child **&lt;rules&gt;** elements, only other **&lt;component&gt;** elements. And each child **&lt;component&gt;** element must have the same type as that of parent **&lt;component&gt;** element. For example:</li></ol> <pre class="syntax"><code>&lt;component context=&quot;UserAndSystem&quot; type=&quot;Application&quot;&gt; <br/>  &lt;displayName _locID=&quot;migapp.msoffice2003&quot;&gt;Microsoft Office 2003&lt;/displayName&gt; <br/>  &lt;environment name=&quot;GlobalEnv&quot; /&gt; <br/>  &lt;role role=&quot;Container&quot;&gt;<br/>    &lt;detection name=&quot;AnyOffice2003Version&quot; /&gt; <br/>    &lt;detection name=&quot;FrontPage2003&quot; /&gt; <br/>    &lt;!-- <br/> Office 2003 Common Settings <br/>  --&gt; <br/>     &lt;component context=&quot;UserAndSystem&quot; type=&quot;Application&quot;&gt;</code></pre> |
 
-The following example is from the MigUser.xml file. For more examples, see the MigApp.xml file:
+The following example is from the MigUser.xml file. For more examples, see the `MigApp.xml` file:
 
 ```xml
 <component type="System" context="User">
@@ -1891,18 +1861,17 @@ The following example is from the MigUser.xml file. For more examples, see the M
 </component>
 ```
 
-## <a href="" id="rules"></a>&lt;rules&gt;
+## &lt;rules&gt;
 
+The **&lt;rules&gt;** element is required in a custom .xml file. This element contains rules that will run during the migration if the parent **&lt;component&gt;** element is selected, unless the child **&lt;conditions&gt;** element, if present, evaluates to **FALSE**. For each **&lt;rules&gt;** element there can be multiple child **&lt;rules&gt;** elements.
 
-The &lt;rules&gt; element is required in a custom .xml file. This element contains rules that will run during the migration if the parent &lt;component&gt; element is selected, unless the child &lt;conditions&gt; element, if present, evaluates to FALSE. For each &lt;rules&gt; element there can be multiple child &lt;rules&gt; elements.
+- **Number of occurrences:** unlimited
 
--   **Number of occurrences:** unlimited
+- **Parent elements:** [&lt;role&gt;](#role), [&lt;rules&gt;](#rules), [&lt;namedElements&gt;](#namedelements)
 
--   **Parent elements:**[&lt;role&gt;](#role), [&lt;rules&gt;](#rules), [&lt;namedElements&gt;](#namedelements)
+- **Required child elements:** [&lt;include&gt;](#include)
 
--   **Required child elements:**[&lt;include&gt;](#include)
-
--   **Optional child elements:**[&lt;rules&gt;](#rules), [&lt;exclude&gt;](#exclude), [&lt;unconditionalExclude&gt;](#unconditionalexclude),[&lt;merge&gt;](#merge), [&lt;contentModify&gt;](#contentmodify), [&lt;locationModify&gt;](#locationmodify), [&lt;destinationCleanup&gt;](#destinationcleanup), [&lt;addObjects&gt;](#addobjects), [&lt;externalProcess&gt;](#externalprocess), [&lt;processing&gt;](#processing), [&lt;includeAttributes&gt;](#includeattributes), [&lt;excludeAttributes&gt;](#excludeattributes), [conditions](#conditions), &lt;detects&gt;
+- **Optional child elements:** [&lt;rules&gt;](#rules), [&lt;exclude&gt;](#exclude), [&lt;unconditionalExclude&gt;](#unconditionalexclude),[&lt;merge&gt;](#merge), [&lt;contentModify&gt;](#contentmodify), [&lt;locationModify&gt;](#locationmodify), [&lt;destinationCleanup&gt;](#destinationcleanup), [&lt;addObjects&gt;](#addobjects), [&lt;externalProcess&gt;](#externalprocess), [&lt;processing&gt;](#processing), [&lt;includeAttributes&gt;](#includeattributes), [&lt;excludeAttributes&gt;](#excludeattributes), [conditions](#conditions), [&lt;detects&gt;](#detects)
 
 Syntax:
 
@@ -1913,8 +1882,8 @@ Syntax:
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| name | Yes, when &lt;rules&gt; is a child to &lt;namedElements&gt; <br/>No, when &lt;rules&gt; is a child to any other element | When *ID* is specified, any child elements are not processed. Instead, any other &lt;rules&gt; elements with the same name that are declared within &lt;namedElements&gt; are processed. |
-| context | No <br/>(default = UserAndSystem) | Defines the scope of this parameter — whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the component element. For example, if a &lt;component&gt; element has a context of User and a &lt;rules&gt; element had a context of UserAndSystem, then the &lt;rules&gt; element would act as though it has a context of User. If &lt;rules&gt; had a context of System, it would act as though &lt;rules&gt; was not there. <ul><li>**User.** Evaluates the variables for each user.</li><li>**System.** Evaluates the variables only once for the system.</li><li>**UserAndSystem.** Evaluates the variables for the entire operating system and each user.</li></ul> |
+| name | Yes, when **&lt;rules&gt;** is a child to **&lt;namedElements&gt;** <br/>No, when **&lt;rules&gt;** is a child to any other element | When *ID* is specified, any child elements are not processed. Instead, any other **&lt;rules&gt;** elements with the same name that are declared within **&lt;namedElements&gt;** are processed. |
+| context | No <br/>(default = UserAndSystem) | Defines the scope of this parameter — whether to process this component in the context of the specific user, across the entire operating system, or both. <br/>The largest possible scope is set by the component element. For example, if a **&lt;component&gt;** element has a context of **User** and a **&lt;rules&gt;** element had a context of **UserAndSystem**, then the **&lt;rules&gt;** element would act as though it has a context of **User**. If **&lt;rules&gt;** had a context of **System**, it would act as though **&lt;rules&gt;** was not there. <ul><li>**User**: Evaluates the variables for each user.</li><li>**System**: Evaluates the variables only once for the system.</li><li>**UserAndSystem**: Evaluates the variables for the entire operating system and each user.</li></ul> |
 
 The following example is from the MigUser.xml file:
 
@@ -1946,40 +1915,39 @@ The following example is from the MigUser.xml file:
 </component>
 ```
 
-## <a href="" id="script"></a>&lt;script&gt;
+## &lt;script&gt;
 
-
-The return value that is required by &lt;script&gt; depends on the parent element.
+The return value that is required by **&lt;script&gt;** depends on the parent element.
 
 **Number of occurrences:** Once for [&lt;variable&gt;](#variable), unlimited for [&lt;objectSet&gt;](#objectset) and [&lt;processing&gt;](#processing)
 
-**Parent elements:**[&lt;objectSet&gt;](#objectset), [&lt;variable&gt;](#variable), [&lt;processing&gt;](#processing)
+**Parent elements:** [&lt;objectSet&gt;](#objectset), [&lt;variable&gt;](#variable), [&lt;processing&gt;](#processing)
 
 **Child elements:** none
 
 **Syntax and helper functions:**
 
--   General Syntax: `<script>ScriptWithArguments</script>`
+- General Syntax: `<script>ScriptWithArguments</script>`
 
--   You can use [GetStringContent](#scriptfunctions) when &lt;script&gt; is within &lt;variable&gt;.
+- You can use [GetStringContent](#script-functions) when **&lt;script&gt;** is within **&lt;variable&gt;**.
 
     Syntax: `<script>MigXmlHelper.GetStringContent("ObjectType","EncodedLocationPattern", "ExpandContent")</script>`
 
     Example: `<script>MigXMLHelper.GetStringContent("Registry","HKLM\Software\MyApp\Installer [EXEPATH]")</script>`
 
--   You can use [GenerateUserPatterns](#scriptfunctions) when &lt;script&gt; is within &lt;objectSet&gt;.
+- You can use [GenerateUserPatterns](#script-functions) when **&lt;script&gt;** is within **&lt;objectSet&gt;**.
 
     Syntax: `<script>MigXmlHelper.GenerateUserPatterns("ObjectType","EncodedLocationPattern","ProcessCurrentUser")</script>`
 
     Example: `<script>MigXmlHelper.GenerateUserPatterns ("File","%USERPROFILE%\* [*.doc]", "FALSE")</script>`
 
--   You can use [GenerateDrivePatterns](#scriptfunctions) when &lt;script&gt; is within &lt;objectSet&gt;.
+- You can use [GenerateDrivePatterns](#script-functions) when **&lt;script&gt;** is within **&lt;objectSet&gt;**.
 
     Syntax: `<script>MigXmlHelper.GenerateDrivePatterns("PatternSegment","DriveType")</script>`
 
     Example: `<script>MigXmlHelper.GenerateDrivePatterns("* [sample.doc]", "Fixed")</script>`
 
--   You can use the [Simple executing scripts](#scriptfunctions) with &lt;script&gt; elements that are within &lt;processing&gt; elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM.
+- You can use the [Simple executing scripts](#script-functions) with **&lt;script&gt;** elements that are within **&lt;processing&gt;** elements: AskForLogoff, ConvertToShortFileName, KillExplorer, RemoveEmptyDirectories, RestartExplorer, RegisterFonts, StartService, StopService, SyncSCM.
 
     Syntax: `<script>MigXmlHelper.ExecutingScript</script>`
 
@@ -1987,11 +1955,11 @@ The return value that is required by &lt;script&gt; depends on the parent elemen
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-| *ScriptWithArguments* | Yes | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript (&quot;Arg1&quot;,&quot;Arg2&quot;)`. <br/>The script will be called for each object that is enumerated by the object sets in the &lt;include&gt; rule. The filter script returns a Boolean value. If the return value is TRUE, the object will be migrated. If it is FALSE, it will not be migrated. <br/>The return value that is required by &lt;script&gt; depends on the parent element. <ul><li>When used within &lt;variable&gt;, the return value must be a string.</li><li>When used within &lt;objectSet&gt;, the return value must be a two-dimensional array of strings.</li><li>When used within &lt;location&gt;, the return value must be a valid location that aligns with the type attribute of &lt;location&gt;. For example, if &lt;location type=&quot;File&quot;&gt;, the child script element, if specified, must be a valid file location. <div class="alert">**Note**<br/>If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named &quot;file].txt&quot;, specify `<pattern type="File">c:\documents\mydocs [file^].txt]</pattern>` instead of `<pattern type="File">c:\documents\mydocs [file].txt]</pattern>`.</div></li></ul> |
+| *ScriptWithArguments* | Yes | A script followed by any number of string arguments that are separated by a comma and enclosed in parenthesis. For example, `MyScripts.AScript (&quot;Arg1&quot;,&quot;Arg2&quot;)`. <br/>The script will be called for each object that is enumerated by the object sets in the **&lt;include&gt;** rule. The filter script returns a Boolean value. If the return value is **TRUE**, the object will be migrated. If it is **FALSE**, it will not be migrated. <br/>The return value that is required by **&lt;script&gt;** depends on the parent element. <ul><li>When used within **&lt;variable&gt;**, the return value must be a string.</li><li>When used within **&lt;objectSet&gt;**, the return value must be a two-dimensional array of strings.</li><li>When used within **&lt;location&gt;**, the return value must be a valid location that aligns with the type attribute of **&lt;location&gt;**. For example, if &lt;location type=&quot;File&quot;&gt;, the child script element, if specified, must be a valid file location. <div class="alert">**Note**<br/>If you are migrating a file that has a bracket character ([ or ]) in the file name, insert the carrot (^) character directly before the bracket for it to be valid. For example, if there is a file named &quot;file].txt&quot;, specify `<pattern type="File">c:\documents\mydocs [file^].txt]</pattern>` instead of `<pattern type="File">c:\documents\mydocs [file].txt]</pattern>`.</div></li></ul> |
 
 Examples:
 
-To migrate the Sample.doc file from any drive on the source computer, use &lt;script&gt; as follows. If multiple files exist with the same name, all such files will get migrated.
+To migrate the Sample.doc file from any drive on the source computer, use **&lt;script&gt;** as follows. If multiple files exist with the same name, all such files will get migrated.
 
 ```xml
 <script>MigXmlHelper.GenerateDrivePatterns("* [sample.doc]", "Fixed")</script> 
@@ -1999,29 +1967,29 @@ To migrate the Sample.doc file from any drive on the source computer, use &lt;sc
 
 For more examples of how to use this element, see [Exclude Files and Settings](usmt-exclude-files-and-settings.md), [Reroute Files and Settings](usmt-reroute-files-and-settings.md), and [Custom XML Examples](usmt-custom-xml-examples.md).
 
-### <a href="" id="scriptfunctions"></a>&lt;script&gt; functions
+### &lt;script&gt; functions
 
-You can use the following functions with the &lt;script&gt; element
+You can use the following functions with the **&lt;script&gt;** element
 
--   [String and pattern generating functions](#stringgeneratingfunctions)
+- [String and pattern generating functions](#string-and-pattern-generating-functions)
 
--   [Simple executing scripts](#simple)
+- [Simple executing scripts](#simple-executing-scripts)
 
-### <a href="" id="stringgeneratingfunctions"></a>String and pattern generating functions
+### String and pattern generating functions
 
 These functions return either a string or a pattern.
 
--   **GetStringContent**
+- **GetStringContent**
 
-    You can use GetStringContent with &lt;script&gt; elements that are within &lt;variable&gt; elements. If possible, this function returns the string representation of the given object. Otherwise, it returns NULL. For file objects this function always returns NULL.
+    You can use GetStringContent with **&lt;script&gt;** elements that are within **&lt;variable&gt;** elements. If possible, this function returns the string representation of the given object. Otherwise, it returns **NULL**. For file objects this function always returns **NULL**.
 
     Syntax: `GetStringContent("ObjectType","EncodedLocationPattern", "ExpandContent")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
     | *ObjectType* | Yes | The type of object. Can be Registry or Ini (for an .ini file). |
-    | *EncodedLocationPattern* | Yes | <ul><li>If type of object is Registry, EncodedLocationPattern must be a valid registry path. For example, HKLM\SOFTWARE\MyKey[].</li><li>If the type of object is Ini, then EncodedLocationPattern must be in the following format: <br/>IniFilePath&#124;SectionName[SettingName]</li></ul> |
-    | *ExpandContent* | No (default=TRUE) | Can be TRUE or FALSE. If FALSE, then the given location will not be expanded before it is returned. |
+    | *EncodedLocationPattern* | Yes | <ul><li>If type of object is Registry, EncodedLocationPattern must be a valid registry path. For example, `HKLM\SOFTWARE\MyKey[]`.</li><li>If the type of object is Ini, then EncodedLocationPattern must be in the following format: <br/>**IniFilePath&#124;SectionName[SettingName]**</li></ul> |
+    | *ExpandContent* | No (default=TRUE) | Can be **TRUE** or **FALSE**. If **FALSE**, then the given location will not be expanded before it is returned. |
 
   For example:
 
@@ -2033,40 +2001,40 @@ These functions return either a string or a pattern.
 
 - **GenerateDrivePatterns**
 
-  The GenerateDrivePatterns function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and DriveType is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use GenerateDrivePatterns with &lt;script&gt; elements that are within [&lt;objectSet&gt;](#objectset) that are within &lt;include&gt;/&lt;exclude&gt;.
+  The `GenerateDrivePatterns` function will iterate all of the available drives and select the ones that match the requested drive type. It will then concatenate the selected drives with the end part of *PatternSegment* to form a full encoded file pattern. For example, if *PatternSegment* is `Path [file.txt]` and *DriveType* is `Fixed`, then the function will generate `C:\Path [file.txt]`, and other patterns if there are fixed drives other than C:. You cannot specify environment variables with this function. You can use `GenerateDrivePatterns` with **&lt;script&gt;** elements that are within [&lt;objectSet&gt;](#objectset) that are within **&lt;include&gt;**/**&lt;exclude&gt;**.
 
   Syntax: `GenerateDrivePatterns("PatternSegment","DriveType")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
-    | *PatternSegment* | Yes | The suffix of an encoded pattern. It will be concatenated with a drive specification, such as &quot;c:&quot;, to form a complete [encoded file pattern](#locations). For example, &quot;* [*.doc]&quot;. *PatternSegment* cannot be an environment variable. |
+    | *PatternSegment* | Yes | The suffix of an encoded pattern. It will be concatenated with a drive specification, such as &quot;c:&quot;, to form a complete [encoded file pattern](#specifying-locations). For example, &quot;* [*.doc]&quot;. *PatternSegment* cannot be an environment variable. |
     | *DriveType* | Yes | The drive type for which the patterns are to be generated. You can specify one of: <ul><li>Fixed</li><li>CDROM</li><li>Removable</li><li>Remote</li></ul> |
 
   See the last component in the MigUser.xml file for an example of this element.
 
 - **GenerateUserPatterns**
 
-  The function will iterate through all users that are being migrated, excluding the currently processed user if &lt;ProcessCurrentUser&gt; is FALSE, and will expand the specified pattern in the context of each user. For example, if users A, B and C have profiles in C:\\Documents and Settings), by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns:
+  The `GenerateUserPatterns` function will iterate through all users that are being migrated, excluding the currently processed user if **&lt;ProcessCurrentUser&gt;** is **FALSE**, and will expand the specified pattern in the context of each user. For example, if users A, B, and C have profiles in `C:\Documents and Settings`, by calling `GenerateUserPattens('File','%userprofile% [*.doc]','TRUE')`, the helper function will generate the following three patterns:
 
-  -   "C:\\Documents and Settings\\A\\\* \[\*.doc\]"
+  - "C:\\Documents and Settings\\A\\\* \[\*.doc\]"
 
-  -   "C:\\Documents and Settings\\B\\\* \[\*.doc\]"
+  - "C:\\Documents and Settings\\B\\\* \[\*.doc\]"
 
-  -   "C:\\Documents and Settings\\C\\\* \[\*.doc\]"
+  - "C:\\Documents and Settings\\C\\\* \[\*.doc\]"
 
   Syntax: `GenerateUserPatterns("ObjectType","EncodedLocationPattern","ProcessCurrentUser")`
 
     |Setting|Required?|Value|
     |--- |--- |--- |
     |*ObjectType*|Yes|Defines the object type. Can be File or Registry.|
-    |*EncodedLocationPattern*|Yes|The [location pattern](#locations). Environment variables are allowed.|
-    |*ProcessCurrentUser*|Yes|Can be TRUE or FALSE. Indicates if the patterns should be generated for the current user.|
+    |*EncodedLocationPattern*|Yes|The [location pattern](#specifying-locations). Environment variables are allowed.|
+    |*ProcessCurrentUser*|Yes|Can be **TRUE** or **FALSE**. Indicates if the patterns should be generated for the current user.|
 
 **Example:**
 
-If GenerateUserPattens('File','%userprofile% \[\*.doc\]','FALSE') is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all .doc files from the source computer — but if user X is not migrated, then do not migrate any of the .doc files from user X's profile.
+If `GenerateUserPattens('File','%userprofile% [*.doc]','FALSE')` is called while USMT is processing user A, then this function will only generate patterns for users B and C. You can use this helper function to build complex rules. For example, to migrate all `.doc` files from the source computer — but if user X is not migrated, then do not migrate any of the `.doc` files from user X's profile.
 
-The following is example code for this scenario. The first &lt;rules&gt; element migrates all.doc files on the source computer with the exception of those inside C:\\Documents and Settings. The second &lt;rules&gt; elements will migrate all .doc files from C:\\Documents and Settings with the exception of the .doc files in the profiles of the other users. Because the second &lt;rules&gt; element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected.
+The following is example code for this scenario. The first **&lt;rules&gt;** element migrates all `.doc` files on the source computer with the exception of those inside `C:\Documents and Settings`. The second **&lt;rules&gt;** elements will migrate all `.doc` files from `C:\Documents and Settings` with the exception of the `.doc` files in the profiles of the other users. Because the second **&lt;rules&gt;** element will be processed in each migrated user context, the end result will be the desired behavior. The end result is the one we expected.
 
 ```xml
 <rules context="System">
@@ -2097,13 +2065,13 @@ The following is example code for this scenario. The first &lt;rules&gt; element
 
 ### MigXmlHelper.GenerateDocPatterns
 
-This helper function invokes the document finder to scan the system for all files that can be migrated. It can be invoked in either System or User context to focus the scan.
+The `MigXmlHelper.GenerateDocPatterns` helper function invokes the document finder to scan the system for all files that can be migrated. It can be invoked in either **System** or **User** context to focus the scan.
 
 |Setting|Required?|Value|
 |--- |--- |--- |
-|*ScanProgramFiles*|No (default = FALSE)|Can be TRUE or FALSE. The *ScanProgramFiles* parameter determines whether or not the document finder scans the **Program Files** directory to gather registered file extensions for known applications. For example, when set to TRUE it will discover and migrate .jpg files under the Photoshop directory, if .jpg is a file extension registered to Photoshop.|
-|*IncludePatterns*|No (default = TRUE)|Can be TRUE or FALSE. TRUE will generate include patterns and can be added under the &lt;include&gt; element. FALSE will generate exclude patterns and can be added under the &lt;exclude&gt; element.|
-|*SystemDrive*|No (default = FALSE)|Can be TRUE or FALSE. If TRUE, restricts all patterns to the system drive.|
+|*ScanProgramFiles*|No (default = FALSE)|Can be **TRUE** or **FALSE**. The *ScanProgramFiles* parameter determines whether or not the document finder scans the **Program Files** directory to gather registered file extensions for known applications. For example, when set to **TRUE** it will discover and migrate .jpg files under the Photoshop directory, if `.jpg` is a file extension registered to Photoshop.|
+|*IncludePatterns*|No (default = TRUE)|Can be **TRUE** or **FALSE**. **TRUE** will generate include patterns and can be added under the **&lt;include&gt;** element. **FALSE** will generate exclude patterns and can be added under the **&lt;exclude&gt;** element.|
+|*SystemDrive*|No (default = FALSE)|Can be **TRUE** or **FALSE**. If **TRUE**, restricts all patterns to the system drive.|
 
 ```xml
  <!-- This component migrates data in user context -->
@@ -2126,11 +2094,11 @@ This helper function invokes the document finder to scan the system for all file
   </component>
 ```
 
-### <a href="" id="simple"></a>Simple executing scripts
+### Simple executing scripts
 
-The following scripts have no return value. You can use the following errors with &lt;script&gt; elements that are within &lt;processing&gt; elements
+The following scripts have no return value. You can use the following errors with **&lt;script&gt;** elements that are within **&lt;processing&gt;** elements
 
--   **AskForLogoff()**. Prompts the user to log off at the end of the migration. For example:
+- **AskForLogoff()**. Prompts the user to log off at the end of the migration. For example:
 
   ```xml
   <processing when="apply-success">
@@ -2138,9 +2106,9 @@ The following scripts have no return value. You can use the following errors wit
   </processing>
   ```
 
--   **ConvertToShortFileName(RegistryEncodedLocation)**. If *RegistryEncodedLocation* is the full path of an existing file, this function will convert the file to its short file name and then it will update the registry value.
+- **ConvertToShortFileName(RegistryEncodedLocation)**. If *RegistryEncodedLocation* is the full path of an existing file, this function will convert the file to its short file name and then it will update the registry value.
 
--   **KillExplorer()**. Stops Explorer.exe for the current user context. This allows access to certain keys and files that are kept open when Explorer.exe is running. For example:
+- **KillExplorer()**. Stops Explorer.exe for the current user context. This allows access to certain keys and files that are kept open when Explorer.exe is running. For example:
 
   ```xml
   <processing when="pre-apply">
@@ -2148,7 +2116,7 @@ The following scripts have no return value. You can use the following errors wit
   </processing>
   ```
 
--   **RegisterFonts(FileEncodedLocation)**. Registers the given font or all of the fonts in the given directory. For example:
+- **RegisterFonts(FileEncodedLocation)**. Registers the given font or all of the fonts in the given directory. For example:
 
  ```xml
   <processing when="apply-success">
@@ -2156,9 +2124,9 @@ The following scripts have no return value. You can use the following errors wit
   </processing>
   ```
 
--   **RemoveEmptyDirectories (DirectoryEncodedPattern).** Deletes any empty directories that match *DirectoryEncodedPattern* on the destination computer.
+- **RemoveEmptyDirectories (DirectoryEncodedPattern).** Deletes any empty directories that match *DirectoryEncodedPattern* on the destination computer.
 
--   **RestartExplorer().** Restarts Explorer.exe at the end of the migration. For example:
+- **RestartExplorer().** Restarts Explorer.exe at the end of the migration. For example:
 
   ```xml
   <processing when="post-apply">
@@ -2166,22 +2134,21 @@ The following scripts have no return value. You can use the following errors wit
   </processing>
   ```
 
--   **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see [this Microsoft Web site](/windows/win32/api/winsvc/nf-winsvc-startservicea).
+- **StartService (ServiceName, OptionalParam1, OptionalParam2,…).** Starts the service identified by *ServiceName. ServiceName* is the subkey in `HKLM\System\CurrentControlSet\Services` that holds the data for the given service. The optional parameters, if any, will be passed to the StartService API. For more information, see the [StartServiceA function (winsvc.h)](/windows/win32/api/winsvc/nf-winsvc-startservicea) article.
 
--   **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in HKLM\\System\\CurrentControlSet\\Services that holds the data for the given service.
+- **StopService (ServiceName)**. Stops the service that is identified by *ServiceName. ServiceName* is the subkey in `HKLM\System\CurrentControlSet\Services` that holds the data for the given service.
 
--   **SyncSCM(ServiceShortName).** Reads the Start type value from the registry (HKLM\\System\\CurrentControlSet\\Services\\ServiceShortName \[Start\]) after it is changed by the migration engine, and then synchronizes Service Control Manager (SCM) with the new value.
+- **SyncSCM(ServiceShortName).** Reads the Start type value from the registry `(HKLM\System\CurrentControlSet\Services\ServiceShortName [Start])` after it is changed by the migration engine, and then synchronizes Service Control Manager (SCM) with the new value.
 
-## <a href="" id="text"></a>&lt;text&gt;
+## &lt;text&gt;
 
+You can use the **&lt;text&gt;** element to set a value for any environment variables that are inside one of the migration .xml files.
 
-You can use the &lt;text&gt; element to set a value for any environment variables that are inside one of the migration .xml files.
+- **Number of occurrences:** Once in each [&lt;variable&gt;](#variable) element.
 
--   **Number of occurrences:** Once in each [&lt;variable&gt;](#variable) element.
+- **Parent elements:** [&lt;variable&gt;](#variable)
 
--   **Parent elements:**[&lt;variable&gt;](#variable)
-
--   **Child elements:** None.
+- **Child elements:** None.
 
 Syntax:
 
@@ -2201,18 +2168,17 @@ For example:
 </variable>
 ```
 
-## <a href="" id="unconditionalexclude"></a>&lt;unconditionalExclude&gt;
+## &lt;unconditionalExclude&gt;
 
+The **&lt;unconditionalExclude&gt;** element excludes the specified files and registry values from the migration, regardless of the other include rules in any of the migration .xml files or in the `Config.xml` file. The objects declared here will not be migrated because this element takes precedence over all other rules. For example, even if there are explicit **&lt;include&gt;** rules to include `.mp3` files, if you specify to exclude them with this option, then they will not be migrated.
 
-The &lt;unconditionalExclude&gt; element excludes the specified files and registry values from the migration, regardless of the other include rules in any of the migration .xml files or in the Config.xml file. The objects declared here will not be migrated because this element takes precedence over all other rules. For example, even if there are explicit &lt;include&gt; rules to include .mp3 files, if you specify to exclude them with this option, then they will not be migrated.
+Use this element if you want to exclude all `.mp3` files from the source computer. Or, if you are backing up `C:\UserData` using another method, you can exclude the entire folder from the migration. Use this element with caution, however, because if an application needs a file that you exclude, the application may not function properly on the destination computer.
 
-Use this element if you want to exclude all .mp3 files from the source computer. Or, if you are backing up C:\\UserData using another method, you can exclude the entire folder from the migration. Use this element with caution, however, because if an application needs a file that you exclude, the application may not function properly on the destination computer.
+- **Number of occurrences:** Unlimited.
 
--   **Number of occurrences:** Unlimited.
+- **Parent elements:** [&lt;rules&gt;](#rules)
 
--   **Parent elements:**[&lt;rules&gt;](#rules)
-
--   **Child elements:**[&lt;objectSet&gt;](#objectset)
+- **Child elements:** [&lt;objectSet&gt;](#objectset)
 
 Syntax:
 
@@ -2220,7 +2186,7 @@ Syntax:
 <unconditionalExclude></unconditionalExclude>
 ```
 
-The following .xml file excludes all .mp3 files from migration. For additional examples of how to use this element, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md).
+The following .xml file excludes all `.mp3` files from migration. For additional examples of how to use this element, see the [Exclude Files and Settings](usmt-exclude-files-and-settings.md).
 
 ```xml
 <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/excludefiles">
@@ -2239,22 +2205,21 @@ The following .xml file excludes all .mp3 files from migration. For additional e
 </migration>
 ```
 
-## <a href="" id="variable"></a>&lt;variable&gt;
+## &lt;variable&gt;
 
+The **&lt;variable&gt;** element is required in an **&lt;environment&gt;** element. For each **&lt;variable&gt;** element there must be one **&lt;objectSet&gt;**, **&lt;script&gt;**, or **&lt;text&gt;** element. The content of the **&lt;variable&gt;** element assigns a text value to the environment variable. This element has the following three options:
 
-The &lt;variable&gt; element is required in an &lt;environment&gt; element. For each &lt;variable&gt; element there must be one &lt;objectSet&gt;, &lt;script&gt;, or &lt;text&gt; element. The content of the &lt;variable&gt; element assigns a text value to the environment variable. This element has the following three options:
+1. If the **&lt;variable&gt;** element contains a **&lt;text&gt;** element, then the value of the variable element will be the value of the **&lt;text&gt;** element.
 
-1.  If the &lt;variable&gt; element contains a &lt;text&gt; element, then the value of the variable element will be the value of the &lt;text&gt; element.
+2. If the **&lt;variable&gt;** element contains a **&lt;script&gt;** element and the invocation of the script produces a non-null string, then the value of the **&lt;variable&gt;** element will be the result of the script invocation.
 
-2.  If the &lt;variable&gt; element contains a &lt;script&gt; element and the invocation of the script produces a non-null string, then the value of the &lt;variable&gt; element will be the result of the script invocation.
+3. If the **&lt;variable&gt;** element contains an **&lt;objectSet&gt;** element and the evaluation of the **&lt;objectSet&gt;** element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element.
 
-3.  If the &lt;variable&gt; element contains an &lt;objectSet&gt; element and the evaluation of the &lt;objectSet&gt; element produces at least one object pattern, then the value of the first object to match the resulting object pattern will be the value of the variable element.
+- **Number of occurrences:** Unlimited
 
--   **Number of occurrences:** Unlimited
+- **Parent elements:** [&lt;environment&gt;](#environment)
 
--   **Parent elements:**[&lt;environment&gt;](#bkmk-environment)
-
--   **Required child elements:** either [&lt;text&gt;](#text), or [&lt;script&gt;](#script), or [&lt;objectSet&gt;](#objectset)
+- **Required child elements:** either [&lt;text&gt;](#text), or [&lt;script&gt;](#script), or [&lt;objectSet&gt;](#objectset)
 
 Syntax:
 
@@ -2268,7 +2233,7 @@ Syntax:
 |name|Yes|*ID* is a string value that is the name used to reference the environment variable. We recommend that *ID* start with the component's name to avoid namespace collisions. For example, if your component's name is MyComponent, and you want a variable that is your component's install path, you could specify `MyComponent.InstallPath`.|
 |remap|No, default = FALSE|Specifies whether to evaluate this environment variable as a remapping environment variable. Objects that are located in a path that is underneath this environment variable's value are automatically moved to where the environment variable points on the destination computer.|
 
-The following example is from the MigApp.xml file:
+The following example is from the `MigApp.xml` file:
 
 ```xml
 <environment>
@@ -2281,16 +2246,15 @@ The following example is from the MigApp.xml file:
 </environment>
 ```
 
-## <a href="" id="version"></a>&lt;version&gt;
+## &lt;version&gt;
 
+The **&lt;version&gt;** element defines the version for the component, but does not affect the migration.
 
-The &lt;version&gt; element defines the version for the component, but does not affect the migration.
+- **Number of occurrences:** zero or one
 
--   **Number of occurrences:** zero or one
+- **Parent elements:** [&lt;component&gt;](#component)
 
--   **Parent elements:**[&lt;component&gt;](#component)
-
--   **Child elements:** none
+- **Child elements:** none
 
 Syntax:
 
@@ -2308,80 +2272,80 @@ For example:
 <version>4.*</version>
 ```
 
-## <a href="" id="windowsobjects"></a>&lt;windowsObjects&gt;
+## &lt;windowsObjects&gt;
 
-The &lt;windowsObjects&gt; element is for USMT internal use only. Do not use this element.
+The **&lt;windowsObjects&gt;** element is for USMT internal use only. Do not use this element.
 
 ## Appendix
 
-### <a href="" id="locations"></a>Specifying locations
+### Specifying locations
 
--   **Specifying encoded locations**. The encoded location used in all of the helper functions is an unambiguous string representation for the name of an object. It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves.
+- **Specifying encoded locations**. The encoded location used in all of the helper functions is an unambiguous string representation for the name of an object. It is composed of the node part, optionally followed by the leaf enclosed in square brackets. This makes a clear distinction between nodes and leaves.
 
-    For example, specify the file C:\\Windows\\Notepad.exe like this: `c:\Windows[Notepad.exe]`. Similarly, specify the directory C:\\Windows\\System32 like this: `c:\Windows\System32`. (Notice the absence of the \[\] construct.)
+    For example, specify the file `C:\Windows\Notepad.exe` like this: `c:\Windows[Notepad.exe]`. Similarly, specify the directory `C:\Windows\System32` like this: `c:\Windows\System32`. (Notice the absence of the `[]` construct.)
 
-    Representing the registry is very similar. The default value of a registry key is represented as an empty \[\] construct. For example, the default value for the HKLM\\SOFTWARE\\MyKey registry key will be `HKLM\SOFTWARE\MyKey[]`.
+    Representing the registry is very similar. The default value of a registry key is represented as an empty `[]` construct. For example, the default value for the `HKLM\SOFTWARE\MyKey` registry key will be `HKLM\SOFTWARE\MyKey[]`.
 
--   **Specifying location patterns**. You specify a location pattern in a way that is similar to how you specify an actual location. The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf.
+- **Specifying location patterns**. You specify a location pattern in a way that is similar to how you specify an actual location. The exception is that both the node and leaf part accept patterns. However, a pattern from the node does not extend to the leaf.
 
-    For example, the pattern `c:\Windows\*` will match the Windows directory and all subdirectories. But it will not match any of the files in those directories. To match the files as well, you must specify `c:\Windows\*[*]`.
+    For example, the pattern `c:\Windows\*` will match the Windows directory and all subdirectories, but it will not match any of the files in those directories. To match the files as well, you must specify `c:\Windows\*[*]`.
 
-### <a href="" id="internalusmtfunctions"></a>Internal USMT functions
+### Internal USMT functions
 
 The following functions are for internal USMT use only. Do not use them in an .xml file.
 
--   AntiAlias
+- *AntiAlias*
 
--   ConvertScreenSaver
+- *ConvertScreenSaver*
 
--   ConvertShowIEOnDesktop
+- *ConvertShowIEOnDesktop*
 
--   ConvertToOfficeLangID
+- *ConvertToOfficeLangID*
 
--   MigrateActiveDesktop
+- *MigrateActiveDesktop*
 
--   MigrateAppearanceUPM
+- *MigrateAppearanceUPM*
 
--   MigrateDisplayCS
+- *MigrateDisplayCS*
 
--   MigrateDisplaySS
+- *MigrateDisplaySS*
 
--   MigrateIEAutoSearch
+- *MigrateIEAutoSearch*
 
--   MigrateMouseUPM
+- *MigrateMouseUPM*
 
--   MigrateSoundSysTray
+- *MigrateSoundSysTray*
 
--   MigrateTaskBarSS
+- *MigrateTaskBarSS*
 
--   SetPstPathInMapiStruc
+- *SetPstPathInMapiStruc*
 
-### <a href="" id="allowed"></a>Valid version tags
+### Valid version tags
 
 You can use the following version tags with various helper functions:
 
--   "CompanyName"
+- "CompanyName"
 
--   "FileDescription"
+- "FileDescription"
 
--   "FileVersion"
+- "FileVersion"
 
--   "InternalName"
+- "InternalName"
 
--   "LegalCopyright"
+- "LegalCopyright"
 
--   "OriginalFilename"
+- "OriginalFilename"
 
--   "ProductName"
+- "ProductName"
 
--   "ProductVersion"
+- "ProductVersion"
 
 The following version tags contain values that can be compared:
 
--   "FileVersion"
+- "FileVersion"
 
--   "ProductVersion"
+- "ProductVersion"
 
-## Related topics
+## Related articles
 
-[USMT XML Reference](usmt-xml-reference.md)
+[USMT XML reference](usmt-xml-reference.md)
diff --git a/windows/deployment/usmt/usmt-xml-reference.md b/windows/deployment/usmt/usmt-xml-reference.md
index aed31c7e9a..af25e49152 100644
--- a/windows/deployment/usmt/usmt-xml-reference.md
+++ b/windows/deployment/usmt/usmt-xml-reference.md
@@ -2,29 +2,29 @@
 title: USMT XML Reference (Windows 10)
 description: Learn about working with and customizing the migration XML files using User State Migration Tool (USMT) XML Reference for Windows 10.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# USMT XML Reference
+# USMT XML reference
 
-This section contains topics that you can use to work with and to customize the migration XML files.
+This section contains articles that you can use to work with and to customize the migration XML files.
 
-## In This Section
+## In this section
 
 | Link | Description |
 |--- |--- |
-|[Understanding Migration XML Files](understanding-migration-xml-files.md)|Provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file.|
-|[Config.xml File](usmt-configxml-file.md)|Describes the Config.xml file and policies concerning its configuration.|
-|[Customize USMT XML Files](usmt-customize-xml-files.md)|Describes how to customize USMT XML files.|
-|[Custom XML Examples](usmt-custom-xml-examples.md)|Gives examples of XML files for various migration scenarios.|
-|[Conflicts and Precedence](usmt-conflicts-and-precedence.md)|Describes the precedence of migration rules and how conflicts are handled.|
-|[General Conventions](usmt-general-conventions.md)|Describes the XML helper functions.|
-|[XML File Requirements](xml-file-requirements.md)|Describes the requirements for custom XML files.|
-|[Recognized Environment Variables](usmt-recognized-environment-variables.md)|Describes environment variables recognized by USMT.|
-|[XML Elements Library](usmt-xml-elements-library.md)|Describes the XML elements and helper functions for authoring migration XML files to use with USMT.|
+|[Understanding migration XML files](understanding-migration-xml-files.md)|Provides an overview of the default and custom migration XML files and includes guidelines for creating and editing a customized version of the MigDocs.xml file.|
+|[Config.xml file](usmt-configxml-file.md)|Describes the `Config.xml` file and policies concerning its configuration.|
+|[Customize USMT XML files](usmt-customize-xml-files.md)|Describes how to customize USMT XML files.|
+|[Custom XML examples](usmt-custom-xml-examples.md)|Gives examples of XML files for various migration scenarios.|
+|[Conflicts and precedence](usmt-conflicts-and-precedence.md)|Describes the precedence of migration rules and how conflicts are handled.|
+|[General conventions](usmt-general-conventions.md)|Describes the XML helper functions.|
+|[XML file requirements](xml-file-requirements.md)|Describes the requirements for custom XML files.|
+|[Recognized environment variables](usmt-recognized-environment-variables.md)|Describes environment variables recognized by USMT.|
+|[XML elements library](usmt-xml-elements-library.md)|Describes the XML elements and helper functions for authoring migration XML files to use with USMT.|
diff --git a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
index cac669786b..5bb2cf2322 100644
--- a/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
+++ b/windows/deployment/usmt/verify-the-condition-of-a-compressed-migration-store.md
@@ -1,126 +1,104 @@
 ---
 title: Verify the Condition of a Compressed Migration Store (Windows 10)
-description: Use these tips and tricks to verify the condition of a compressed migration store when using User State Migration Tool (USMT).
+description: Use these tips and tricks to verify the condition of a compressed migration store when using User State Migration Tool (USMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# Verify the Condition of a Compressed Migration Store
-
+# Verify the condition of a compressed migration store
 
 When you migrate files and settings during a typical PC-refresh migration, the user state is usually stored in a compressed folder on the intermediate store. This compressed folder, also called the compressed migration store, is a single image file that contains:
 
--   All of the files being migrated.
+- All of the files being migrated.
 
--   The user’s settings.
+- The user's settings.
 
--   A catalog file that contains metadata for all files in the migration store.
+- A catalog file that contains metadata for all files in the migration store.
 
-When you run the **LoadState** command to load the data from these files to the destination computer, LoadState requires a valid catalog file in order to open the migration store. You can run the **UsmtUtils** command with the **/verify** option to determine whether the compressed migration store is intact, or whether it contains corrupted files or a corrupted catalog. You should run the **/verify** option on the migration store before you overwrite the original user-state files and settings.
+When you run the `LoadState.exe` command to load the data from these files to the destination computer, **LoadState** requires a valid catalog file in order to open the migration store. You can run the `UsmtUtils.exe` command with the `/verify` option to determine whether the compressed migration store is intact, or whether it contains corrupted files or a corrupted catalog. You should run the `/verify` option on the migration store before you overwrite the original user-state files and settings.
 
-When you use the **/verify** option, you can specify what type of information to report in the UsmtUtils log file. These report types are:
+When you use the `/verify` option, you can specify what type of information to report in the **UsmtUtils** log file. These report types are:
 
--   **Catalog**: Displays the status of only the catalog file.
+- **Catalog**: Displays the status of only the catalog file.
 
--   **All**: Displays the status of all files, including the catalog file.
+- **All**: Displays the status of all files, including the catalog file.
 
--   **Failure only**: Displays only the files that are corrupted.
+- **Failure only**: Displays only the files that are corrupted.
 
-## In This Topic
+The following sections demonstrate how to run the `UsmtUtils.exe` command with the `/verify` option, and how to specify the information to display in the **UsmtUtils** log file.
 
-
-The following sections demonstrate how to run the **UsmtUtils** command with the **/verify** option, and how to specify the information to display in the UsmtUtils log file.
-
--   [The UsmtUtils syntax for the /verify option](#bkmk-verifysyntax)
-
--   [To verify that the migration store is intact](#bkmk-verifyintactstore)
-
--   [To verify the status of only the catalog file](#bkmk-verifycatalog)
-
--   [To verify the status of all files](#bkmk-verifyallfiles)
-
--   [To verify the status of the files and return only the corrupted files](#bkmk-returncorrupted)
-
-### <a href="" id="bkmk-verifysyntax"></a>The UsmtUtils Syntax for the /verify Option
+## The UsmtUtils syntax for the /verify option
 
 To verify the condition of a compressed migration store, use the following UsmtUtils syntax:
 
-cd /d&lt;USMTpath&gt;usmtutils /verify\[:&lt;reportType&gt;\] &lt;filePath&gt; \[/l:&lt;logfile&gt;\] \[/decrypt \[:&lt;AlgID&gt;\] {/key:&lt;keystring&gt; | /keyfile:&lt;filename&gt;}\]
+> UsmtUtils.exe /verify\[:&lt;*reportType*&gt;\] &lt;*filePath*&gt; \[/l:&lt;*logfile*&gt;\] \[/decrypt \[:&lt;*AlgID*&gt;\] {/key:&lt;*keystring*&gt; | /keyfile:&lt;*filename*&gt;}\]
 
 Where the placeholders have the following values:
 
--   *&lt;USMTpath&gt;* is the location where you have saved the USMT files and tools.
+- *&lt;USMTpath&gt;* is the location where you've saved the USMT files and tools.
 
--   *&lt;reportType&gt;* specifies whether to report on all files, corrupted files only, or the status of the catalog.
+- *&lt;reportType&gt;* specifies whether to report on all files, corrupted files only, or the status of the catalog.
 
--   *&lt;filePath&gt;* is the location of the compressed migration store.
+- *&lt;filePath&gt;* is the location of the compressed migration store.
 
--   *&lt;logfile&gt;* is the location and name of the log file.
+- *&lt;logfile&gt;* is the location and name of the log file.
 
--   *&lt;AlgID&gt;* is the cryptographic algorithm that was used to create the migration store on the **ScanState** command line.
+- *&lt;AlgID&gt;* is the cryptographic algorithm that was used to create the migration store on the `ScanState.exe` command line.
 
--   *&lt;keystring&gt;* is the encryption key that was used to encrypt the migration store.
+- *&lt;keystring&gt;* is the encryption key that was used to encrypt the migration store.
 
--   *&lt;filename&gt;* is the location and name of the text file that contains the encryption key.
+- *&lt;filename&gt;* is the location and name of the text file that contains the encryption key.
 
-### <a href="" id="bkmk-verifyintactstore"></a>To Verify that the Migration Store is Intact
+## To verify that the migration store is intact
 
-To verify whether the migration store is intact or whether it contains corrupted files or a corrupted catalog, type:
+To verify whether the migration store is intact or whether it contains corrupted files or a corrupted catalog, enter:
 
 ``` syntax
-usmtutils /verify D:\MyMigrationStore\store.mig
+UsmtUtils.exe /verify D:\MyMigrationStore\store.mig
 ```
 
-Because no report type is specified, UsmtUtils displays the default summary report.
+Because no report type is specified, **UsmtUtils** displays the default summary report.
 
-### <a href="" id="bkmk-verifycatalog"></a>To Verify the Status of Only the Catalog File
+## To verify the status of only the catalog file
 
-To verify whether the catalog file is corrupted or intact, type:
+To verify whether the catalog file is corrupted or intact, enter:
 
 ``` syntax
-usmtutils /verify:catalog D:\MyMigrationStore\store.mig
+UsmtUtils.exe /verify:catalog D:\MyMigrationStore\store.mig
 ```
 
-### <a href="" id="bkmk-verifyallfiles"></a>To Verify the Status of all Files
+## To verify the status of all files
 
-To verify whether there are any corrupted files in the compressed migration store, and to specify the name and location of the log file, type:
-
-`usmtutils /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt`
-
-In addition to verifying the status of all files, this example decrypts the files. Because no encryption algorithm is specified, UsmtUtils uses the default 3DES cryptographic algorithm.
-
-### <a href="" id="bkmk-returncorrupted"></a>To Verify the Status of the Files and Return Only the Corrupted Files
-
-In this example, the log file will only list the files that became corrupted during the ScanState process. This list will include the catalog file if it is also corrupted.
+To verify whether there are any corrupted files in the compressed migration store, and to specify the name and location of the log file, enter:
 
 ``` syntax
-usmtutils /verify:failureonly D:\MyMigrationStore\USMT\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt
+UsmtUtils.exe /verify:all D:\MyMigrationStore\store.mig /decrypt /l:D:\UsmtUtilsLog.txt`
+```
+
+In addition to verifying the status of all files, this example decrypts the files. Because no encryption algorithm is specified, **UsmtUtils** uses the default 3DES cryptographic algorithm.
+
+## To verify the status of the files and return only the corrupted files
+
+In this example, the log file will only list the files that became corrupted during the **ScanState** process. This list will include the catalog file if it's also corrupted.
+
+``` syntax
+UsmtUtils.exe /verify:failureonly D:\MyMigrationStore\USMT\store.mig /decrypt:AES_192 /keyfile:D:\encryptionKey.txt
 ```
 
 This example also decrypts the files by specifying the cryptographic algorithm and the location of the file that contains the encryption key.
 
-### Next Steps
-
-If the **/verify** option indicates that there are corrupted files in the migration store, you can use the **/extract** option in the UsmtUtils tool to recover data from some corrupted stores. For more information, see [Extract Files from a Compressed USMT Migration Store](usmt-extract-files-from-a-compressed-migration-store.md).
-
-## Related topics
-
-
-[UsmtUtils Syntax](usmt-utilities.md)
-
-[Return Codes](usmt-return-codes.md)
-
- 
-
- 
-
+## Next steps
 
+If the `/verify` option indicates that there are corrupted files in the migration store, you can use the `/extract` option in the **UsmtUtils** tool to recover data from some corrupted stores. For more information, see [Extract files from a compressed USMT migration store](usmt-extract-files-from-a-compressed-migration-store.md).
 
+## Related articles
 
+[UsmtUtils syntax](usmt-utilities.md)
 
+[Return codes](usmt-return-codes.md)
diff --git a/windows/deployment/usmt/xml-file-requirements.md b/windows/deployment/usmt/xml-file-requirements.md
index b080e87c2b..e717e950c9 100644
--- a/windows/deployment/usmt/xml-file-requirements.md
+++ b/windows/deployment/usmt/xml-file-requirements.md
@@ -2,46 +2,36 @@
 title: XML File Requirements (Windows 10)
 description: Learn about the XML file requirements for creating custom .xml files, like the file must be in UTF-8 and have a unique migration URL ID.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/19/2017
+author: frankroj
+ms.date: 11/01/2022
 ms.topic: article
 ms.technology: itpro-deploy
 ---
 
-# XML File Requirements
-
+# XML file requirements
 
 When creating custom .xml files, note the following requirements:
 
--   **The file must be in Unicode Transformation Format-8 (UTF-8).** Save the file in this format, and you must specify the following syntax at the beginning of each .xml file:
+- **The file must be in Unicode Transformation Format-8 (UTF-8).** Save the file in this format, and you must specify the following syntax at the beginning of each .xml file:
 
     ``` xml
     <?xml version="1.0" encoding="UTF-8"?>
     ```
 
--   **The file must have a unique migration URL ID**. The URL ID of each file that you specify on the command line must be different. If two migration .xml files have the same URL ID, the second .xml file that is specified on the command line will not be processed. This is because USMT uses the URL ID to define the components within the file. For example, you must specify the following syntax at the beginning of each file:
+- **The file must have a unique migration URL ID**. The URL ID of each file that you specify on the command line must be different. If two migration .xml files have the same URL ID, the second .xml file that is specified on the command line won't be processed. The second file won't be processed because USMT uses the URL ID to define the components within the file. For example, you must specify the following syntax at the beginning of each file:
 
     ``` xml
     <?xml version="1.0" encoding="UTF-8"?>
     <migration urlid="http://www.microsoft.com/migration/1.0/migxmlext/<CustomFileName>">
     ```
 
--   **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This condition is because the Config.xml file defines the components by the display name and the migration URL ID. For example, specify the following syntax:
+- **Each component in the file must have a display name in order for it to appear in the Config.xml file.** This condition is because the `Config.xml` file defines the components by the display name and the migration URL ID. For example, specify the following syntax:
 
     ``` xml
     <displayName>My Application</displayName>
     ```
 
-For examples of custom .xml files, see [Custom XML Examples](usmt-custom-xml-examples.md).
-
- 
-
- 
-
-
-
-
-
+For examples of custom .xml files, see [Custom XML examples](usmt-custom-xml-examples.md).
diff --git a/windows/deployment/vda-subscription-activation.md b/windows/deployment/vda-subscription-activation.md
index 72cfe2696e..1316467395 100644
--- a/windows/deployment/vda-subscription-activation.md
+++ b/windows/deployment/vda-subscription-activation.md
@@ -2,16 +2,16 @@
 title: Configure VDA for Windows subscription activation
 description: Learn how to configure virtual machines (VMs) to enable Windows 10 Subscription Activation in a Windows Virtual Desktop Access (VDA) scenario.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.custom: seo-marvel-apr2020
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
 ms.topic: how-to
 ms.collection: M365-modern-desktop
-ms.date: 09/26/2022
+ms.date: 10/31/2022
 ---
 
 # Configure VDA for Windows subscription activation
@@ -162,4 +162,4 @@ For Azure AD-joined VMs, follow the same instructions as for [Active Directory-j
 
 [Recommended settings for VDI desktops](/windows-server/remote/remote-desktop-services/rds-vdi-recommendations)
 
-[Whitepaper on licensing the Windows desktop for VDI environments](https://download.microsoft.com/download/9/8/d/98d6a56c-4d79-40f4-8462-da3ecba2dc2c/licensing_windows_desktop_os_for_virtual_machines.pdf)
+[Whitepaper on licensing the Windows desktop for VDI environments](https://download.microsoft.com/download/9/8/d/98d6a56c-4d79-40f4-8462-da3ecba2dc2c/licensing_windows_desktop_os_for_virtual_machines.pdf)
\ No newline at end of file
diff --git a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
index 5b7165a017..cec3e17944 100644
--- a/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-by-proxy-vamt.md
@@ -2,18 +2,18 @@
 title: Activate by Proxy an Active Directory Forest (Windows 10)
 description: Learn how to use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
 # Activate by Proxy an Active Directory Forest
 
-You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest for an isolated workgroup that does not have Internet access. ADBA enables certain volume products to inherit activation from the domain.
+You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate by proxy an Active Directory (AD) forest for an isolated workgroup that doesn't have Internet access. ADBA enables certain volume products to inherit activation from the domain.
 
 > [!IMPORTANT]
 > ADBA is only applicable to *Generic Volume License Keys (GVLKs)* and *KMS Host key (CSVLK)*. To use ADBA, one or more KMS Host keys (CSVLK) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products.
@@ -26,28 +26,29 @@ In a typical proxy-activation scenario, the VAMT host computer distributes a pro
 ## Requirements
 
 Before performing proxy activation, ensure that the network and the VAMT installation meet the following requirements:
-- There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you must also have VAMT installed on one of the computers in the workgroup.
+
+- There's an instance of VAMT that is installed on a computer that has Internet access. If you're performing proxy activation for an isolated workgroup, you must also have VAMT installed on one of the computers in the workgroup.
 - VAMT has administrative permissions to the Active Directory domain.
 
-**To perform an Active Directory forest proxy activation**
+### To perform an Active Directory forest proxy activation
 
-1.  Open VAMT.
-2.  In the left-side pane, click the **Active Directory-Based Activation** node.
-3.  In the right-side **Actions** pane, click **Proxy activate forest** to open the **Install Product Key** dialog box.
-4.  In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to activate.
-5.  If you want to rename the ADBA object, enter a new Active Directory-Based Activation Object name. If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed.
-6.  Enter the name of the file where you want to save the offline installation ID, or browse to the file location and then click **Open**. If you are activating an AD forest in an isolated workgroup, save the .cilx file to a removable media device.
-7.  Click **Install Key**. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane.
-9.  Insert the removable media into the VAMT host that has Internet access. Make sure that you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane.
-10. In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box.
-11. In the **Acquire confirmation IDs for file** dialog box, browse to where the .cilx file you exported from the isolated workgroup host computer is located. Select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and acquires the CIDs.
-12. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows how many confirmation IDs were successfully acquired, and the name of the file to which the IDs were saved. Click **OK** to close the message.
-13. Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated workgroup.
-14. Open VAMT and then click the **Active Directory-Based Activation** node in the left-side pane.
-15. In the right-side **Actions** pane, click **Apply confirmation ID to Active Directory domain**, browse to the .cilx file and then click **Open**.
+1. Open VAMT.
+2. In the left-side pane, select the **Active Directory-Based Activation** node.
+3. In the right-side **Actions** pane, select **Proxy activate forest** to open the **Install Product Key** dialog box.
+4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to activate.
+5. If you want to rename the ADBA object, enter a new Active Directory-Based Activation Object name. If you want to rename the ADBA object, you must do it now. After you select **Install Key**, the name can't be changed.
+6. Enter the name of the file where you want to save the offline installation ID, or browse to the file location and then select **Open**. If you're activating an AD forest in an isolated workgroup, save the `.cilx` file to a removable media device.
+7. Select **Install Key**. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane.
+8. Insert the removable media into the VAMT host that has Internet access. Make sure that you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane.
+9. In the right-side **Actions** pane, select **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box.
+10. In the **Acquire confirmation IDs for file** dialog box, browse to where the `.cilx` file you exported from the isolated workgroup host computer is located. Select the file, and then select **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and acquires the CIDs.
+11. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows how many confirmation IDs were successfully acquired, and the name of the file to which the IDs were saved. Select **OK** to close the message.
+12. Remove the storage device that contains the `.cilx` file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated workgroup.
+13. Open VAMT and then select the **Active Directory-Based Activation** node in the left-side pane.
+14. In the right-side **Actions** pane, select **Apply confirmation ID to Active Directory domain**, browse to the `.cilx` file and then select **Open**.
 
 VAMT displays the **Activating Active Directory** dialog box until it completes the requested action. The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane.
 
-## Related topics
+## Related articles
 
 - [Add and Remove Computers](add-remove-computers-vamt.md)
diff --git a/windows/deployment/volume-activation/activate-forest-vamt.md b/windows/deployment/volume-activation/activate-forest-vamt.md
index c390b22fe3..70940f40ec 100644
--- a/windows/deployment/volume-activation/activate-forest-vamt.md
+++ b/windows/deployment/volume-activation/activate-forest-vamt.md
@@ -2,11 +2,11 @@
 title: Activate an Active Directory Forest Online (Windows 10)
 description: Use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest online.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
@@ -15,33 +15,41 @@ ms.technology: itpro-fundamentals
 
 You can use the Volume Activation Management Tool (VAMT) Active Directory-Based Activation (ADBA) function to activate an Active Directory (AD) forest over the Internet. ADBA enables certain products to inherit activation from the domain.
 
-**Important**  
-ADBA is only applicable to Generic Volume License Keys (GVLKs) and KMS Host keys (CSVLKs). To use ADBA, one or more KMS Host keys (CSVLKs) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products.
+> [!IMPORTANT]
+> ADBA is only applicable to Generic Volume License Keys (GVLKs) and KMS Host keys (CSVLKs). To use ADBA, one or more KMS Host keys (CSVLKs) must be installed on the AD forest, and client keys (GVLKs) must be installed on the client products.
 
 ## Requirements
 
 Before performing online activation, ensure that the network and the VAMT installation meet the following requirements:
--   VAMT is installed on a host computer that has Internet access.
--   VAMT has administrative permissions to the Active Directory domain.
--   The KMS Host key (CSVLK) you intend to use is added to VAMT in the **Product Keys** node.
 
-**To perform an online Active Directory forest activation**
+- VAMT is installed on a host computer that has Internet access.
 
-1.  Open VAMT.
-2.  In the left-side pane, click the **Active Directory-Based Activation** node.
-3.  In the right-side **Actions** pane, click **Online activate forest** to open the **Install Product Key** dialog box.
-4.  In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to apply to the AD forest.
-5.  If required, enter a new Active Directory-Based Activation Object name
+- VAMT has administrative permissions to the Active Directory domain.
 
-    **Important**  
-    If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed.
+- The KMS Host key (CSVLK) you intend to use is added to VAMT in the **Product Keys** node.
 
-6.  Click **Install Key**.
-7.  VAMT displays the **Activating Active Directory** dialog box until it completes the requested action.
+### To perform an online Active Directory forest activation
 
-The activated object and the date that is was created appear in the **Active Directory-Based Activation** node in the center pane.
+1. Open VAMT.
 
-## Related topics
+2. In the left-side pane, select the **Active Directory-Based Activation** node.
+
+3. In the right-side **Actions** pane, select **Online activate forest** to open the **Install Product Key** dialog box.
+
+4. In the **Install Product Key** dialog box, select the KMS Host key (CSVLK) that you want to apply to the AD forest.
+
+5. If necessary, enter a new Active Directory-Based Activation Object name.
+
+    > [!IMPORTANT]
+    > If you want to rename the ADBA object, you must do it now. After you click **Install Key**, the name cannot be changed.
+
+6. Select **Install Key**.
+
+7. VAMT displays the **Activating Active Directory** dialog box until it completes the requested action.
+
+The activated object and the date that it was created appear in the **Active Directory-Based Activation** node in the center pane.
+
+## Related articles
 
 - [Scenario 1: Online Activation](scenario-online-activation-vamt.md)
 - [Add and Remove Computers](add-remove-computers-vamt.md)
diff --git a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
index 2c413491c3..c19e08bdbc 100644
--- a/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
+++ b/windows/deployment/volume-activation/activate-using-active-directory-based-activation-client.md
@@ -1,40 +1,36 @@
 ---
 title: Activate using Active Directory-based activation
 description: Learn how active directory-based activation is implemented as a role service that relies on AD DS to store activation objects.
-manager: dougeby
-author: aczechowski
-ms.author: aaroncz
+manager: aaroncz
+author: frankroj
+ms.author: frankroj
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
-ms.date: 09/16/2022
+ms.date: 11/07/2022
 ms.topic: how-to
 ms.collection: highpri
 ---
 
 # Activate using Active Directory-based activation
 
-**Applies to supported versions of**
-
-- Windows
-- Windows Server
-- Office
+(*Applies to: Windows, Windows Server, Office*)
 
 > [!TIP]
 > Are you looking for information on retail activation?
 >
-> - [Product activation for Windows](https://support.microsoft.com/windows/product-activation-for-windows-online-support-telephone-numbers-35f6a805-1259-88b4-f5e9-b52cccef91a0)
-> - [Activate Windows](https://support.microsoft.com/windows/activate-windows-c39005d4-95ee-b91e-b399-2820fda32227)
+> - [Activate Windows](https://support.microsoft.com/help/12440/)
+> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
-Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that you update the forest schema using *adprep.exe* on a supported server OS. After the schema is updated, older domain controllers can still activate clients.
+Active Directory-based activation is implemented as a role service that relies on AD DS to store activation objects. Active Directory-based activation requires that you update the forest schema using `adprep.exe` on a supported server OS. After the schema is updated, older domain controllers can still activate clients.
 
 Any domain-joined computers running a supported OS with a Generic Volume License Key (GVLK) will be activated automatically and transparently. They'll stay activated as long as they remain members of the domain and maintain periodic contact with a domain controller. Activation takes place after the Licensing service starts. When this service starts, the computer contacts AD DS automatically, receives the activation object, and is activated without user intervention.
 
-To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10.
+To allow computers with GVLKs to activate themselves, use the Volume Activation Tools console, or the [Volume Activation Management Tool (VAMT)](volume-activation-management-tool.md) in earlier versions of Windows Server to create an object in the AD DS forest. You create this activation object by submitting a KMS host key to Microsoft, as shown in Figure 10.
 
 The process proceeds as follows:
 
-1. Do _one_ of the following tasks:
+1. Do *one* of the following tasks:
 
     - Install the Volume Activation Services server role on a domain controller. Then add a KMS host key by using the Volume Activation Tools Wizard.
 
@@ -134,6 +130,6 @@ To verify your Active Directory-based activation configuration, complete the fol
     >
     > To manage individual activations or apply multiple (mass) activations, use the [VAMT](./volume-activation-management-tool.md).
 
-## See also
+## Related articles
 
 [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
index 6fdacc0acb..0d3d2d93aa 100644
--- a/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
+++ b/windows/deployment/volume-activation/activate-using-key-management-service-vamt.md
@@ -1,12 +1,12 @@
 ---
 title: Activate using Key Management Service (Windows 10)
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: How to activate using Key Management Service in Windows 10.
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
-ms.date: 10/16/2017
+ms.date: 11/07/2022
 ms.topic: article
 ms.collection: highpri
 ms.technology: itpro-fundamentals
@@ -14,32 +14,26 @@ ms.technology: itpro-fundamentals
 
 # Activate using Key Management Service
 
-**Applies to**
+(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*)
 
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
+> [!TIP]
+> Are you looking for information on retail activation?
+>
+> - [Activate Windows](https://support.microsoft.com/help/12440/)
+> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
-**Looking for retail activation?**
+There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host:
 
-- [Get Help Activating Microsoft Windows 10](https://support.microsoft.com/help/12440/)
-- [Get Help Activating Microsoft Windows 7 or Windows 8.1 ](https://go.microsoft.com/fwlink/p/?LinkId=618644)
-
-There are three possible scenarios for volume activation of Windows 10 or Windows Server 2012 R2 by using a Key Management Service (KMS) host:
-
-- Host KMS on a computer running Windows 10
-- Host KMS on a computer running Windows Server 2012 R2
+- Host KMS on a computer running Windows 10
+- Host KMS on a computer running Windows Server 2012 R2
 - Host KMS on a computer running an earlier version of Windows
 
 Check out [Windows 10 Volume Activation Tips](/archive/blogs/askcore/windows-10-volume-activation-tips).
 
-## Key Management Service in Windows 10
+## Key Management Service in Windows 10
+
+Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7.
 
-Installing a KMS host key on a computer running Windows 10 allows you to activate other computers running Windows 10 against this KMS host and earlier versions of the client operating system, such as Windows 8.1 or Windows 7.
 Clients locate the KMS server by using resource records in DNS, so some configuration of DNS may be required. This scenario can be beneficial if your organization uses volume activation for clients and MAK-based activation for a smaller number of servers.
 To enable KMS functionality, a KMS key is installed on a KMS host; then, the host is activated over the Internet or by phone using Microsoft activation services.
 
@@ -55,11 +49,11 @@ To activate, use the slmgr.vbs command. Open an elevated command prompt and run
   3. Follow the voice prompts and write down the responded 48-digit confirmation ID for OS activation.
   4. Run `slmgr.vbs /atp \<confirmation ID\>`.
 
-For more information, see the information for Windows 7 in [Deploy KMS Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn502531(v=ws.11)).
+For more information, see the information for Windows 7 in [Deploy KMS Activation](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn502531(v=ws.11)).
 
-## Key Management Service in Windows Server 2012 R2
+## Key Management Service in Windows Server 2012 R2
 
-Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
+Installing a KMS host key on a computer running Windows Server allows you to activate computers running Windows Server 2012 R2, Windows Server 2008 R2, Windows Server 2008, Windows 10, Windows 8.1, Windows 7, and Windows Vista.
 
 > [!NOTE]
 > You cannot install a client KMS key into the KMS in Windows Server.
@@ -67,9 +61,9 @@ Installing a KMS host key on a computer running Windows Server allows you to act
 This scenario is commonly used in larger organizations that do not find the overhead of using a server a burden.
 
 > [!NOTE]
-> If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](/troubleshoot/windows-server/deployment/error-0xc004f015-activate-windows-10).
+> If you receive error 0xC004F015 when trying to activate Windows 10 Enterprise, see [KB 3086418](/troubleshoot/windows-server/deployment/error-0xc004f015-activate-windows-10).
 
-### Configure KMS in Windows Server 2012 R2
+### Configure KMS in Windows Server 2012 R2
 
 1. Sign in to a computer running Windows Server 2012 R2 with an account that has local administrative credentials.
 2. Launch Server Manager.
@@ -115,26 +109,26 @@ Now that the KMS host is configured, it will begin to listen for activation requ
 
 ## Verifying the configuration of Key Management Service
 
-You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message.
+You can verify KMS volume activation from the KMS host server or from the client computer. KMS volume activation requires a minimum threshold of 25 computers before activation requests will be processed. The verification process described here will increment the activation count each time a client computer contacts the KMS host, but unless the activation threshold is reached, the verification will take the form of an error message rather than a confirmation message.
 
 > [!NOTE]
-> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2.
+> If you configured Active Directory-based activation before configuring KMS activation, you must use a client computer that will not first try to activate itself by using Active Directory-based activation. You could use a workgroup computer that is not joined to a domain or a computer running Windows 7 or Windows Server 2008 R2.
 
 To verify that KMS volume activation works, complete the following steps:
 
 1. On the KMS host, open the event log and confirm that DNS publishing is successful.
-2. On a client computer, open a Command Prompt window, type **Slmgr.vbs /ato**, and then press ENTER.
+2. On a client computer, open a Command Prompt window, type `Slmgr.vbs /ato`, and then press ENTER.
 
-   The **/ato** command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information.
-3. On a client computer or the KMS host, open an elevated Command Prompt window, type **Slmgr.vbs /dlv**, and then press ENTER.
+   The `/ato` command causes the operating system to attempt activation by using whichever key has been installed in the operating system. The response should show the license state and detailed Windows version information.
+3. On a client computer or the KMS host, open an elevated Command Prompt window, type `Slmgr.vbs /dlv`, and then press ENTER.
 
-   The **/dlv** command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated.
+   The `/dlv` command displays the detailed licensing information. The response should return an error that states that the KMS activation count is too low. This confirms that KMS is functioning correctly, even though the client has not been activated.
 
 For more information about the use and syntax of slmgr.vbs, see [Slmgr.vbs Options](/windows-server/get-started/activation-slmgr-vbs-options).
 
 ## Key Management Service in earlier versions of Windows
 
-If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps:
+If you have already established a KMS infrastructure in your organization for an earlier version of Windows, you may want to continue using that infrastructure to activate computers running Windows 10 or Windows Server 2012 R2. Your existing KMS host must be running Windows 7 or later. To upgrade your KMS host, complete the following steps:
 
 1. Download and install the correct update for your current KMS host operating system. Restart the computer as directed.
 2. Request a new KMS host key from the Volume Licensing Service Center.
@@ -143,6 +137,6 @@ If you have already established a KMS infrastructure in your organization for an
 
 For detailed instructions, see [Update that enables Windows 8.1 and Windows 8 KMS hosts to activate a later version of Windows](https://go.microsoft.com/fwlink/p/?LinkId=618265) and [Update that enables Windows 7 and Windows Server 2008 R2 KMS hosts to activate Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=626590).
 
-## See also
+## Related articles
 
 - [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
index 36d3961a3f..3becdf4dae 100644
--- a/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
+++ b/windows/deployment/volume-activation/activate-windows-10-clients-vamt.md
@@ -1,59 +1,61 @@
 ---
 title: Activate clients running Windows 10 (Windows 10)
-description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy.
+description: After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
 # Activate clients running Windows 10
 
-**Applies to**
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012 R2
--   Windows Server 2012
--   Windows Server 2008 R2
+(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*)
 
-**Looking for retail activation?**
+> [!TIP]
+> Are you looking for information on retail activation?
+>
+> - [Activate Windows](https://support.microsoft.com/help/12440/)
+> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
--   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works.
 
-After you have configured Key Management Service (KMS) or Active Directory-based activation on your network, activating a client running Windows 10 is easy. If the computer has been configured with a Generic Volume License Key (GVLK), neither IT nor the user need take any action. It just works.
 Enterprise edition images and installation media should already be configured with the GVLK. When the client computer starts, the Licensing service examines the current licensing condition of the computer.
-If activation or reactivation is required, the following sequence occurs:
-1.  If the computer is a member of a domain, it asks a domain controller for a volume activation object. If Active Directory-based activation is configured, the domain controller returns the object. If the object matches the edition of the software that is installed and the computer has a matching GVLK, the computer is activated (or reactivated), and it will not need to be activated again for 180 days, although the operating system will attempt reactivation at much shorter, regular intervals.
-2.  If the computer is not a member of a domain or if the volume activation object is not available, the computer will issue a DNS query to attempt to locate a KMS server. If a KMS server can be contacted, activation occurs if the KMS has a key that matches the computer’s GVLK.
-3.  The computer tries to activate against Microsoft servers if it is configured with a MAK.
 
-If the client is not able to activate itself successfully, it will periodically try again. The frequency of the retry attempts depends on the current licensing state and whether the client computer has been successfully activated in the past. For example, if the client computer had been previously activated by Active Directory-based activation, it will periodically try to contact the domain controller at each restart.
+If activation or reactivation is required, the following sequence occurs:
+
+1. If the computer is a member of a domain, it asks a domain controller for a volume activation object. If Active Directory-based activation is configured, the domain controller returns the object. If the object matches the edition of the software that is installed and the computer has a matching GVLK, the computer is activated (or reactivated), and it will not need to be activated again for 180 days, although the operating system will attempt reactivation at much shorter, regular intervals.
+
+2. If the computer isn't a member of a domain or if the volume activation object isn't available, the computer will issue a DNS query to attempt to locate a KMS server. If a KMS server can be contacted, activation occurs if the KMS has a key that matches the computer's GVLK.
+
+3. The computer tries to activate against Microsoft servers if it's configured with a MAK.
+
+If the client isn't able to activate itself successfully, it will periodically try again. The frequency of the retry attempts depends on the current licensing state and whether the client computer has been successfully activated in the past. For example, if the client computer had been previously activated by Active Directory-based activation, it will periodically try to contact the domain controller at each restart.
 
 ## How Key Management Service works
 
-KMS uses a client–server topology. KMS client computers can locate KMS host computers by using DNS or a static configuration. KMS clients contact the KMS host by using RPCs carried over TCP/IP.
+KMS uses a client-server topology. KMS client computers can locate KMS host computers by using DNS or a static configuration. KMS clients contact the KMS host by using RPCs carried over TCP/IP.
 
 ### Key Management Service activation thresholds
 
 You can activate physical computers and virtual machines by contacting a KMS host. To qualify for KMS activation, there must be a minimum number of qualifying computers (called the activation threshold). KMS clients will be activated only after this threshold has been met. Each KMS host counts the number of computers that have requested activation until the threshold is met.
 
-A KMS host responds to each valid activation request from a KMS client with the count of how many computers have already contacted the KMS host for activation. Client computers that receive a count below the activation threshold are not activated. For example, if the first two computers that contact the KMS host are running Windows 10, the first receives an activation count of 1, and the second receives an activation count of 2. If the next computer is a virtual machine on a computer running Windows 10, it receives an activation count of 3, and so on. None of these computers will be activated, because computers running Windows 10, like other client operating system versions, must receive an activation count of 25 or more.
-When KMS clients are waiting for the KMS to reach the activation threshold, they will connect to the KMS host every two hours to get the current activation count. They will be activated when the threshold is met.
+A KMS host responds to each valid activation request from a KMS client with the count of how many computers have already contacted the KMS host for activation. Client computers that receive a count below the activation threshold aren't activated. For example, if the first two computers that contact the KMS host are running Windows 10, the first receives an activation count of 1, and the second receives an activation count of 2. If the next computer is a virtual machine on a computer running Windows 10, it receives an activation count of 3, and so on. None of these computers will be activated, because computers running Windows 10, like other client operating system versions, must receive an activation count of 25 or more.
 
-In our example, if the next computer that contacts the KMS host is running Windows Server 2012 R2, it receives an activation count of 4, because activation counts are cumulative. If a computer running Windows Server 2012 R2 receives an activation count that is 5 or more, it is activated. If a computer running Windows 10 receives an activation count of 25 or more, it is activated.
+When KMS clients are waiting for the KMS to reach the activation threshold, they'll connect to the KMS host every two hours to get the current activation count. They'll be activated when the threshold is met.
+
+In our example, if the next computer that contacts the KMS host is running Windows Server 2012 R2, it receives an activation count of 4, because activation counts are cumulative. If a computer running Windows Server 2012 R2 receives an activation count that is 5 or more, it's activated. If a computer running Windows 10 receives an activation count of 25 or more, it's activated.
 
 ### Activation count cache
 
-To track the activation threshold, the KMS host keeps a record of the KMS clients that request activation. The KMS host gives each KMS client a client ID designation, and the KMS host saves each client ID in a table. By default, each activation request remains in the table for up to 30 days. When a client renews its activation, the cached client ID is removed from the table, a new record is created, and the 30day period begins again. If a KMS client computer does not renew its activation within 30 days, the KMS host removes the corresponding client ID from the table and reduces the activation count by one.
-However, the KMS host only caches twice the number of client IDs that are required to meet the activation threshold. Therefore, only the 50 most recent client IDs are kept in the table, and a client ID could be removed much sooner than 30 days.
-The total size of the cache is set by the type of client computer that is attempting to activate. If a KMS host receives activation requests only from servers, the cache will hold only 10 client IDs (twice the required 5). If a client computer running Windows 10 contacts that KMS host, KMS increases the cache size to 50 to accommodate the higher threshold. KMS never reduces the cache size.
+To track the activation threshold, the KMS host keeps a record of the KMS clients that request activation. The KMS host gives each KMS client a client ID designation, and the KMS host saves each client ID in a table. By default, each activation request remains in the table for up to 30 days. When a client renews its activation, the cached client ID is removed from the table, a new record is created, and the 30 day period begins again. If a KMS client computer doesn't renew its activation within 30 days, the KMS host removes the corresponding client ID from the table and reduces the activation count by one.
+
+However, the KMS host only caches twice the number of client IDs that are required to meet the activation threshold. Therefore, only the 50 most recent client IDs are kept in the table, and a client ID could be removed much sooner than 30 days.
+The total size of the cache is set by the type of client computer that is attempting to activate. If a KMS host receives activation requests only from servers, the cache will hold only 10 client IDs (twice the required 5). If a client computer running Windows 10 contacts that KMS host, KMS increases the cache size to 50 to accommodate the higher threshold. KMS never reduces the cache size.
 
 ### Key Management Service connectivity
 
@@ -61,63 +63,67 @@ KMS activation requires TCP/IP connectivity. By default, KMS hosts and clients u
 
 ### Key Management Service activation renewal
 
-KMS activations are valid for 180 days (the *activation validity interval*). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days. By default, KMS client computers attempt to renew their activation every 7 days. If KMS activation fails, the client computer retries every two hours. After a client computer’s activation is renewed, the activation validity interval begins again.
+KMS activations are valid for 180 days (the *activation validity interval*). To remain activated, KMS client computers must renew their activation by connecting to the KMS host at least once every 180 days. By default, KMS client computers attempt to renew their activation every seven days. If KMS activation fails, the client computer retries every two hours. After a client computer's activation is renewed, the activation validity interval begins again.
 
 ### Publication of the Key Management Service
 
-The KMS uses service (SRV) resource records in DNS to store and communicate the locations of KMS hosts. KMS hosts use the DNS dynamic update protocol, if available, to publish the KMS service (SRV) resource records. If dynamic update is not available or the KMS host does not have rights to publish the resource records, the DNS records must be published manually, or you must configure client computers to connect to specific KMS hosts.
+The KMS uses service (SRV) resource records in DNS to store and communicate the locations of KMS hosts. KMS hosts use the DNS dynamic update protocol, if available, to publish the KMS service (SRV) resource records. If dynamic update isn't available or the KMS host doesn't have rights to publish the resource records, the DNS records must be published manually, or you must configure client computers to connect to specific KMS hosts.
 
 ### Client discovery of the Key Management Service
 
 By default, KMS client computers query DNS for KMS information. The first time a KMS client computer queries DNS for KMS information, it randomly chooses a KMS host from the list of service (SRV) resource records that DNS returns. The address of a DNS server that contains the service (SRV) resource records can be listed as a suffixed entry on KMS client computers, which allows one DNS server to advertise the service (SRV) resource records for KMS, and KMS client computers with other primary DNS servers to find it.
-Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters.
-If the KMS host that a client computer selects does not respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host does not respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records.
-By default, client computers connect to the KMS host for activation by using anonymous RPCs through TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client computer sends a single request packet. The KMS host responds with the activation count. If the count meets or exceeds the activation threshold for that operating system, the client computer is activated and the session is closed. The KMS client computer uses this same process for renewal requests. 250 bytes are used for communication each way.
+
+Priority and weight parameters can be added to the DnsDomainPublishList registry value for KMS. Establishing KMS host priority groupings and weighting within each group allows you to specify which KMS host the client computers should try first and balances traffic among multiple KMS hosts. Only Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 provide these priority and weight parameters.
+
+If the KMS host that a client computer selects doesn't respond, the KMS client computer removes that KMS host from its list of service (SRV) resource records and randomly selects another KMS host from the list. When a KMS host responds, the KMS client computer caches the name of the KMS host and uses it for subsequent activation and renewal attempts. If the cached KMS host doesn't respond on a subsequent renewal, the KMS client computer discovers a new KMS host by querying DNS for KMS service (SRV) resource records.
+
+By default, client computers connect to the KMS host for activation by using anonymous RPCs through TCP port 1688. (You can change the default port.) After establishing a TCP session with the KMS host, the client computer sends a single request packet. The KMS host responds with the activation count. If the count meets or exceeds the activation threshold for that operating system, the client computer is activated, and the session is closed. The KMS client computer uses this same process for renewal requests. 250 bytes are used for communication each way.
 
 ### Domain Name System server configuration
 
-The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update.
-The KMS host must be configured so that it has the credentials needed to create and update the following resource records on the DNS servers: service (SRV), IPv4 host (A), and IPv6 host (AAAA), or the records need to be created manually. The recommended solution for giving the KMS host the needed credentials is to create a security group in AD DS, then add all KMS hosts to that group. On a DNS server that is running Microsoft software, ensure that this security group is given full control over the \_VLMCS.\_TCP record in each DNS domain that will contain the KMS service (SRV) resource records.
+The default KMS automatic publishing feature requires the service (SRV) resource record and support for DNS dynamic update protocol. KMS client computer default behavior and the KMS service (SRV) resource record publishing are supported on a DNS server that is running Microsoft software or any other DNS server that supports service (SRV) resource records (per Internet Engineering Task Force \[IETF\] Request for Comments \[RFC\] 2782) and dynamic updates (per IETF RFC 2136). For example, Berkeley Internet Domain Name versions 8.x and 9.x support service (SRV) resource records and dynamic update.
+The KMS host must be configured so that it has the credentials needed to create and update the following resource records on the DNS servers: service (SRV), IPv4 host (A), and IPv6 host (AAAA), or the records need to be created manually. The recommended solution for giving the KMS host the needed credentials is to create a security group in AD DS, then add all KMS hosts to that group. On a DNS server that is running Microsoft software, ensure that this security group is given full control over the \_VLMCS.\_TCP record in each DNS domain that will contain the KMS service (SRV) resource records.
 
 ### Activating the first Key Management Service host
 
-KMS hosts on the network need to install a KMS key, and then be activated with Microsoft. Installation of a KMS key enables the KMS on the KMS host. After installing the KMS key, complete the activation of the KMS host by telephone or online. Beyond this initial activation, a KMS host does not communicate any information to Microsoft. KMS keys are only installed on KMS hosts, never on individual KMS client computers.
+KMS hosts on the network need to install a KMS key, and then be activated with Microsoft. Installation of a KMS key enables the KMS on the KMS host. After installing the KMS key, complete the activation of the KMS host by telephone or online. Beyond this initial activation, a KMS host doesn't communicate any information to Microsoft. KMS keys are only installed on KMS hosts, never on individual KMS client computers.
 
 ### Activating subsequent Key Management Service hosts
 
-Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization’s KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
+Each KMS key can be installed on up to six KMS hosts. These hosts can be physical computers or virtual machines. After activating a KMS host, the same host can be reactivated up to nine times with the same key. If the organization needs more than six KMS hosts, you can request additional activations for your organization's KMS key by calling a Microsoft Volume [Licensing Activation Center](https://go.microsoft.com/fwlink/p/?LinkID=618264) to request an exception.
 
 ## How Multiple Activation Key works
 
-A MAK is used for one-time activation with Microsoft’s hosted activation services. Each MAK has a predetermined number of allowed activations. This number is based on volume licensing agreements, and it might not match the organization’s exact license count. Each activation that uses a MAK with the Microsoft hosted activation service counts toward the activation limit.
+A MAK is used for one-time activation with Microsoft's hosted activation services. Each MAK has a predetermined number of allowed activations. This number is based on volume licensing agreements, and it might not match the organization's exact license count. Each activation that uses a MAK with the Microsoft hosted activation service counts toward the activation limit.
 
 You can activate computers by using a MAK in two ways:
--   **MAK independent activation**. Each computer independently connects and is activated with Microsoft over the Internet or by telephone. MAK independent activation is best suited to computers within an organization that do not maintain a connection to the corporate network. MAK independent activation is shown in Figure 16.
+
+- **MAK independent activation**. Each computer independently connects and is activated with Microsoft over the Internet or by telephone. MAK independent activation is best suited to computers within an organization that don't maintain a connection to the corporate network. MAK independent activation is shown in Figure 16.
 
     ![MAK independent activation.](../images/volumeactivationforwindows81-16.jpg)
-    
+
     **Figure 16**. MAK independent activation
--   **MAK proxy activation**. MAK proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. You configure MAK proxy activation by using the VAMT. MAK proxy activation is appropriate for environments in which security concerns restrict direct access to the Internet or the corporate network. It is also suited for development and test labs that lack this connectivity. MAK proxy activation with the VAMT is shown in Figure 17.
+
+- **MAK proxy activation**. MAK proxy activation enables a centralized activation request on behalf of multiple computers with one connection to Microsoft. You configure MAK proxy activation by using the VAMT. MAK proxy activation is appropriate for environments in which security concerns restrict direct access to the Internet or the corporate network. It's also suited for development and test labs that lack this connectivity. MAK proxy activation with the VAMT is shown in Figure 17.
 
     ![MAK proxy activation with the VAMT.](../images/volumeactivationforwindows81-17.jpg)
-    
+
     **Figure 17**. MAK proxy activation with the VAMT
 
-A MAK is recommended for computers that rarely or never connect to the corporate network and for environments in which the number of computers that require activation does not meet the KMS activation threshold.
+A MAK is recommended for computers that rarely or never connect to the corporate network and for environments in which the number of computers that require activation doesn't meet the KMS activation threshold.
 
-You can use a MAK for individual computers or with an image that can be duplicated or installed by using Microsoft deployment solutions. You can also use a MAK on a computer that was originally configured to use KMS activation. This is useful for moving a computer off the core network to a disconnected environment.
+You can use a MAK for individual computers or with an image that can be duplicated or installed using Microsoft deployment solutions. You can also use a MAK on a computer that was originally configured to use KMS activation. Switching from KMS to a MAK is useful for moving a computer off the core network to a disconnected environment.
 
 ### Multiple Activation Key architecture and activation
 
 MAK independent activation installs a MAK product key on a client computer. The key instructs that computer to activate itself with Microsoft servers over the Internet.
+
 In MAK proxy activation, the VAMT installs a MAK product key on a client computer, obtains the installation ID from the target computer, sends the installation ID to Microsoft on behalf of the client, and obtains a confirmation ID. The tool then activates the client computer by installing the confirmation ID.
 
 ## Activating as a standard user
 
-Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 do not require administrator privileges for activation, but this change does not allow standard user accounts to remove computers running Windows 7 or Windows Server 2008 R2 from the activated state. An administrator account is still required for other activation- or license-related tasks, such as “rearm.”
+Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, and Windows Server 2008 R2 don't require administrator privileges for activation, but this change doesn't allow standard user accounts to remove computers running Windows 7 or Windows Server 2008 R2 from the activated state. An administrator account is still required for other activation- or license-related tasks, such as "rearm."
 
-## See also
+## Related articles
 
--   [Volume Activation for Windows 10](volume-activation-windows-10.md)
- 
- 
+- [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/active-directory-based-activation-overview.md b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
index 3b0a290815..0fb8970234 100644
--- a/windows/deployment/volume-activation/active-directory-based-activation-overview.md
+++ b/windows/deployment/volume-activation/active-directory-based-activation-overview.md
@@ -2,39 +2,38 @@
 title: Active Directory-Based Activation Overview (Windows 10)
 description: Enable your enterprise to activate its computers through a connection to their domain using Active Directory-Based Activation (ADBA).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 12/07/2018
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
 # Active Directory-Based Activation overview
 
-Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the company’s domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it is distributed throughout the domain.
+Active Directory-Based Activation (ADBA) enables enterprises to activate computers through a connection to their domain. Many companies have computers at offsite locations that use products that are registered to the company. Previously these computers needed to either use a retail key or a Multiple Activation Key (MAK), or physically connect to the network in order to activate their products by using Key Management Services (KMS). ADBA provides a way to activate these products if the computers can join the company's domain. When the user joins their computer to the domain, the ADBA object automatically activates Windows installed on their computer, as long as the computer has a Generic Volume License Key (GVLK) installed. No single physical computer is required to act as the activation object, because it's distributed throughout the domain.
 
 ## ADBA scenarios
 
 You might use ADBA if you only want to activate domain joined devices.
 
-If you have a server hosting the KMS service, it can be necessary to reactivate licenses if the server is replaced with a new host. This is not necessary When ADBA is used. 
+If you have a server hosting the KMS service, it can be necessary to reactivate licenses if the server is replaced with a new host. Reactivating licenses isn't necessary When ADBA is used.
 
-ADBA can also make load balancing easier when multiple KMS servers are present since the client can connect to any domain controller. This is simpler than using the DNS service to load balance by configuring priority and weight values.
-
-Some VDI solutions also require that new clients activate during creation before they are added to the pool. In this scenario, ADBA can eliminate potential VDI issues that might arise due to a KMS outage. 
+ADBA can also make load balancing easier when multiple KMS servers are present since the client can connect to any domain controller. ADBA is simpler than using the DNS service to load balance by configuring priority and weight values.
 
+Some VDI solutions also require that new clients activate during creation before they're added to the pool. In this VDI scenario, ADBA can eliminate potential VDI issues that might arise due to a KMS outage.
 
 ## ADBA methods
 
 VAMT enables IT Professionals to manage and activate the ADBA object. Activation can be performed using the following methods:
--   Online activation: To activate an ADBA forest online, the user selects the **Online activate forest** function, selects a KMS Host key (CSVLK) to use, and gives the ADBA Object a name.
--   Proxy activation: For a proxy activation, the user first selects the **Proxy activate forest** function, selects a KMS Host key (CSVLK) to use, gives the ADBA Object a name, and provides a file name to save the CILx file that contains the Installation ID. Next, the user takes that file to a computer that is running VAMT with an Internet connection and then selects the **Acquire confirmation IDs for CILX** function on the VAMT landing page, and provides the original CILx file. When VAMT has loaded the Confirmation IDs into the original CILx file, the user takes this file back to the original VAMT instance, where the user completes the proxy activation process by selecting the **Apply confirmation ID to Active Directory domain** function.
 
-## Related topics
+- Online activation: To activate an ADBA forest online, the user selects the **Online activate forest** function, selects a KMS Host key (CSVLK) to use, and gives the ADBA Object a name.
+
+- Proxy activation: For a proxy activation, the user first selects the **Proxy activate forest** function, selects a KMS Host key (CSVLK) to use, gives the ADBA Object a name, and provides a file name to save the CILx file that contains the Installation ID. Next, the user takes that file to a computer that is running VAMT with an Internet connection and then selects the **Acquire confirmation IDs for CILX** function on the VAMT landing page, and provides the original CILx file. When VAMT has loaded the Confirmation IDs into the original CILx file, the user takes this file back to the original VAMT instance, where the user completes the proxy activation process by selecting the **Apply confirmation ID to Active Directory domain** function.
+
+## Related articles
 
 - [How to Activate an Active Directory Forest Online](./activate-forest-vamt.md)
 - [How to Proxy Activate an Active Directory Forest](./activate-forest-by-proxy-vamt.md)
- 
- 
diff --git a/windows/deployment/volume-activation/add-manage-products-vamt.md b/windows/deployment/volume-activation/add-manage-products-vamt.md
index 5250a833f9..5f9bfce03d 100644
--- a/windows/deployment/volume-activation/add-manage-products-vamt.md
+++ b/windows/deployment/volume-activation/add-manage-products-vamt.md
@@ -2,26 +2,23 @@
 title: Add and Manage Products (Windows 10)
 description: Add client computers into the Volume Activation Management Tool (VAMT). After you add the computers, you can manage the products that are installed on your network.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Add and Manage Products
+# Add and manage products
 
 This section describes how to add client computers into the Volume Activation Management Tool (VAMT). After the computers are added, you can manage the products that are installed on your network.
 
 ## In this Section
 
-|Topic |Description |
-|------|------------|
+|Article |Description |
+|-------|------------|
 |[Add and Remove Computers](add-remove-computers-vamt.md) |Describes how to add client computers to VAMT. |
 |[Update Product Status](update-product-status-vamt.md) |Describes how to update the status of product license. |
 |[Remove Products](remove-products-vamt.md) |Describes how to remove a product from the product list. |
- 
- 
- 
diff --git a/windows/deployment/volume-activation/add-remove-computers-vamt.md b/windows/deployment/volume-activation/add-remove-computers-vamt.md
index 66868c46dd..95bad2b880 100644
--- a/windows/deployment/volume-activation/add-remove-computers-vamt.md
+++ b/windows/deployment/volume-activation/add-remove-computers-vamt.md
@@ -2,59 +2,73 @@
 title: Add and Remove Computers (Windows 10)
 description: The Discover products function on the Volume Activation Management Tool (VAMT) allows you to search the Active Directory domain or a general LDAP query.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Add and Remove Computers
+# Add and remove computers
 
 You can add computers that have any of the supported Windows or Office products installed to a Volume Activation Management Tool (VAMT) database by using the **Discover products** function. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query. You can remove computers from a VAMT database by using the **Delete** function. After you add the computers, you can add the products that are installed on the computers by running the **Update license status** function.
 
-Before adding computers, ensure that the Windows Management Instrumentation (WMI) firewall exception required by VAMT has been enabled on all target computers. For more information see [Configure Client Computers](configure-client-computers-vamt.md).
+Before adding computers, ensure that the Windows Management Instrumentation (WMI) firewall exception required by VAMT has been enabled on all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
 
 ## To add computers to a VAMT database
 
-1.  Open VAMT.
-2.  Click **Discover products** in the **Actions** menu in the right-side pane to open the **Discover Products** dialog box.
-3.  In the **Discover products** dialog box, click **Search for computers in the Active Directory** to display the search options, then click the search option you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query.
-    -   To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**, then under **Domain Filter Criteria**, in the list of domain names click the name of the domain you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
-    -   To search by individual computer name or IP address, click **Manually enter name or IP address**, then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing.
-    -   To search for computers in a workgroup, click **Search for computers in the workgroup**, then under **Workgroup Filter Criteria**, in the list of workgroup names click the name of the workgroup you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
-    -   To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box provided. VAMT will validate only the LDAP query syntax, but will otherwise run the query without further checks.
-4.  Click **Search**.
-5.  VAMT searches for the specified computers and adds them to the VAMT database. During the search, VAMT displays the **Finding computers** message shown below.
-    To cancel the search, click **Cancel**. When the search is complete the names of the newly-discovered computers appear in the product list view in the center pane.
-    
+1. Open VAMT.
+
+2. Select **Discover products** in the **Actions** menu in the right-side pane to open the **Discover Products** dialog box.
+
+3. In the **Discover products** dialog box, select **Search for computers in the Active Directory** to display the search options, then select the search option you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query.
+
+    - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**, then under **Domain Filter Criteria**, in the list of domain names select the name of the domain you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
+
+    - To search by individual computer name or IP address, select **Manually enter name or IP address**, then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. VAMT supports both IPv4 and IPV6 addressing.
+
+    - To search for computers in a workgroup, select **Search for computers in the workgroup**, then under **Workgroup Filter Criteria**, in the list of workgroup names select the name of the workgroup you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer within the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
+
+    - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box provided. VAMT will validate only the LDAP query syntax, but will otherwise run the query without further checks.
+
+4. Select **Search**.
+
+5. VAMT searches for the specified computers and adds them to the VAMT database. During the search, VAMT displays the **Finding computers** message shown below.
+
+    To cancel the search, select **Cancel**. When the search is complete, the names of the newly discovered computers appear in the product list view in the center pane.
+
     ![VAMT, Finding computers dialog box.](images/dep-win8-l-vamt-findingcomputerdialog.gif)
-    
-    **Important**  
-    This step adds only the computers to the VAMT database, and not the products that are installed on the computers. To add the products, you need to run the **Update license status** function.
-    
+
+    > [!IMPORTANT]
+    > This step adds only the computers to the VAMT database, and not the products that are installed on the computers. To add the products, you need to run the **Update license status** function.
+
 ## To add products to VAMT
 
-1.  In the **Products** list, select the computers that need to have their product information added to the VAMT database.
-2.  You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-3.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-4.  Click **Filter**. VAMT displays the filtered list in the center pane.
-5.  In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer. If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
-6.  VAMT displays the **Collecting product information** dialog box while it collects the licensing status of all supported products on the selected computers. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane.
+1. In the **Products** list, select the computers that need to have their product information added to the VAMT database.
 
-    **Note**  
+2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+4. Select **Filter**. VAMT displays the filtered list in the center pane.
+
+5. In the right-side **Actions** pane, select **Update license status** and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials different from the ones you used to log into the computer. If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and select **OK**.
+
+6. VAMT displays the **Collecting product information** dialog box while it collects the licensing status of all supported products on the selected computers. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane.
+
+    > [!NOTE]
     If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
-    
+
 ## To remove computers from a VAMT database
 
-You can delete a computer by clicking on it in the product list view, and then clicking **Delete** in the **Selected Item** menu in the right-hand pane. In the **Confirm Delete Selected Products** dialog box that appears, click **Yes** to delete the computer. If a computer has multiple products listed, you must delete each product to completely remove the computer from the VAMT database.
+You can delete a computer by clicking on it in the product list view, and then clicking **Delete** in the **Selected Item** menu in the right-hand pane. In the **Confirm Delete Selected Products** dialog box that appears, select **Yes** to delete the computer. If a computer has multiple products listed, you must delete each product to completely remove the computer from the VAMT database.
 
-## Related topics
+## Related articles
 
 - [Add and Manage Products](add-manage-products-vamt.md)
- 
- 
diff --git a/windows/deployment/volume-activation/add-remove-product-key-vamt.md b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
index d096546643..0e37c178fc 100644
--- a/windows/deployment/volume-activation/add-remove-product-key-vamt.md
+++ b/windows/deployment/volume-activation/add-remove-product-key-vamt.md
@@ -2,35 +2,40 @@
 title: Add and Remove a Product Key (Windows 10)
 description: Add a product key to the Volume Activation Management Tool (VAMT) database. Also, learn how to remove the key from the database.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Add and Remove a Product Key
+# Add and remove a product key
 
 Before you can use a Multiple Activation Key (MAK), retail, or KMS Host key (CSVLK) product key, you must first add it to the Volume Activation Management Tool (VAMT) database.
 
-## To Add a Product Key
+## To add a product key
 
-1.  Open VAMT.
-2.  In the left-side pane, right-click the **Product Keys** node to open the **Actions** menu.
-3.  Click **Add product keys** to open the **Add Product Keys** dialog box.
-4.  In the **Add Product Keys** dialog box, select from one of the following methods to add product keys:
-    -   To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys separated by line breaks, and click **Add Key(s)**.
-    -   To import a Comma Separated Values (CSV) file containing a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**.
+1. Open VAMT.
 
-    **Note**  
-    If you are activating a large number of products with a MAK, you should refresh the activation count of the MAK, to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs.
+2. In the left-side pane, right-click the **Product Keys** node to open the **Actions** menu.
 
-## Remove a Product Key
+3. Select **Add product keys** to open the **Add Product Keys** dialog box.
 
--   To remove a product key from the list, simply select the key in the list and click **Delete** on the **Selected Items** menu in the right-side pane. Click **Yes** to confirm deletion of the product key. Removing a product key from the VAMT database will not affect the activation state of any products or computers on the network.
+4. In the **Add Product Keys** dialog box, select from one of the following methods to add product keys:
 
-## Related topics
+    - To add product keys manually, select **Enter product key(s) separated by line breaks**, enter one or more product keys separated by line breaks, and select **Add Key(s)**.
+
+    - To import a Comma Separated Values (CSV) file containing a list of product keys, select **Select a product key file to import**, browse to the file location, select **Open** to import the file, and then select **Add Key(s)**.
+
+    > [!NOTE]
+    > If you are activating a large number of products with a MAK, you should refresh the activation count of the MAK, to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs.
+
+## Remove a product key
+
+- To remove a product key from the list, select the key in the list and select **Delete** on the **Selected Items** menu in the right-side pane. Select **Yes** to confirm deletion of the product key. Removing a product key from the VAMT database won't affect the activation state of any products or computers on the network.
+
+## Related articles
 
 - [Manage Product Keys](manage-product-keys-vamt.md)
diff --git a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
index d478a5e6fc..07a8a62eaf 100644
--- a/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
+++ b/windows/deployment/volume-activation/appendix-information-sent-to-microsoft-during-activation-client.md
@@ -2,56 +2,63 @@
 title: Appendix Information sent to Microsoft during activation (Windows 10)
 description: Learn about the information sent to Microsoft during activation.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 11/07/2022
 ms.topic: article
 ---
 
 # Appendix: Information sent to Microsoft during activation
-**Applies to**
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012 R2
--   Windows Server 2012
--   Windows Server 2008 R2
+
+(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*)
 
 **Looking for retail activation?**
 
--   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 When you activate a computer running Windows 10, the following information is sent to Microsoft:
 
--   The Microsoft product code (a five-digit code that identifies the Windows product you're activating)
--   A channel ID or site code that identifies how the Windows product was originally obtained
+- The Microsoft product code (a five-digit code that identifies the Windows product you're activating)
+- A channel ID or site code that identifies how the Windows product was originally obtained
 
     For example, a channel ID or site code identifies whether the product was originally purchased from a retail store, obtained as an evaluation copy, obtained through a volume licensing program, or preinstalled by a computer manufacturer.
-    
--   The date of installation and whether the installation was successful
--   Information that helps confirm that your Windows product key hasn't been altered
--   Computer make and model
--   Version information for the operating system and software
--   Region and language settings
--   A unique number called a *globally unique identifier*, which is assigned to your computer
--   Product key (hashed) and product ID
--   BIOS name, revision number, and revision date
--   Volume serial number (hashed) of the hard disk drive
--   The result of the activation check
+
+- The date of installation and whether the installation was successful
+- Information that helps confirm that your Windows product key hasn't been altered
+
+- Computer make and model
+
+- Version information for the operating system and software
+
+- Region and language settings
+
+- A unique number called a *globally unique identifier*, which is assigned to your computer
+
+- Product key (hashed) and product ID
+
+- BIOS name, revision number, and revision date
+
+- Volume serial number (hashed) of the hard disk drive
+
+- The result of the activation check
 
     This result includes error codes and the following information about any activation exploits and related malicious or unauthorized software that was found or disabled:
-    
-    -   The activation exploit's identifier
-    -   The activation exploit's current state, such as cleaned or quarantined
-    -   Computer manufacturer's identification
-    -   The activation exploit's file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit
--   The name and a hash of the contents of your computer's startup instructions file
--   If your Windows license is on a subscription basis, information about how your subscription works
+
+  - The activation exploit's identifier
+
+  - The activation exploit's current state, such as cleaned or quarantined
+
+  - Computer manufacturer's identification
+
+  - The activation exploit's file name and hash in addition to a hash of related software components that may indicate the presence of an activation exploit
+
+- The name and a hash of the contents of your computer's startup instructions file
+
+- If your Windows license is on a subscription basis, information about how your subscription works
 
 Standard computer information is also sent, but your computer's IP address is only kept temporarily.
 
@@ -60,6 +67,6 @@ Standard computer information is also sent, but your computer's IP address is on
 Microsoft uses the information to confirm that you have a licensed copy of the software. Microsoft doesn't use the information to contact individual consumers.
 For more information, see [Windows 10 Privacy Statement](https://go.microsoft.com/fwlink/p/?LinkId=619879).
 
-## See also
+## Related articles
 
--   [Volume Activation for Windows 10](volume-activation-windows-10.md)
+- [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/configure-client-computers-vamt.md b/windows/deployment/volume-activation/configure-client-computers-vamt.md
index a1335da901..392c89d4bf 100644
--- a/windows/deployment/volume-activation/configure-client-computers-vamt.md
+++ b/windows/deployment/volume-activation/configure-client-computers-vamt.md
@@ -2,21 +2,22 @@
 title: Configure Client Computers (Windows 10)
 description: Learn how to configure client computers to enable the Volume Activation Management Tool (VAMT) to function correctly.
 ms.reviewer: 
-manager: dougeby
-author: aczechowski
-ms.author: aaroncz
+manager: aaroncz
+author: frankroj
+ms.author: frankroj
 ms.prod: windows-client
-ms.date: 04/30/2020
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Configure Client Computers
+# Configure client computers
 
 To enable the Volume Activation Management Tool (VAMT) to function correctly, certain configuration changes are required on all client computers:
 
 - An exception must be set in the client computer's firewall.
-- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) will not allow remote administrative operations.
+
+- A registry key must be created and set properly, for computers in a workgroup; otherwise, Windows® User Account Control (UAC) won't allow remote administrative operations.
 
 Organizations where the VAMT will be widely used may benefit from making these changes inside the master image for Windows.
 
@@ -28,11 +29,16 @@ Organizations where the VAMT will be widely used may benefit from making these c
 Enable the VAMT to access client computers using the **Windows Firewall** Control Panel:
 
 1. Open Control Panel and double-click **System and Security**.
-2. Click **Windows Firewall**.
-3. Click **Allow a program or feature through Windows Firewall**.
-4. Click the **Change settings** option.
+
+2. Select **Windows Firewall**.
+
+3. Select **Allow a program or feature through Windows Firewall**.
+
+4. Select the **Change settings** option.
+
 5. Select the **Windows Management Instrumentation (WMI)** checkbox.
-6. Click **OK**.
+
+6. Select **OK**.
 
 > [!WARNING]
 > By default, Windows Firewall Exceptions only apply to traffic originating on the local subnet. To expand the exception to apply to multiple subnets, you need to change the exception settings in the Windows Firewall with Advanced Security, as described below.
@@ -44,11 +50,15 @@ Enable the VAMT to access client computers across multiple subnets using the **W
 ![VAMT Firewall configuration for multiple subnets.](images/dep-win8-l-vamt-firewallconfigurationformultiplesubnets.gif)
 
 1. Open the Control Panel and double-click **Administrative Tools**.
-2. Click **Windows Firewall with Advanced Security**.
+
+2. Select **Windows Firewall with Advanced Security**.
+
 3. Make your changes for each of the following three WMI items, for the applicable Network Profile (Domain, Public, Private):
 
    - Windows Management Instrumentation (ASync-In)
+
    - Windows Management Instrumentation (DCOM-In)
+
    - Windows Management Instrumentation (WMI-In)
 
 4. In the **Windows Firewall with Advanced Security** dialog box, select **Inbound Rules** from the left-hand panel.
@@ -56,10 +66,12 @@ Enable the VAMT to access client computers across multiple subnets using the **W
 5. Right-click the desired rule and select **Properties** to open the **Properties** dialog box.
   
    - On the **General** tab, select the **Allow the connection** checkbox.
+
    - On the **Scope** tab, change the Remote IP Address setting from "Local Subnet" (default) to allow the specific access you need.
+
    - On the **Advanced** tab, verify selection of all profiles that are applicable to the network (Domain or Private/Public).
 
-   In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically-allocated ports. This is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
+   In certain scenarios, only a limited set of TCP/IP ports are allowed through a hardware firewall. Administrators must ensure that WMI (which relies on RPC over TCP/IP) is allowed through these types of firewalls. By default, the WMI port is a dynamically allocated random port above 1024. The following Microsoft knowledge article discusses how administrators can limit the range of dynamically allocated ports. Limiting the range of dynamically allocated ports is useful if, for example, the hardware firewall only allows traffic in a certain range of ports.
 
    For more info, see [How to configure RPC dynamic port allocation to work with firewalls](/troubleshoot/windows-server/networking/default-dynamic-port-range-tcpip-chang).
 
@@ -71,6 +83,7 @@ Enable the VAMT to access client computers across multiple subnets using the **W
 On the client computer, create the following registry key using regedit.exe.
 
 1. Navigate to `HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\system`
+
 2. Enter the following details:
 
    - **Value Name: LocalAccountTokenFilterPolicy**
@@ -85,12 +98,15 @@ On the client computer, create the following registry key using regedit.exe.
 There are several options for organizations to configure the WMI firewall exception for computers:
 
 - **Image.** Add the configurations to the master Windows image deployed to all clients.
+
 - **Group Policy.** If the clients are part of a domain, then all clients can be configured using Group Policy. The Group Policy setting for the WMI firewall exception is found in GPMC.MSC at: **Computer Configuration\\Windows Settings\\Security Settings\\Windows Firewall with Advanced Security\\Windows Firewall with Advanced Security\\Inbound Rules**.
-- **Script.** Execute a script using Microsoft Endpoint Configuration Manager or a third-party remote script execution facility.
+
+- **Script.** Execute a script using Microsoft Configuration Manager or a third-party remote script execution facility.
+
 - **Manual.** Configure the WMI firewall exception individually on each client.
 
 The above configurations will open an additional port through the Windows Firewall on target computers and should be performed on computers that are protected by a network firewall. In order to allow VAMT to query the up-to-date licensing status, the WMI exception must be maintained. We recommend administrators consult their network security policies and make clear decisions when creating the WMI exception.
 
-## Related topics
+## Related articles
 
 - [Install and Configure VAMT](install-configure-vamt.md)
diff --git a/windows/deployment/volume-activation/import-export-vamt-data.md b/windows/deployment/volume-activation/import-export-vamt-data.md
index 8f83af6335..7a5aaa426b 100644
--- a/windows/deployment/volume-activation/import-export-vamt-data.md
+++ b/windows/deployment/volume-activation/import-export-vamt-data.md
@@ -2,12 +2,12 @@
 title: Import and export VAMT data
 description: Learn how to use the VAMT to import product-activation data from a file into SQL Server.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
-author: aczechowski
-ms.date: 05/02/2022
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: how-to
 ---
 
@@ -16,10 +16,12 @@ ms.topic: how-to
 You can use the Volume Activation Management Tool (VAMT) to import product-activation data from a computer information list (`.cilx` or `.cil`) file into SQL Server. Also use VAMT to export product-activation data into a `.cilx` file. A `.cilx` file is an XML file that stores computer and product-activation data.
 
 You can import data or export data during the following scenarios:
+
 - Import and merge data from previous versions of VAMT.
+
 - Export data to perform proxy activations.
 
-> [!Warning]
+> [!WARNING]
 > Editing a `.cilx` file through an application other than VAMT can corrupt the `.cilx` file. This method isn't supported.
 
 ## Import VAMT data
@@ -27,8 +29,11 @@ You can import data or export data during the following scenarios:
 To import data into VAMT, use the following process:
 
 1. Open VAMT.
+
 2. In the right-side **Actions** pane, select **Import list** to open the **Import List** dialog box.
+
 3. In the **Import List** dialog box, navigate to the `.cilx` file location, choose the file, and select **Open**.
+
 4. In the **Volume Activation Management Tool** dialog box, select **OK** to begin the import. VAMT displays a progress message while the file is being imported. Select **OK** when a message appears and confirms that the import has completed successfully.
 
 ## Export VAMT data
@@ -36,14 +41,23 @@ To import data into VAMT, use the following process:
 Exporting VAMT data from a VAMT host computer that's not internet-connected is the first step of proxy activation using multiple VAMT hosts. To export product-activation data to a `.cilx` file:
 
 1. In the left-side pane, select a product you want to export data for, or select **Products** if the list contains data for all products.
+
 2. If you want to export only part of the data in a product list, in the product-list view in the center pane, select the products you want to export.
+
 3. In the right-side **Actions** pane on, select **Export list** to open the **Export List** dialog box.
+
 4. In the **Export List** dialog box, select **Browse** to navigate to the `.cilx` file.
+
 5. Under **Export options**, select one of the following data-type options:
+
     - Export products and product keys
+
     - Export products only
+
     - Export proxy activation data only. Selecting this option makes sure that the export contains only the licensing information required for the proxy web service to obtain CIDs from Microsoft. No personally identifiable information (PII) is contained in the exported `.cilx` file when this selection is checked.
+
 6. If you've selected products to export, select the **Export selected product rows only** check box.
+
 7. Select **Save**. VAMT displays a progress message while the data is being exported. Select **OK** when a message appears and confirms that the export has completed successfully.
 
 ## Related articles
diff --git a/windows/deployment/volume-activation/install-configure-vamt.md b/windows/deployment/volume-activation/install-configure-vamt.md
index 4b1b5ca520..b468f34546 100644
--- a/windows/deployment/volume-activation/install-configure-vamt.md
+++ b/windows/deployment/volume-activation/install-configure-vamt.md
@@ -2,30 +2,28 @@
 title: Install and Configure VAMT (Windows 10)
 description: Learn how to install and configure the Volume Activation Management Tool (VAMT), and learn where to find information about the process.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Install and Configure VAMT
+# Install and configure VAMT
 
 This section describes how to install and configure the Volume Activation Management Tool (VAMT).
 
-## In this Section
+## In this section
 
-|Topic |Description |
-|------|------------|
+|Article |Description |
+|-------|------------|
 |[VAMT Requirements](vamt-requirements.md) |Provides system requirements for installing VAMT on a host computer. |
 |[Install VAMT](install-vamt.md) |Describes how to get and install VAMT. |
 |[Configure Client Computers](configure-client-computers-vamt.md) |Describes how to configure client computers on your network to work with VAMT. |
 
-## Related topics
+## Related articles
 
 - [Introduction to VAMT](introduction-vamt.md)
- 
- 
diff --git a/windows/deployment/volume-activation/install-kms-client-key-vamt.md b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
index 2039634198..eb28f3ff3a 100644
--- a/windows/deployment/volume-activation/install-kms-client-key-vamt.md
+++ b/windows/deployment/volume-activation/install-kms-client-key-vamt.md
@@ -2,39 +2,49 @@
 title: Install a KMS Client Key (Windows 10)
 description: Learn to use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
 # Install a KMS Client Key
 
-You can use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. For example, if you are converting a MAK-activated product to KMS activation.
+You can use the Volume Activation Management Tool (VAMT) to install Generic Volume License Key (GVLK), or KMS client, product keys. For example, if you're converting a MAK-activated product to KMS activation.
 
-**Note**  
-By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products.
+> [!NOTE]
+> By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products.
 
-**To install a KMS Client key**
-1.  Open VAMT.
-2.  In the left-side pane click **Products** to open the product list view in the center pane.
-3.  In the products list view in the center pane, select the products that need to have GVLKs installed. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-4.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-5.  Click **Filter**. VAMT displays the filtered list in the center pane.
-6.  Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
-7.  The **Install Product Key** dialog box displays the keys that are available to be installed.
-8.  Select the **Automatically select an AD or KMS client key** option and then click **Install Key**.
+## To install a KMS Client key
+
+1. Open VAMT.
+
+2. In the left-side pane, select **Products** to open the product list view in the center pane.
+
+3. In the products list view in the center pane, select the products that need to have GVLKs installed. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+5. Select **Filter**. VAMT displays the filtered list in the center pane.
+
+6. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
+
+7. The **Install Product Key** dialog box displays the keys that are available to be installed.
+
+8. Select the **Automatically select an AD or KMS client key** option and then select **Install Key**.
+
+    VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears.
 
-    VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
-    
     The same status is shown under the **Status of Last Action** column in the product list view in the center pane.
 
-## Related topics
+## Related articles
 
 - [Perform KMS Activation](kms-activation-vamt.md)
diff --git a/windows/deployment/volume-activation/install-product-key-vamt.md b/windows/deployment/volume-activation/install-product-key-vamt.md
index c96c711355..350971254b 100644
--- a/windows/deployment/volume-activation/install-product-key-vamt.md
+++ b/windows/deployment/volume-activation/install-product-key-vamt.md
@@ -2,12 +2,12 @@
 title: Install a Product Key (Windows 10)
 description: Learn to use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
@@ -16,26 +16,35 @@ ms.technology: itpro-fundamentals
 
 You can use the Volume Activation Management Tool (VAMT) to install retail, Multiple Activation Key (MAK), and KMS Host key (CSVLK).
 
-**To install a Product key**
-1.  Open VAMT.
-2.  In the left-side pane, click the product that you want to install keys onto.
-3.  You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-4.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-5.  Click **Filter**.
-6.  In the products list view in the center pane, sort the list if needed and then select the products that need to have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
-7.  Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
-8.  The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAK based on the selected products. You can select a recommended product key or a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key you want to install, click **Install Key**. Note that only one key can be installed at a time.
-9.  VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+## To install a Product key
+
+1. Open VAMT.
+
+2. In the left-side pane, select the product that you want to install keys onto.
+
+3. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+5. Select **Filter**.
+
+6. In the products list view in the center pane, sort the list if needed and then select the products that need to have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
+
+7. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
+
+8. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAK based on the selected products. You can select a recommended product key or a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you've selected the product key you want to install, select **Install Key**. Only one key can be installed at a time.
+
+9. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears.
 
     The same status is shown under the **Status of Last Action** column in the product list view in the center pane.
 
-    **Note**  
-    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right 
-    Volume License Key for Windows](/previous-versions/tn-archive/ee939271(v=technet.10)).
+    > [!NOTE]
+    > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct MAK or KMS Host key (CSVLK), see [How to Choose the Right Volume License Key for Windows](/previous-versions/tn-archive/ee939271(v=technet.10)).
 
-## Related topics
+## Related articles
 
 - [Manage Product Keys](manage-product-keys-vamt.md)
- 
diff --git a/windows/deployment/volume-activation/install-vamt.md b/windows/deployment/volume-activation/install-vamt.md
index aecd419d3e..8cb4d09f92 100644
--- a/windows/deployment/volume-activation/install-vamt.md
+++ b/windows/deployment/volume-activation/install-vamt.md
@@ -1,35 +1,38 @@
 ---
 title: Install VAMT (Windows 10)
 description: Learn how to install Volume Activation Management Tool (VAMT) as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
-ms.date: 03/11/2019
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
 # Install VAMT
 
-This topic describes how to install the Volume Activation Management Tool (VAMT).
+This article describes how to install the Volume Activation Management Tool (VAMT).
 
-## Install VAMT
+## Installing VAMT
 
-You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
+You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for Windows 10.
 
 >[!IMPORTANT]
->VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products’ license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator. 
+>VAMT requires local administrator privileges on all managed computers in order to deposit confirmation IDs (CIDs), get the client products' license status, and install product keys. If VAMT is being used to manage products and product keys on the local host computer and you do not have administrator privileges, start VAMT with elevated privileges. For best results when using Active Directory-based activation, we recommend running VAMT while logged on as a domain administrator.
 
 >[!NOTE]
->The VAMT Microsoft Management Console snap-in ships as an x86 package. 
+>The VAMT Microsoft Management Console snap-in ships as an x86 package.
 
 ### Requirements
 
 - [Windows Server with Desktop Experience](/windows-server/get-started/getting-started-with-server-with-desktop-experience), with internet access (for the main VAMT console) and all updates applied
+
 - Latest version of the [Windows 10 ADK](/windows-hardware/get-started/adk-install)
+
 - Any supported [SQL Server Express](https://www.microsoft.com/sql-server/sql-server-editions-express) version, the latest is recommended
+
 - Alternatively, any supported **full** SQL instance
 
 ### Install SQL Server Express / alternatively use any full SQL instance
@@ -42,7 +45,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 
 4. Enter an install location or use the default path, and then select **Install**.
 
-5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**. 
+5. On the completion page, note the instance name for your installation, select **Close**, and then select **Yes**.
 
     ![In this example, the instance name is SQLEXPRESS01.](images/sql-instance.png)
 
@@ -50,7 +53,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 
 1. Download the latest version of [Windows 10 ADK](/windows-hardware/get-started/adk-install).
 
-   If an older version is already installed, it is recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
+   If an older version is already installed, it's recommended to uninstall the older ADK and install the latest version. Existing VAMT data is maintained in the VAMT database.
 
 2. Enter an install location or use the default path, and then select **Next**.
 
@@ -58,7 +61,7 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 
 4. Accept the license terms.
 
-5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. (You can select additional features to install as well.)
+5. On the **Select the features you want to install** page, select **Volume Activation Management Tool (VAMT)**, and then select **Install**. If desired, you can select additional features to install as well.
 
 6. On the completion page, select **Close**.
 
@@ -72,15 +75,10 @@ You install VAMT as part of the Windows Assessment and Deployment Kit (ADK) for
 
    For remote SQL Server, use `servername.yourdomain.com`.
 
-
-
 ## Uninstall VAMT
 
 To uninstall VAMT using the **Programs and Features** Control Panel:
 
-1.  Open **Control Panel** and select **Programs and Features**.
+1. Open **Control Panel** and select **Programs and Features**.
 
-2.  Select **Assessment and Deployment Kit** from the list of installed programs and click **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.
-
-
- 
+2. Select **Assessment and Deployment Kit** from the list of installed programs and select **Change**. Follow the instructions in the Windows ADK installer to remove VAMT.
diff --git a/windows/deployment/volume-activation/introduction-vamt.md b/windows/deployment/volume-activation/introduction-vamt.md
index 35011f3cea..292a9965b1 100644
--- a/windows/deployment/volume-activation/introduction-vamt.md
+++ b/windows/deployment/volume-activation/introduction-vamt.md
@@ -2,12 +2,12 @@
 title: Introduction to VAMT (Windows 10)
 description: VAMT enables administrators to automate and centrally manage the Windows, Microsoft Office, and select other Microsoft products volume and retail activation process.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
-author: aczechowski
-ms.date: 09/16/2022
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: overview
 ---
 
@@ -18,7 +18,7 @@ The Volume Activation Management Tool (VAMT) enables network administrators and
 > [!NOTE]
 > VAMT can be installed on, and can manage, physical or virtual instances. VAMT can't detect whether or not the remote products are virtual. As long as the products can respond to Windows Management Instrumentation (WMI) calls, they will be discovered and activated.
 
-## <a href="" id="bkmk-managingmak"></a>Managing MAK and retail activation
+## Managing MAK and retail activation
 
 You can use a MAK or a retail product key to activate Windows, Windows Server, or Office on an individual computer or a group of computers. VAMT enables two different activation scenarios:
 
@@ -26,23 +26,25 @@ You can use a MAK or a retail product key to activate Windows, Windows Server, o
 
 - **Proxy activation**: This activation method enables you to perform volume activation for products installed on client computers that don't have internet access. The VAMT host computer distributes a MAK, KMS host key (CSVLK), or retail product key to one or more client products and collects the installation ID (IID) from each client product. The VAMT host sends the IIDs to Microsoft on behalf of the client products and obtains the corresponding Confirmation IDs (CIDs). The VAMT host then installs the CIDs on the client products to complete the activation. Using this method, only the VAMT host computer needs internet access. You can also activate products installed on computers in a workgroup that's isolated from any larger network, by installing a second instance of VAMT on a computer within the workgroup. Then, use removable media to transfer activation data between this new instance of VAMT and the internet-connected VAMT host.
 
-## <a href="" id="bkmk-managingkms"></a>Managing KMS activation
+## Managing KMS activation
 
 In addition to MAK or retail activation, you can use VAMT to perform volume activation using the KMS. VAMT can install and activate GVLK (KMS client) keys on client products. GVLKs are the default product keys used by volume license editions of Windows, Windows Server, and Office.
 
 VAMT treats a KMS host key (CSVLK) product key identically to a retail-type product key. The experience for product key entry and activation management are identical for both these product key types.
 
-## <a href="" id="bkmk-enterpriseenvironment"></a>Enterprise environment
+## Enterprise environment
 
 VAMT is commonly implemented in enterprise environments. The following screenshot illustrates three common environments: core network, secure zone, and isolated lab.
 
 ![VAMT in the enterprise.](images/dep-win8-l-vamt-image001-enterprise.jpg)
 
 - In the core network environment, all computers are within a common network managed by Active Directory Domain Services (AD DS).
+
 - The secure zone represents higher-security core network computers that have extra firewall protection.
+
 - The isolated lab environment is a workgroup that is physically separate from the core network, and its computers don't have internet access. The network security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab.
 
-## <a href="" id="bkmk-userinterface"></a>VAMT user interface
+## VAMT user interface
 
 The following screenshot shows the VAMT graphical user interface:
 
@@ -58,7 +60,7 @@ VAMT provides a single, graphical user interface for managing activations, and f
 
 - **Managing product keys**: You can store multiple product keys and use VAMT to install these keys to remote client products. You can also determine the number of activations remaining for MAKs.
 
-- **Managing activation data**: VAMT stores activation data in a SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format.
+- **Managing activation data**: VAMT stores activation data in an SQL database. VAMT can export this data to other VAMT hosts or to an archive in XML format.
 
 ## Next steps
 
diff --git a/windows/deployment/volume-activation/kms-activation-vamt.md b/windows/deployment/volume-activation/kms-activation-vamt.md
index c6c284ccb9..6cb46bb913 100644
--- a/windows/deployment/volume-activation/kms-activation-vamt.md
+++ b/windows/deployment/volume-activation/kms-activation-vamt.md
@@ -2,45 +2,62 @@
 title: Perform KMS Activation (Windows 10)
 description: The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Perform KMS Activation
+# Perform KMS activation
 
-The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products.
+The Volume Activation Management Tool (VAMT) can be used to perform volume activation using the Key Management Service (KMS). You can use VAMT to activate Generic Volume Licensing Keys, or KMS client keys, on products accessible to VAMT. GVLKs are the default product keys used by the volume-license editions of Windows Vista, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft Office 2010. GVLKs are already installed in volume-license editions of these products.
 
 ## Requirements
 
 Before configuring KMS activation, ensure that your network and VAMT installation meet the following requirements:
--   KMS host is set up and enabled.
--   KMS clients can access the KMS host.
--   VAMT is installed on a central computer with network access to all client computers.
--   The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md).
--   VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+
+- KMS host is set up and enabled.
+
+- KMS clients can access the KMS host.
+
+- VAMT is installed on a central computer with network access to all client computers.
+
+- The products to be activated have been added to VAMT. For more information on adding product keys, see [Install a KMS Client Key](install-kms-client-key-vamt.md).
+
+- VAMT has administrative permissions on all computers to be activated, and Windows Management Instrumentation (WMI) is accessible through the Windows Firewall. For more information, see [Configure client computers](configure-client-computers-vamt.md).
 
 ## To configure devices for KMS activation
 
-**To configure devices for KMS activation**
-1.  Open VAMT.
-2.  If necessary, set up the KMS activation preferences. If you don’t need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2.
-3.  To set up the preferences, on the menu bar click **View**, then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box.
-4.  Under **Key Management Services host selection**, select one of the following options:
-    -   **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation.
-    -   **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation.
-    -   **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments which do not use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host.
-5.  Click **Apply**, and then click **OK** to close the **Volume Activation Management Tool Preferences** dialog box.
-6.  Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-7.  Click **Filter**. VAMT displays the filtered list in the center pane.
-8.  In the right-side pane, click **Activate** in the **Selected Items** menu, and then click **Volume activate**.
-9.  Click a credential option. Choose **Alternate credentials** only if you are activating products that require administrator credentials different from the ones you are currently using.
-10. If you are supplying alternate credentials, at the prompt, type the appropriate user name and password and click **OK**.
+1. Open VAMT.
+
+2. If necessary, set up the KMS activation preferences. If you don't need to set up the preferences, skip to step 6 in this procedure. Otherwise, continue to step 2.
+
+3. To set up the preferences, on the menu bar select **View**, then select **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box.
+
+4. Under **Key Management Services host selection**, select one of the following options:
+
+    - **Find a KMS host automatically using DNS (default)**. If you choose this option, VAMT first clears any previously configured KMS host on the target computer, and instructs the computer to query the Domain Name Service (DNS) to locate a KMS host and attempt activation.
+
+    - **Find a KMS host using DNS in this domain for supported products**. Enter the domain name. If you choose this option, VAMT first clears any previously configured KMS host on the target computer, and instructs the computer to query the DNS in the specified domain to locate a KMS host and attempt activation.
+
+    - **Use specific KMS host**. Enter the KMS host name and KMS host port. For environments that don't use DNS for KMS host identification, VAMT sets the specified KMS host name and KMS host port on the target computer, and then instructs the computer to attempt activation with the specific KMS host.
+
+5. Select **Apply**, and then select **OK** to close the **Volume Activation Management Tool Preferences** dialog box.
+
+6. Select the products to be activated by selecting individual products in the product list view in the center pane. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+7. Select **Filter**. VAMT displays the filtered list in the center pane.
+
+8. In the right-side pane, select **Activate** in the **Selected Items** menu, and then select **Volume activate**.
+
+9. Select a credential option. Choose **Alternate credentials** only if you're activating products that require administrator credentials different from the ones you're currently using.
+
+10. If you're supplying alternate credentials, at the prompt, type the appropriate user name and password and select **OK**.
 VAMT displays the **Volume Activation** dialog box until it completes the requested action. When the process is finished, the updated activation status of each product appears in the product list view in the center pane.
- 
diff --git a/windows/deployment/volume-activation/local-reactivation-vamt.md b/windows/deployment/volume-activation/local-reactivation-vamt.md
index 64aa4ddfb2..e761c3c2f5 100644
--- a/windows/deployment/volume-activation/local-reactivation-vamt.md
+++ b/windows/deployment/volume-activation/local-reactivation-vamt.md
@@ -2,43 +2,53 @@
 title: Perform Local Reactivation (Windows 10)
 description: An initially activated a computer using scenarios like MAK, retail, or CSLVK (KMS host), can be reactivated with Volume Activation Management Tool (VAMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Perform Local Reactivation
+# Perform local reactivation
 
 If you reinstall Windows® or Microsoft® Office 2010 on a computer that was initially activated using proxy activation (MAK, retail, or CSLVK (KMS host)), and have not made significant changes to the hardware, use this local reactivation procedure to reactivate the program on that computer.
 Local reactivation relies upon data that was created during the initial proxy activation and stored in the Volume Activation Management Tool (VAMT) database. The database contains the installation ID (IID) and confirmation ID (Pending CID). Local reactivation uses this data to reapply the CID and reactivate those products. Reapplying the same CID conserves the remaining activations on the key.
 
-**Note**  
-During the initial proxy activation, the CID is bound to a digital “fingerprint”, which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft.
+> [!NOTE]
+> During the initial proxy activation, the CID is bound to a digital "fingerprint", which is calculated from values assigned to several different hardware components in the computer. If the computer has had significant hardware changes, this fingerprint will no longer match the CID. In this case, you must obtain a new CID for the computer from Microsoft.
 
-## To Perform a Local Reactivation
+## To perform a local reactivation
+
+1. Open VAMT. Make sure that you're connected to the desired database.
+
+2. In the left-side pane, select the product you want to reactivate to display the products list.
+
+3. In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+5. Select **Filter**. VAMT displays the filtered list in the center pane.
+
+6. In the right-side pane, select **Activate**, and then select **Apply Confirmation ID**.
+
+7. Select a credential option. Choose **Alternate credentials** only if you're reactivating products that require administrator credentials different from the ones you're currently using.
+
+8. If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name, and password and select **OK**.
 
-**To perform a local reactivation**
-1.  Open VAMT. Make sure that you are connected to the desired database.
-2.  In the left-side pane, click the product you want to reactivate to display the products list.
-3.  In the product list view in the center pane, select the desired products to be reactivated. You can sort the list by computer name by clicking on the **Computer Name** heading. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-4.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-5.  Click **Filter**. VAMT displays the filtered list in the center pane.
-6.  In the right-side pane, click **Activate**, and then click **Apply Confirmation ID**.
-7.  Click a credential option. Choose **Alternate credentials** only if you are reactivating products that require administrator credentials different from the ones you are currently using.
-8.  If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
-    
     VAMT displays the **Apply Confirmation ID** dialog box.
 
-10. If you are using a different product key than the product key used for initial activation, you must complete a new activation to obtain a new CID.
-11. If you are activating a product that requires administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** check box.
-12. Click **OK**.
+9. If you're using a different product key than the product key used for initial activation, you must complete a new activation to obtain a new CID.
 
-## Related topics
+10. If you're activating a product that requires administrator credentials different from the ones you're currently using, select the **Use Alternate Credentials** check box.
+
+11. Select **OK**.
+
+## Related article
 
 - [Manage Activations](manage-activations-vamt.md)
diff --git a/windows/deployment/volume-activation/manage-activations-vamt.md b/windows/deployment/volume-activation/manage-activations-vamt.md
index ce146804af..80263f739c 100644
--- a/windows/deployment/volume-activation/manage-activations-vamt.md
+++ b/windows/deployment/volume-activation/manage-activations-vamt.md
@@ -2,11 +2,11 @@
 title: Manage Activations (Windows 10)
 description: Learn how to manage activations and how to activate a client computer by using various activation methods.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
@@ -17,14 +17,11 @@ This section describes how to activate a client computer, by using various activ
 
 ## In this Section
 
-|Topic |Description |
-|------|------------|
+|Article |Description |
+|-------|------------|
 |[Perform Online Activation](online-activation-vamt.md) |Describes how to activate a client computer over the Internet. |
 |[Perform Proxy Activation](proxy-activation-vamt.md) |Describes how to perform volume activation for client products that don't have Internet access. |
 |[Perform KMS Activation](kms-activation-vamt.md) |Describes how to perform volume activation using the Key Management Service (KMS). |
 |[Perform Local Reactivation](local-reactivation-vamt.md) |Describes how to reactivate an operating system or Office program that was reinstalled. |
 |[Activate an Active Directory Forest Online](activate-forest-vamt.md) |Describes how to use Active Directory-Based Activation to activate an Active Directory forest, online. |
 |[Activate by Proxy an Active Directory Forest](activate-forest-by-proxy-vamt.md) |Describes how to use Active Directory-Based Activation to proxy activate an Active Directory forest that isn't connected to the Internet. |
- 
- 
- 
diff --git a/windows/deployment/volume-activation/manage-product-keys-vamt.md b/windows/deployment/volume-activation/manage-product-keys-vamt.md
index 474f83d10d..423133a3b4 100644
--- a/windows/deployment/volume-activation/manage-product-keys-vamt.md
+++ b/windows/deployment/volume-activation/manage-product-keys-vamt.md
@@ -2,25 +2,23 @@
 title: Manage Product Keys (Windows 10)
 description: In this article, learn how to add and remove a product key from the Volume Activation Management Tool (VAMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
 # Manage Product Keys
 
-This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product or products you select in the VAMT database.
+This section describes how to add and remove a product key from the Volume Activation Management Tool (VAMT). After you add a product key to VAMT, you can install that product key on a product, or products you select in the VAMT database.
+
 ## In this Section
 
-|Topic |Description |
-|------|------------|
+|Article |Description |
+|-------|------------|
 |[Add and Remove a Product Key](add-remove-product-key-vamt.md) |Describes how to add a product key to the VAMT database. |
 |[Install a Product Key](install-product-key-vamt.md) |Describes how to install a product key for specific product. |
 |[Install a KMS Client Key](install-kms-client-key-vamt.md) |Describes how to install a GVLK (KMS client) key. |
- 
- 
- 
diff --git a/windows/deployment/volume-activation/manage-vamt-data.md b/windows/deployment/volume-activation/manage-vamt-data.md
index 39a1737116..5d61f42b3b 100644
--- a/windows/deployment/volume-activation/manage-vamt-data.md
+++ b/windows/deployment/volume-activation/manage-vamt-data.md
@@ -2,11 +2,11 @@
 title: Manage VAMT Data (Windows 10)
 description: Learn how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
@@ -16,7 +16,8 @@ ms.technology: itpro-fundamentals
 This section describes how to save, import, export, and merge a Computer Information List (CILX) file using the Volume Activation Management Tool (VAMT).
 
 ## In this Section
-|Topic |Description |
-|------|------------|
+
+|Article |Description |
+|-------|------------|
 |[Import and Export VAMT Data](import-export-vamt-data.md) |Describes how to import and export VAMT data. |
 |[Use VAMT in Windows PowerShell](use-vamt-in-windows-powershell.md) |Describes how to access Windows PowerShell and how to import the VAMT PowerShell module. |
diff --git a/windows/deployment/volume-activation/monitor-activation-client.md b/windows/deployment/volume-activation/monitor-activation-client.md
index 94cdf4e1e9..0f48de80b8 100644
--- a/windows/deployment/volume-activation/monitor-activation-client.md
+++ b/windows/deployment/volume-activation/monitor-activation-client.md
@@ -1,40 +1,43 @@
 ---
 title: Monitor activation (Windows 10)
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 description: Understand the most common methods to monitor the success of the activation process for a computer running Windows.
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-fundamentals
+ms.date: 11/07/2022
 ---
 
 # Monitor activation
 
-**Applies to**
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
+(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*)
 
-**Looking for retail activation?**
-
-- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+> [!TIP]
+> Are you looking for information on retail activation?
+>
+> - [Activate Windows](https://support.microsoft.com/help/12440/)
+> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 You can monitor the success of the activation process for a computer running Windows in several ways. The most popular methods include:
-- Using the Volume Licensing Service Center website to track use of MAK keys.
-- Using the **Slmgr /dlv** command on a client computer or on the KMS host. (For a full list of options, see [Slmgr.vbs Options](/previous-versions//ff793433(v=technet.10)).)
-- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it is available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.)
-- Most licensing actions and events are recorded in the Event log (ex: Application Log events 12288-12290).
-- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager.
-- See [Troubleshooting activation error codes](/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
-- The VAMT provides a single site from which to manage and monitor volume activations. This is explained in the next section.
 
-## See also
+- Using the Volume Licensing Service Center website to track use of MAK keys.
+
+- Using the `Slmgr /dlv` command on a client computer or on the KMS host. For a full list of options, see [Slmgr.vbs options](/previous-versions//ff793433(v=technet.10)).
+
+- Viewing the licensing status, which is exposed through Windows Management Instrumentation (WMI); therefore, it's available to non-Microsoft or custom tools that can access WMI. (Windows PowerShell can also access WMI information.)
+
+- Most licensing actions and events are recorded in the Event log (ex: Application Log events 12288-12290).
+
+- Microsoft System Center Operations Manager and the KMS Management Pack can provide insight and information to users of System Center Operations Manager.
+
+- See [Troubleshooting activation error codes](/windows-server/get-started/activation-error-codes) for information about troubleshooting procedures for Multiple Activation Key (MAK) or the Key Management Service (KMS).
+
+- The VAMT provides a single site from which to manage and monitor volume activations. This feature is explained in the next section.
+
+## Related articles
 
 [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/online-activation-vamt.md b/windows/deployment/volume-activation/online-activation-vamt.md
index 18ded873b5..4e3c76dae1 100644
--- a/windows/deployment/volume-activation/online-activation-vamt.md
+++ b/windows/deployment/volume-activation/online-activation-vamt.md
@@ -2,51 +2,63 @@
 title: Perform Online Activation (Windows 10)
 description: Learn how to use the Volume Activation Management Tool (VAMT) to enable client products to be activated online.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Perform Online Activation
+# Perform online activation
 
 You can use the Volume Activation Management Tool (VAMT) to enable client products to be activated over the Internet. You can install the client products with any kind of product key that is eligible for online activation—Multiple Activation Key (MAK), retail, and Windows Key Management Services (KMS) host key.
 
 ## Requirements
 
 Before performing online activation, ensure that the network and the VAMT installation meet the following requirements:
--   VAMT is installed on a central computer that has network access to all client computers.
--   Both the VAMT host and client computers have Internet access.
--   The products that you want to activate are added to VAMT.
--   VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
 
-The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking 
-**Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
+- VAMT is installed on a central computer that has network access to all client computers.
 
-## To Perform an Online Activation
+- Both the VAMT host and client computers have Internet access.
 
-**To perform an online activation**
-1.  Open VAMT.
-2.  In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-3.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-4.  Click **Filter**. VAMT displays the filtered list in the center pane.
-5.  Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
-6.  Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane is not displayed, click the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button.
-7.  Point to **Online activate**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password.
-8.  VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+- The products that you want to activate are added to VAMT.
+
+- VAMT has administrative permissions on all computers that you intend to activate, and that Windows Management Instrumentation (WMI) can be accessed through the Windows firewall. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+
+The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
+
+## To perform an online activation
+
+1. Open VAMT.
+
+2. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+4. Select **Filter**. VAMT displays the filtered list in the center pane.
+
+5. Select the products that you want to activate. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
+
+6. Select **Activate** in the **Selected Items** menu in the right-side **Actions** pane and then point to **Activate**. If the **Actions** pane isn't displayed, select the Show/Hide Action Pane button, which is located on the toolbar to the right of the Help button.
+
+7. Point to **Online activate**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password.
+
+8. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears.
 
     The same status is shown under the **Status of Last Action** column in the products list view in the center pane.
 
-    **Note**  
-    Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation.
-    
-    **Note**  
-    You can use online activation to select products that have different key types and activate the products at the same time.
+    > [!NOTE]
+    > Online activation does not enable you to save the Confirmation IDs (CIDs). As a result, you cannot perform local reactivation.
 
-## Related topics
-- [Manage Activations](manage-activations-vamt.md)
+    > [!NOTE]  
+    > You can use online activation to select products that have different key types and activate the products at the same time.
+
+## Related articles
+
+- [Manage activations](manage-activations-vamt.md)
diff --git a/windows/deployment/volume-activation/plan-for-volume-activation-client.md b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
index 5fe9d182fa..e9969efbf8 100644
--- a/windows/deployment/volume-activation/plan-for-volume-activation-client.md
+++ b/windows/deployment/volume-activation/plan-for-volume-activation-client.md
@@ -2,36 +2,32 @@
 title: Plan for volume activation (Windows 10)
 description: Product activation is the process of validating software with the manufacturer after it has been installed on a specific computer.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
 ms.topic: article
 ms.technology: itpro-fundamentals
+ms.date: 11/07/2022
 ---
 
 # Plan for volume activation
 
-**Applies to**
-- Windows 10
-- Windows 8.1
-- Windows 8
-- Windows 7
-- Windows Server 2012 R2
-- Windows Server 2012
-- Windows Server 2008 R2
+(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*)
 
-**Looking for retail activation?**
+> [!TIP]
+> Are you looking for information on retail activation?
+>
+> - [Activate Windows](https://support.microsoft.com/help/12440/)
+> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
-- [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and hasn't been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation.
 
-*Product activation* is the process of validating software with the manufacturer after it has been installed on a specific computer. Activation confirms that the product is genuine—not a fraudulent copy—and that the product key or serial number is valid and has not been compromised or revoked. Activation also establishes a link or relationship between the product key and the particular installation.
-
-During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they cannot be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft does not use this information to identify or contact the user or the organization.
+During the activation process, information about the specific installation is examined. For online activations, this information is sent to a server at Microsoft. This information may include the software version, the product key, the IP address of the computer, and information about the device. The activation methods that Microsoft uses are designed to help protect user privacy, and they can't be used to track back to the computer or user. The gathered data confirms that the software is a legally licensed copy, and this data is used for statistical analysis. Microsoft doesn't use this information to identify or contact the user or the organization.
 
 >[!NOTE]
->The IP address is used only to verify the location of the request, because some editions of Windows (such as “Starter” editions) can only be activated within certain geographical target markets.
+>The IP address is used only to verify the location of the request, because some editions of Windows (such as "Starter" editions) can only be activated within certain geographical target markets.
 
 ## Distribution channels and activation
 
@@ -39,69 +35,78 @@ In general, Microsoft software is obtained through three main channels: retail,
 
 ### Retail activations
 
-The retail activation method has not changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available.
+The retail activation method hasn't changed in several versions of Windows and Windows Server. Each purchased copy comes with one unique product key (often referred to as a retail key). The user enters this key during product installation. The computer uses this retail key to complete the activation after the installation is complete. Most activations are performed online, but telephone activation is also available.
 Recently, retail keys have been expanded into new distribution scenarios. Product key cards are available to activate products that have been preinstalled or downloaded. Programs such as Windows Anytime Upgrade and Get Genuine allow users to acquire legal keys separately from the software. These electronically distributed keys may come with media that contains software, they can come as a software shipment, or they may be provided on a printed card or electronic copy. Products are activated the same way with any of these retail keys.
 
 ### Original equipment manufacturer
 
-Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware (BIOS) of the computer. This occurs before the computer is sent to the customer, and no additional actions are required.
+Most original equipment manufacturers (OEMs) sell systems that include a standard build of the Windows operating system. The hardware vendor activates Windows by associating the operating system with the firmware/BIOS of the computer. This activation occurs before the computer is sent to the customer, and no additional actions are required.
+
 OEM activation is valid as long as the customer uses the OEM-provided image on the system. OEM activation is available only for computers that are purchased through OEM channels and have the Windows operating system preinstalled.
 
 ### Volume licensing
 
-Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft.There is a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer:
--   Have the license preinstalled through the OEM.
--   Purchase a fully packaged retail product.
+Volume licensing offers customized programs that are tailored to the size and purchasing preference of the organization. To become a volume licensing customer, the organization must set up a volume licensing agreement with Microsoft. There's a common misunderstanding about acquiring licenses for a new computer through volume licensing. There are two legal ways to acquire a full Windows client license for a new computer:
 
-The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised.
+- Have the license preinstalled through the OEM
+
+- Purchase a fully packaged retail product
+
+The licenses that are provided through volume licensing programs such as Open License, Select License, and Enterprise Agreements cover upgrades to Windows client operating systems only. An existing retail or OEM operating system license is needed for each computer running Windows 10, Windows 8.1 Pro, Windows 8 Pro, Windows 7 Professional or Ultimate, or Windows XP Professional before the upgrade rights obtained through volume licensing can be exercised.
 Volume licensing is also available through certain subscription or membership programs, such as the Microsoft Partner Network and MSDN. These volume licenses may contain specific restrictions or other changes to the general terms applicable to volume licensing.
 
-**Note**  
-Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions.
+> [!NOTE]
+> Some editions of the operating system, such as Windows 10 Enterprise, and some editions of application software are available only through volume licensing agreements or subscriptions.
 
 ## Activation models
 
 For a user or IT department, there are no significant choices about how to activate products that are acquired through retail or OEM channels. The OEM performs the activation at the factory, and the user or the IT department need take no activation steps.
 
 With a retail product, the Volume Activation Management Tool (VAMT), which is discussed later in this guide, helps you track and manage keys. For each retail activation, you can choose:
--   Online activation
--   Telephone activation
--   VAMT proxy activation
 
-Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models:
--   MAKs
--   KMS
--   Active Directory-based activation
+- Online activation
 
-**Note**  
-Token-based activation is available for specific situations when approved customers rely on a public key infrastructure in an isolated and high-security environment. For more information, contact your Microsoft Account Team or your service representative.
+- Telephone activation
+
+- VAMT proxy activation
+
+Telephone activation is primarily used in situations where a computer is isolated from all networks. VAMT proxy activation (with retail keys) is sometimes used when an IT department wants to centralize retail activations or when a computer with a retail version of the operating system is isolated from the Internet but connected to the LAN. For volume-licensed products, however, you must determine the best method or combination of methods to use in your environment. For Windows 10 Pro and Enterprise, you can choose from three models:
+
+- MAKs
+
+- KMS
+
+- Active Directory-based activation
+
+> [!NOTE]
+> Token-based activation is available for specific situations when approved customers rely on a public key infrastructure in an isolated and high-security environment. For more information, contact your Microsoft Account Team or your service representative.
 Token-based Activation option is available for Windows 10 Enterprise LTSB editions (Version 1507 and 1607).
 
 ### Multiple activation key
 
-A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they do not meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also
-allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that does not have enough computers to use the KMS.
+A Multiple Activation Key (MAK) is commonly used in small- or mid-sized organizations that have a volume licensing agreement, but they don't meet the requirements to operate a KMS or they prefer a simpler approach. A MAK also
+allows permanent activation of computers that are isolated from the KMS or are part of an isolated network that doesn't have enough computers to use the KMS.
 
 To use a MAK, the computers to be activated must have a MAK installed. The MAK is used for one-time activation with the Microsoft online hosted activation services, by telephone, or by using VAMT proxy activation.
-In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can assist in tracking the number of activations that have been performed with each key and how many remain.
+In the simplest terms, a MAK acts like a retail key, except that a MAK is valid for activating multiple computers. Each MAK can be used a specific number of times. The VAMT can help with tracking the number of activations that have been performed with each key and how many remain.
 
 Organizations can download MAK and KMS keys from the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkId=618213) website. Each MAK has a preset number of activations, which are based on a percentage of the count of licenses the organization purchases; however, you can increase the number of activations that are available with your MAK by calling Microsoft.
 
 ### Key Management Service
 
-With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that does not require a dedicated system and can easily be cohosted on a system that provides other services.
+With the Key Management Service (KMS), IT pros can complete activations on their local network, eliminating the need for individual computers to connect to Microsoft for product activation. The KMS is a lightweight service that doesn't require a dedicated system and can easily be cohosted on a system that provides other services.
 
-Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user.
+Volume editions of Windows 10 and Windows Server 2012 R2 (in addition to volume editions of operating system editions since Windows Vista and Windows Server 2008) automatically connect to a system that hosts the KMS to request activation. No action is required from the user.
 
-The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*.
+The KMS requires a minimum number of computers (physical computers or virtual machines) in a network environment. The organization must have at least five computers to activate Windows Server 2012 R2 and at least 25 computers to activate client computers that are running Windows 10. These minimums are referred to as *activation thresholds*.
 
-Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. Only rarely will more than two KMS hosts be used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide.
+Planning to use the KMS includes selecting the best location for the KMS host and how many KMS hosts to have. One KMS host can handle a large number of activations, but organizations will often deploy two KMS hosts to ensure availability. It will be rare that more than two KMS hosts are used. The KMS can be hosted on a client computer or on a server, and it can be run on older versions of the operating system if proper configuration steps are taken. Setting up your KMS is discussed later in this guide.
 
 ### Active Directory-based activation
 
-Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer does not need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device.
+Active Directory-based activation is the newest type of volume activation, and it was introduced in Windows 8. In many ways, Active Directory-based activation is similar to activation by using the KMS, but the activated computer doesn't need to maintain periodic connectivity with the KMS host. Instead, a domain-joined computer running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 queries AD DS for a volume activation object that is stored in the domain. The operating system checks the digital signatures that are contained in the activation object, and then activates the device.
 
-Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it is impractical to connect to a KMS, or would not reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company’s domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence.
+Active Directory-based activation allows enterprises to activate computers through a connection to their domain. Many companies have computers at remote or branch locations, where it's impractical to connect to a KMS, or wouldn't reach the KMS activation threshold. Rather than use MAKs, Active Directory-based activation provides a way to activate computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 as long as the computers can contact the company's domain. Active Directory-based activation offers the advantage of extending volume activation services everywhere you already have a domain presence.
 
 ## Network and connectivity
 
@@ -109,11 +114,11 @@ A modern business network has many nuances and interconnections. This section ex
 
 ### Core network
 
-Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that is not a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the vast majority of the business network.
+Your core network is that part of your network that enjoys stable, high-speed, reliable connectivity to infrastructure servers. In many cases, the core network is also connected to the Internet, although that isn't a requirement to use the KMS or Active Directory-based activation after the KMS server or AD DS is configured and active. Your core network likely consists of many network segments. In many organizations, the core network makes up the majority of the business network.
 
-In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that are not joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8.
+In the core network, a centralized KMS solution is recommended. You can also use Active Directory-based activation, but in many organizations, KMS will still be required to activate older client computers and computers that aren't joined to the domain. Some administrators prefer to run both solutions to have the most flexibility, while others prefer to choose only a KMS-based solution for simplicity. Active Directory-based activation as the only solution is workable if all of the clients in your organization are running Windows 10, Windows 8.1, or Windows 8.
 
-A typical core network that includes a KMS host is shown in Figure 1.
+A typical core network that includes a KMS host is shown in Figure 1.
 
 ![Typical core network.](../images/volumeactivationforwindows81-01.jpg)
 
@@ -121,106 +126,124 @@ A typical core network that includes a KMS host is shown in Figure 1.
 
 ### Isolated networks
 
-In a large network, it is all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues.
+In a large network, it's all but guaranteed that some segments will be isolated, either for security reasons or because of geography or connectivity issues.
 
-**Isolated for security**
+#### Isolated for security
 
 Sometimes called a *high-security zone*, a particular network segment may be isolated from the core network by a firewall or disconnected from other networks totally. The best solution for activating computers in an isolated network depends on the security policies in place in the organization.
 
-If the isolated network can access the core network by using outbound requests on TCP port 1688, and it is allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds.
+If the isolated network can access the core network by using outbound requests on TCP port 1688, and it's allowed to receive remote procedure calls (RPCs), you can perform activation by using the KMS in the core network, thereby avoiding the need to reach additional activation thresholds.
 
-If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2.
+If the isolated network participates fully in the corporate forest, and it can make typical connections to domain controllers, such as using Lightweight Directory Access Protocol (LDAP) for queries and Domain Name Service (DNS) for name resolution, this is a good opportunity to use Active Directory-based activation for Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, and Windows Server 2012 R2.
 
-If the isolated network cannot communicate with the core network’s KMS server, and it cannot use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs.
+If the isolated network can't communicate with the core network's KMS server, and it can't use Active Directory-based activation, you can set up a KMS host in the isolated network. This configuration is shown in Figure 2. However, if the isolated network contains only a few computers, it will not reach the KMS activation threshold. In that case, you can activate by using MAKs.
 
-If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they are placed in the isolated network.
+If the network is fully isolated, MAK-independent activation would be the recommended choice, perhaps using the telephone option. But VAMT proxy activation may also be possible. You can also use MAKs to activate new computers during setup, before they're placed in the isolated network.
 
 ![New KMS host in an isolated network.](../images/volumeactivationforwindows81-02.jpg)
 
-**Figure 2**. New KMS host in an isolated network
+**Figure 2**. New KMS host in an isolated network
 
-**Branch offices and distant networks**
-From mining operations to ships at sea, organizations often have a few computers that are not easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options:
--   **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain.
--   **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server.
--   **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server.
--   **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option.
+#### Branch offices and distant networks
+
+From mining operations to ships at sea, organizations often have a few computers that aren't easily connected to the core network or the Internet. Some organizations have network segments at branch offices that are large and well-connected internally, but have a slow or unreliable WAN link to the rest of the organization. In these situations, you have several options:
+
+- **Active Directory-based activation**. In any site where the client computers are running Windows 10, Active Directory-based activation is supported, and it can be activated by joining the domain.
+
+- **Local KMS**. If a site has 25 or more client computers, it can activate against a local KMS server.
+
+- **Remote (core) KMS**. If the remote site has connectivity to an existing KMS (perhaps through a virtual private network (VPN) to the core network), that KMS can be used. Using the existing KMS means that you only need to meet the activation threshold on that server.
+
+- **MAK activation**. If the site has only a few computers and no connectivity to an existing KMS host, MAK activation is the best option.
 
 ### Disconnected computers
 
-Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this an “isolated network,” where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network.
-If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it does not support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet).
+Some users may be in remote locations or may travel to many locations. This scenario is common for roaming clients, such as the computers that are used by salespeople or other users who are offsite but not at branch locations. This scenario can also apply to remote branch office locations that have no connection to the core network. You can consider this branch office an "isolated network," where the number of computers is one. Disconnected computers can use Active Directory-based activation, the KMS, or MAK depending on the client version and how often the computers connect to the core network.
+
+If the computer is joined to the domain and running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2 8, you can use Active Directory-based activation—directly or through a VPN—at least once every 180 days. If the computer connects to a network with a KMS host at least every 180 days, but it doesn't support Active Directory-based activation, you can use KMS activation. Otherwise for computers that rarely or never connect to the network, use MAK independent activation (by using the telephone or the Internet).
 
 ### Test and development labs
 
-Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they cannot activate immediately.
-If you have ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they will be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network and use the methods described earlier in this guide.
-In labs that have a high turnover of computers and a small number of KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days.
+Lab environments often have large numbers of virtual machines, and physical computers and virtual machines in labs are reconfigured frequently. Therefore, first determine whether the computers in test and development labs require activation. Editions of Windows 10 that include volume licensing will operate normally, even if they can't activate immediately.
+
+If you've ensured that your test or development copies of the operating system are within the license agreement, you may not need to activate the lab computers if they'll be rebuilt frequently. If you require that the lab computers be activated, treat the lab as an isolated network, and use the methods described earlier in this guide.
+In labs that have a high turnover of computers and a few KMS clients, you must monitor the KMS activation count. You might need to adjust the time that the KMS caches the activation requests. The default is 30 days.
 
 ## Mapping your network to activation methods
 
-Now it’s time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you have collected the information you need to determine which activation methods will work best for you. You can fill-in information in Table 1 to help you make this determination.
+Now it's time to assemble the pieces into a working solution. By evaluating your network connectivity, the numbers of computers you have at each site, and the operating system versions in use in your environment, you've collected the information you need to determine which activation methods will work best for you. You can fill in information in Table 1 to help you make this determination.
 
 **Table 1**. Criteria for activation methods
 
 |Criterion |Activation method |
 |----------|------------------|
-|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation |
-|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days<p><strong>Note</strong><br>The core network must meet the KMS activation threshold. |KMS (central) |
-|Number of computers that do not connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK |
+|Number of domain-joined computers that support Active Directory-based activation (computers running Windows 10, Windows 8.1, Windows 8, Windows Server 2012 R2, or Windows Server 2012 R2) and will connect to a domain controller at least every 180 days. Computers can be mobile, semi-isolated, or located in a branch office or the core network. |Active Directory-based activation |
+|Number of computers in the core network that will connect (directly or through a VPN) at least every 180 days<div class="alert">**Note**<br>The core network must meet the KMS activation threshold.</div> |KMS (central) |
+|Number of computers that don't connect to the network at least once every 180 days (or if no network meets the activation threshold) | MAK |
 |Number of computers in semi-isolated networks that have connectivity to the KMS in the core network |KMS (central) |
 |Number of computers in isolated networks where the KMS activation threshold is met |KMS (local) |
-|Number of computers in isolated networks where the KMS activation threshold is not met |MAK |
-|Number of computers in test and development labs that will not be activated |None|
-|Number of computers that do not have a retail volume license |Retail (online or phone) |
-|Number of computers that do not have an OEM volume license |OEM (at factory) |
-|Total number of computer activations<p><strong>Note</strong><br>This total should match the total number of licensed computers in your organization. |
+|Number of computers in isolated networks where the KMS activation threshold isn't met |MAK |
+|Number of computers in test and development labs that won't be activated |None|
+|Number of computers that don't have a retail volume license |Retail (online or phone) |
+|Number of computers that don't have an OEM volume license |OEM (at factory) |
+|Total number of computer activations<div class="alert">**Note**<br>This total should match the total number of licensed computers in your organization.</div> |
 
 ## Choosing and acquiring keys
 
 When you know which keys you need, you must obtain them. Generally speaking, volume licensing keys are collected in two ways:
--   Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
--   Contact your [Microsoft Activation Center](https://go.microsoft.com/fwlink/p/?LinkId=618264).
+
+- Go to the **Product Keys** section of the [Volume Licensing Service Center](https://go.microsoft.com/fwlink/p/?LinkID=618213) for the following agreements: Open, Open Value, Select, Enterprise, and Services Provider License.
+
+- Contact your [Microsoft activation center](https://go.microsoft.com/fwlink/p/?LinkId=618264).
 
 ### KMS host keys
 
-A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is usually referred to as the *KMS host key*, but it is formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
+A KMS host needs a key that activates, or authenticates, the KMS host with Microsoft. This key is referred to as the *KMS host key*, but it's formally known as a *Microsoft Customer Specific Volume License Key* (CSVLK). Most documentation and Internet references earlier than Windows 8.1 use the term KMS key, but CSVLK is becoming more common in current documentation and management tools.
 
-A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You will need a KMS host key for any KMS that you want to set up and if you are going to use Active Directory-based activation.
+A KMS host running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate both Windows Server and Windows client operating systems. A KMS host key is also needed to create the activation objects in AD DS, as described later in this guide. You'll need a KMS host key for any KMS that you want to set up and if you're going to use Active Directory-based activation.
 
 ### Generic volume licensing keys
 
-When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you are creating. GVLKs are also referred to as KMS client setup keys.
+When you create installation media or images for client computers that will be activated by KMS or Active Directory-based activation, install a generic volume license key (GVLK) for the edition of Windows you're creating. GVLKs are also referred to as KMS client setup keys.
 
-Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK will not activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK does not work unless a valid KMS host key can be found. GVLKs are the only product keys that do not need to be kept confidential.
+Installation media from Microsoft for Enterprise editions of the Windows operating system may already contain the GVLK. One GVLK is available for each type of installation. The GLVK won't activate the software against Microsoft activation servers, but rather against a KMS or Active Directory-based activation object. In other words, the GVLK doesn't work unless a valid KMS host key can be found. GVLKs are the only product keys that don't need to be kept confidential.
 
-Typically, you will not need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it is being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS Client Setup Keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)).
+Typically, you won't need to manually enter a GVLK unless a computer has been activated with a MAK or a retail key and it's being converted to a KMS activation or to Active Directory-based activation. If you need to locate the GVLK for a particular client edition, see [Appendix A: KMS client setup keys](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/jj612867(v=ws.11)).
 
 ### Multiple activation keys
 
-You will also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT.
+You'll also need MAK keys with the appropriate number of activations available. You can see how many times a MAK has been used on the Volume Licensing Service Center website or in the VAMT.
 
 ## Selecting a KMS host
 
-The KMS does not require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers.
-KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.
+The KMS doesn't require a dedicated server. It can be cohosted with other services, such as AD DS domain controllers and read-only domain controllers.
+
+KMS hosts can run on physical computers or virtual machines that are running any supported Windows operating system. A KMS host that is running Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2 can activate any Windows client or server operating system that supports volume activation. A KMS host that is running Windows 10 can activate only computers running Windows 10, Windows 8.1, Windows 8, Windows 7, or Windows Vista.
+
 A single KMS host can support unlimited numbers of KMS clients, but Microsoft recommends deploying a minimum of two KMS hosts for failover purposes. However, as more clients are activated through Active Directory-based activation, the KMS and the redundancy of the KMS will become less important. Most organizations can use as few as two KMS hosts for their entire infrastructure.
 
-The flow of KMS activation is shown in Figure 3, and it follows this sequence:
+The flow of KMS activation is shown in Figure 3, and it follows this sequence:
 
-1.  An administrator uses the VAMT console to configure a KMS host and install a KMS host key.
-2.  Microsoft validates the KMS host key, and the KMS host starts to listen for requests.
-3.  The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment does not support DNS dynamic update protocol.)
-4.  A client configured with a GVLK uses DNS to locate the KMS host.
-5.  The client sends one packet to the KMS host.
-6.  The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs are not stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again.
-7.  If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host.
-8.  If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold has not yet been met, the client will try again.
+1. An administrator uses the VAMT console to configure a KMS host and install a KMS host key.
+
+2. Microsoft validates the KMS host key, and the KMS host starts to listen for requests.
+
+3. The KMS host updates resource records in DNS to allow clients to locate the KMS host. (Manually adding DNS records is required if your environment doesn't support DNS dynamic update protocol.)
+
+4. A client configured with a GVLK uses DNS to locate the KMS host.
+
+5. The client sends one packet to the KMS host.
+
+6. The KMS host records information about the requesting client (by using a client ID). Client IDs are used to maintain the count of clients and detect when the same computer is requesting activation again. The client ID is only used to determine whether the activation thresholds are met. The IDs aren't stored permanently or transmitted to Microsoft. If the KMS is restarted, the client ID collection starts again.
+
+7. If the KMS host has a KMS host key that matches the products in the GVLK, the KMS host sends a single packet back to the client. This packet contains a count of the number of computers that have requested activation from this KMS host.
+
+8. If the count exceeds the activation threshold for the product that is being activated, the client is activated. If the activation threshold hasn't yet been met, the client will try again.
 
 ![KMS activation flow.](../images/volumeactivationforwindows81-03.jpg)
 
 **Figure 3**. KMS activation flow
 
-## See also
--   [Volume Activation for Windows 10](volume-activation-windows-10.md)
- 
+## Related articles
+
+- [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/proxy-activation-vamt.md b/windows/deployment/volume-activation/proxy-activation-vamt.md
index 587efce773..65f7e79d8d 100644
--- a/windows/deployment/volume-activation/proxy-activation-vamt.md
+++ b/windows/deployment/volume-activation/proxy-activation-vamt.md
@@ -1,55 +1,68 @@
 ---
 title: Perform Proxy Activation (Windows 10)
-description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that do not have Internet access.
+description: Perform proxy activation by using the Volume Activation Management Tool (VAMT) to activate client computers that don't have Internet access.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
 # Perform Proxy Activation
 
-You can use the Volume Activation Management Tool (VAMT) to perform activation for client computers that do not have Internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key.
+You can use the Volume Activation Management Tool (VAMT) to perform activation for client computers that don't have Internet access. The client products can be installed with any type of product key that is eligible for proxy activation: Multiple activation Key (MAK), KMS Host key (CSVLK), or retail key.
 
 In a typical proxy-activation scenario, the VAMT host computer distributes a MAK to one or more client computers and collects the installation ID (IID) from each computer. The VAMT host computer sends the IIDs to Microsoft on behalf of the client computers and obtains the corresponding Confirmation IDs (CIDs). The VAMT host computer then installs the CIDs on the client computer to complete the activation. Using this activation method, only the VAMT host computer needs Internet access.
 
-**Note**  
-For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet. 
+> [!NOTE]
+> For workgroups that are completely isolated from any larger network, you can still perform MAK, KMS Host key (CSVLK), or retail proxy activation. This requires installing a second instance of VAMT on a computer within the isolated group and using removable media to transfer activation data between that computer and another VAMT host computer that has Internet access. For more information about this scenario, see [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md). Similarly, you can proxy activate a KMS Host key (CSVLK) located in an isolated network. You can also proxy activate a KMS Host key (CSVLK) in the core network if you do not want the KMS host computer to connect to Microsoft over the Internet.
 
 ## Requirements
 
 Before performing proxy activation, ensure that your network and the VAMT installation meet the following requirements:
--   There is an instance of VAMT that is installed on a computer that has Internet access. If you are performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup.
--   The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products have not been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key.
--   VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall.
--   For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
-The product keys that are installed on the client products must have a sufficient number of remaining activations. If you are activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This retrieves the number of remaining activations for the MAK from Microsoft. Note that this step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
+
+- There's an instance of VAMT that is installed on a computer that has Internet access. If you're performing proxy activation for an isolated workgroup, you also need to have VAMT installed on one of the computers in the workgroup.
+
+- The products to be activated have been added to VAMT and are installed with a retail product key, a KMS Host key (CSVLK) or a MAK. If the products haven't been installed with a proper product key, refer to the steps in the [Add and Remove a Product Key](add-remove-product-key-vamt.md) section for instructions on how to install a product key.
+
+- VAMT has administrative permissions on all products to be activated and Windows Management Instrumentation (WMI) is accessible through the Windows firewall.
+
+- For workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure client computers](configure-client-computers-vamt.md).
+
+    The product keys that are installed on the client products must have a sufficient number of remaining activations. If you're activating a MAK key, you can retrieve the remaining number of activations for that key by selecting the MAK in the product key list in the center pane and then clicking **Refresh product key data online** in the right-side pane. This action retrieves the number of remaining activations for the MAK from Microsoft. This step requires Internet access and that the remaining activation count can only be retrieved for MAKs.
 
 ## To Perform Proxy Activation
 
-**To perform proxy activation**
+1. Open VAMT.
 
-1.  Open VAMT.
-2.  If necessary, install product keys. For more information see:
-    -   [Install a Product Key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK).
-    -   [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys.
-3.  In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-4.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-5.  Click **Filter**. VAMT displays the filtered list in the center pane.
-6.  In the right-side pane, click **Activate** and then click **Proxy activate** to open the **Proxy Activate** dialog box.
-7.  In the **Proxy Activate** dialog box click **Apply Confirmation ID, apply to selected machine(s) and activate**.
-8.  If you are activating products that require administrator credentials different from the ones you are currently using, select the **Use Alternate Credentials** checkbox.
-9.  Click **OK**.
-10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you will be prompted to enter the credentials.
+2. If necessary, install product keys. For more information, see:
 
-    **Note**  
+    - [Install a product key](install-product-key-vamt.md) to install retail, MAK, or KMS Host key (CSVLK).
+
+    - [Install a KMS Client Key](install-kms-client-key-vamt.md) to install GVLK (KMS client) keys.
+
+3. In the **Products** list in the center pane, select the individual products to be activated. You can use the **Filter** function to narrow your search for products by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+5. Select **Filter**. VAMT displays the filtered list in the center pane.
+
+6. In the right-side pane, select **Activate** and then select **Proxy activate** to open the **Proxy Activate** dialog box.
+
+7. In the **Proxy Activate** dialog box select **Apply Confirmation ID, apply to selected machine(s) and activate**.
+
+8. If you're activating products that require administrator credentials different from the ones you're currently using, select the **Use Alternate Credentials** checkbox.
+
+9. Select **OK**.
+
+10. VAMT displays the **Activating products** dialog box until it completes the requested action. If you selected the **Alternate Credentials** option, you'll be prompted to enter the credentials.
+
+    > [!NOTE]
     You can use proxy activation to select products that have different key types and activate the products at the same time.
- 
- 
- 
diff --git a/windows/deployment/volume-activation/remove-products-vamt.md b/windows/deployment/volume-activation/remove-products-vamt.md
index e0fa9fe778..231f5081c2 100644
--- a/windows/deployment/volume-activation/remove-products-vamt.md
+++ b/windows/deployment/volume-activation/remove-products-vamt.md
@@ -2,31 +2,39 @@
 title: Remove Products (Windows 10)
 description: Learn how you must delete products from the product list view so you can remove products from the Volume Activation Management Tool (VAMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Remove Products
+# Remove products
 
 To remove one or more products from the Volume Activation Management Tool (VAMT), you can delete them from the product list view in the center pane.
 
-**To delete one or more products**
-1.  Click a product node in the left-side pane.
-2.  You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-3.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-4.  Click **Filter**. VAMT displays the filtered list in the center pane.
-5.  Select the products you want to delete.
-6.  Click **Delete** in the **Selected Items** menu in the right-side pane.
-7.  On the **Confirm Delete Selected Products** dialog box, click **OK**.
+## To delete one or more products
+
+1. Select a product node in the left-side pane.
+
+2. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+3. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+4. Select **Filter**. VAMT displays the filtered list in the center pane.
+
+5. Select the products you want to delete.
+
+6. Select **Delete** in the **Selected Items** menu in the right-side pane.
+
+7. On the **Confirm Delete Selected Products** dialog box, select **OK**.
+
+## Related articles
 
-## Related topics
 - [Add and Manage Products](add-manage-products-vamt.md)
- 
- 
diff --git a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
index 6f92b8bdbb..2985a6bc04 100644
--- a/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-kms-activation-vamt.md
@@ -2,44 +2,58 @@
 title: Scenario 3 KMS Client Activation (Windows 10)
 description: Learn how to use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Scenario 3: KMS Client Activation
+# Scenario 3: KMS client activation
 
-In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You do not have to enter a key to activate a product as a GVLK, unless you are converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md).
+In this scenario, you use the Volume Activation Management Tool (VAMT) to activate Key Management Service (KMS) client keys or Generic Volume License Keys (GVLKs). This type of activation can be performed on either Core Network or Isolated Lab computers. By default, volume license editions of Windows Vista, Windows® 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. GVLKs are already installed in volume license editions of these products. You don't have to enter a key to activate a product as a GVLK, unless you're converting a MAK-activated product to a KMS activation. For more information, see [Install a KMS Client Key](install-kms-client-key-vamt.md).
 
-The procedure that is described below assumes the following:
--   The KMS Service is enabled and available to all KMS clients.
--   VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information.
+The procedure that is described below assumes the following configuration:
 
-## Activate KMS Clients
+- The KMS Service is enabled and available to all KMS clients.
 
-1.  Open VAMT.
-2.  To set the KMS activation options, on the menu bar click **View**. Then click **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box.
-3.  In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options:
-    -   **Find a KMS host automatically using DNS**. This is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead.
-    -   **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain.
-    -   **Use specific KMS host**. Select this option for environments which do not use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host.
-4.  In the left-side pane, in the **Products** node, click the product that you want to activate.
-5.  In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-6.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by Product Name, Product Key Type, or License Status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-7.  Click **Filter**. VAMT displays the filtered list in the center pane.
-8.  Select the products that you want to activate.
-9.  Click **Activate** in the **Selected Items** menu in the right-side **Actions** pane, click **Activate**, point to **Volume activate**, and then click the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password.
-10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+- VAMT has been installed and computers have been added to the VAMT database. See Parts 1 through 4 in either [Scenario 1: Online Activation](scenario-online-activation-vamt.md) or [Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) for more information.
+
+## Activate KMS clients
+
+1. Open VAMT.
+
+2. To set the KMS activation options, on the menu bar select **View**. Then select **Preferences** to open the **Volume Activation Management Tool Preferences** dialog box.
+
+3. In the **Volume Activation Management Tool Preferences** dialog box, under **KMS Management Services host selection** select from the following options:
+
+    - **Find a KMS host automatically using DNS**. This setting is the default setting. VAMT will instruct the computer to query the Domain Name Service (DNS) to locate a KMS host and perform activation. If the client contains a registry key with a valid KMS host, that value will be used instead.
+
+    - **Find a KMS host using DNS in this domain for supported products**. Select this option if you use a specific domain, and enter the name of the domain.
+
+    - **Use specific KMS host**. Select this option for environments that don't use DNS for KMS host identification, and manually enter the KMS host name and select the KMS host port. VAMT will set the specified KMS host name and KMS host port on the target computer, and then instruct the computer to perform activation with the specific KMS host.
+
+4. In the left-side pane, in the **Products** node, select the product that you want to activate.
+
+5. In the products list view in the center pane, sort the list if necessary. You can use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+6. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by Product Name, Product Key Type, or License Status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+7. Select **Filter**. VAMT displays the filtered list in the center pane.
+
+8. Select the products that you want to activate.
+
+9. Select **Activate** in the **Selected Items** menu in the right-side **Actions** pane, select **Activate**, point to **Volume activate**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password.
+
+10. VAMT displays the **Activating products** dialog box until it completes the requested action. When activation is complete, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears.
 
 The same status is shown under the **Status of Last Action** column in the products list view in the center pane.
 
-## Related topics
-- [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
- 
- 
+## Related articles
+
+- [VAMT step-by-step scenarios](vamt-step-by-step.md)
diff --git a/windows/deployment/volume-activation/scenario-online-activation-vamt.md b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
index 0456ed2993..68ca97def3 100644
--- a/windows/deployment/volume-activation/scenario-online-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-online-activation-vamt.md
@@ -2,11 +2,11 @@
 title: Scenario 1 Online Activation (Windows 10)
 description: Achieve network access by deploying the Volume Activation Management Tool (VAMT) in a Core Network environment.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
@@ -14,119 +14,146 @@ ms.technology: itpro-fundamentals
 # Scenario 1: Online Activation
 
 In this scenario, the Volume Activation Management Tool (VAMT) is deployed in the Core Network environment. VAMT is installed on a central computer that has network access to all of the client computers. Both the VAMT host and the client computers have Internet access. The following illustration shows a diagram of an online activation scenario for Multiple Activation Keys (MAKs). You can use this scenario for online activation of the following key types:
--   Multiple Activation Key (MAK)
--   Windows Key Management Service (KMS) keys:
-    -   KMS Host key (CSVLK)
-    -   Generic Volume License Key (GVLK), or KMS client key
--   Retail
+
+- Multiple Activation Key (MAK)
+
+- Windows Key Management Service (KMS) keys:
+
+  - KMS Host key (CSVLK)
+
+  - Generic Volume License Key (GVLK), or KMS client key
+
+- Retail
 The Secure Zone represents higher-security Core Network computers that have additional firewall protection.
 
 ![VAMT firewall configuration for multiple subnets.](images/dep-win8-l-vamt-makindependentactivationscenario.jpg)
 
-## In This Topic
--   [Install and start VAMT on a networked host computer](#bkmk-partone)
--   [Configure the Windows Management Instrumentation firewall exception on target computers](#bkmk-parttwo)
--   [Connect to VAMT database](#bkmk-partthree)
--   [Discover products](#bkmk-partfour)
--   [Sort and filter the list of computers](#bkmk-partfive)
--   [Collect status information from the computers in the list](#bkmk-partsix)
--   [Add product keys and determine the remaining activation count](#bkmk-partseven)
--   [Install the product keys](#bkmk-parteight)
--   [Activate the client products](#bkmk-partnine)
+## Step 1: Install and start VAMT on a networked host computer
 
-## <a href="" id="bkmk-partone"></a>Step 1: Install and start VAMT on a networked host computer
+1. Install VAMT on the host computer.
 
-1.  Install VAMT on the host computer.
-2.  Click the VAMT icon in the **Start** menu to open VAMT.
+2. Select the VAMT icon in the **Start** menu to open VAMT.
 
-## <a href="" id="bkmk-parttwo"></a>Step 2: Configure the Windows Management Instrumentation firewall exception on target computers
+## Step 2: Configure the Windows Management Instrumentation firewall exception on target computers
 
--   Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
 
-    **Note**  
-    To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+    > [!NOTE]
+    > To retrieve product license status, VAMT must have administrative permissions on the remote computers and WMI must be available through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
 
-## <a href="" id="bkmk-partthree"></a>Step 3: Connect to a VAMT database
+## Step 3: Connect to a VAMT database
 
-1.  If you are not already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located.
-2.  Click **Connect**.
-3.  If you are already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md)
+1. If you aren't already connected to a database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database where the keys that must be activated are located.
 
-## <a href="" id="bkmk-partfour"></a>Step 4: Discover products
+2. Select **Connect**.
 
-1.  In the left-side pane, in the **Products** node Products, click the product that you want to activate.
-2.  To open the **Discover Products** dialog box, click **Discover products** in the **Actions** menu in the right-side pane.
-3.  In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query:
-    -   To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a".
-    -   To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Note that VAMT supports both IPv4 and IPV6 addressing.
-    -   To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
-    -   To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks.
-4.  Click **Search**.
+3. If you're already connected to a database, VAMT displays an inventory of the products and product keys in the center pane, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to Server** to open **the Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data](manage-vamt-data.md)
+
+## Step 4: Discover products
+
+1. In the left-side pane, in the **Products** node Products, select the product that you want to activate.
+
+2. To open the **Discover Products** dialog box, select **Discover products** in the **Actions** menu in the right-side pane.
+
+3. In the **Discover Products** dialog box, select **Search for computers in the Active Directory** to display the search options, and then select the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general Lightweight Directory Access Protocol (LDAP) query:
+
+    - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a".
+
+    - To search by individual computer name or IP address, select **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. VAMT supports both IPv4 and IPV6 addressing.
+
+    - To search for computers in a workgroup, select **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, select the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
+
+    - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without additional checks.
+
+4. Select **Search**.
 
     When the search is complete, the products that VAMT discovers appear in the product list view in the center pane.
 
-## <a href="" id="bkmk-partfive"></a>Step 5: Sort and filter the list of computers
+## Step 5: Sort and filter the list of computers
 
-You can sort the list of products so that it is easier to find the computers that require product keys to be activated:
-1.  On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**.
-2.  To sort the list further, you can click one of the column headings to sort by that column.
-3.  You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-4.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-5.  Click **Filter**. VAMT displays the filtered list in the product list view in the center pane.
+You can sort the list of products so that it's easier to find the computers that require product keys to be activated:
 
-## <a href="" id="bkmk-partsix"></a>Step 6: Collect status information from the computers in the list
+1. On the menu bar at the top of the center pane, select **Group by**, and then select **Product**, **Product Key Type**, or **License Status**.
+
+2. To sort the list further, you can select one of the column headings to sort by that column.
+
+3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by product name, product key type, or license status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+5. Select **Filter**. VAMT displays the filtered list in the product list view in the center pane.
+
+## Step 6: Collect status information from the computers in the list
 
 To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods:
-- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key.
-- To select computers which are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information.
-  **To collect status information from the selected computers**
-- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to log on to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then click **OK**.
+
+- To select a block of consecutively listed computers, select the first computer that you want to select, and then select the last computer while pressing the **Shift** key.
+
+- To select computers that aren't listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information.
+
+### To collect status information from the selected computers
+
+- In the right-side **Actions** pane, select **Update license status** in the **Selected Items** menu and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials that are different from the ones that you used to sign into the computer. Otherwise, select **Current Credentials** and continue to step 2. If you're supplying alternate credentials, in the **Windows Security** dialog box, type the appropriate user name and password and then select **OK**.
+
 - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane.
 
-  **Note**  
-  If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
+  > [!NOTE]  
+  > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
 
-## <a href="" id="bkmk-partseven"></a>Step 7: Add product keys and determine the remaining activation count
+## Step 7: Add product keys and determine the remaining activation count
 
-1.  Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box.
-2.  In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys:
-    -   To add product keys manually, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add Key(s)**.
-    -   To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key file to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**.
+1. Select the **Product Keys** node in the left-side pane, and then select **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box.
+
+2. In the **Add Product Key** dialog box, you can select from one of the following methods to add product keys:
+
+    - To add product keys manually, select **Enter product key(s) separated by line breaks**, enter one or more product keys, and then select **Add Key(s)**.
+
+    - To import a Comma Separated Values File (CSV) that contains a list of product keys, select **Select a product key file to import**, browse to the file location, select **Open** to import the file, and then select **Add Key(s)**.
 
     The keys that you have added appear in the **Product Keys** list view in the center pane.
 
-    **Important**  
-    If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs.
+    > [!IMPORTANT]
+    > If you are activating many products with a MAK, refresh the activation count of the MAK to ensure that the MAK can support the required number of activations. In the product key list in the center pane, select the MAK and then click **Refresh product key data online** in the right-side pane to contact Microsoft and retrieve the number of remaining activations for the MAK. This step requires Internet access. You can only retrieve the remaining activation count for MAKs.
 
-## <a href="" id="bkmk-parteight"></a>Step 8: Install the product keys
+## Step 8: Install the product keys
 
-1.  In the left-side pane, click the product that you want to install keys on to.
-2.  If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#bkmk-partfive).
-3.  In the **Products** list view pane, select the individual products which must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
-4.  Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
-5.  The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing a MAK you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Note that only one key can be installed at a time.
-6.  VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+1. In the left-side pane, select the product that you want to install keys on to.
+
+2. If necessary, sort and filter the list of products so that it's easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#step-5-sort-and-filter-the-list-of-computers).
+
+3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
+
+4. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
+
+5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you're installing a MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you aren't installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you want to view the **Description** for each key. When you've selected the product key that you want to install, select **Install Key**. Only one key can be installed at a time.
+
+6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears.
 
     The same status appears under the **Status of Last Action** column in the product list view in the center pane.
-    **Note**  
 
-    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10))
+    > [!NOTE]
+    > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT will display the failure status and will continue the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10))
 
-## <a href="" id="bkmk-partnine"></a>Step 9: Activate the client products
+## Step 9: Activate the client products
 
-1.  Select the individual products that you want to activate in the list-view pane.
-2.  On the menu bar, click **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also click **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option.
-3.  If you are activating product keys using your current credential, click **Current credential** and continue to step 5. If you are activating products that require an administrator credential that is different from the one you are currently using, click the **Alternate credential** option.
-4.  Enter your alternate user name and password and click **OK**.
-5.  The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed.
+1. Select the individual products that you want to activate in the list-view pane.
 
-    **Note**  
-    Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network.
-    
-    RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM.
+2. On the menu bar, select **Action**, point to **Activate** and point to **Online activate**. You can also right-click the selected computers(s) to display the **Action** menu, point to **Activate** and point to **Online activate**. You can also select **Activate** in the **Selected Items** menu in the right-hand pane to access the **Activate** option.
+
+3. If you're activating product keys using your current credential, select **Current credential** and continue to step 5. If you're activating products that require an administrator credential that is different from the one you're currently using, select the **Alternate credential** option.
+
+4. Enter your alternate user name and password and select **OK**.
+
+5. The **Activate** option contacts the Microsoft product-activation server over the Internet and requests activation for the selected products. VAMT displays the **Activating products** dialog box until the requested actions are completed.
+
+    > [!NOTE]
+    > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network.
+    > RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, Windows Server 2012, and volume editions of Office 2010 will not enter RFM.
+
+## Related articles
 
-## Related topics
 - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
- 
diff --git a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
index d66678367b..ccb63b5311 100644
--- a/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
+++ b/windows/deployment/volume-activation/scenario-proxy-activation-vamt.md
@@ -2,11 +2,11 @@
 title: Scenario 2 Proxy Activation (Windows 10)
 description: Use the Volume Activation Management Tool (VAMT) to activate products that are installed on workgroup computers in an isolated lab environment.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
@@ -19,148 +19,198 @@ In this scenario, the Volume Activation Management Tool (VAMT) is used to activa
 
 ## Step 1: Install VAMT on a Workgroup Computer in the Isolated Lab
 
-1.  Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012.
-2.  Click the VAMT icon in the **Start** menu to open VAMT.
+1. Install VAMT on a host computer in the isolated lab workgroup. This computer can be running Windows 7, Windows 8, Windows 10, Windows Server 2008 R2, or Windows Server® 2012.
 
-## Step 2: Configure the Windows Management Instrumentation Firewall Exception on Target Computers
+2. Select the VAMT icon in the **Start** menu to open VAMT.
 
--   Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+## Step 2: Configure the Windows Management Instrumentation Firewall Exception on target computers
 
-    **Note**  
-    To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
+- Ensure that the Windows Management Instrumentation (WMI) firewall exception has been enabled for all target computers. For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
 
-## Step 3: Connect to a VAMT Database
+    > [!NOTE]
+    > To retrieve the license status on the selected computers, VAMT must have administrative permissions on the remote computers and WMI must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
 
-1.  If the host computer in the isolated lab workgroup is not already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup.
-2.  Click **Connect**.
-3.  If you are already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, click **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md)
+## Step 3: Connect to a VAMT database
 
-## Step 4: Discover Products
+1. If the host computer in the isolated lab workgroup isn't already connected to the database, the **Database Connection Settings** dialog box appears when you open VAMT. Select the server and database that contains the computers in the workgroup.
 
-1.  In the left-side pane, in the **Products** node, click the product that you want to activate.
-2.  To open the **Discover Products** dialog box, click **Discover products** in the right-side pane.
-3.  In the **Discover Products** dialog box, click **Search for computers in the Active Directory** to display the search options, and then click the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query:
-    -   To search for computers in an Active Directory domain, click **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, click the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
-    -   To search by individual computer name or IP address, click **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported.
-    -   To search for computers in a workgroup, click **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, click the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only those computer names that start with the letter "a".
-    -   To search for computers by using a general LDAP query, click **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks.
-4.  Click **Search**.
+2. Select **Connect**.
+
+3. If you're already connected to a database, in the center pane VAMT displays an inventory of the products and product keys, and a license overview of the computers in the database. If you need to connect to a different database, select **Successfully connected to the Server** to open the **Database Connection Settings** dialog box. For more information about how to create VAMT databases and adding VAMT data, see [Manage VAMT Data.](manage-vamt-data.md)
+
+## Step 4: Discover products
+
+1. In the left-side pane, in the **Products** node, select the product that you want to activate.
+
+2. To open the **Discover Products** dialog box, select **Discover products** in the right-side pane.
+
+3. In the **Discover Products** dialog box, select **Search for computers in the Active Directory** to display the search options, and then select the search options that you want to use. You can search for computers in an Active Directory domain, by individual computer name or IP address, in a workgroup, or by a general LDAP query:
+
+    - To search for computers in an Active Directory domain, select **Search for computers in the Active Directory**. Then under **Domain Filter Criteria**, in the list of domain names, select the name of the domain that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for specific computers in the domain. This filter supports the asterisk (\*) wildcard. For example, typing "a\*" will display only computer names that start with the letter "a".
+
+    - To search by individual computer name or IP address, select **Manually enter name or IP address**. Then enter the full name or IP address in the **One or more computer names or IP addresses separated by commas** text box. Separate multiple entries with a comma. Both IPv4 and IPv6addressing are supported.
+
+    - To search for computers in a workgroup, select **Search for computers in the workgroup**. Then under **Workgroup Filter Criteria**, in the list of workgroup names, select the name of the workgroup that you want to search. You can narrow the search further by typing a name in the **Filter by computer name** field to search for a specific computer in the workgroup. This filter supports the asterisk (`*`) wildcard. For example, typing `a*` will display only those computer names that start with the letter **a**.
+
+    - To search for computers by using a general LDAP query, select **Search with LDAP query** and enter your query in the text box that appears. VAMT will validate the LDAP query syntax, but will otherwise run the query without extra checks.
+
+4. Select **Search**.
 
     The **Finding Computers** window appears and displays the search progress as the computers are located.
 
 When the search is complete, the products that VAMT discovers appear in the list view in the center pane.
 
-## Step 5: Sort and Filter the List of Computers
+## Step 5: Sort and filter the list of computers
 
-You can sort the list of products so that it is easier to find the computers that require product keys to be activated:
+You can sort the list of products so that it's easier to find the computers that require product keys to be activated:
 
-1.  On the menu bar at the top of the center pane, click **Group by**, and then click **Product**, **Product Key Type**, or **License Status**.
-2.  To sort the list further, you can click one of the column headings to sort by that column.
-3.  You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
-4.  In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
-    -   To filter the list by computer name, enter a name in the **Computer Name** box.
-    -   To filter the list by product name, product key type, or license status, click the list you want to use for the filter and select an option. If necessary, click **clear all filters** to create a new filter.
-5.  Click **Filter**. VAMT displays the filtered list in the product list view in the center pane.
+1. On the menu bar at the top of the center pane, select **Group by**, and then select **Product**, **Product Key Type**, or **License Status**.
 
-## Step 6: Collect Status Information from the Computers in the Isolated Lab
+2. To sort the list further, you can select one of the column headings to sort by that column.
+
+3. You can also use the **Filter** function to narrow your search for computers by clicking **Filter** in the right-side pane to open the **Filter Products** dialog box.
+
+4. In the **Filter Products** dialog box, you can filter the list by computer name, product name, product key type, license status, or by any combination of these options.
+
+    - To filter the list by computer name, enter a name in the **Computer Name** box.
+
+    - To filter the list by product name, product key type, or license status, select the list you want to use for the filter and select an option. If necessary, select **clear all filters** to create a new filter.
+
+5. Select **Filter**. VAMT displays the filtered list in the product list view in the center pane.
+
+## Step 6: Collect status information from the computers in the Isolated lab
 
 To collect the status from select computers in the database, you can select computers in the product list view by using one of the following methods:
-- To select a block of consecutively listed computers, click the first computer that you want to select, and then click the last computer while pressing the **Shift** key.
-- To select computers that are not listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information.
+
+- To select a block of consecutively listed computers, select the first computer that you want to select, and then select the last computer while pressing the **Shift** key.
+
+- To select computers that aren't listed consecutively, hold down the **Ctrl** key and select each computer for which you want to collect the status information.
   **To collect status information from the selected computers**
-- In the right-side **Actions** pane, click **Update license status** in the **Selected Items** menu and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials that are different from the ones that you used to sign in to the computer. Otherwise, click **Current Credentials** and continue to step 2.If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then click **OK**.
+
+- In the right-side **Actions** pane, select **Update license status** in the **Selected Items** menu and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials that are different from the ones that you used to sign in to the computer. Otherwise, select **Current Credentials** and continue to step 2.If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and then select **OK**.
+
 - VAMT displays the **Collecting product information** dialog box while it collects the license status of all supported products on the selected computers. When the process is finished, the updated license status of each product will appear in the product list view in the center pane.
 
-  **Note**  
-  If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
+  > [!NOTE]  
+  > If a computer has more than one supported product installed, VAMT adds an entry for each product. The entry appears under the appropriate product heading.
 
 ## Step 7: Add Product Keys
 
-1.  Click the **Product Keys** node in the left-side pane, and then click **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box.
-2.  In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys:
-    -   To add a single product key, click **Enter product key(s) separated by line breaks**, enter one or more product keys, and then click **Add key(s)**.
-    -   To import a Comma Separated Values File (CSV) that contains a list of product keys, click **Select a product key to import**, browse to the file location, click **Open** to import the file, and then click **Add Key(s)**.
+1. Select the **Product Keys** node in the left-side pane, and then select **Add Product Keys** in the right-side pane to open the **Add Product Keys** dialog box.
+
+2. In the **Add Product Keys** dialog box, you can select from one of the following methods to add product keys:
+
+    - To add a single product key, select **Enter product key(s) separated by line breaks**, enter one or more product keys, and then select **Add key(s)**.
+
+    - To import a Comma Separated Values File (CSV) that contains a list of product keys, select **Select a product key to import**, browse to the file location, select **Open** to import the file, and then select **Add Key(s)**.
 
     The keys that you have added appear in the **Product Keys** list view in the center pane.
 
 ## Step 8: Install the Product Keys on the Isolated Lab Computers
 
-1.  In the left-side pane, in the **Products** node click the product that you want to install keys onto.
-2.  If necessary, sort and filter the list of products so that it is easier to find the computers that must have a product key installed. See [Step 5: Sort and Filter the List of Computers](#step-5-sort-and-filter-the-list-of-computers).
-3.  In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
-4.  Click **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
-5.  The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you are installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you are not installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you have selected the product key that you want to install, click **Install Key**. Only one key can be installed at a time.
-6.  VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+1. In the left-side pane, in the **Products** node select the product that you want to install keys onto.
+
+2. If necessary, sort and filter the list of products so that it's easier to find the computers that must have a product key installed. See [Step 5: Sort and filter the list of computers](#step-5-sort-and-filter-the-list-of-computers).
+
+3. In the **Products** list view pane, select the individual products that must have keys installed. You can use the **CTRL** key or the **SHIFT** key to select more than one product.
+
+4. Select **Install product key** in the **Selected Items** menu in the right-side pane to display the **Install Product Key** dialog box.
+
+5. The **Select Product Key** dialog box displays the keys that are available to be installed. Under **Recommended MAKs**, VAMT might display one or more recommended MAKs based on the selected products. If you're installing an MAK, you can select a recommended product key or any other MAK from the **All Product Keys List**. If you aren't installing a MAK, select a product key from the **All Product Keys** list. Use the scroll bar if you need to view the **Description** for each key. When you've selected the product key that you want to install, select **Install Key**. Only one key can be installed at a time.
+
+6. VAMT displays the **Installing product key** dialog box while it attempts to install the product key for the selected products. When the process is finished, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears.
 
     The same status appears under the **Status of Last Action** column in the product list view in the center pane.
 
-    **Note**  
-    Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10))
+    > [!NOTE]
+    > Product key installation will fail if VAMT finds mismatched key types or editions. VAMT displays the failure status and continues the installation for the next product in the list. For more information on choosing the correct product key, see [How to Choose the Right Volume License Key for Windows.](/previous-versions/tn-archive/ee939271(v=technet.10))
 
-    **Note**  
-    Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM.
+    > [!NOTE]
+    > Installing a MAK and overwriting the GVLK on client products must be done with care. If the RTM version of Windows Vista has been installed on the computer for more than 30 days, then its initial grace period has expired. As a result, it will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are available on the network. RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM.
 
-## Step 9: Export VAMT Data to a .cilx File
+## Step 9: Export VAMT data to a `.cilx` file
 
-In this step, you export VAMT from the workgroup’s host computer and save it in a .cilx file. Then you copy the .cilx file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it is critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products.
+In this step, you export VAMT from the workgroup's host computer and save it in a `.cilx` file. Then you copy the `.cilx` file to removable media so that you can take it to a VAMT host computer that is connected to the Internet. In MAK proxy activation, it's critical to retain this file, because VAMT uses it to apply the Confirmation IDs (CIDs) to the proper products.
 
-1.  Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products.
-2.  In the right-side **Actions** pane, click **Export list** to open the **Export List** dialog box.
-3.  In the **Export List** dialog box, click **Browse** to navigate to the .cilx file, or enter the name of the .cilx file to which you want to export the data.
-4.  Under **Export options**, select one of the following data-type options:
-    -   Export products and product keys.
-    -   Export products only.
-    -   Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported .cilx file when this selection is selected. This option should be used when an enterprise’s security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the .cilx file that is transferred to the Core Network VAMT host.
-5.  If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box.
-6.  Click **Save**. VAMT displays a progress message while the data is being exported. Click **OK** when a message appears and confirms that the export has completed successfully.
-7.  If you exported the list to a file on the host computer’s hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device.
+1. Select the individual products that successfully received a product key in Step 8. If needed, sort and filter the list to find the products.
 
-    **Important**  
-    Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the .cilx file. Therefore, the .cilx file must be re-imported into the SQL Server database on the isolated lab workgroup’s VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group.
+2. In the right-side **Actions** pane, select **Export list** to open the **Export List** dialog box.
 
-## Step 10: Acquire Confirmation IDs from Microsoft on the Internet-Connected Host Computer
+3. In the **Export List** dialog box, select **Browse** to navigate to the `.cilx` file, or enter the name of the `.cilx` file to which you want to export the data.
 
-1.  Insert the removable media into the VAMT host that has Internet access.
-2.  Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane.
-3.  In the right-side **Actions** pane, click **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box.
-4.  In the **Acquire confirmation IDs for file** dialog box, browse to the location of the .cilx file that you exported from the isolated lab host computer, select the file, and then click **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs.
-5.  When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Click **OK** to close the message.
+4. Under **Export options**, select one of the following data-type options:
 
-## Step 11: Import the .cilx File onto the VAMT Host within the Isolated Lab Workgroup
+    - Export products and product keys.
 
-1.  Remove the storage device that contains the .cilx file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab.
-2.  Open VAMT and verify that you are connected to the database that contains the computer with the product keys that you are activating.
-3.  In the right-side **Actions** pane, click **Import list** to open the **Import List** dialog box.
-4.  In the **Import list** dialog box, browse to the location of the .cilx file that contains the CIDs, select the file, and then click **Open**.
-5.  Click **OK** to import the file and to overwrite any conflicting data in the database with data from the file.
-6.  VAMT displays a progress message while the data is being imported. Click **OK** when a message appears and confirms that the data has been successfully imported.
+    - Export products only.
+
+    - Export proxy activation data only. Selecting this option ensures that the export contains only the license information required for the proxy web service to obtain CIDs from Microsoft. No Personally Identifiable Information (PII) is contained in the exported `.cilx` file when this selection is selected. This option should be used when an enterprise's security policy states that no information that could identify a specific computer or user may be transferred out of the isolated lab and, therefore, this type of data must be excluded from the `.cilx` file that is transferred to the Core Network VAMT host.
+
+5. If you have selected products to export, and not the entire set of data from the database, select the **Export selected product rows only** check box.
+
+6. Select **Save**. VAMT displays a progress message while the data is being exported. Select **OK** when a message appears and confirms that the export has completed successfully.
+
+7. If you exported the list to a file on the host computer's hard drive, copy the file to removable media, such as a disk drive, CD/DVD, or USB storage device.
+
+    > [!IMPORTANT]
+    > Choosing the **Export proxy activation data only** option excludes Personally Identifiable Information (PII) from being saved in the `.cilx` file. Therefore, the `.cilx` file must be re-imported into the SQL Server database on the isolated lab workgroup's VAMT host computer, so that the CIDs that are requested from Microsoft (discussed in Step 10) can be correctly assigned to the computers in the isolated lab group.
+
+## Step 10: Acquire confirmation IDs from Microsoft on the internet connected host computer
+
+1. Insert the removable media into the VAMT host that has Internet access.
+
+2. Open VAMT. Make sure you are on the root node, and that the **Volume Activation Management Tool** view is displayed in the center pane.
+
+3. In the right-side **Actions** pane, select **Acquire confirmation IDs for CILX** to open the **Acquire confirmation IDs for file** dialog box.
+
+4. In the **Acquire confirmation IDs for file** dialog box, browse to the location of the `.cilx` file that you exported from the isolated lab host computer, select the file, and then select **Open**. VAMT displays an **Acquiring Confirmation IDs** message while it contacts Microsoft and collects the CIDs.
+
+5. When the CID collection process is complete, VAMT displays a **Volume Activation Management Tool** message that shows the number of confirmation IDs that were successfully acquired, and the name of the file where the IDs were saved. Select **OK** to close the message.
+
+## Step 11: Import the `.cilx` file onto the VAMT host within the Isolated lab workgroup
+
+1. Remove the storage device that contains the `.cilx` file from the Internet-connected VAMT host computer and insert it into the VAMT host computer in the isolated lab.
+
+2. Open VAMT and verify that you're connected to the database that contains the computer with the product keys that you're activating.
+
+3. In the right-side **Actions** pane, select **Import list** to open the **Import List** dialog box.
+
+4. In the **Import list** dialog box, browse to the location of the `.cilx` file that contains the CIDs, select the file, and then select **Open**.
+
+5. Select **OK** to import the file and to overwrite any conflicting data in the database with data from the file.
+
+6. VAMT displays a progress message while the data is being imported. Select **OK** when a message appears and confirms that the data has been successfully imported.
 
 ## Step 12: Apply the CIDs and Activate the Isolated Lab Computers
 
-1.  Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products.
-2.  In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password.
+1. Select the products to which you want to apply CIDs. If needed, sort and filter the list to find the products.
 
-    VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+2. In the right-side **Selected Items** menu, select **Activate**, select **Apply Confirmation ID**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password.
+
+    VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears.
     The same status appears under the **Status of Last Action** column in the product list view in the center pane.
 
 ## Step 13: (Optional) Reactivating Reimaged Computers in the Isolated Lab
 
-If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers has not changed, VAMT can reactivate those computers using the CIDs that are stored in the database.
-1.  Redeploy products to each computer, using the same computer names as before.
-2.  Open VAMT.
-3.  In the right-side **Selected Items** menu, click **Activate**, click **Apply Confirmation ID**, and then select the appropriate credential option. If you click the **Alternate Credentials** option, you will be prompted to enter an alternate user name and password.
+If you have captured new images of the computers in the isolated lab, but the underlying hardware of those computers hasn't changed, VAMT can reactivate those computers using the CIDs that are stored in the database.
 
-    VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Click **Close** to close the dialog box. You can also click the **Automatically close when done** check box when the dialog box appears.
+1. Redeploy products to each computer, using the same computer names as before.
+
+2. Open VAMT.
+
+3. In the right-side **Selected Items** menu, select **Activate**, select **Apply Confirmation ID**, and then select the appropriate credential option. If you select the **Alternate Credentials** option, you'll be prompted to enter an alternate user name and password.
+
+    VAMT displays the **Applying Confirmation Id** dialog box while it installs the CIDs on the selected products. When VAMT finishes installing the CIDs, the status appears in the **Action Status** column of the dialog box. Select **Close** to close the dialog box. You can also select the **Automatically close when done** check box when the dialog box appears.
     The same status appears under the **Status of Last Action** column in the product list view in the center pane.
 
-    **Note**  
-    Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network. 
-    
-    RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 will not enter RFM.
+    > [!NOTE]
+    > Installing a MAK and overwriting the GVLK on the client products must be done with care. If the Windows activation initial grace period has expired, Windows will enter Reduced Functionality Mode (RFM) if online activation is not completed successfully before the next logon attempt. However, you can use online activation to recover properly configured computers from RFM, as long as the computers are accessible on the network.
 
-    **Note**  
-    Reapplying the same CID conserves the remaining activations on the MAK.
+    RFM only applies to the RTM version of Windows Vista or the retail editions of Microsoft Office 2010. Windows Vista with SP1 or later, Windows 7, Windows 8, Windows 10, Windows Server 2008, Windows Server 2008 R2, and Windows Server 2012, and volume editions of Office 2010 won't enter RFM.
+
+    > [!NOTE]
+    > Reapplying the same CID conserves the remaining activations on the MAK.
+
+## Related articles
 
-## Related topics
 - [VAMT Step-by-Step Scenarios](vamt-step-by-step.md)
- 
diff --git a/windows/deployment/volume-activation/update-product-status-vamt.md b/windows/deployment/volume-activation/update-product-status-vamt.md
index dfd7e456e7..eb5553920d 100644
--- a/windows/deployment/volume-activation/update-product-status-vamt.md
+++ b/windows/deployment/volume-activation/update-product-status-vamt.md
@@ -2,34 +2,38 @@
 title: Update Product Status (Windows 10)
 description: Learn how to use the Update license status function to add the products that are installed on the computers.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# Update Product Status
+# Update product status
 
 After you add computers to the VAMT database, you need to use the **Update license status** function to add the products that are installed on the computers. You can also use the **Update license status** at any time to retrieve the most current license status for any products in the VAMT database.
 To retrieve license status, VAMT must have administrative permissions on all selected computers and Windows Management Instrumentation (WMI) must be accessible through the Windows Firewall. In addition, for workgroup computers, a registry key must be created to enable remote administrative actions under User Account Control (UAC). For more information, see [Configure Client Computers](configure-client-computers-vamt.md).
 
-**Note**  
+> [!NOTE]
 The license-status query requires a valid computer name for each system queried. If the VAMT database contains computers that were added without Personally Identifiable Information, computer names will not be available for those computers, and the status for these computers will not be updated.
 
 ## Update the license status of a product
 
-1.  Open VAMT.
-2.  In the **Products** list, select one or more products that need to have their status updated.
-3.  In the right-side **Actions** pane, click **Update license status** and then click a credential option. Choose **Alternate Credentials** only if you are updating products that require administrator credentials different from the ones you used to log into the computer.
-4.  If you are supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and click **OK**.
+1. Open VAMT.
+
+2. In the **Products** list, select one or more products that need to have their status updated.
+
+3. In the right-side **Actions** pane, select **Update license status** and then select a credential option. Choose **Alternate Credentials** only if you're updating products that require administrator credentials different from the ones you used to log into the computer.
+
+4. If you're supplying alternate credentials, in the **Windows Security** dialog box type the appropriate user name and password and select **OK**.
 
     VAMT displays the **Collecting product information** dialog box while it collects the status of all selected products. When the process is finished, the updated licensing status of each product will appear in the product list view in the center pane.
 
-    **Note**  
-    If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view.
- 
-## Related topics
+    > [!NOTE]
+    If a previously discovered Microsoft Office 2010 product has been uninstalled from the remote computer, updating its licensing status will cause the entry to be deleted from the **Office** product list view, and, consequently, the total number of discovered products will be smaller. However, the Windows installation of the same computer will not be deleted and will always be shown in the **Windows** products list view.
+
+## Related articles
+
 - [Add and Manage Products](add-manage-products-vamt.md)
diff --git a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
index 96270a5500..e742b9f498 100644
--- a/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
+++ b/windows/deployment/volume-activation/use-the-volume-activation-management-tool-client.md
@@ -2,49 +2,46 @@
 title: Use the Volume Activation Management Tool (Windows 10)
 description: The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to track and monitor several types of product keys.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
 # Use the Volume Activation Management Tool
 
-**Applies to**
--   Windows 10
--   Windows 8.1
--   Windows 8
--   Windows 7
--   Windows Server 2012 R2
--   Windows Server 2012
--   Windows Server 2008 R2
+(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*)
 
-**Looking for retail activation?**
--   [Get Help Activating Microsoft Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
+> [!TIP]
+> Are you looking for information on retail activation?
+>
+> - [Activate Windows](https://support.microsoft.com/help/12440/)
+> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
 The Volume Activation Management Tool (VAMT) provides several useful features, including the ability to perform VAMT proxy activation and to track and monitor several types of product keys.
 
-By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It is a standard Microsoft Management Console snap-in, and it can be 
-installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2.
+By using the VAMT, you can automate and centrally manage the volume, retail, and MAK activation process for Windows, Office, and select other Microsoft products. The VAMT can manage volume activation by using MAKs or KMS. It's a standard Microsoft Management Console snap-in, and it can be installed on any computer running Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, or Windows Server 2008 R2.
 
-The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740).
+The VAMT is distributed as part of the Windows Assessment and Deployment Kit (Windows ADK), which is a free download available from Microsoft Download Center. For more information, see [Windows Assessment and Deployment Kit (Windows ADK) for Windows 10](https://go.microsoft.com/fwlink/p/?LinkId=526740).
 
-In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature.
+In Windows Server 2012 R2, you can install the VAMT directly from Server Manager without downloading the Windows ADK by selecting the Volume Activation Services role or the Remote Server Administration Tools/Role Administration Tools/Volume Activation Tools feature.
 
 ## Activating with the Volume Activation Management Tool
 
 You can use the VAMT to complete the activation process in products by using MAK and retail keys, and you can work with computers individually or in groups. The VAMT enables two activation scenarios:
--   **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft.
--   **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that do not have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation.
+
+- **Online activation**. Online activation enables you to activate over the Internet any products that are installed with MAK, KMS host, or retail product keys. You can activate one or more connected computers within a network. This process requires that each product communicate activation information directly to Microsoft.
+
+- **Proxy activation**. This activation method enables you to perform volume activation for products that are installed on client computers that don't have Internet access. The VAMT host computer distributes a MAK, KMS host key, or retail product key to one or more client products and collects the installation ID from each client product. The VAMT host sends the installation IDs to Microsoft on behalf of the client products and obtains the corresponding confirmation IDs. The VAMT host then installs the confirmation IDs on the client products to complete their activation.
     By using this method, only the VAMT host computer requires Internet access. Proxy activation by using the VAMT is beneficial for isolated network segments and for cases where your organization has a mix of retail, MAK, and KMS-based activations.
 
 ## Tracking products and computers with the Volume Activation Management Tool
 
-The VAMT provides an overview of the activation and licensing status of computers across your network, as shown in Figure 18. Several prebuilt reports are also available to help you proactively manage licensing.
+The VAMT provides an overview of the activation and licensing status of computers across your network, as shown in Figure 18. Several prebuilt reports are also available to help you proactively manage licensing.
 
 ![VAMT showing the licensing status of multiple computers.](../images/volumeactivationforwindows81-18.jpg)
 
@@ -52,7 +49,7 @@ The VAMT provides an overview of the activation and licensing status of computer
 
 ## Tracking key usage with the Volume Activation Management Tool
 
-The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it is and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage.
+The VAMT makes it easier to track the various keys that are issued to your organization. You can enter each key into VAMT, and then the VAMT can use those keys for online or proxy activation of clients. The tool can also describe what type of key it's and to which product group it belongs. The VAMT is the most convenient way to quickly determine how many activations remain on a MAK. Figure 19 shows an example of key types and usage.
 
 ![VAMT showing key types and usage.](../images/volumeactivationforwindows81-19.jpg)
 
@@ -60,16 +57,19 @@ The VAMT makes it easier to track the various keys that are issued to your organ
 
 ## Other Volume Activation Management Tool features
 
-The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as:
--   **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query.
--   **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers.
--   **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive.
+The VAMT stores information in a Microsoft SQL Server database for performance and flexibility, and it provides a single graphical user interface for managing activations and performing other activation-related tasks, such as:
+
+- **Adding and removing computers**. You can use the VAMT to discover computers in the local environment. The VAMT can discover computers by querying AD DS, workgroups, or individual computer names or IP addresses, or through a general LDAP query.
+
+- **Discovering products**. You can use the VAMT to discover Windows, Windows Server, Office, and select other products that are installed on the client computers.
+
+- **Managing activation data**. The VAMT stores activation data in a SQL Server database. The tool can export this data in XML format to other VAMT hosts or to an archive.
 
 For more information, see:
--   [Volume Activation Management Tool (VAMT) Overview](./volume-activation-management-tool.md)
--   [VAMT Step-by-Step Scenarios](./vamt-step-by-step.md)
 
-## See also
--   [Volume Activation for Windows 10](volume-activation-windows-10.md)
- 
- 
+- [Volume Activation Management Tool (VAMT) Overview](./volume-activation-management-tool.md)
+- [VAMT Step-by-Step Scenarios](./vamt-step-by-step.md)
+
+## Related articles
+
+- [Volume Activation for Windows 10](volume-activation-windows-10.md)
diff --git a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
index ce68f48784..35886bbb64 100644
--- a/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
+++ b/windows/deployment/volume-activation/use-vamt-in-windows-powershell.md
@@ -2,11 +2,11 @@
 title: Use VAMT in Windows PowerShell (Windows 10)
 description: Learn how to use Volume Activation Management Tool (VAMT) PowerShell cmdlets to perform the same functions as the Vamt.exe command-line tool.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
@@ -15,61 +15,87 @@ ms.technology: itpro-fundamentals
 
 The Volume Activation Management Tool (VAMT) PowerShell cmdlets can be used to perform the same functions as the Vamt.exe command-line tool.
 
-**To install PowerShell 3.0**
-- VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](/powershell/scripting/install/installing-powershell).
+## Configuring VAMT in Windows PowerShell
 
-**To install the Windows Assessment and Deployment Kit**
-- In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK).
+### Install PowerShell 3.0
 
-**To prepare the VAMT PowerShell environment**
-- To open PowerShell with administrative credentials, click **Start** and type “PowerShell” to locate the program. Right-click **Windows PowerShell**, and then click **Run as administrator**. To open PowerShell in Windows 7, click **Start**, click **All Programs**, click **Accessories**, click **Windows PowerShell**, right-click **Windows PowerShell**, and then click **Run as administrator**.
+VAMT PowerShell cmdlets require Windows PowerShell, which is included in Windows 10, Windows 8 and Windows Server® 2012. You can download PowerShell for Windows 7 or other operating systems from the [Microsoft Download Center](/powershell/scripting/install/installing-powershell).
 
-  **Important**  
-  If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are supported for the x86 architecture only. You must use an x86 version of Windows PowerShell to import the VAMT module, which are available in these directories:
-  -   The x86 version of PowerShell is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe
-  -   The x86 version of the PowerShell ISE is available in C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell\_ise.exe
-- For all supported operating systems you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located.
+### Install the Windows Assessment and Deployment Kit**
+
+In addition to PowerShell, you must import the VAMT PowerShell module. The module is included in the VAMT 3.0 folder after you install the Windows Assessment and Deployment Kit (Windows ADK).
+
+### Prepare the VAMT PowerShell environment
+
+To open PowerShell with administrative credentials, select **Start** and enter `PowerShell` to locate the program. Right-click **Windows PowerShell**, and then select **Run as administrator**. To open PowerShell in Windows 7, select **Start**, select **All Programs**, select **Accessories**, select **Windows PowerShell**, right-click **Windows PowerShell**, and then select **Run as administrator**.
+
+  > [!IMPORTANT]  
+  > If you are using a computer that has an 64-bit processor, select **Windows PowerShell (x86)**. VAMT PowerShell cmdlets are only supported for x86 architecture. You must use an x86 version of Windows PowerShell to import the VAMT module
+  
+  The x86 versions of Windows PowerShell are available in the following directories:
+
+- PowerShell:
+  
+  `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe`
+- PowerShell ISE:
+  
+  `C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell_ise.exe`
+
+For all supported operating systems, you can use the VAMT PowerShell module included with the Windows ADK. By default, the module is installed with the Windows ADK in the VAMT folder. Change directories to the directory where VAMT is located. For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, enter:
 
-  For example, if the Windows ADK is installed in the default location of `C:\Program Files(x86)\Windows Kits\10`, type:
-    
   ``` powershell
-  cd “C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0”
+  cd "C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT 3.0"
   ```
-- Import the VAMT PowerShell module. To import the module, type the following at a command prompt:
+
+### Import the VAMT PowerShell module
+
+To import the VAMT PowerShell module, enter the following command at a PowerShell command prompt:
+
   ``` powershell
   Import-Module .\VAMT.psd1
   ```
-  Where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, type `get-help about_profiles`.
 
-## To Get Help for VAMT PowerShell cmdlets
+  where **Import-Module** imports a module only into the current session. To import the module into all sessions, add an **Import-Module** command to a Windows PowerShell profile. For more information about profiles, enter `get-help about_profiles`.
+
+## To get help for VAMT PowerShell cmdlets
+
+You can view all of the help sections for a VAMT PowerShell cmdlet, or you can view only the section that you're interested in. To view all of the Help content for a VAMT cmdlet, enter:
 
-You can view all of the help sections for a VAMT PowerShell cmdlet, or you can view only the section that you are interested in. To view all of the Help content for a VAMT cmdlet, type:
 ``` powershell
 get-help <cmdlet name> -all
 ```
-For example, type:
+
+For example, enter:
+
 ``` powershell
 get-help get-VamtProduct -all
 ```
 
-**Warning**  
-The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the -online option with the get-help cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](/powershell/module/vamt).
+> [!WARNING]
+> The update-help cmdlet is not supported for VAMT PowerShell cmdlets. To view online help for VAMT cmdlets, you can use the `-online` option with the `get-help` cmdlet. For more information, see [Volume Activation Management Tool (VAMT) Cmdlets in Windows PowerShell](/powershell/module/vamt).
 
-**To view VAMT PowerShell Help sections**
+### View VAMT PowerShell help sections
+
+1. To get the syntax to use with a cmdlet, enter the following command at a PowerShell command prompt:
 
-1. To get the syntax to use with a cmdlet, type the following at a command prompt:
    ``` powershell
    get-help <cmdlet name>
    ```
-   For example, type:
+
+   For example, enter:
+
    ``` powershell
    get-help get-VamtProduct 
    ```
-2. To see examples using a cmdlet, type:
+
+2. To see examples using a cmdlet, enter:
+
    ``` powershell
    get-help <cmdlet name> -examples
    ```
-   For example, type:
+
+   For example, enter:
+
    ``` powershell
    get-help get-VamtProduct -examples
    ```
diff --git a/windows/deployment/volume-activation/vamt-known-issues.md b/windows/deployment/volume-activation/vamt-known-issues.md
index 1e02f26440..948e4f2def 100644
--- a/windows/deployment/volume-activation/vamt-known-issues.md
+++ b/windows/deployment/volume-activation/vamt-known-issues.md
@@ -2,11 +2,11 @@
 title: VAMT known issues (Windows 10)
 description: Find out the current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 12/17/2019
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.custom: 
   - CI 111496
@@ -19,7 +19,9 @@ ms.technology: itpro-fundamentals
 The current known issues with the Volume Activation Management Tool (VAMT), versions 3.0. and 3.1, include:
 
 - VAMT Windows Management Infrastructure (WMI) remote operations might take longer to execute if the target computer is in a sleep or standby state.
-- When you open a Computer Information List (CIL) file that was saved by using a previous version of VAMT, the edition information is not shown for each product in the center pane. You must update the product status again to obtain the edition information.
+
+- When you open a Computer Information List (CIL) file that was saved by using a previous version of VAMT, the edition information isn't shown for each product in the center pane. You must update the product status again to obtain the edition information.
+
 - The remaining activation count can only be retrieved for Multiple Activation Key (MAKs).
 
 ## Workarounds for adding CSVLKs for Windows 10 activation to VAMT 3.1
@@ -28,11 +30,11 @@ Another known issue is that when you try to add a Windows 10 Key Management Serv
 
 ![VAMT error message.](./images/vamt-known-issue-message.png)
 
-This issue occurs because VAMT 3.1 does not contain the correct Pkconfig files to recognize this kind of key. To work around this issue, use one of the following methods.
+This issue occurs because VAMT 3.1 doesn't contain the correct Pkconfig files to recognize this kind of key. To work around this issue, use one of the following methods.
 
 ### Method 1
 
-Do not add the CSVLK to the VAMT 3.1 tool. Instead, use the **slmgr.vbs /ipk \<*CSVLK*>** command to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the Slmgr.vbs tool, see [Slmgr.vbs options for obtaining volume activation information](/windows-server/get-started/activation-slmgr-vbs-options).
+Don't add the CSVLK to the VAMT 3.1 tool. Instead, use the ` slmgr.vbs /ipk <CSVLK>` command to install a CSVLK on a KMS host. In this command, \<*CSVLK*> represents the specific key that you want to install. For more information about how to use the `Slmgr.vbs` tool, see [Slmgr.vbs options for obtaining volume activation information](/windows-server/get-started/activation-slmgr-vbs-options).
 
 ### Method 2
 
@@ -40,20 +42,32 @@ On the KMS host computer, perform the following steps:
 
 1. Download the hotfix from [July 2016 update rollup for Windows 8.1 and Windows Server 2012 R2](https://support.microsoft.com/help/3172614/).
 
-1. In Windows Explorer, right-click **485392_intl_x64_zip** and extract the hotfix to C:\KB3058168.
+2. In Windows Explorer, right-click **485392_intl_x64_zip** and extract the hotfix to C:\KB3058168.
 
-1. To extract the contents of the update, run the following command:
+3. To extract the contents of the update, run the following command:
 
-   ```console
+   ``` syntax
    expand c:\KB3058168\Windows8.1-KB3058168-x64.msu -f:* C:\KB3058168\
    ```
 
-1. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command:
+4. To extract the contents of Windows8.1-KB3058168-x64.cab, run the following command:
 
-   ```console
+   ``` syntax
    expand c:\KB3058168\Windows8.1-KB3058168-x64.cab -f:pkeyconfig-csvlk.xrm-ms c:\KB3058168
    ```
 
-1. In the C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716 folder, copy the pkeyconfig-csvlk.xrm-ms file. Paste this file into the C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig folder.
+5. In the
+   
+   `C:\KB3058168\x86_microsoft-windows-s..nent-sku-csvlk-pack_31bf3856ad364e35_6.3.9600.17815_none_bd26b4f34d049716`
+   
+   folder, copy the
+   
+   `pkeyconfig-csvlk.xrm-ms`
+   
+   file. Paste this file into the
+   
+   `C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\VAMT3\pkconfig`
+   
+   folder.
 
-1. Restart VAMT.
+6. Restart VAMT.
diff --git a/windows/deployment/volume-activation/vamt-requirements.md b/windows/deployment/volume-activation/vamt-requirements.md
index 736a7d6b84..a304218987 100644
--- a/windows/deployment/volume-activation/vamt-requirements.md
+++ b/windows/deployment/volume-activation/vamt-requirements.md
@@ -2,20 +2,20 @@
 title: VAMT Requirements (Windows 10)
 description: In this article, learn about the product key and system requierements for Volume Activation Management Tool (VAMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# VAMT Requirements
+# VAMT requirements
 
-This topic includes info about the product key and system requirements for VAMT.
+This article includes info about the product key and system requirements for VAMT.
 
-## Product Key Requirements
+## Product key requirements
 
 The Volume Activation Management Tool (VAMT) can be used to perform activations using any of the following types of product keys.
 
@@ -24,7 +24,7 @@ The Volume Activation Management Tool (VAMT) can be used to perform activations
 |<ul><li>Multiple Activation Key (MAK)</li><li>Key Management Service (KMS) host key (CSVLK)</li><li>KMS client setup keys (GVLK)</li></ul> |Volume licensing keys can only be obtained with a signed contract from Microsoft. For more info, see the [Microsoft Volume Licensing portal](https://go.microsoft.com/fwlink/p/?LinkId=227282). |
 |Retail product keys |Obtained at time of product purchase. |
 
-## System Requirements
+## System requirements
 
 The following table lists the system requirements for the VAMT host computer.
 
@@ -37,7 +37,8 @@ The following table lists the system requirements for the VAMT host computer.
 | Display | 1024x768 or higher resolution monitor |
 | Network | Connectivity to remote computers via Windows Management Instrumentation (TCP/IP) and Microsoft Activation Web Service on the Internet via HTTPS |
 | Operating System | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows Server 2008 R2, Windows Server 2012, or later. |
-| Additional Requirements | <ul><li>Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).</li><li>PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](/powershell/scripting/install/installing-powershell).</li><li>If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.</li></ul> |
+| Additional Requirements | <ul><li>Connection to a SQL Server database. For more info, see [Install VAMT](install-vamt.md).</li><li>PowerShell 3.0: For Windows 8, Windows 8.1, Windows 10, and Windows Server 2012, PowerShell is included in the installation. For previous versions of Windows and Windows Server, you must download PowerShell 3.0. To download PowerShell, go to [Download Windows PowerShell 3.0](/powershell/scripting/install/installing-powershell).</li><li>If installing on Windows Server 2008 R2, you must also install .NET Framework 3.51.</li></ul> |
 
-## Related topics
-- [Install and Configure VAMT](install-configure-vamt.md)
+## Related articles
+
+- [Install and configure VAMT](install-configure-vamt.md)
diff --git a/windows/deployment/volume-activation/vamt-step-by-step.md b/windows/deployment/volume-activation/vamt-step-by-step.md
index 1c161bf9b5..880a8cf474 100644
--- a/windows/deployment/volume-activation/vamt-step-by-step.md
+++ b/windows/deployment/volume-activation/vamt-step-by-step.md
@@ -2,28 +2,27 @@
 title: VAMT Step-by-Step Scenarios (Windows 10)
 description: Learn step-by-step instructions on implementing the Volume Activation Management Tool (VAMT) in typical environments.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
-ms.date: 04/25/2017
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
-# VAMT Step-by-Step Scenarios
+# VAMT step-by-step scenarios
 
 This section provides instructions on how to implement the Volume Activation Management Tool (VAMT) in typical environments. VAMT supports many common scenarios; it describes here some of the most common to get you started.
 
-## In this Section
+## In this section
 
-|Topic |Description |
-|------|------------|
+|Article |Description |
+|-------|------------|
 |[Scenario 1: Online Activation](scenario-online-activation-vamt.md) |Describes how to distribute Multiple Activation Keys (MAKs) to products installed on one or more connected computers within a network, and how to instruct these products to contact Microsoft over the Internet for activation. |
 |[Scenario 2: Proxy Activation](scenario-proxy-activation-vamt.md) |Describes how to use two VAMT host computers—the first one with Internet access and a second computer within an isolated workgroup—as proxies to perform MAK volume activation for workgroup computers that don't have Internet access. |
-|[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
+|[Scenario 3: Key Management Service (KMS) Client Activation](scenario-kms-activation-vamt.md) |Describes how to use VAMT to configure client products for Key Management Service (KMS) activation. By default, volume license editions of Windows 10, Windows Vista, Windows® 7, Windows 8, Windows Server 2008, Windows Server 2008 R2, or Windows Server® 2012, and Microsoft® Office 2010 use KMS for activation. |
 
 ## Related articles
+
 - [Introduction to VAMT](introduction-vamt.md)
- 
- 
diff --git a/windows/deployment/volume-activation/volume-activation-management-tool.md b/windows/deployment/volume-activation/volume-activation-management-tool.md
index b24992eac1..9771f187cd 100644
--- a/windows/deployment/volume-activation/volume-activation-management-tool.md
+++ b/windows/deployment/volume-activation/volume-activation-management-tool.md
@@ -1,12 +1,12 @@
 ---
 title: VAMT technical reference
 description: The Volume Activation Management Tool (VAMT) enables network administrators to automate and centrally manage volume activation and retail activation.
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
-author: aczechowski
-ms.date: 09/16/2022
+author: frankroj
+ms.date: 11/07/2022
 ms.topic: overview
 ms.custom: seo-marvel-apr2020
 ---
diff --git a/windows/deployment/volume-activation/volume-activation-windows-10.md b/windows/deployment/volume-activation/volume-activation-windows-10.md
index c97a874ef7..a56f8ed301 100644
--- a/windows/deployment/volume-activation/volume-activation-windows-10.md
+++ b/windows/deployment/volume-activation/volume-activation-windows-10.md
@@ -2,35 +2,32 @@
 title: Volume Activation for Windows 10
 description: Learn how to use volume activation to deploy & activate Windows 10. Includes details for orgs that have used volume activation for earlier versions of Windows.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: frankroj
 ms.prod: windows-client
-author: aczechowski
+author: frankroj
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 11/07/2022
 ms.topic: article
 ms.technology: itpro-fundamentals
 ---
 
 # Volume Activation for Windows 10
 
-> Applies to
+(*Applies to: Windows 10, Windows 8.1, Windows 8, Windows 7, Windows Server 2012 R2, Windows Server 2012, Windows Server 2008 R2*)
+
+> [!TIP]
+> Are you looking for volume licensing information?
 >
->- Windows 10
->- Windows Server 2012 R2
->- Windows Server 2012
->- Windows Server 2016
->- Windows Server 2019
+> - [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104)
 
-**Looking for volume licensing information?**
+> [!TIP]
+> Are you looking for information on retail activation?
+>
+> - [Activate Windows](https://support.microsoft.com/help/12440/)
+> - [Product activation for Windows](https://go.microsoft.com/fwlink/p/?LinkId=618644)
 
-- [Download the Volume Licensing Reference Guide for Windows 10 Desktop Operating System](https://go.microsoft.com/fwlink/p/?LinkId=620104)
-
-**Looking for retail activation?**
-
-- [Get Help Activating Microsoft Windows](https://support.microsoft.com/help/12440/windows-10-activate)
-
-This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows.
+This guide is designed to help organizations that are planning to use volume activation to deploy and activate Windows 10, including organizations that have used volume activation for earlier versions of Windows.
 
 *Volume activation* is the process that Microsoft volume licensing customers use to automate and manage the activation of Windows operating systems, Microsoft Office, and other Microsoft products across large organizations. Volume licensing is available to customers who purchase software under various volume programs (such as [Open](https://www.microsoft.com/Licensing/licensing-programs/open-license) and [Select](https://www.microsoft.com/Licensing/licensing-programs/select)) and to participants in programs such as the [Microsoft Partner Program](https://partner.microsoft.com/) and [MSDN Subscriptions](https://visualstudio.microsoft.com/msdn-platforms/).
 
@@ -38,25 +35,31 @@ Volume activation is a configurable solution that helps automate and manage the
 
 This guide provides information and step-by-step guidance to help you choose a volume activation method that suits your environment, and then to configure that solution successfully. This guide describes the volume activation features and the tools to manage volume activation.
 
-Because most organizations will not immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it does not discuss the tools that are provided with earlier operating system versions.
+Because most organizations won't immediately switch all computers to Windows 10, practical volume activation strategies must also take in to account how to work with the Windows 8.1, Windows 7, Windows Server 2012, and Windows Server 2008 R2 operating systems. This guide discusses how the new volume activation tools can support earlier operating systems, but it doesn't discuss the tools that are provided with earlier operating system versions.
 
-Volume activation -and the need for activation itself- is not new, and this guide does not review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831612(v=ws.11)).
+Volume activation -and the need for activation itself- isn't new, and this guide doesn't review all of its concepts and history. You can find additional background in the appendices of this guide. For more information, see [Volume Activation Overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831612(v=ws.11)).
 
-If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, please see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)).
+If you would like additional information about planning a volume activation deployment specifically for Windows 7 and Windows Server 2008 R2, see the [Volume Activation Planning Guide for Windows 7](/previous-versions/tn-archive/dd878528(v=technet.10)).
 
 To successfully plan and implement a volume activation strategy, you must:
 
 - Learn about and understand product activation.
+
 - Review and evaluate the available activation types or models.
+
 - Consider the connectivity of the clients to be activated.
+
 - Choose the method or methods to be used with each type of client.
-- Determine the types and number of product keys you will need.
+
+- Determine the types and number of product keys you'll need.
+
 - Determine the monitoring and reporting needs in your organization.
+
 - Install and configure the tools required to support the methods selected.
 
-Keep in mind that the method of activation does not change an organization’s responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place.
+Keep in mind that the method of activation doesn't change an organization's responsibility to the licensing requirements. You must ensure that all software used in your organization is properly licensed and activated in accordance with the terms of the licensing agreements in place.
 
-## Additional information
+## Related articles
 
 - [Plan for volume activation](plan-for-volume-activation-client.md)
 - [Activate using Key Management Service](activate-using-key-management-service-vamt.md)
diff --git a/windows/deployment/wds-boot-support.md b/windows/deployment/wds-boot-support.md
index 73cafab6e9..dfab934f9d 100644
--- a/windows/deployment/wds-boot-support.md
+++ b/windows/deployment/wds-boot-support.md
@@ -3,16 +3,18 @@ title: Windows Deployment Services (WDS) boot.wim support
 description: This article provides details on the support capabilities of WDS for end to end operating system deployment.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.topic: article
 ms.custom: seo-marvel-apr2020
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # Windows Deployment Services (WDS) boot.wim support
 
-Applies to: 
+Applies to:
 - Windows 10 
 - Windows 11
 
@@ -34,25 +36,24 @@ The table below provides support details for specific deployment scenarios (Boot
 |**Windows Server 2022**|Deprecated, with a warning message.|Deprecated, with a warning message.|Deprecated, with a warning message.|Deprecated, with a warning message.|Not supported.|
 |**Windows 11**|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|Not supported, blocked.|
 
-
 ## Reason for the change
 
-Alternatives to WDS, such as [Microsoft Endpoint Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experience for deploying Windows images. 
+Alternatives to WDS, such as [Microsoft Configuration Manager](/mem/configmgr/) and [Microsoft Deployment Toolkit](/mem/configmgr/mdt/) (MDT) provide a better, more flexible, and feature-rich experience for deploying Windows images. 
 
 ## Not affected
 
-WDS PXE boot is not affected by this change. You can still use WDS to PXE boot devices with custom boot images, but you cannot use **boot.wim** as the boot image and run Windows Setup in WDS mode.
+WDS PXE boot isn't affected by this change. You can still use WDS to PXE boot devices with custom boot images, but you can't use **boot.wim** as the boot image and run Windows Setup in WDS mode.
 
-You can still run Windows Setup from a network share. Workflows that use a custom boot.wim, such as MDT or Configuration Manager are not affected by this change.
+You can still run Windows Setup from a network share. Workflows that use a custom boot.wim, such as MDT or Configuration Manager aren't affected by this change.
 
 ## Summary
 
-- Windows 11 workflows that rely on **boot.wim** from installation media will be blocked. You cannot perform an end to end deployment of Windows 11 using only WDS.
-- Windows 10, Windows Server 2019, and previous operating system versions are not affected by this change.
-- Windows Server 2022 workflows that rely on **boot.wim** from installation media will show a non-blocking deprecation notice. The notice can be dismissed, and currently the workflow is not blocked.
+- Windows 11 workflows that rely on **boot.wim** from installation media will be blocked. You can't perform an end to end deployment of Windows 11 using only WDS.
+- Windows 10, Windows Server 2019, and previous operating system versions aren't affected by this change.
+- Windows Server 2022 workflows that rely on **boot.wim** from installation media will show a non-blocking deprecation notice. The notice can be dismissed, and currently the workflow isn't blocked.
 - Windows Server workflows after Windows Server 2022 that rely on **boot.wim** from installation media are blocked.
 
-If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version is not supported, deprecated, or blocked, it is recommended that you use deployment tools such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. 
+If you currently use WDS with **boot.wim** from installation media for end-to-end operating system deployment, and your OS version isn't supported, deprecated, or blocked, it's recommended that you use deployment tools such as MDT, Configuration Manager, or a non-Microsoft solution with a custom boot.wim image. 
 
 ## Also see
 
diff --git a/windows/deployment/windows-10-deployment-posters.md b/windows/deployment/windows-10-deployment-posters.md
index c4377a6979..d7d8c65cc3 100644
--- a/windows/deployment/windows-10-deployment-posters.md
+++ b/windows/deployment/windows-10-deployment-posters.md
@@ -1,14 +1,15 @@
 ---
 title: Windows 10 deployment process posters
-description: View and download Windows 10 deployment process flows for Microsoft Endpoint Manager and Windows Autopilot.
+description: View and download Windows 10 deployment process flows for Microsoft Configuration Manager and Windows Autopilot.
 ms.reviewer: 
-manager: dougeby
-author: aczechowski
-ms.author: aaroncz
+manager: aaroncz
+author: frankroj
+ms.author: frankroj
 ms.prod: windows-client
 ms.technology: itpro-deploy
 ms.localizationpriority: medium
 ms.topic: reference
+ms.date: 10/31/2022
 ---
 
 # Windows 10 deployment process posters
@@ -16,7 +17,7 @@ ms.topic: reference
 **Applies to**
 -   Windows 10
 
-The following posters step through various options for deploying Windows 10 with Windows Autopilot or Microsoft Endpoint Configuration Manager.
+The following posters step through various options for deploying Windows 10 with Windows Autopilot or Microsoft Configuration Manager.
 
 ## Deploy Windows 10 with Autopilot
 
@@ -24,7 +25,7 @@ The Windows Autopilot poster is two pages in portrait mode (11x17). Select the i
 
 [![Deploy Windows 10 with Autopilot.](./media/windows10-autopilot-flowchart.png)](https://download.microsoft.com/download/8/4/b/84b5e640-8f66-4b43-81a9-1c3b9ea18eda/Windows10AutopilotFlowchart.pdf)
 
-## Deploy Windows 10 with Microsoft Endpoint Configuration Manager
+## Deploy Windows 10 with Microsoft Configuration Manager
 
 The Configuration Manager poster is one page in landscape mode (17x11). Select the image to download a PDF version.
 
diff --git a/windows/deployment/windows-10-deployment-scenarios.md b/windows/deployment/windows-10-deployment-scenarios.md
index b23bb59cd1..3d06ff84bb 100644
--- a/windows/deployment/windows-10-deployment-scenarios.md
+++ b/windows/deployment/windows-10-deployment-scenarios.md
@@ -1,12 +1,14 @@
 ---
 title: Windows 10 deployment scenarios (Windows 10)
 description: Understand the different ways Windows 10 operating system can be deployed in your organization. Explore several Windows 10 deployment scenarios.
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.prod: windows-client
 ms.localizationpriority: medium
 ms.topic: article
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # Windows 10 deployment scenarios
@@ -15,13 +17,13 @@ ms.topic: article
 
 -   Windows 10
 
-To successfully deploy the Windows 10 operating system in your organization, it is important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Choosing among these scenarios, and understanding the capabilities and limitations of each, is a key task.
+To successfully deploy the Windows 10 operating system in your organization, it's important to understand the different ways that it can be deployed, especially now that there are new scenarios to consider. Key tasks include choosing among these scenarios and understanding the capabilities and limitations of each.
 
 ## Deployment categories
 
 The following tables summarize various Windows 10 deployment scenarios. The scenarios are each assigned to one of three categories.
 
-- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and Microsoft Endpoint Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home).
+- Modern deployment methods are recommended unless you have a specific need to use a different procedure. These methods are supported with existing tools such as Microsoft Deployment Toolkit (MDT) and Microsoft Configuration Manager. These methods are discussed in detail on the [Modern Desktop Deployment Center](/microsoft-365/enterprise/desktop-deployment-center-home).
 
    > [!NOTE]
    > Once you have deployed Windows 10 in your organization, it is important to stay up to date by [creating a deployment plan](update/create-deployment-plan.md) for Windows 10 feature updates.
@@ -42,7 +44,7 @@ The following tables summarize various Windows 10 deployment scenarios. The scen
 |Scenario|Description|More information|
 |--- |--- |--- |
 |[Subscription Activation](#windows-10-subscription-activation)|Switch from Windows 10 Pro to Enterprise when a subscribed user signs in.|[Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation)|
-|[AAD / MDM](#dynamic-provisioning)|The device is automatically joined to Azure Active Directory and configured by MDM.|[Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm)|
+|[Azure Active Directory / MDM](#dynamic-provisioning)|The device is automatically joined to Azure Active Directory and configured by MDM.|[Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm)|
 |[Provisioning packages](#dynamic-provisioning)|Using the Windows Imaging and Configuration Designer tool, create provisioning packages that can be applied to devices.|[Configure devices without MDM](/windows/configuration/configure-devices-without-mdm)|
 
 ### Traditional
@@ -59,46 +61,48 @@ The following tables summarize various Windows 10 deployment scenarios. The scen
 
 ## Modern deployment methods
 
-Modern deployment methods embrace both traditional on-prem and cloud services to deliver a simple, streamlined, cost effective deployment experience.
+Modern deployment methods embrace both traditional on-premises and cloud services to deliver a simple, streamlined, and cost effective deployment experience.
 
 ### Windows Autopilot
 
-Windows Autopilot is a new suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. Windows Autopilot enables IT professionals to customize the Out of Box Experience (OOBE) for Windows 10 PCs and provide end users with a fully configured new Windows 10 device after just a few clicks. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Users can go through the deployment process independently, without the need consult their IT administrator.
+Windows Autopilot is a new suite of capabilities designed to simplify and modernize the deployment and management of new Windows 10 PCs. Windows Autopilot enables IT professionals to customize the Out of Box Experience (OOBE) for Windows 10 PCs and provide end users with a fully configured new Windows 10 device. There are no images to deploy, no drivers to inject, and no infrastructure to manage. Users can go through the deployment process independently, without the need consult their IT administrator.
 
 For more information about Windows Autopilot, see [Overview of Windows Autopilot](/windows/deployment/windows-10-auto-pilot) and [Modernizing Windows deployment with Windows Autopilot](https://blogs.technet.microsoft.com/windowsitpro/2017/06/29/modernizing-windows-deployment-with-windows-autopilot/).
 
 ### In-place upgrade
 
-For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 leverages the Windows installation program (Setup.exe) to perform an in-place upgrade, which automatically preserves all data, settings, applications, and drivers from the existing operating system version. This requires the least IT effort, because there is no need for any complex deployment infrastructure.
+For existing computers running Windows 7, Windows 8, or Windows 8.1, the recommended path for organizations deploying Windows 10 uses the Windows installation program (Setup.exe) is to perform an in-place upgrade. An in-place upgrade:
 
-Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. This is accomplished by leveraging tools like Microsoft Endpoint Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
+- Automatically preserves all data, settings, applications, and drivers from the existing operating system version
+- Requires the least IT effort, because there's no need for any complex deployment infrastructure
 
-The in-place upgrade process is designed to be extremely reliable, with the ability to automatically roll back to the previous operating system if any issues are encountered during the deployment process, without any IT staff involvement. Rolling back manually can also be done by leveraging the automatically-created recovery information (stored in the Windows.old folder), in case any issues are encountered after the upgrade is finished. The upgrade process is also typically faster than traditional deployments, because applications do not need to be reinstalled as part of the process.
+Although consumer PCs will be upgraded using Windows Update, organizations want more control over the process. Control is accomplished by using tools like Microsoft Configuration Manager or the Microsoft Deployment Toolkit to completely automate the upgrade process through simple task sequences.
 
-Because existing applications are preserved through the process, the upgrade process uses the standard Windows installation media image (Install.wim); custom images are not needed and cannot be used because the upgrade process is unable to deal with conflicts between apps in the old and new operating system. (For example, Contoso Timecard 1.0 in Windows 7 and Contoso Timecard 3.0 in the Windows 10 image.)
+The in-place upgrade process is designed to be reliable, with the ability to automatically roll back to the previous operating system if any issues are encountered during the deployment process, without any IT staff involvement. Rolling back manually can also be done by using the automatically created recovery information (stored in the Windows.old folder), in case any issues are encountered after the upgrade is finished. The upgrade process is also typically faster than traditional deployments, because applications don't need to be reinstalled as part of the process.
 
-Scenarios that support in-place upgrade with some additional procedures include changing from BIOS to UEFI boot mode and upgrade of devices that use non-Microsoft disk encryption software.
+Existing applications are preserved through the process. So, the upgrade process uses the standard Windows installation media image (Install.wim). Custom images aren't needed and can't be used because the upgrade process is unable to deal with conflicts between apps in the old and new operating system. (For example, Contoso Timecard 1.0 in Windows 7 and Contoso Timecard 3.0 in the Windows 10 image.)
 
-- **Legacy BIOS to UEFI booting**: To perform an in-place upgrade on a UEFI-capable system that currently boots using legacy BIOS, first perform the in-place upgrade to Windows 10, maintaining the legacy BIOS boot mode. Windows 10 does not require UEFI, so it will work fine to upgrade a system using legacy BIOS emulation. After the upgrade, if you wish to enable Windows 10 features that require UEFI (such as Secure Boot), you can convert the system disk to a format that supports UEFI boot using the [MBR2GPT](./mbr-to-gpt.md) tool. Note: [UEFI specification](http://www.uefi.org/specifications) requires GPT disk layout. After the disk has been converted, you must also configure the firmware to boot in UEFI mode.
+Scenarios that support in-place upgrade with some other procedures include changing from BIOS to UEFI boot mode and upgrade of devices that use non-Microsoft disk encryption software.
+
+- **Legacy BIOS to UEFI booting**: To perform an in-place upgrade on a UEFI-capable system that currently boots using legacy BIOS, first perform the in-place upgrade to Windows 10, maintaining the legacy BIOS boot mode. Windows 10 doesn't require UEFI, so it will work fine to upgrade a system using legacy BIOS emulation. After the upgrade, if you wish to enable Windows 10 features that require UEFI (such as Secure Boot), you can convert the system disk to a format that supports UEFI boot using the [MBR2GPT](./mbr-to-gpt.md) tool. Note: [UEFI specification](http://www.uefi.org/specifications) requires GPT disk layout. After the disk has been converted, you must also configure the firmware to boot in UEFI mode.
 
 -   **Non-Microsoft disk encryption software**: While devices encrypted with BitLocker can easily be upgraded, more work is necessary for non-Microsoft disk encryption tools. Some ISVs will provide instructions on how to integrate their software into the in-place upgrade process. Check with your ISV to see if they have instructions. The following articles provide details on how to provision encryption drivers for use during Windows Setup via the ReflectDrivers setting:
     - [Windows Setup Automation Overview](/windows-hardware/manufacture/desktop/windows-setup-automation-overview)
     - [Windows Setup Command-Line Options](/windows-hardware/manufacture/desktop/windows-setup-command-line-options)
 
-There are some situations where you cannot use in-place upgrade; in these situations, you can use traditional deployment (wipe-and-load) instead. Examples of these situations include:
+There are some situations where you can't use in-place upgrade; in these situations, you can use traditional deployment (wipe-and-load) instead. Examples of these situations include:
 
--   Changing from Windows 7, Windows 8, or Windows 8.1 x86 to Windows 10 x64. The upgrade process cannot change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers.
+-   Changing from Windows 7, Windows 8, or Windows 8.1 x86 to Windows 10 x64. The upgrade process can't change from a 32-bit operating system to a 64-bit operating system, because of possible complications with installed applications and drivers.
 
 -   Windows To Go and Boot from VHD installations. The upgrade process is unable to upgrade these installations. Instead, new installations would need to be performed.
 
--   Updating existing images. While it might be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image, this is not supported – preparing an upgraded OS for imaging (using Sysprep.exe) is not supported and will not work when it detects the upgraded OS.
-
--   Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS; if using dual-boot or multi-boot systems with multiple operating systems (not leveraging virtual machines for the second and subsequent operating systems), additional care should be taken.
+-   Updating existing images. It can be tempting to try to upgrade existing Windows 7, Windows 8, or Windows 8.1 images to Windows 10 by installing the old image, upgrading it, and then recapturing the new Windows 10 image. But, it's not supported. Preparing an upgraded OS via `Sysprep.exe` before capturing an image isn't supported and won't work. When `Sysprep.exe` detects the upgraded OS, it will fail.
 
+-   Dual-boot and multi-boot systems. The upgrade process is designed for devices running a single OS. If you use dual-boot or multi-boot systems with multiple operating systems (not using virtual machines for the second and subsequent operating systems), then extra care should be taken.
 
 ## Dynamic provisioning
 
-For new PCs, organizations have historically replaced the version of Windows included on the device with their own custom Windows image, because this was often faster and easier than leveraging the preinstalled version. But this is an added expense due to the time and effort required. With the new dynamic provisioning capabilities and tools provided with Windows 10, it is now possible to avoid this.
+For new PCs, organizations have historically replaced the version of Windows included on the device with their own custom Windows image. A custom image was used because a custom image was often faster and easier than using the preinstalled version. However, reimaging with a custom image is an added expense due to the time and effort required. With the new dynamic provisioning capabilities and tools provided with Windows 10, it's now possible to avoid using custom images.
 
 The goal of dynamic provisioning is to take a new PC out of the box, turn it on, and transform it into a productive organization device, with minimal time and effort. The types of transformations that are available include:
 
@@ -106,26 +110,25 @@ The goal of dynamic provisioning is to take a new PC out of the box, turn it on,
 
 Windows 10 Subscription Activation is a modern deployment method that enables you to change the SKU from Pro to Enterprise with no keys and no reboots. For more information about Subscription Activation, see [Windows 10 Subscription Activation](/windows/deployment/windows-10-enterprise-subscription-activation).
 
+### Azure Active Directory (Azure AD) join with automatic mobile device management (MDM) enrollment
 
-### Azure Active Directory (AAD) join with automatic mobile device management (MDM) enrollment
-
-In this scenario, the organization member just needs to provide their work or school user ID and password; the device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no additional user interaction. Once done, the MDM solution can finish configuring the device as needed. For more information, see [Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
+In this scenario, the organization member just needs to provide their work or school user ID and password. The device can then be automatically joined to Azure Active Directory and enrolled in a mobile device management (MDM) solution with no other user interaction. Once done, the MDM solution can finish configuring the device as needed. For more information, see [Azure Active Directory integration with MDM](/windows/client-management/mdm/azure-active-directory-integration-with-mdm).
 
 ### Provisioning package configuration
 
-Using the [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through a variety of means, typically by IT professionals. For more information, see [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm).
+When you use the [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd), IT administrators can create a self-contained package that contains all of the configuration, settings, and apps that need to be applied to a machine. These packages can then be deployed to new PCs through various means, typically by IT professionals. For more information, see [Configure devices without MDM](/windows/configuration/configure-devices-without-mdm).
 
-These scenarios can be used to enable “choose your own device” (CYOD) programs where the organization’s users can pick their own PC and not be restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
+These scenarios can be used to enable "choose your own device" (CYOD) programs. With these programs, organization users can pick their own PC and aren't restricted to a small list of approved or certified models (programs that are difficult to implement using traditional deployment scenarios).
 
-While the initial Windows 10 release includes a variety of provisioning settings and deployment mechanisms, these will continue to be enhanced and extended based on feedback from organizations. As with all Windows features, organizations can submit suggestions for additional features through the Windows Feedback app or through their Microsoft Support contacts.
+While the initial Windows 10 release includes various provisioning settings and deployment mechanisms, provisioning settings and deployment mechanisms will continue to be enhanced and extended based on feedback from organizations. As with all Windows features, organizations can submit suggestions for more features through the Windows Feedback app or through their Microsoft Support contacts.
 
 ## Traditional deployment: 
 
-New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md), and [Microsoft Endpoint Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
+New versions of Windows have typically been deployed by organizations using an image-based process built on top of tools provided in the [Windows Assessment and Deployment Kit](windows-adk-scenarios-for-it-pros.md), Windows Deployment Services, the [Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md), and [Microsoft Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md).
 
-With the release of Windows 10, all of these tools are being updated to fully support Windows 10. Although newer scenarios such as in-place upgrade and dynamic provisioning may reduce the need for traditional deployment capabilities in some organizations, these traditional methods remain important and will continue to be available to organizations that need them.
+With the release of Windows 10, all of these tools are being updated to fully support Windows 10. Although newer scenarios such as in-place upgrade and dynamic provisioning may reduce the need for traditional deployment capabilities in some organizations, these traditional methods remain important, and will continue to be available to organizations that need them.
 
-The traditional deployment scenario can be divided into different sub-scenarios. These are explained in detail in the following sections, but the following provides a brief summary:
+The traditional deployment scenario can be divided into different sub-scenarios. These sub-scenarios are explained in detail in the following sections, but the following list provides a brief summary:
 
 -   **New computer.** A bare-metal deployment of a new machine.
 -   **Computer refresh.** A reinstall of the same machine (with user-state migration and an optional full Windows Imaging (WIM) image backup).
@@ -145,7 +148,7 @@ The deployment process for the new machine scenario is as follows:
 
 4.  Install other applications (as part of the task sequence).
 
-After taking these steps, the computer is ready for use.
+After you follow these steps, the computer is ready for use.
 
 ### Computer refresh
 
@@ -165,11 +168,11 @@ The deployment process for the wipe-and-load scenario is as follows:
 
 6.  Restore the user state.
 
-After taking these steps, the machine is ready for use.
+After you follow these steps, the machine is ready for use.
 
 ### Computer replace
 
-A computer replace is similar to the refresh scenario. However, since we are replacing the machine, we divide this scenario into two main tasks: backup of the old client and bare-metal deployment of the new client. As with the refresh scenario, user data and settings are backed up and restored.
+A computer replace is similar to the refresh scenario. However, since we're replacing the machine, we divide this scenario into two main tasks: backup of the old client and bare-metal deployment of the new client. As with the refresh scenario, user data and settings are backed up and restored.
 
 The deployment process for the replace scenario is as follows:
 
@@ -180,12 +183,12 @@ The deployment process for the replace scenario is as follows:
     > [!NOTE]
     > In some situations, you can use the replace scenario even if the target is the same machine. For example, you can use replace if you want to modify the disk layout from the master boot record (MBR) to the GUID partition table (GPT), which will allow you to take advantage of the Unified Extensible Firmware Interface (UEFI) functionality. You can also use replace if the disk needs to be repartitioned since user data needs to be transferred off the disk.
 
-## Related topics
+## Related articles
 
 - [Upgrade to Windows 10 with the Microsoft Deployment Toolkit](deploy-windows-mdt/upgrade-to-windows-10-with-the-microsoft-deployment-toolkit.md)
-- [Upgrade to Windows 10 with Microsoft Endpoint Configuration Manager](./deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md)
+- [Upgrade to Windows 10 with Microsoft Configuration Manager](./deploy-windows-cm/upgrade-to-windows-10-with-configuration-manager.md)
 - [Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-cm/deploy-windows-10-using-pxe-and-configuration-manager.md)
 - [Deploy Windows 10 with the Microsoft Deployment Toolkit](./deploy-windows-mdt/prepare-for-windows-deployment-with-mdt.md)
 - [Windows setup technical reference](/windows-hardware/manufacture/desktop/windows-setup-technical-reference)
 - [Windows Imaging and Configuration Designer](/windows/configuration/provisioning-packages/provisioning-install-icd)
-- [UEFI firmware](/windows-hardware/design/device-experiences/oem-uefi)
+- [UEFI firmware](/windows-hardware/design/device-experiences/oem-uefi)
\ No newline at end of file
diff --git a/windows/deployment/windows-10-deployment-tools-reference.md b/windows/deployment/windows-10-deployment-tools-reference.md
index 851a06f37f..fec86dadb3 100644
--- a/windows/deployment/windows-10-deployment-tools-reference.md
+++ b/windows/deployment/windows-10-deployment-tools-reference.md
@@ -1,25 +1,26 @@
 ---
 title: Windows 10 deployment tools reference
-description: Learn about the tools available to deploy Windows 10, like Volume Activation Management Tool (VAMT) and User State Migration Tool (USMT).
+description: Learn about the tools available to deploy Windows 10, like Volume Activation Management Tool (VAMT) and User State Migration Tool (USMT).
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.prod: windows-client
-ms.date: 07/12/2017
+ms.date: 10/31/2022
 ms.topic: article
+ms.technology: itpro-deploy
 ---
 
 # Windows 10 deployment tools reference
 
-Learn about the tools available to deploy Windows 10.
+Learn about the tools available to deploy Windows 10.
 
-|Topic |Description |
+|Article |Description |
 |------|------------|
-|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
-|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
+|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it's essential that you know about the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment. |
+|[Convert MBR partition to GPT](mbr-to-gpt.md) |This article provides detailed instructions for using the MBR2GPT partition conversion tool. |
 |[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
 |[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
-|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
+|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This article helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the articles [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this article to start your Windows To Go deployment. |
 |[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows&reg;, Microsoft&reg; Office, and select other Microsoft products volume and retail-activation process. |
-|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
+|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
diff --git a/windows/deployment/windows-10-deployment-tools.md b/windows/deployment/windows-10-deployment-tools.md
index c9c6ba633a..e20b0e50ff 100644
--- a/windows/deployment/windows-10-deployment-tools.md
+++ b/windows/deployment/windows-10-deployment-tools.md
@@ -2,24 +2,25 @@
 title: Windows 10 deployment tools
 description: Learn how to use Windows 10 deployment tools to successfully deploy Windows 10 to your organization.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.prod: windows-client
-ms.date: 10/16/2017
+ms.date: 10/31/2022
 ms.topic: article
+ms.technology: itpro-deploy
 ---
 
 # Windows 10 deployment tools
 
-Learn about the tools available to deploy Windows 10.
+Learn about the tools available to deploy Windows 10.
 
-|Topic |Description |
+|Article |Description |
 |------|------------|
-|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it is essential that you know about the available tools to help with the process. In this topic, you will learn about the most commonly used tools for Windows 10 deployment. |
-|[Convert MBR partition to GPT](mbr-to-gpt.md) |This topic provides detailed instructions for using the MBR2GPT partition conversion tool. |
+|[Windows 10 deployment scenarios and tools](windows-deployment-scenarios-and-tools.md) |To successfully deploy the Windows 10 operating system and applications for your organization, it's essential that you know about the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment. |
+|[Convert MBR partition to GPT](mbr-to-gpt.md) |This article provides detailed instructions for using the MBR2GPT partition conversion tool. |
 |[Configure a PXE server to load Windows PE](configure-a-pxe-server-to-load-windows-pe.md) |This guide describes how to configure a PXE server to load Windows PE by booting a client computer from the network. |
 |[Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md) |The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. |
-|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This topic helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you have reviewed the topics [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this topic to start your Windows To Go deployment. |
+|[Deploy Windows To Go in your organization](deploy-windows-to-go.md) |This article helps you to deploy Windows To Go in your organization. Before you begin deployment, make sure that you've reviewed the articles [Windows To Go: feature overview](planning/windows-to-go-overview.md) and [Prepare your organization for Windows To Go](planning/prepare-your-organization-for-windows-to-go.md) to ensure that you have the correct hardware and are prepared to complete the deployment. You can then use the steps in this article to start your Windows To Go deployment. |
 |[Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md) |The Volume Activation Management Tool (VAMT) enables network administrators and other IT professionals to automate and centrally manage the Windows&reg;, Microsoft&reg; Office, and select other Microsoft products volume and retail-activation process. |
-|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
+|[User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md) |The User State Migration Tool (USMT) 10.0 is included with the Windows Assessment and Deployment Kit (Windows ADK) for Windows 10. USMT provides a highly customizable user-profile migration experience for IT professionals |
diff --git a/windows/deployment/windows-10-enterprise-e3-overview.md b/windows/deployment/windows-10-enterprise-e3-overview.md
index 0586a42d10..67864fbe6c 100644
--- a/windows/deployment/windows-10-enterprise-e3-overview.md
+++ b/windows/deployment/windows-10-enterprise-e3-overview.md
@@ -3,13 +3,14 @@ title: Windows 10/11 Enterprise E3 in CSP
 description: Describes Windows 10/11 Enterprise E3, an offering that delivers, by subscription, the features of Windows 10/11 Enterprise edition.
 ms.prod: windows-client
 ms.localizationpriority: medium
-ms.date: 09/28/2021
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+ms.date: 10/31/2022
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.collection: 
   - M365-modern-desktop
 ms.topic: article
+ms.technology: itpro-deploy
 ---
 
 # Windows 10/11 Enterprise E3 in CSP
@@ -20,25 +21,25 @@ Applies to:
 
 Windows 10 Enterprise E3 launched in the Cloud Solution Provider (CSP) channel on September 1, 2016. With the release of Windows 11, Windows 10/11 Enterprise E3 in CSP is available.  
 
-Windows 10/11 Enterprise E3 in CSP delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small- and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following:
+Windows 10/11 Enterprise E3 in CSP delivers, by subscription, exclusive features reserved for Windows 10 or Windows 11 Enterprise editions. This offering is available through the Cloud Solution Provider (CSP) channel via the Partner Center as an online service. Windows 10/11 Enterprise E3 in CSP provides a flexible, per-user subscription for small and medium-sized organizations (from one to hundreds of users). To take advantage of this offering, you must have the following prerequisites:
 
--   Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later (or Windows 11), installed and activated, on the devices to be upgraded.
+-   Windows 10 Pro, version 1607 (Windows 10 Anniversary Update) or later (or Windows 11), installed and activated, on the devices to be upgraded.
 -   Azure Active Directory (Azure AD) available for identity management
 
-You can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before — with no keys, and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise, and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
+You can move from Windows 10 Pro or Windows 11 Pro to Windows 10 Enterprise or Windows 11 Enterprise more easily than ever before with no keys and no reboots. After one of your users enters the Azure AD credentials associated with a Windows 10/11 Enterprise E3 license, the operating system turns from Windows 10 Pro to Windows 10 Enterprise or Windows 11 Pro to Windows 11 Enterprise, and all the appropriate Enterprise features are unlocked. When a subscription license expires or is transferred to another user, the Enterprise device seamlessly steps back down to Windows 10 Pro or Windows 11 Pro.
 
-Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise or Windows 11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
+Previously, only organizations with a Microsoft Volume Licensing Agreement could deploy Windows 10 Enterprise or Windows 11 Enterprise to their users. Now, with Windows 10/11 Enterprise E3 in CSP, small- and medium-sized organizations can more easily take advantage of Enterprise edition features.
 
-When you purchase Windows 10/11 Enterprise E3 via a partner, you get the following benefits:
+When you purchase Windows 10/11 Enterprise E3 via a partner, you get the following benefits:
 
--   **Windows 10/11 Enterprise edition**. Devices currently running Windows 10 Pro or Windows 11 Pro can get Windows 10/11 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit does not include Long Term Service Branch (LTSB).
--   **Support from one to hundreds of users**. Although the Windows 10/11 Enterprise E3 in CSP program does not have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
+-   **Windows 10/11 Enterprise edition**. Devices currently running Windows 10 Pro or Windows 11 Pro can get Windows 10/11 Enterprise Current Branch (CB) or Current Branch for Business (CBB). This benefit doesn't include Long Term Service Branch (LTSB).
+-   **Support from one to hundreds of users**. Although the Windows 10/11 Enterprise E3 in CSP program doesn't have a limitation on the number of licenses an organization can have, the program is designed for small- and medium-sized organizations.
 -   **Deploy on up to five devices**. For each user covered by the license, you can deploy Windows 10 Enterprise edition on up to five devices.
--   **Roll back to Windows 10/11 Pro at any time**. When a user’s subscription expires or is transferred to another user, the Windows 10/11 Enterprise device reverts seamlessly to Windows 10/11 Pro edition (after a grace period of up to 90 days).
--   **Monthly, per-user pricing model**. This makes Windows 10/11 Enterprise E3 affordable for any organization.
+-   **Roll back to Windows 10/11 Pro at any time**. When a user's subscription expires or is transferred to another user, the Windows 10/11 Enterprise device reverts seamlessly to Windows 10/11 Pro edition (after a grace period of up to 90 days).
+-   **Monthly, per-user pricing model**. This makes Windows 10/11 Enterprise E3 affordable for any organization.
 -   **Move licenses between users**. Licenses can be quickly and easily reallocated from one user to another user, allowing you to optimize your licensing investment against changing needs.
 
-How does the Windows 10/11 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
+How does the Windows 10/11 Enterprise E3 in CSP program compare with Microsoft Volume Licensing Agreements and Software Assurance?
 
 -   [Microsoft Volume Licensing](https://www.microsoft.com/licensing/default.aspx) programs are broader in scope, providing organizations with access to licensing for all Microsoft products.
 -   [Software Assurance](https://www.microsoft.com/Licensing/licensing-programs/software-assurance-default.aspx) provides organizations with the following categories of benefits:
@@ -48,54 +49,54 @@ How does the Windows 10/11 Enterprise E3 in CSP program compare with Microsoft
     -   **Support**. These benefits include 24x7 problem resolution support, backup capabilities for disaster recovery, System Center Global Service Monitor, and a passive secondary instance of SQL Server.
     -   **Specialized**. These benefits include step-up licensing availability (which enables you to migrate software from an earlier edition to a higher-level edition) and to spread license and Software Assurance payments across three equal, annual sums.
 
-    In addition, in Windows 10/11 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
+    In addition, in Windows 10/11 Enterprise E3 in CSP, a partner can manage your licenses for you. With Software Assurance, you, the customer, manage your own licenses.
 
-In summary, the Windows 10/11 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to the Enterprise edition of Windows 10 or Windows 11.
+In summary, the Windows 10/11 Enterprise E3 in CSP program is an upgrade offering that provides small- and medium-sized organizations easier, more flexible access to the benefits of Windows 10 Enterprise edition, whereas Microsoft Volume Licensing programs and Software Assurance are broader in scope and provide benefits beyond access to the Enterprise edition of Windows 10 or Windows 11.
 
-## Compare Windows 10 Pro and Enterprise editions
+## Compare Windows 10 Pro and Enterprise editions
 
 > [!NOTE]
 > The following table only lists Windows 10. More information will be available about differences between Windows 11 editions after Windows 11 is generally available.
 
-Windows 10 Enterprise edition has a number of features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
+Windows 10 Enterprise edition has many features that are unavailable in Windows 10 Pro. Table 1 lists the Windows 10 Enterprise features not found in Windows 10 Pro. Many of these features are security-related, whereas others enable finer-grained device management.
 
-*Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
+*Table 1. Windows 10 Enterprise features not found in Windows 10 Pro*
 
 |Feature|Description|
 |--- |--- |
-|Credential Guard|This feature uses virtualization-based security to help protect security secrets (for example, NTLM password hashes, Kerberos Ticket Granting Tickets) so that only privileged system software can access them. This helps prevent Pass-the-Hash or Pass-the-Ticket attacks.<p>Credential Guard has the following features:<li>**Hardware-level security**.  Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.<li>**Virtualization-based security**.  Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.<li>**Improved protection against persistent threats**.  Credential Guard works with other technologies (e.g., Device Guard) to help provide further protection against attacks, no matter how persistent.<li>**Improved manageability**.  Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.<p>For more information, see [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard).<p>*Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*|
-|Device Guard|This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, he or she will be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.<p>Device Guard does the following:<li>Helps protect against malware<li>Helps protect the Windows system core from vulnerability and zero-day exploits<li>Allows only trusted apps to run<p>For more information, see [Introduction to Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).|
+|Credential Guard|Credential Guard uses virtualization-based security to help protect security secrets so that only privileged system software can access them. Examples of security secrets that can be protected include NTLM password hashes and Kerberos Ticket Granting Tickets. This protection helps prevent Pass-the-Hash or Pass-the-Ticket attacks.<p>Credential Guard has the following features:<li>**Hardware-level security**.  Credential Guard uses hardware platform security features (such as Secure Boot and virtualization) to help protect derived domain credentials and other secrets.<li>**Virtualization-based security**.  Windows services that access derived domain credentials and other secrets run in a virtualized, protected environment that is isolated.<li>**Improved protection against persistent threats**.  Credential Guard works with other technologies (for example, Device Guard) to help provide further protection against attacks, no matter how persistent.<li>**Improved manageability**.  Credential Guard can be managed through Group Policy, Windows Management Instrumentation (WMI), or Windows PowerShell.<p>For more information, see [Protect derived domain credentials with Credential Guard](/windows/security/identity-protection/credential-guard/credential-guard).<p>*Credential Guard requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present)*|
+|Device Guard|This feature is a combination of hardware and software security features that allows only trusted applications to run on a device. Even if an attacker manages to get control of the Windows kernel, they'll be much less likely to run executable code. Device Guard can use virtualization-based security (VBS) in Windows 10 Enterprise edition to isolate the Code Integrity service from the Windows kernel itself. With VBS, even if malware gains access to the kernel, the effects can be severely limited, because the hypervisor can prevent the malware from executing code.<p>Device Guard protects in the following ways:<li>Helps protect against malware<li>Helps protect the Windows system core from vulnerability and zero-day exploits<li>Allows only trusted apps to run<p>For more information, see [Introduction to Device Guard](/windows/security/threat-protection/device-guard/introduction-to-device-guard-virtualization-based-security-and-windows-defender-application-control).|
 |AppLocker management|This feature helps IT pros determine which applications and files users can run on a device. The applications and files that can be managed include executable files, scripts, Windows Installer files, dynamic-link libraries (DLLs), packaged apps, and packaged app installers.<p>For more information, see [AppLocker](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-overview).|
-|Application Virtualization (App-V)|This feature makes applications available to end users without installing the applications directly on users’ devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.<p>For more information, see [Getting Started with App-V for Windows 10](/windows/application-management/app-v/appv-getting-started).|
-|User Experience Virtualization (UE-V)|With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share.<p>When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.<p>UE-V provides the ability to do the following:<li>Specify which application and Windows settings synchronize across user devices<li>Deliver the settings anytime and anywhere users work throughout the enterprise<li>Create custom templates for your third-party or line-of-business applications<li>Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state<p>For more information, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).|
-|Managed User Experience|This feature helps customize and lock down a Windows device’s user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:<li>Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands<li>Removing Log Off (the User tile) from the Start menu<li>Removing frequent programs from the Start menu<li>Removing the All Programs list from the Start menu<li>Preventing users from customizing their Start screen<li>Forcing Start menu to be either full-screen size or menu size<li>Preventing changes to Taskbar and Start menu settings|
+|Application Virtualization (App-V)|This feature makes applications available to end users without installing the applications directly on users' devices. App-V transforms applications into centrally managed services that are never installed and don't conflict with other applications. This feature also helps ensure that applications are kept current with the latest security updates.<p>For more information, see [Getting Started with App-V for Windows 10](/windows/application-management/app-v/appv-getting-started).|
+|User Experience Virtualization (UE-V)|With this feature, you can capture user-customized Windows and application settings and store them on a centrally managed network file share.<p>When users log on, their personalized settings are applied to their work session, regardless of which device or virtual desktop infrastructure (VDI) sessions they log on to.<p>UE-V provides the following features:<li>Specify which application and Windows settings synchronize across user devices<li>Deliver the settings anytime and anywhere users work throughout the enterprise<li>Create custom templates for your third-party or line-of-business applications<li>Recover settings after hardware replacement or upgrade, or after re-imaging a virtual machine to its initial state<p>For more information, see [User Experience Virtualization (UE-V) for Windows 10 overview](/windows/configuration/ue-v/uev-for-windows).|
+|Managed User Experience|This feature helps customize and lock down a Windows device's user interface to restrict it to a specific task. For example, you can configure a device for a controlled scenario such as a kiosk or classroom device. The user experience would be automatically reset once a user signs off. You can also restrict access to services including Cortana or the Windows Store, and manage Start layout options, such as:<li>Removing and preventing access to the Shut Down, Restart, Sleep, and Hibernate commands<li>Removing Log Off (the User tile) from the Start menu<li>Removing frequent programs from the Start menu<li>Removing the All Programs list from the Start menu<li>Preventing users from customizing their Start screen<li>Forcing Start menu to be either full-screen size or menu size<li>Preventing changes to Taskbar and Start menu settings|
 
 ## Deployment of Windows 10/11 Enterprise E3 licenses
 
 See [Deploy Windows 10 Enterprise licenses](deploy-enterprise-licenses.md).
 
-## Deploy Windows 10/11 Enterprise features
+## Deploy Windows 10/11 Enterprise features
 
-Now that you have Windows 10/11 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows10-pro-and-enterprise-editions)?
+Now that you have Windows 10/11 Enterprise edition running on devices, how do you take advantage of the Enterprise edition features and capabilities? What are the next steps that need to be taken for each of the features discussed in [Table 1](#compare-windows-10-pro-and-enterprise-editions)?
 
-The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10/11 Enterprise edition features.
+The following sections provide you with the high-level tasks that need to be performed in your environment to help users take advantage of the Windows 10/11 Enterprise edition features.
 
 ### Credential Guard
 
 > [!NOTE]
 > Requires UEFI 2.3.1 or greater with Trusted Boot; Virtualization Extensions such as Intel VT-x, AMD-V, and SLAT must be enabled; x64 version of Windows; IOMMU, such as Intel VT-d, AMD-Vi; BIOS Lockdown; TPM 2.0 recommended for device health attestation (will use software if TPM 2.0 not present).
 
-You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10/11 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
+You can implement Credential Guard on Windows 10 Enterprise devices by turning on Credential Guard on these devices. Credential Guard uses Windows 10/11 virtualization-based security features (Hyper-V features) that must be enabled on each device before you can turn on Credential Guard. You can turn on Credential Guard by using one of the following methods:
 
 -   **Automated**. You can automatically turn on Credential Guard for one or more devices by using Group Policy. The Group Policy settings automatically add the virtualization-based security features and configure the Credential Guard registry settings on managed devices.
 
--   **Manual**. You can manually turn on Credential Guard by doing the following:
+-   **Manual**. You can manually turn on Credential Guard by taking one of the following actions:
 
     -   Add the virtualization-based security features by using Programs and Features or Deployment Image Servicing and Management (DISM).
 
     -   Configure Credential Guard registry settings by using the Registry Editor or the [Device Guard and Credential Guard hardware readiness tool](https://www.microsoft.com/download/details.aspx?id=53337).
 
-    You can automate these manual steps by using a management tool such as Microsoft Endpoint Configuration Manager.
+    You can automate these manual steps by using a management tool such as Microsoft Configuration Manager.
 
 For more information about implementing Credential Guard, see the following resources:
 
@@ -107,19 +108,19 @@ For more information about implementing Credential Guard, see the following reso
 
 ### Device Guard
 
-Now that the devices have Windows 10/11 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
+Now that the devices have Windows 10/11 Enterprise, you can implement Device Guard on the Windows 10 Enterprise devices by performing the following steps:
 
-1.  **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To do this, you will either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you will need to create a code signing certificate.
+1.  **Optionally, create a signing certificate for code integrity policies**. As you deploy code integrity policies, you might need to sign catalog files or code integrity policies internally. To sign catalog files or code integrity policies internally, you'll either need a publicly issued code signing certificate (that you purchase) or an internal certificate authority (CA). If you choose to use an internal CA, you'll need to create a code signing certificate.
 
-2.  **Create code integrity policies from “golden” computers**. When you have identified departments or roles that use distinctive or partly distinctive sets of hardware and software, you can set up “golden” computers containing that software and hardware. In this respect, creating and managing code integrity policies to align with the needs of roles or departments can be similar to managing corporate images. From each “golden” computer, you can create a code integrity policy and decide how to manage that policy. You can merge code integrity policies to create a broader policy or a master policy, or you can manage and deploy each policy individually.
+2.  **Create code integrity policies from "golden" computers**. When you have identified departments or roles that use distinctive or partly distinctive sets of hardware and software, you can set up "golden" computers containing that software and hardware. In this respect, creating and managing code integrity policies to align with the needs of roles or departments can be similar to managing corporate images. From each "golden" computer, you can create a code integrity policy and decide how to manage that policy. You can merge code integrity policies to create a broader policy or a master policy, or you can manage and deploy each policy individually.
 
-3.  **Audit the code integrity policy and capture information about applications that are outside the policy**. We recommend that you use “audit mode” to carefully test each code integrity policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed.
+3.  **Audit the code integrity policy and capture information about applications that are outside the policy**. We recommend that you use "audit mode" to carefully test each code integrity policy before you enforce it. With audit mode, no application is blocked—the policy just logs an event whenever an application outside the policy is started. Later, you can expand the policy to allow these applications, as needed.
 
-4.  **Create a “catalog file” for unsigned line-of-business (LOB) applications**. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your code integrity policy so that applications in the catalog will be allowed by the policy.
+4.  **Create a "catalog file" for unsigned line-of-business (LOB) applications**. Use the Package Inspector tool to create and sign a catalog file for your unsigned LOB applications. In later steps, you can merge the catalog file's signature into your code integrity policy so that applications in the catalog will be allowed by the policy.
 
 5.  **Capture needed policy information from the event log, and merge information into the existing policy as needed**. After a code integrity policy has been running for a time in audit mode, the event log will contain information about applications that are outside the policy. To expand the policy so that it allows for these applications, use Windows PowerShell commands to capture the needed policy information from the event log, and then merge that information into the existing policy. You can merge code integrity policies from other sources also, for flexibility in how you create your final code integrity policies.
 
-6.  **Deploy code integrity policies and catalog files**. After you confirm that you have completed all the preceding steps, you can begin deploying catalog files and taking code integrity policies out of audit mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and code integrity policies more broadly.
+6.  **Deploy code integrity policies and catalog files**. After you confirm that you've completed all the preceding steps, you can begin deploying catalog files and taking code integrity policies out of audit mode. We strongly recommend that you begin this process with a test group of users. This provides a final quality-control validation before you deploy the catalog files and code integrity policies more broadly.
 
 7.  **Enable desired hardware security features**. Hardware-based security features—also called virtualization-based security (VBS) features—strengthen the protections offered by code integrity policies.
 
@@ -130,7 +131,7 @@ For more information about implementing Device Guard, see:
 
 ### AppLocker management
 
-You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that you have AD DS and that the Windows 10/11 Enterprise devices are joined to your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
+You can manage AppLocker in Windows 10 Enterprise by using Group Policy. Group Policy requires that you have AD DS and that the Windows 10/11 Enterprise devices are joined to your AD DS domain. You can create AppLocker rules by using Group Policy, and then target those rules to the appropriate devices.
 
 For more information about AppLocker management by using Group Policy, see [AppLocker deployment guide](/windows/security/threat-protection/windows-defender-application-control/applocker/applocker-policies-deployment-guide).
 
@@ -142,7 +143,7 @@ App-V requires an App-V server infrastructure to support App-V clients. The prim
 
 -   **App-V sequencer**. The App-V sequencer is a typical client device that is used to sequence (capture) apps and prepare them for hosting from the App-V server. You install apps on the App-V sequencer, and the App-V sequencer software determines the files and registry settings that are changed during app installation. Then the sequencer captures these settings to create a virtualized app.
 
--   **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10/11 Enterprise E3 devices.
+-   **App-V client**. The App-V client must be enabled on any client device on which apps will be run from the App-V server. These will be the Windows 10/11 Enterprise E3 devices.
 
 For more information about implementing the App-V server, App-V sequencer, and App-V client, see the following resources:
 
@@ -151,7 +152,7 @@ For more information about implementing the App-V server, App-V sequencer, and A
 -   [Deploying the App-V Sequencer and Configuring the Client](/windows/application-management/app-v/appv-deploying-the-appv-sequencer-and-client)
 
 ### UE-V
-UE-V requires server- and client-side components that you’ll need to download, activate, and install. These components include:
+UE-V requires server and client-side components that you'll need to download, activate, and install. These components include:
 
 - **UE-V service**. The UE-V service (when enabled on devices) monitors registered applications and Windows for any settings changes, then synchronizes those settings between devices.
 
@@ -159,7 +160,7 @@ UE-V requires server- and client-side components that you’ll need to download,
 
 - **Settings storage location**. This location is a standard network share that your users can access. The UE-V service verifies the location and creates a hidden system folder in which to store and retrieve user settings.
 
-- **Settings location templates**. Settings location templates are XML files that UE-V uses to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by using the UE-V template generator. Settings location templates are not required for Windows applications.
+- **Settings location templates**. Settings location templates are XML files that UE-V uses to monitor and synchronize desktop application settings and Windows desktop settings between user computers. By default, some settings location templates are included in UE-V. You can also create, edit, or validate custom settings location templates by using the UE-V template generator. Settings location templates aren't required for Windows applications.
 
 - **Universal Windows applications list**. UE-V determines which Windows applications are enabled for settings synchronization using a managed list of applications. By default, this list includes most Windows applications.
 
@@ -171,20 +172,20 @@ For more information about deploying UE-V, see the following resources:
 
 ### Managed User Experience
 
-The Managed User Experience feature is a set of Windows 10 Enterprise edition features and corresponding settings that you can use to manage user experience. Table 2 describes the Managed User Experience settings (by category), which are only available in Windows 10 Enterprise edition. The management methods used to configure each feature depend on the feature. Some features are configured by using Group Policy, while others are configured by using Windows PowerShell, Deployment Image Servicing and Management (DISM), or other command-line tools. For the Group Policy settings, you must have AD DS with the Windows 10 Enterprise devices joined to your AD DS domain.
+The Managed User Experience feature is a set of Windows 10 Enterprise edition features and corresponding settings that you can use to manage user experience. Table 2 describes the Managed User Experience settings (by category), which are only available in Windows 10 Enterprise edition. The management methods used to configure each feature depend on the feature. Some features are configured by using Group Policy, while others are configured by using Windows PowerShell, Deployment Image Servicing and Management (DISM), or other command-line tools. For the Group Policy settings, you must have AD DS with the Windows 10 Enterprise devices joined to your AD DS domain.
 
-*Table 2. Managed User Experience features*
+*Table 2. Managed User Experience features*
 
 | Feature          | Description     |
 |------------------|-----------------|
-| Start layout customization | You can deploy a customized Start layout to users in a domain. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead.<br>For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](/windows/configuration/customize-windows-10-start-screens-by-using-group-policy). |
-| Unbranded boot             | You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error from which it cannot recover.<br>For more information on these settings, see [Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot).       |
-| Custom logon               | You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.<br>For more information on these settings, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).                        |
+| Start layout customization | You can deploy a customized Start layout to users in a domain. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. The XML file enables you to customize Start layouts for different departments or organizations, with minimal management overhead.<br>For more information on these settings, see [Customize Windows 10 Start and taskbar with Group Policy](/windows/configuration/customize-windows-10-start-screens-by-using-group-policy). |
+| Unbranded boot             | You can suppress Windows elements that appear when Windows starts or resumes and can suppress the crash screen when Windows encounters an error from which it can't recover.<br>For more information on these settings, see [Unbranded Boot](/windows-hardware/customize/enterprise/unbranded-boot).       |
+| Custom logon               | You can use the Custom Logon feature to suppress Windows 10 UI elements that relate to the Welcome screen and shutdown screen. For example, you can suppress all elements of the Welcome screen UI and provide a custom logon UI. You can also suppress the Blocked Shutdown Resolver (BSDR) screen and automatically end applications while the OS waits for applications to close before a shutdown.<br>For more information on these settings, see [Custom Logon](/windows-hardware/customize/enterprise/custom-logon).                        |
 | Shell launcher             | Enables Assigned Access to run only a classic Windows app via Shell Launcher to replace the shell.<br>For more information on these settings, see [Shell Launcher](/windows-hardware/customize/enterprise/shell-launcher).     |
-| Keyboard filter            | You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. This is not desirable on devices intended for a dedicated purpose.<br>For more information on these settings, see [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter).    |
+| Keyboard filter            | You can use Keyboard Filter to suppress undesirable key presses or key combinations. Normally, users can use certain Windows key combinations like Ctrl+Alt+Delete or Ctrl+Shift+Tab to control a device by locking the screen or using Task Manager to close a running application. This isn't desirable on devices intended for a dedicated purpose.<br>For more information on these settings, see [Keyboard Filter](/windows-hardware/customize/enterprise/keyboardfilter).    |
 | Unified write filter       | You can use Unified Write Filter (UWF) on your device to help protect your physical storage media, including most standard writable storage types that are supported by Windows, such as physical hard disks, solid-state drives, internal USB devices, external SATA devices, and so on. You can also use UWF to make read-only media appear to the OS as a writable volume.<br>For more information on these settings, see [Unified Write Filter](/windows-hardware/customize/enterprise/unified-write-filter).    |
 
-## Related topics
+## Related articles
 
 [Windows 10/11 Enterprise Subscription Activation](windows-10-subscription-activation.md)<br>
 [Connect domain-joined devices to Azure AD for Windows 10 experiences](/azure/active-directory/devices/hybrid-azuread-join-plan)<br>
diff --git a/windows/deployment/windows-10-media.md b/windows/deployment/windows-10-media.md
index d38bff330b..6668d42e52 100644
--- a/windows/deployment/windows-10-media.md
+++ b/windows/deployment/windows-10-media.md
@@ -3,28 +3,28 @@ title: Windows 10 volume license media
 description: Learn about volume license media in Windows 10, and channels such as the Volume License Service Center (VLSC).
 ms.prod: windows-client
 ms.localizationpriority: medium
-ms.date: 10/20/2017
+ms.date: 10/31/2022
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.topic: article
+ms.technology: itpro-deploy
 ---
 
 # Windows 10 volume license media
 
-
 **Applies to**
 
--   Windows 10
+-   Windows 10
 
-With each release of Windows 10, volume license media is made available on the [Volume Licensing Service Center](https://www.microsoft.com/vlsc) (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. This topic provides a description of volume license media, and describes some of the changes that have been implemented with the current release of Windows 10.
+With each release of Windows 10, volume license media is made available on the [Volume Licensing Service Center](https://www.microsoft.com/vlsc) (VLSC) and other relevant channels such as Windows Update for Business, Windows Server Update Services (WSUS), and Visual Studio Subscriptions. This article provides a description of volume license media, and describes some of the changes that have been implemented with the current release of Windows 10.
 
 ## Windows 10 media
 
-To download Windows 10 installation media from the VLSC, use the product search filter to find “Windows 10.”  A list of products will be displayed. The page then allows you to use your search results to download products, view keys, and view product and key descriptions.
+To download Windows 10 installation media from the VLSC, use the product search filter to find "Windows 10."  A list of products will be displayed. The page then allows you to use your search results to download products, view keys, and view product and key descriptions.
 
-When you select a product, for example “Windows 10 Enterprise” or “Windows 10 Education”, you can then choose the specific release by clicking **Download** and choosing the **Download Method**, **Language**, and **Operating system Type** (bitness).
+When you select a product, for example "Windows 10 Enterprise" or "Windows 10 Education", you can then choose the specific release by clicking **Download** and choosing the **Download Method**, **Language**, and **Operating system Type** (bitness).
 
 > [!NOTE]
 > If you do not see a Windows 10 release available in the list of downloads, verify the [release date](https://technet.microsoft.com/windows/release-info.aspx).
@@ -39,18 +39,12 @@ Instead of having separate media and packages for Windows 10 Pro (volume licensi
 
 [Features on demand](/archive/blogs/mniehaus/adding-features-including-net-3-5-to-windows-10) can be downloaded by searching for "**Windows 10 Enterprise Features on Demand**" and then following the same download process that is described above.
 
-Features on demand is a method for adding features to your Windows 10 image that aren’t included in the base operating system image.
+Features on demand is a method for adding features to your Windows 10 image that aren't included in the base operating system image.
 
-
-## Related topics
+## Related articles
 
 [Microsoft Volume Licensing Service Center (VLSC) User Guide](https://www.microsoft.com/download/details.aspx?id=10585)
 <br>[Volume Activation for Windows 10](./volume-activation/volume-activation-windows-10.md)
 <br>[Plan for volume activation](./volume-activation/plan-for-volume-activation-client.md)
 <br>[VLSC downloads FAQ](https://www.microsoft.com/Licensing/servicecenter/Help/FAQDetails.aspx?id=150)
-<br>[Download and burn an ISO file on the volume licensing site (VLSC)](/troubleshoot/windows-client/deployment/iso-file-on-vlsc)
-
-
- 
-
- 
+<br>[Download and burn an ISO file on the volume licensing site (VLSC)](/troubleshoot/windows-client/deployment/iso-file-on-vlsc)
\ No newline at end of file
diff --git a/windows/deployment/windows-10-missing-fonts.md b/windows/deployment/windows-10-missing-fonts.md
index 0690f6af03..3c0da5a490 100644
--- a/windows/deployment/windows-10-missing-fonts.md
+++ b/windows/deployment/windows-10-missing-fonts.md
@@ -3,36 +3,38 @@ title: How to install fonts missing after upgrading to Windows client
 description: Some of the fonts are missing from the system after you upgrade to Windows client.
 ms.prod: windows-client
 ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.topic: article
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 # How to install fonts that are missing after upgrading to Windows client
 
 **Applies to**
 
-- Windows 10
+- Windows 10
 - Windows 11
 
 When you upgrade from the Windows 7, Windows 8, or Windows 8.1 operating system to Windows 10 or Windows 11, certain fonts are no longer available by default post-upgrade. To reduce the operating system footprint, improve performance, and optimize disk space usage, we moved many of the fonts that were previously shipped with prior versions of Windows to the optional features of Windows client. If you install a fresh instance of Windows client, or upgrade an older version of Windows to Windows client, these optional features aren't enabled by default. As a result, these fonts appear to be missing from the system.
 
 If you have documents created using the missing fonts, these documents might display differently on Windows client.
 
-For example, if you've an English (or French, German, or Spanish) version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing:
+For example, if you've an English, French, German, or Spanish version of Windows 10 installed, you might notice that fonts such as the following are appear to be missing:
 
-- Gautami
-- Meiryo
-- Narkism/Batang
-- BatangChe
-- Dotum
-- DotumChe
-- Gulim
-- GulimChe
-- Gungsuh
-- GungsuhChe
+- `Gautami`
+- `Meiryo`
+- `Narkism/Batang`
+- `BatangChe`
+- `Dotum`
+- `DotumChe`
+- `Gulim`
+- `GulimChe`
+- `Gungsuh`
+- `GungsuhChe`
 
-If you want to use these fonts, you can enable the optional feature to add them back to your system. This is a permanent change in behavior for Windows client, and it will remain this way in future releases.
+If you want to use these fonts, you can enable the optional feature to add them back to your system. The removal of these fonts is a permanent change in behavior for Windows client, and it will remain this way in future releases.
 
 ## Installing language-associated features via language settings:
 
@@ -42,7 +44,9 @@ For example, here are the steps to install the fonts associated with the Hebrew
 
 1. Select **Start > Settings**.
 
-2. In **Settings**, select **Time & language**, and then select **Region & language**.
+2. For Windows 10, in **Settings**, select **Time & language**, and then select **Region & language**.
+
+   For Windows 11, in **Settings**, select **Time & language**, and then select **Language & Region**.
 
 3. If Hebrew isn't included in the list of languages, select the plus sign (**+**) to add a language.
 
@@ -70,34 +74,34 @@ For example, here are the steps to install the fonts associated with the Hebrew
 > [!NOTE]
 > The optional features are installed by Windows Update. You need to be online for the Windows Update service to work.
 
-## Fonts included in optional font features
+## Fonts included in optional font features
 
 Here's a comprehensive list of the font families in each of the optional features. Some font families might include multiple fonts for different weights and styles.
 
-- Arabic Script Supplemental Fonts: Aldhabi, Andalus, Arabic Typesetting, Microsoft Uighur, Sakkal Majalla, Simplified Arabic, Traditional Arabic, Urdu Typesetting
-- Bangla Script Supplemental Fonts: Shonar Bangla, Vrinda
-- Canadian Aboriginal Syllabics Supplemental Fonts: Euphemia
-- Cherokee Supplemental Fonts: Plantagenet Cherokee
-- Chinese (Simplified) Supplemental Fonts: DengXian, FangSong, KaiTi, SimHei
-- Chinese (Traditional) Supplemental Fonts: DFKai-SB, MingLiU, MingLiU_HKSCS, PMingLiU
-- Devanagari Supplemental Fonts: Aparajita, Kokila, Mangal, Sanskrit Text, Utsaah
-- Ethiopic Supplemental Fonts: Nyala
-- Gujarati Supplemental Fonts: Shruti
-- Gurmukhi Supplemental Fonts: Raavi
-- Hebrew Supplemental Fonts: Aharoni Bold, David, FrankRuehl, Gisha, Levanim MT, Miriam, Miriam Fixed, Narkism, Rod
-- Japanese Supplemental Fonts: Meiryo, Meiryo UI, MS Gothic, MS PGothic, MS UI Gothic, MS Mincho, MS PMincho, Yu Mincho
-- Kannada Supplemental Fonts: Tunga
-- Khmer Supplemental Fonts: DaunPenh, Khmer UI, MoolBoran
-- Korean Supplemental Fonts: Batang, BatangChe, Dotum, DotumChe, Gulim, GulimChe, Gungsuh, GungsuhChe
-- Lao Supplemental Fonts: DokChampa, Lao UI
-- Malayalam Supplemental Fonts: Karthika
-- Odia Supplemental Fonts: Kalinga
-- Pan-European Supplemental Fonts: Arial Nova, Georgia Pro, Gill Sans Nova, Neue Haas Grotesk, Rockwell Nova, Verdana Pro
-- Sinhala Supplemental Fonts: Iskoola Pota
-- Syriac Supplemental Fonts: Estrangelo Edessa
-- Tamil Supplemental Fonts: Latha, Vijaya
-- Telugu Supplemental Fonts: Gautami, Vani
-- Thai Supplemental Fonts: Angsana New, AngsanaUPC, Browallia New, BrowalliaUPC, Cordia New, CordiaUPC, DilleniaUPC, EucrosiaUPC, FreesiaUPC, IrisUPC, JasmineUPC, KodchiangUPC, Leelawadee, LilyUPC
+- Arabic Script Supplemental Fonts: `Aldhabi, Andalus, Arabic Typesetting, Microsoft Uighur, Sakkal Majalla, Simplified Arabic, Traditional Arabic, Urdu Typesetting`
+- Bangla Script Supplemental Fonts: `Shonar Bangla, Vrinda`
+- Canadian Aboriginal Syllabics Supplemental Fonts: `Euphemia`
+- Cherokee Supplemental Fonts: `Plantagenet Cherokee`
+- Chinese (Simplified) Supplemental Fonts: `DengXian, FangSong, KaiTi, SimHei`
+- Chinese (Traditional) Supplemental Fonts: `DFKai-SB, MingLiU, MingLiU_HKSCS, PMingLiU`
+- Devanagari Supplemental Fonts: `Aparajita, Kokila, Mangal, Sanskrit Text, Utsaah`
+- Ethiopic Supplemental Fonts: `Nyala`
+- Gujarati Supplemental Fonts: `Shruti`
+- Gurmukhi Supplemental Fonts: `Raavi`
+- Hebrew Supplemental Fonts: `Aharoni Bold, David, FrankRuehl, Gisha, Levanim MT, Miriam, Miriam Fixed, Narkism, Rod`
+- Japanese Supplemental Fonts: `Meiryo, Meiryo UI, MS Gothic, MS PGothic, MS UI Gothic, MS Mincho, MS PMincho, Yu Mincho`
+- Kannada Supplemental Fonts: `Tunga`
+- Khmer Supplemental Fonts: `DaunPenh, Khmer UI, MoolBoran`
+- Korean Supplemental Fonts: `Batang, BatangChe, Dotum, DotumChe, Gulim, GulimChe, Gungsuh, GungsuhChe`
+- Lao Supplemental Fonts: `DokChampa, Lao UI`
+- Malayalam Supplemental Fonts: `Karthika`
+- Odia Supplemental Fonts: `Kalinga`
+- Pan-European Supplemental Fonts: `Arial Nova, Georgia Pro, Gill Sans Nova, Neue Haas Grotesk, Rockwell Nova, Verdana Pro`
+- Sinhala Supplemental Fonts: `Iskoola Pota`
+- Syriac Supplemental Fonts: `Estrangelo Edessa`
+- Tamil Supplemental Fonts: `Latha, Vijaya`
+- Telugu Supplemental Fonts: `Gautami, Vani`
+- Thai Supplemental Fonts: `Angsana New, AngsanaUPC, Browallia New, BrowalliaUPC, Cordia New, CordiaUPC, DilleniaUPC, EucrosiaUPC, FreesiaUPC, IrisUPC, JasmineUPC, KodchiangUPC, Leelawadee, LilyUPC`
 
 ## Related articles
 
diff --git a/windows/deployment/windows-10-poc-mdt.md b/windows/deployment/windows-10-poc-mdt.md
index 142696d943..89f8d25fe4 100644
--- a/windows/deployment/windows-10-poc-mdt.md
+++ b/windows/deployment/windows-10-poc-mdt.md
@@ -3,12 +3,13 @@ title: Step by step - Deploy Windows 10 in a test lab using MDT
 description: In this article, you'll learn how to deploy Windows 10 in a test lab using Microsoft Deployment Toolkit (MDT).
 ms.prod: windows-client
 ms.localizationpriority: medium
-ms.date: 10/11/2017
+ms.date: 10/31/2022
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.topic: how-to
+ms.technology: itpro-deploy
 ---
 
 # Deploy Windows 10 in a test lab using Microsoft Deployment Toolkit
@@ -21,15 +22,15 @@ ms.topic: how-to
 > This guide leverages the proof of concept (PoC) environment configured using procedures in the following guide: 
 - [Step by step guide: Configure a test lab to deploy Windows 10](windows-10-poc.md)
 
-Please complete all steps in the prerequisite guide before starting this guide. This guide requires about 5 hours to complete, but can require less time or more time depending on the speed of the Hyper-V host. After completing the current guide, also see the companion guide:
-- [Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
+Complete all steps in the prerequisite guide before starting this guide. This guide requires about 5 hours to complete, but can require less time or more time depending on the speed of the Hyper-V host. After completing the current guide, also see the companion guide:
+- [Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
 
 The PoC environment is a virtual network running on Hyper-V with three virtual machines (VMs):
 - **DC1**: A contoso.com domain controller, DNS server, and DHCP server.
 - **SRV1**: A dual-homed contoso.com domain member server, DNS server, and default gateway providing NAT service for the PoC network.
 - **PC1**: A contoso.com member computer running Windows 7, Windows 8, or Windows 8.1 that has been shadow-copied from a physical computer on your corporate network.
 
-This guide uses the Hyper-V server role. If you do not complete all steps in a single session, consider using [checkpoints](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn818483(v=ws.11)) and [saved states](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee247418(v=ws.10)) to pause, resume, or restart your work.
+This guide uses the Hyper-V server role. If you don't complete all steps in a single session, consider using [checkpoints](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/dn818483(v=ws.11)) and [saved states](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/ee247418(v=ws.10)) to pause, resume, or restart your work.
 
 ## In this guide
 
@@ -51,8 +52,8 @@ Topics and procedures in this guide are summarized in the following table. An es
 
 MDT performs deployments by using the Lite Touch Installation (LTI), Zero Touch Installation (ZTI), and User-Driven Installation (UDI) deployment methods. 
 - LTI is the deployment method used in the current guide, requiring only MDT and performed with a minimum amount of user interaction.
-- ZTI is fully automated, requiring no user interaction and is performed using MDT and Microsoft Endpoint Configuration Manager. After completing the steps in the current guide, see [Step by step: Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md) to use the ZTI deployment method in the PoC environment.
-- UDI requires manual intervention to respond to installation prompts such as machine name, password and language settings. UDI requires MDT and Microsoft Endpoint Configuration Manager. 
+- ZTI is fully automated, requiring no user interaction and is performed using MDT and Microsoft Configuration Manager. After completing the steps in the current guide, see [Step by step: Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md) to use the ZTI deployment method in the PoC environment.
+- UDI requires manual intervention to respond to installation prompts such as machine name, password and language settings. UDI requires MDT and Microsoft Configuration Manager. 
 
 ## Install MDT
 
@@ -86,9 +87,9 @@ A reference image serves as the foundation for Windows 10 devices in your organi
     ```
 2. On SRV1, verify that the Windows Enterprise installation DVD is mounted as drive letter D.
 
-3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, click **Start**, type **deployment**, and then click **Deployment Workbench**.
+3. The Windows 10 Enterprise installation files will be used to create a deployment share on SRV1 using the MDT deployment workbench. To open the deployment workbench, select **Start**, type **deployment**, and then select **Deployment Workbench**.
 
-4. To enable quick access to the application, right-click **Deployment Workbench** on the taskbar and then click **Pin this program to the taskbar**.
+4. To enable quick access to the application, right-click **Deployment Workbench** on the taskbar and then select **Pin this program to the taskbar**.
 
 5. In the Deployment Workbench console, right-click **Deployment Shares** and select **New Deployment Share**.
 
@@ -96,61 +97,59 @@ A reference image serves as the foundation for Windows 10 devices in your organi
     - Deployment share path: **C:\MDTBuildLab**<BR>
     - Share name: **MDTBuildLab$**<BR>
     - Deployment share description: **MDT build lab**<BR>
-    - Options: click **Next** to accept the default<BR>
-    - Summary: click **Next**<BR>
+    - Options: Select **Next** to accept the default<BR>
+    - Summary: Select **Next**<BR>
     - Progress: settings will be applied<BR>
-    - Confirmation: click **Finish**
-
+    - Confirmation: Select **Finish**
 
 7. Expand the **Deployment Shares** node, and then expand **MDT build lab**.
 
-8. Right-click the **Operating Systems** node, and then click **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and click **Finish**.
+8. Right-click the **Operating Systems** node, and then select **New Folder**. Name the new folder **Windows 10**. Complete the wizard using default values and select **Finish**.
 
-9. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
+9. Right-click the **Windows 10** folder created in the previous step, and then select **Import Operating System**.
 
 10. Use the following settings for the Import Operating System Wizard: 
     - OS Type: **Full set of source files**<BR>
     - Source: **D:\\** <BR>
     - Destination: **W10Ent_x64**<BR>
-    - Summary: click **Next**
+    - Summary: Select **Next**
     - Progress: wait for files to be copied
-    - Confirmation: click **Finish**
+    - Confirmation: Select **Finish**
 
-    For purposes of this test lab, we will only add the prerequisite .NET Framework feature. Commerical applications (ex: Microsoft Office) will not be added to the deployment share. For information about adding applications, see the [Add applications](./deploy-windows-mdt/create-a-windows-10-reference-image.md) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) topic in the TechNet library.
+    For purposes of this test lab, we'll only add the prerequisite .NET Framework feature. Commercial applications (ex: Microsoft Office) won't be added to the deployment share. For information about adding applications, see the [Add applications](./deploy-windows-mdt/create-a-windows-10-reference-image.md#add-applications) section of the [Create a Windows 10 reference image](deploy-windows-mdt/create-a-windows-10-reference-image.md) article.
 
-11. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+11. The next step is to create a task sequence to reference the operating system that was imported. To create a task sequence, right-click the **Task Sequences** node and then select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
     - Task sequence ID: **REFW10X64-001**<BR>
     - Task sequence name: **Windows 10 Enterprise x64 Default Image** <BR>
     - Task sequence comments: **Reference Build**<BR>
     - Template: **Standard Client Task Sequence**
-    - Select OS: click **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
+    - Select OS: Select **Windows 10 Enterprise Evaluation in W10Ent_x64 install.wim**
     - Specify Product Key: **Do not specify a product key at this time**
     - Full Name: **Contoso**
     - Organization: **Contoso**
     - Internet Explorer home page: `http://www.contoso.com`
     - Admin Password: **Do not specify an Administrator password at this time**
-    - Summary: click **Next**
-    - Confirmation: click **Finish**
-
+    - Summary: Select **Next**
+    - Confirmation: Select **Finish**
 
 12. Edit the task sequence to add the Microsoft NET Framework 3.5, which is required by many applications. To edit the task sequence, double-click **Windows 10 Enterprise x64 Default Image** that was created in the previous step.
 
-13. Click the **Task Sequence** tab. Under **State Restore** click **Tatto** to highlight it, then click **Add** and choose **New Group**.
+13. Select the **Task Sequence** tab. Under **State Restore** select **Tattoo** to highlight it, then select **Add** and choose **New Group**.
 
-14. On the Properties tab of the group that was created in the previous step, change the Name from **New Group** to **Custom Tasks (Pre-Windows Update)** and then click **Apply**. Click another location in the window to see the name change.
+14. On the Properties tab of the group that was created in the previous step, change the Name from **New Group** to **Custom Tasks (Pre-Windows Update)** and then select **Apply**. Select another location in the window to see the name change.
 
-15. Click the **Custom Tasks (Pre-Windows Update)** group again, click **Add**, point to **Roles**, and then click **Install Roles and Features**.
+15. Select the **Custom Tasks (Pre-Windows Update)** group again, select **Add**, point to **Roles**, and then select **Install Roles and Features**.
 
-16. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then click **Apply**.
+16. Under **Select the roles and features that should be installed**, select **.NET Framework 3.5 (includes .NET 2.0 and 3.0)** and then select **Apply**.
 
 17. Enable Windows Update in the task sequence by clicking the **Windows Update (Post-Application Installation)** step, clicking the **Options** tab, and clearing the **Disable this step** checkbox.
     
     > [!NOTE]
     > Since we are not installing applications in this test lab, there is no need to enable the Windows Update Pre-Application Installation step. However, you should enable this step if you are also installing applications.
 
-18. Click **OK** to complete editing the task sequence.
+18. Select **OK** to complete editing the task sequence.
 
-19. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click **MDT build lab (C:\MDTBuildLab)** and click **Properties**, and then click the **Rules** tab.
+19. The next step is to configure the MDT deployment share rules. To configure rules in the Deployment Workbench, right-click **MDT build lab (C:\MDTBuildLab)** and select **Properties**, and then select the **Rules** tab.
 
 20. Replace the default rules with the following text:
 
@@ -187,7 +186,7 @@ A reference image serves as the foundation for Windows 10 devices in your organi
     SkipFinalSummary=NO
     ```
 
-21. Click **Apply** and then click **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
+21. Select **Apply** and then select **Edit Bootstrap.ini**. Replace the contents of the Bootstrap.ini file with the following text, and save the file:
 
     ```text
     [Settings]
@@ -201,13 +200,13 @@ A reference image serves as the foundation for Windows 10 devices in your organi
     SkipBDDWelcome=YES
     ```
 
-22. Click **OK** to complete the configuration of the deployment share.
+22. Select **OK** to complete the configuration of the deployment share.
 
-23. Right-click **MDT build lab (C:\MDTBuildLab)** and then click **Update Deployment Share**.
+23. Right-click **MDT build lab (C:\MDTBuildLab)** and then select **Update Deployment Share**.
 
-24. Accept all default values in the Update Deployment Share Wizard by clicking **Next** twice.  The update process will take 5 to 10 minutes. When it has completed, click **Finish**.
+24. Accept all default values in the Update Deployment Share Wizard by clicking **Next** twice.  The update process will take 5 to 10 minutes. When it has completed, select **Finish**.
 
-25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. Note that in MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
+25. Copy **c:\MDTBuildLab\Boot\LiteTouchPE_x86.iso** on SRV1 to the **c:\VHD** directory on the Hyper-V host computer. In MDT, the x86 boot image can deploy both x86 and x64 operating systems, except on computers based on Unified Extensible Firmware Interface (UEFI).
 
     > [!TIP]
     > To copy the file, right-click the **LiteTouchPE_x86.iso** file and click **Copy** on SRV1, then open the **c:\VHD** folder on the Hyper-V host, right-click inside the folder and click **Paste**.
@@ -221,12 +220,12 @@ A reference image serves as the foundation for Windows 10 devices in your organi
     Start-VM REFW10X64-001
     vmconnect localhost REFW10X64-001
     ```
-    
+
     The VM will require a few minutes to prepare devices and boot from the LiteTouchPE_x86.iso file. 
 
-27. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then click **Next**.
+27. In the Windows Deployment Wizard, select **Windows 10 Enterprise x64 Default Image**, and then select **Next**.
 
-28. Accept the default values on the Capture Image page, and click **Next**. Operating system installation will complete after 5 to 10 minutes, and then the VM will reboot automatically. Allow the system to boot normally (do not press a key). The process is fully automated.
+28. Accept the default values on the Capture Image page, and select **Next**. Operating system installation will complete after 5 to 10 minutes, and then the VM will reboot automatically. Allow the system to boot normally (don't press a key). The process is fully automated.
 
 	Additional system restarts will occur to complete updating and preparing the operating system. Setup will complete the following procedures:
 
@@ -238,51 +237,49 @@ A reference image serves as the foundation for Windows 10 devices in your organi
 	- Capture the installation to a Windows Imaging (WIM) file.
 	- Turn off the virtual machine.<BR><BR>
 
-    This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host. After some time, you will have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on your deployment server (SRV1). The file name is **REFW10X64-001.wim**.
+    This step requires from 30 minutes to 2 hours, depending on the speed of the Hyper-V host. After some time, you'll have a Windows 10 Enterprise x64 image that is fully patched and has run through Sysprep. The image is located in the C:\MDTBuildLab\Captures folder on your deployment server (SRV1). The file name is **REFW10X64-001.wim**.
 
 ## Deploy a Windows 10 image using MDT
 
 This procedure will demonstrate how to deploy the reference image to the PoC environment using MDT.
 
-1. On SRV1, open the MDT Deployment Workbench console, right-click **Deployment Shares**, and then click **New Deployment Share**. Use the following values in the New Deployment Share Wizard:
+1. On SRV1, open the MDT Deployment Workbench console, right-click **Deployment Shares**, and then select **New Deployment Share**. Use the following values in the New Deployment Share Wizard:
      - **Deployment share path**: C:\MDTProd
      - **Share name**: MDTProd$
      - **Deployment share description**: MDT Production
      - **Options**: accept the default
 
+2. Select **Next**, verify the new deployment share was added successfully, then select **Finish**.
 
-2. Click **Next**, verify the new deployment share was added successfully, then click **Finish**.
+3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then select **New Folder**. Name the new folder **Windows 10** and complete the wizard using default values.
 
-3. In the Deployment Workbench console, expand the MDT Production deployment share, right-click **Operating Systems**, and then click **New Folder**. Name the new folder **Windows 10** and complete the wizard using default values.
+4. Right-click the **Windows 10** folder created in the previous step, and then select **Import Operating System**.
 
-4. Right-click the **Windows 10** folder created in the previous step, and then click **Import Operating System**.
+5. On the **OS Type** page, choose **Custom image file** and then select **Next**.
 
-5. On the **OS Type** page, choose **Custom image file** and then click **Next**.
-
-6. On the Image page, browse to the **C:\MDTBuildLab\Captures\REFW10X64-001.wim** file created in the previous procedure, click **Open**, and then click **Next**.
+6. On the Image page, browse to the **C:\MDTBuildLab\Captures\REFW10X64-001.wim** file created in the previous procedure, select **Open**, and then select **Next**.
 
 7. On the Setup page, select **Copy Windows 7, Windows Server 2008 R2, or later setup files from the specified path**. 
 
-8. Under **Setup source directory**, browse to **C:\MDTBuildLab\Operating Systems\W10Ent_x64** click **OK** and then click **Next**.
+8. Under **Setup source directory**, browse to **C:\MDTBuildLab\Operating Systems\W10Ent_x64** select **OK** and then select **Next**.
 
-9. On the Destination page, accept the default Destination directory name of **REFW10X64-001**, click **Next** twice, wait for the import process to complete, and then click **Finish**.
+9. On the Destination page, accept the default Destination directory name of **REFW10X64-001**, select **Next** twice, wait for the import process to complete, and then select **Finish**.
 
-10. In the **Operating Systems** > **Windows 10** node, double-click the operating system that was added to view its properties. Change the operating system name to **Windows 10 Enterprise x64 Custom Image** and then click **OK**. See the following example:
+10. In the **Operating Systems** > **Windows 10** node, double-click the operating system that was added to view its properties. Change the operating system name to **Windows 10 Enterprise x64 Custom Image** and then select **OK**. See the following example:
 
     ![custom image.](images/image.png)
 
-
 ### Create the deployment task sequence
 
-1. Using the Deployment Workbench, right-click **Task Sequences** under the **MDT Production** node, click **New Folder** and create a folder with the name: **Windows 10**.
+1. Using the Deployment Workbench, right-click **Task Sequences** under the **MDT Production** node, select **New Folder** and create a folder with the name: **Windows 10**.
 
-2. Right-click the **Windows 10** folder created in the previous step, and then click **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
+2. Right-click the **Windows 10** folder created in the previous step, and then select **New Task Sequence**. Use the following settings for the New Task Sequence Wizard:
     - Task sequence ID: W10-X64-001
     - Task sequence name: Windows 10 Enterprise x64 Custom Image
     - Task sequence comments: Production Image
     - Select Template: Standard Client Task Sequence
     - Select OS: Windows 10 Enterprise x64 Custom Image
-    - Specify Product Key: Do not specify a product key at this time
+    - Specify Product Key: Don't specify a product key at this time
     - Full Name: Contoso
     - Organization: Contoso
     - Internet Explorer home page: http://www.contoso.com
@@ -296,9 +293,9 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
     copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\Bootstrap.ini" C:\MDTProd\Control\Bootstrap.ini -Force
     copy-item "C:\Program Files\Microsoft Deployment Toolkit\Templates\CustomSettings.ini" C:\MDTProd\Control\CustomSettings.ini -Force
     ``` 
-2. In the Deployment Workbench console on SRV1, right-click the **MDT Production** deployment share and then click **Properties**.
+2. In the Deployment Workbench console on SRV1, right-click the **MDT Production** deployment share and then select **Properties**.
 
-3. Click the **Rules** tab and replace the rules with the following text (don't click OK yet):
+3. Select the **Rules** tab and replace the rules with the following text (don't select OK yet):
 
     ```text
     [Settings]
@@ -339,16 +336,16 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
 
     > [!NOTE]
     > The contents of the Rules tab are added to c:\MDTProd\Control\CustomSettings.ini.
-    
-    In this example a **MachineObjectOU** entry is not provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab clients are added to the default computers OU, which requires that this parameter be unspecified.
 
-    If desired, edit the follow line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (ue) all users except for CONTOSO users specified by the user include option (ui):
+    In this example, a **MachineObjectOU** entry isn't provided. Normally this entry describes the specific OU where new client computer objects are created in Active Directory. However, for the purposes of this test lab, clients are added to the default computers OU, which requires that this parameter be unspecified.
+
+    If desired, edit the following line to include or exclude other users when migrating settings. Currently, the command is set to user exclude (`ue`) all users except for CONTOSO users specified by the user include option (ui):
 
     ```console
     ScanStateArgs=/ue:*\* /ui:CONTOSO\*
     ```
 
-    For example, to migrate **all** users on the computer, replace this line with the following:
+    For example, to migrate **all** users on the computer, replace this line with the following line:
 
     ```console
     ScanStateArgs=/all
@@ -356,7 +353,7 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
 
     For more information, see [ScanState Syntax](/windows/deployment/usmt/usmt-scanstate-syntax).
 
-4. Click **Edit Bootstap.ini** and replace text in the file with the following text:
+4. Select **Edit Bootstap.ini** and replace text in the file with the following text:
 
     ```text
     [Settings]
@@ -370,23 +367,23 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
     SkipBDDWelcome=YES
     ```
 
-5. Click **OK** when finished. 
+5. Select **OK** when finished. 
 
 ### Update the deployment share
 
-1. Right-click the **MDT Production** deployment share and then click **Update Deployment Share**.
+1. Right-click the **MDT Production** deployment share and then select **Update Deployment Share**.
 
 2. Use the default options for the Update Deployment Share Wizard. The update process requires 5 to 10 minutes to complete.
 
-3. Click **Finish** when the update is complete.
+3. Select **Finish** when the update is complete.
 
 ### Enable deployment monitoring
 
-1. In the Deployment Workbench console, right-click **MDT Production** and then click **Properties**.
+1. In the Deployment Workbench console, right-click **MDT Production** and then select **Properties**.
 
-2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then click **OK**.
+2. On the **Monitoring** tab, select the **Enable monitoring for this deployment share** checkbox, and then select **OK**.
 
-3. Verify the monitoring service is working as expected by opening the following link on SRV1: `http://localhost:9800/MDTMonitorEvent/`. If you do not see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](/archive/blogs/mniehaus/troubleshooting-mdt-2012-monitoring).
+3. Verify the monitoring service is working as expected by opening the following link on SRV1: `http://localhost:9800/MDTMonitorEvent/`. If you don't see "**You have created a service**" at the top of the page, see [Troubleshooting MDT 2012 Monitoring](/archive/blogs/mniehaus/troubleshooting-mdt-2012-monitoring).
 
 4. Close Internet Explorer.
 
@@ -399,19 +396,19 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
     WDSUTIL /Set-Server /AnswerClients:All
     ```
 
-2. Click **Start**, type **Windows Deployment**, and then click **Windows Deployment Services**.
+2. Select **Start**, type **Windows Deployment**, and then select **Windows Deployment Services**.
 
-3. In the Windows Deployment Services console, expand **Servers**, expand **SRV1.contoso.com**, right-click **Boot Images**, and then click **Add Boot Image**.
+3. In the Windows Deployment Services console, expand **Servers**, expand **SRV1.contoso.com**, right-click **Boot Images**, and then select **Add Boot Image**.
 
-4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, click **Open**, click **Next**, and accept the defaults in the Add Image Wizard. Click **Finish** to complete adding a boot image.
+4. Browse to the **C:\MDTProd\Boot\LiteTouchPE_x64.wim** file, select **Open**, select **Next**, and accept the defaults in the Add Image Wizard. Select **Finish** to complete adding a boot image.
 
 ### Deploy the client image
 
-1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This is just an artifact of the lab environment. In a typical deployment environment WDS would not be installed on the default gateway. 
+1. Before using WDS to deploy a client image, you must temporarily disable the external network adapter on SRV1. This configuration is just an artifact of the lab environment. In a typical deployment environment WDS wouldn't be installed on the default gateway. 
 
     > [!NOTE]
     > Do not disable the *internal* network interface. To quickly view IP addresses and interface names configured on the VM, type **Get-NetIPAddress | ft interfacealias, ipaddress**
-    
+
     Assuming the external interface is named "Ethernet 2", to disable the *external* interface on SRV1, open a Windows PowerShell prompt on SRV1 and type the following command:
 
     ```powershell
@@ -420,15 +417,14 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
 
     >Wait until the disable-netadapter command completes before proceeding.
 
-
 2. Next, switch to the Hyper-V host and open an elevated Windows PowerShell prompt. Create a generation 2 VM on the Hyper-V host that will load its OS using PXE. To create this VM, type the following commands at an elevated Windows PowerShell prompt:
 
     ```powershell
-    New-VM –Name "PC2" –NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+    New-VM -Name "PC2" -NewVHDPath "c:\vhd\pc2.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
     Set-VMMemory -VMName "PC2" -DynamicMemoryEnabled $true -MinimumBytes 720MB -MaximumBytes 2048MB -Buffer 20
     ```
 
-    Dynamic memory is configured on the VM to conserve resources. However, this can cause memory allocation to be reduced past what is required to install an operating system. If this happens, reset the VM and begin the OS installation task sequence immediately. This ensures the VM memory allocation is not decreased too much while it is idle.
+    Dynamic memory is configured on the VM to conserve resources. However, dynamic memory can cause memory allocation to be reduced below what is required to install an operating system. If memory is reduced below what is required, reset the VM and begin the OS installation task sequence immediately. The reset ensures the VM memory allocation isn't decreased too much while it's idle.
 
 3. Start the new VM and connect to it:
 
@@ -439,19 +435,19 @@ This procedure will demonstrate how to deploy the reference image to the PoC env
 
 4. When prompted, hit ENTER to start the network boot process.
 
-5. In the Windows Deployment Wizard, choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
+5. In the Windows Deployment Wizard, choose the **Windows 10 Enterprise x64 Custom Image** and then select **Next**.
 
-6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. This is needed so the client can use Windows Update after operating system installation is complete.To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command:
+6. After MDT lite touch installation has started, be sure to re-enable the external network adapter on SRV1. Re-enabling the external network adapter is needed so the client can use Windows Update after operating system installation is complete. To re-enable the external network interface, open an elevated Windows PowerShell prompt on SRV1 and type the following command:
 
     ```powershell
     Enable-NetAdapter "Ethernet 2"
     ```
 
-7. On SRV1, in the Deployment Workbench console, click on **Monitoring** and view the status of installation. Right-click **Monitoring** and click **Refresh** if no data is displayed.
-8. OS installation requires about 10 minutes. When the installation is complete, the system will reboot automatically, configure devices, and install updates, requiring another 10-20 minutes.  When the new client computer is finished updating, click **Finish**. You will be automatically signed in to the local computer as administrator.
-    
-    ![finish.](images/deploy-finish.png)
+7. On SRV1, in the Deployment Workbench console, select on **Monitoring** and view the status of installation. Right-click **Monitoring** and select **Refresh** if no data is displayed.
 
+8. OS installation requires about 10 minutes. When the installation is complete, the system will reboot automatically, configure devices, and install updates, requiring another 10-20 minutes.  When the new client computer is finished updating, select **Finish**. You'll be automatically signed in to the local computer as administrator.
+
+    ![finish.](images/deploy-finish.png)
 
 This completes the demonstration of how to deploy a reference image to the network. To conserve resources, turn off the PC2 VM before starting the next section.
 
@@ -459,14 +455,14 @@ This completes the demonstration of how to deploy a reference image to the netwo
 
 This section will demonstrate how to export user data from an existing client computer, wipe the computer, install a new operating system, and then restore user data and settings. The scenario will use PC1, a computer that was cloned from a physical device to a VM, as described in [Step by step guide: Deploy Windows 10 in a test lab](windows-10-poc.md). 
 
-1. If the PC1 VM is not already running, then start and connect to it:
-    
+1. If the PC1 VM isn't already running, then start and connect to it:
+
     ```powershell
     Start-VM PC1
     vmconnect localhost PC1
     ```
 
-2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and to perform additional scenarios.  Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+2. Switch back to the Hyper-V host and create a checkpoint for the PC1 VM so that it can easily be reverted to its current state for troubleshooting purposes and  performing additional scenarios.  Checkpoints are also known as snapshots. To create a checkpoint for the PC1 VM, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
 
     ```powershell
     Checkpoint-VM -Name PC1 -SnapshotName BeginState
@@ -474,9 +470,9 @@ This section will demonstrate how to export user data from an existing client co
 
 3. Sign on to PC1 using the CONTOSO\Administrator account.
 
-    Specify **contoso\administrator** as the user name to ensure you do not sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
+    Specify **contoso\administrator** as the user name to ensure you don't sign on using the local administrator account. You must sign in with this account so that you have access to the deployment share.
 
-4. Open an elevated command prompt on PC1 and type the following:
+4. Open an elevated command prompt on PC1 and type the following command:
 
     ```console
     cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
@@ -485,9 +481,9 @@ This section will demonstrate how to export user data from an existing client co
     > [!NOTE]
     > For more information on tools for viewing log files and to assist with troubleshooting, see [Configuration Manager Tools](/configmgr/core/support/tools).
 
-5. Choose the **Windows 10 Enterprise x64 Custom Image** and then click **Next**.
+5. Choose the **Windows 10 Enterprise x64 Custom Image** and then select **Next**.
 
-6. Choose **Do not back up the existing computer** and click **Next**.
+6. Choose **Do not back up the existing computer** and select **Next**.
 
     > [!NOTE]
     > The USMT will still back up the computer.
@@ -508,14 +504,14 @@ This section will demonstrate how to export user data from an existing client co
     Checkpoint-VM -Name PC1 -SnapshotName RefreshState
     ```
 
-10. Restore the PC1 VM to it's previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
+10. Restore the PC1 VM to its previous state in preparation for the replace procedure. To restore a checkpoint, type the following command at an elevated Windows PowerShell prompt on the Hyper-V host:
 
     ```powershell
     Restore-VMSnapshot -VMName PC1 -Name BeginState -Confirm:$false
     Start-VM PC1
     vmconnect localhost PC1
     ```
-    
+
 11. Sign in to PC1 using the contoso\administrator account.
 
 ## Replace a computer with Windows 10
@@ -526,8 +522,8 @@ At a high level, the computer replace process consists of:<BR>
 
 ### Create a backup-only task sequence
 
-1. On SRV1, in the deployment workbench console, right-click the MDT Production deployment share, click **Properties**, click the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**.
-2. Click **OK**, right-click **MDT Production**, click **Update Deployment Share** and accept the default options in the wizard to update the share.
+1. On SRV1, in the deployment workbench console, right-click the MDT Production deployment share, select **Properties**, select the **Rules** tab, and change the line **SkipUserData=YES** to **SkipUserData=NO**.
+2. Select **OK**, right-click **MDT Production**, select **Update Deployment Share** and accept the default options in the wizard to update the share.
 3. Type the following commands at an elevated Windows PowerShell prompt on SRV1:
 
     ```powershell
@@ -536,42 +532,42 @@ At a high level, the computer replace process consists of:<BR>
     icacls C:\MigData /grant '"contoso\administrator":(OI)(CI)(M)'
     ```
 
-4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and click **New Folder**.
+4. On SRV1 in the deployment workbench, under **MDT Production**, right-click the **Task Sequences** node, and select **New Folder**.
 5. Name the new folder **Other**, and complete the wizard using default options.
-6. Right-click the **Other** folder and then click **New Task Sequence**. Use the following values in the wizard:
+6. Right-click the **Other** folder and then select **New Task Sequence**. Use the following values in the wizard:
     - **Task sequence ID**: REPLACE-001
     - **Task sequence name**: Backup Only Task Sequence
     - **Task sequence comments**: Run USMT to back up user data and settings
-    - **Template**: Standard Client Replace Task Sequence (note: this is not the default template)
-7. Accept defaults for the rest of the wizard and then click **Finish**. The replace task sequence will skip OS selection and settings.
-8. Open the new task sequence that was created and review it. Note the type of capture and backup tasks that are present. Click **OK** when you are finished reviewing the task sequence.
+    - **Template**: Standard Client Replace Task Sequence (note: this template isn't the default template)
+7. Accept defaults for the rest of the wizard and then select **Finish**. The replace task sequence will skip OS selection and settings.
+8. Open the new task sequence that was created and review it. Note the type of capture and backup tasks that are present. Select **OK** when you're finished reviewing the task sequence.
 
 ### Run the backup-only task sequence
 
-1. If you are not already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt:
+1. If you aren't already signed on to PC1 as **contoso\administrator**, sign in using this account. To verify the currently signed in account, type the following command at an elevated command prompt:
 
     ```console
     whoami
     ```
-2. To ensure a clean environment before running the backup task sequence, type the following at an elevated Windows PowerShell prompt on PC1:
+2. To ensure a clean environment before running the backup task sequence, type the following commands at an elevated Windows PowerShell prompt on PC1:
 
     ```powershell
     Remove-Item c:\minint -recurse
     Remove-Item c:\_SMSTaskSequence -recurse
     Restart-Computer
     ```
-3. Sign in to PC1 using the contoso\administrator account, and then type the following at an elevated command prompt:
+3. Sign in to PC1 using the contoso\administrator account, and then type the following command at an elevated command prompt:
 
     ```console
     cscript \\SRV1\MDTProd$\Scripts\Litetouch.vbs
     ```
 
-4. Complete the deployment wizard using the following:
+4. Complete the deployment wizard using the following settings:
     - **Task Sequence**: Backup Only Task Sequence
     - **User Data**: Specify a location: **\\\\SRV1\MigData$\PC1**
-    - **Computer Backup**: Do not back up the existing computer.
-5. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and click the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks.  
-6. On PC1, verify that **The user state capture was completed successfully** is displayed, and click **Finish** when the capture is complete.
+    - **Computer Backup**: Don't back up the existing computer.
+5. While the task sequence is running on PC1, open the deployment workbench console on SRV1 and select the **Monitoring* node. Press F5 to refresh the console, and view the status of current tasks.  
+6. On PC1, verify that **The user state capture was completed successfully** is displayed, and select **Finish** when the capture is complete.
 7. On SRV1, verify that the file **USMT.MIG** was created in the **C:\MigData\PC1\USMT** directory. See the following example:
 
     ```powershell
@@ -589,7 +585,7 @@ At a high level, the computer replace process consists of:<BR>
 1. On the Hyper-V host, type the following commands at an elevated Windows PowerShell prompt:
 
     ```powershell
-    New-VM –Name "PC3" –NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
+    New-VM -Name "PC3" -NewVHDPath "c:\vhd\pc3.vhdx" -NewVHDSizeBytes 60GB -SwitchName poc-internal -BootDevice NetworkAdapter -Generation 2
     Set-VMMemory -VMName "PC3" -DynamicMemoryEnabled $true -MinimumBytes 512MB -MaximumBytes 2048MB -Buffer 20
     ```
 
@@ -601,7 +597,6 @@ At a high level, the computer replace process consists of:<BR>
 
     As mentioned previously, ensure that you disable the **external** network adapter, and wait for the command to complete before proceeding.
 
-
 3. Start and connect to PC3 by typing the following commands at an elevated Windows PowerShell prompt on the Hyper-V host:
 
      ```powershell
@@ -613,7 +608,7 @@ At a high level, the computer replace process consists of:<BR>
 
 5. On PC3, use the following settings for the Windows Deployment Wizard:
      - **Task Sequence**: Windows 10 Enterprise x64 Custom Image
-     - **Move Data and Settings**: Do not move user data and settings
+     - **Move Data and Settings**: Don't move user data and settings
      - **User Data (Restore)**: Specify a location: **\\\\SRV1\MigData$\PC1**
 
 6. When OS installation has started on PC1, re-enable the external network adapter on SRV1 by typing the following command on SRV1:
@@ -624,7 +619,7 @@ At a high level, the computer replace process consists of:<BR>
 
 7. Setup will install the Windows 10 Enterprise operating system, update via Windows Update, and restore the user settings and data from PC1.
 
-8. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, click **Finish**.
+8. When PC3 has completed installing the OS, sign in to PC3 using the contoso\administrator account. When the PC completes updating, select **Finish**.
 
 9. Verify that settings have been migrated from PC1. This completes demonstration of the replace procedure.
 
@@ -637,11 +632,11 @@ Deployment logs are available on the client computer in the following locations:
 - After the system drive has been formatted: C:\MININT\SMSOSD\OSDLOGS
 - After deployment: %WINDIR%\TEMP\DeploymentLogs
 
-You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then click **Enable Log**.
+You can review WDS events in Event Viewer at: **Applications and Services Logs > Microsoft > Windows > Deployment-Services-Diagnostics**. By default, only the **Admin** and **Operational** logs are enabled. To enable other logs, right-click the log and then select **Enable Log**.
 
 Also see [Resolve Windows 10 upgrade errors](upgrade/resolve-windows-10-upgrade-errors.md) for detailed troubleshooting information.
 
-## Related Topics
+## Related articles
 
 [Microsoft Deployment Toolkit](/mem/configmgr/mdt/)
 
diff --git a/windows/deployment/windows-10-poc-sc-config-mgr.md b/windows/deployment/windows-10-poc-sc-config-mgr.md
index fcea96b6fa..f7ecaa8853 100644
--- a/windows/deployment/windows-10-poc-sc-config-mgr.md
+++ b/windows/deployment/windows-10-poc-sc-config-mgr.md
@@ -1,14 +1,15 @@
 ---
 title: Steps to deploy Windows 10 with Configuration Manager
-description: Learn how to deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager.
+description: Learn how to deploy Windows 10 in a test lab using Microsoft Configuration Manager.
 ms.prod: windows-client
 ms.technology: itpro-deploy
 ms.localizationpriority: medium
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.topic: tutorial
+ms.date: 10/31/2022
 ---
 
 # Deploy Windows 10 in a test lab using Configuration Manager
@@ -37,14 +38,14 @@ Multiple features and services are installed on SRV1 in this guide. This configu
 
 ## In this guide
 
-This guide provides end-to-end instructions to install and configure Microsoft Endpoint Configuration Manager, and use it to deploy a Windows 10 image. Depending on the speed of your Hyper-V host, the procedures in this guide will require 6-10 hours to complete.
+This guide provides end-to-end instructions to install and configure Microsoft Configuration Manager, and use it to deploy a Windows 10 image. Depending on the speed of your Hyper-V host, the procedures in this guide will require 6-10 hours to complete.
 
 The procedures in this guide are summarized in the following table. An estimate of the time required to complete each procedure is also provided. Time required to complete procedures will vary depending on the resources available to the Hyper-V host and assigned to VMs, such as processor speed, memory allocation, disk speed, and network speed.
 
 |Procedure|Description|Time|
 |--- |--- |--- |
 |[Install prerequisites](#install-prerequisites)|Install prerequisite Windows Server roles and features, download, install and configure SQL Server, configure firewall rules, and install the Windows ADK.|60 minutes|
-|[Install Microsoft Endpoint Configuration Manager](#install-microsoft-endpoint-configuration-manager)|Download Microsoft Endpoint Configuration Manager, configure prerequisites, and install the package.|45 minutes|
+|[Install Microsoft Configuration Manager](#install-microsoft-configuration-manager)|Download Microsoft Configuration Manager, configure prerequisites, and install the package.|45 minutes|
 |[Download MDOP and install DaRT](#download-mdop-and-install-dart)|Download the Microsoft Desktop Optimization Pack 2015 and install DaRT 10.|15 minutes|
 |[Prepare for Zero Touch installation](#prepare-for-zero-touch-installation)|Prerequisite procedures to support Zero Touch installation.|60 minutes|
 |[Create a boot image for Configuration Manager](#create-a-boot-image-for-configuration-manager)|Use the MDT wizard to create the boot image in Configuration Manager.|20 minutes|
@@ -58,7 +59,7 @@ The procedures in this guide are summarized in the following table. An estimate
 
 ## Install prerequisites
 
-1. Before installing Microsoft Endpoint Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1:
+1. Before installing Microsoft Configuration Manager, we must install prerequisite services and features. Type the following command at an elevated Windows PowerShell prompt on SRV1:
 
     ```powershell
     Install-WindowsFeature Web-Windows-Auth,Web-ISAPI-Ext,Web-Metabase,Web-WMI,BITS,RDC,NET-Framework-Features,Web-Asp-Net,Web-Asp-Net45,NET-HTTP-Activation,NET-Non-HTTP-Activ
@@ -113,7 +114,7 @@ The procedures in this guide are summarized in the following table. An estimate
 
 6. Download and install the latest [Windows Assessment and Deployment Kit (ADK)](/windows-hardware/get-started/adk-install) on SRV1 using the default installation settings. The current version is the ADK for Windows 10, version 2004. Installation might require several minutes to acquire all components.
 
-## Install Microsoft Endpoint Configuration Manager
+## Install Microsoft Configuration Manager
 
 1. On SRV1, temporarily disable IE Enhanced Security Configuration for Administrators by typing the following commands at an elevated Windows PowerShell prompt:
 
@@ -123,7 +124,7 @@ The procedures in this guide are summarized in the following table. An estimate
     Stop-Process -Name Explorer
     ```
 
-1. Download [Microsoft Endpoint Configuration Manager (current branch)](https://www.microsoft.com/evalcenter/evaluate-microsoft-endpoint-configuration-manager) and extract the contents on SRV1.
+1. Download [Microsoft Configuration Manager (current branch)](https://www.microsoft.com/evalcenter/evaluate-microsoft-endpoint-configuration-manager) and extract the contents on SRV1.
 
 1. Open the file, enter **C:\configmgr** for **Unzip to folder**, and select **Unzip**. The `C:\configmgr` directory will be automatically created. Select **OK** and then close the **WinZip Self-Extractor** dialog box when finished.
 
@@ -242,7 +243,7 @@ The procedures in this guide are summarized in the following table. An estimate
 
 ## Prepare for Zero Touch installation
 
-This section contains several procedures to support Zero Touch installation with Microsoft Endpoint Configuration Manager.
+This section contains several procedures to support Zero Touch installation with Microsoft Configuration Manager.
 
 ### Create a folder structure
 
@@ -750,7 +751,7 @@ If you've already completed steps in [Deploy Windows 10 in a test lab using Micr
 
 3. On the Deployment Settings page, use the following settings:
     - Purpose: **Available**
-    - Make available to the following: **Only media and PXE**
+    - Make available to the following clients: **Only media and PXE**
     - Select **Next**.
 4. Select **Next** five times to accept defaults on the Scheduling, User Experience, Alerts, and Distribution Points pages.
 
@@ -960,7 +961,7 @@ Set-VMNetworkAdapter -VMName PC4 -StaticMacAddress 00-15-5D-83-26-FF
 5. Use the following settings in the Deploy Software wizard:
     - General > Collection: Select Browse and select **Install Windows 10 Enterprise x64**
     - Deployment Settings > Purpose: **Available**
-    - Deployment Settings > Make available to the following: **Configuration Manager clients, media and PXE**
+    - Deployment Settings > Make available to the following clients: **Configuration Manager clients, media and PXE**
     - Scheduling > select **Next**
     - User Experience > select **Next**
     - Alerts > select **Next**
@@ -1020,7 +1021,7 @@ In the Configuration Manager console, in the **Software Library** workspace, und
 
 - General > Collection: **USMT Backup (Replace)**
 - Deployment Settings > Purpose: **Available**
-- Deployment Settings > Make available to the following: **Only Configuration Manager Clients**
+- Deployment Settings > Make available to the following clients: **Only Configuration Manager Clients**
 - Scheduling: Select **Next**
 - User Experience: Select **Next**
 - Alerts: Select **Next**
diff --git a/windows/deployment/windows-10-poc.md b/windows/deployment/windows-10-poc.md
index 7b1a9e7024..376a7ff9c4 100644
--- a/windows/deployment/windows-10-poc.md
+++ b/windows/deployment/windows-10-poc.md
@@ -2,14 +2,14 @@
 title: Configure a test lab to deploy Windows 10
 description: Learn about concepts and procedures for deploying Windows 10 in a proof of concept lab environment.
 ms.reviewer: 
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.prod: windows-client
 ms.technology: itpro-deploy
 ms.localizationpriority: medium
 ms.topic: tutorial
-ms.date: 05/12/2022
+ms.date: 10/31/2022
 ---
 
 # Step by step guide: Configure a test lab to deploy Windows 10
@@ -25,7 +25,7 @@ This guide contains instructions to configure a proof of concept (PoC) environme
 
 This lab guide makes extensive use of Windows PowerShell and Hyper-V. Subsequent companion guides contain steps to deploy Windows 10 using the PoC environment. After completing this guide, see the following Windows 10 PoC deployment guides:
 
-- [Step by step: Deploy Windows 10 in a test lab using Microsoft Endpoint Configuration Manager](windows-10-poc-sc-config-mgr.md)
+- [Step by step: Deploy Windows 10 in a test lab using Microsoft Configuration Manager](windows-10-poc-sc-config-mgr.md)
 - [Step by step: Deploy Windows 10 in a test lab using MDT](windows-10-poc-mdt.md)
 
 The proof of concept (PoC) deployment guides are intended to provide a demonstration of Windows 10 deployment tools and processes for IT professionals that aren't familiar with these tools, and you want to set up a PoC environment. Don't use the instructions in this guide in a production setting. They aren't meant to replace the instructions found in production deployment guidance.
@@ -80,7 +80,7 @@ Hardware requirements are displayed below:
 |**OS**|Windows 8.1/10 or Windows Server 2012/2012 R2/2016|Windows 8.1 or a later|
 |**Edition**|Enterprise, Professional, or Education|Any|
 |**Architecture**|64-bit|Any <br/><br/> Retaining applications and settings requires that architecture (32-bit or 64-bit) is the same before and after the upgrade.|
-|**RAM**|8-GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.<br>16-GB RAM to test Windows 10 deployment with Microsoft Endpoint Configuration Manager.|Any|
+|**RAM**|8-GB RAM (16 GB recommended) to test Windows 10 deployment with MDT.<br>16-GB RAM to test Windows 10 deployment with Microsoft Configuration Manager.|Any|
 |**Disk**|200-GB available hard disk space, any format.|Any size, MBR formatted.|
 |**CPU**|SLAT-Capable CPU|Any|
 |**Network**|Internet connection|Any|
@@ -841,7 +841,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40 GB to
 
 25. Accept the default settings, read license terms and accept them, provide a strong administrator password, and select **Finish**. When you're prompted about finding PCs, devices, and content on the network, select **Yes**.
 
-26. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. This will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM.
+26. Sign in to SRV1 using the local administrator account. In the same way that was done on DC1, sign out of SRV1 and then sign in again to enable enhanced session mode. Enhanced session mode will enable you to copy and paste Windows PowerShell commands from the Hyper-V host to the VM.
 
 27. Open an elevated Windows PowerShell prompt on SRV1 and type the following commands:
 
@@ -913,7 +913,7 @@ The second Windows Server 2012 R2 VHD needs to be expanded in size from 40 GB to
     ping www.microsoft.com
     ```
 
-    If you see "Ping request could not find host `www.microsoft.com`" on PC1 and DC1, but not on SRV1, then you'll need to configure a server-level DNS forwarder on SRV1. To do this action, open an elevated Windows PowerShell prompt on SRV1 and type the following command.
+    If you see "Ping request couldn't find host `www.microsoft.com`" on PC1 and DC1, but not on SRV1, then you'll need to configure a server-level DNS forwarder on SRV1. To do this action, open an elevated Windows PowerShell prompt on SRV1 and type the following command.
 
     > [!NOTE]
     > This command also assumes that "Ethernet 2" is the external-facing network adapter on SRV1. If the external adapter has a different name, replace "Ethernet 2" in the command below with that name:
@@ -1018,7 +1018,7 @@ Use the following procedures to verify that the PoC environment is configured pr
 
     **nslookup** displays the DNS server used for the query, and the results of the query. For example, server `dc1.contoso.com`, address 192.168.0.1, Name `e2847.dspb.akamaiedge.net`.
 
-    **ping** displays if the source can resolve the target name, and whether or not the target responds to ICMP. If it can't be resolved, "could not find host" will be displayed. If the target is found and also responds to ICMP, you'll see "Reply from" and the IP address of the target.
+    **ping** displays if the source can resolve the target name, and whether or not the target responds to ICMP. If it can't be resolved, "couldn't find host" will be displayed. If the target is found and also responds to ICMP, you'll see "Reply from" and the IP address of the target.
 
     **tracert** displays the path to reach the destination, for example `srv1.contoso.com` [192.168.0.2] followed by a list of hosts and IP addresses corresponding to subsequent routing nodes between the source and the destination.
 
diff --git a/windows/deployment/windows-10-pro-in-s-mode.md b/windows/deployment/windows-10-pro-in-s-mode.md
index 94039bcc43..e5ceaf1248 100644
--- a/windows/deployment/windows-10-pro-in-s-mode.md
+++ b/windows/deployment/windows-10-pro-in-s-mode.md
@@ -1,25 +1,23 @@
 ---
 title: Switch to Windows 10 Pro/Enterprise from S mode
 description: Overview of Windows 10 Pro/Enterprise in S mode. S mode switch options are also outlined in this document. Switching out of S mode is optional.
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.localizationpriority: medium
 ms.prod: windows-client
 ms.collection: 
   - M365-modern-desktop
 ms.topic: article
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # Switch to Windows 10 Pro or Enterprise from S mode
 
 We recommend staying in S mode. However, in some limited scenarios, you might need to switch to Windows 10 Pro, Home, or Enterprise (not in S mode). You can switch devices running Windows 10, version 1709 or later. 
 
-
-A number of other transformations are possible depending on which version and edition of Windows 10 you are starting with. Depending on the details, you might *switch* between S mode and the ordinary version or *convert* between different editions while staying in or out of S mode. The following quick reference table summarizes all of the switches or conversions that are supported by various means:
-
-
-
+Many other transformations are possible depending on which version and edition of Windows 10 you're starting with. Depending on the details, you might *switch* between S mode and the ordinary version or *convert* between different editions while staying in or out of S mode. The following quick reference table summarizes all of the switches or conversions that are supported by various means:
 
 | If a device is running this version of Windows 10 | and this edition of Windows 10       | then you can switch or convert it to this edition of Windows 10 by these methods: |             &nbsp;                         | &nbsp;|
 |-------------|---------------------|-----------------------------------|-------------------------------|--------------------------------------------|
@@ -38,10 +36,9 @@ A number of other transformations are possible depending on which version and ed
 |             | Home in S mode      | Not by any method                    | Home                          | Home                                       |
 |             | Home                | Not by any method                    | Not by any method                | Not by any method                             |
 
-
 Use the following information to switch to Windows 10 Pro through the Microsoft Store.
 > [!IMPORTANT]
-> While it’s free to switch to Windows 10 Pro, it’s not reversible. The only way to rollback this kind of switch is through a [bare-metal recovery (BMR)](/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset.
+> While it's free to switch to Windows 10 Pro, it's not reversible. The only way to rollback this kind of switch is through a [bare-metal recovery (BMR)](/windows-hardware/manufacture/desktop/create-media-to-run-push-button-reset-features-s14) reset. This restores a Windows device to the factory state, even if the user needs to replace the hard drive or completely wipe the drive clean. If a device is switched out of S mode via the Microsoft Store, it will remain out of S mode even after the device is reset.
 
 ## Switch one device through the Microsoft Store
 Use the following information to switch to Windows 10 Pro through the Microsoft Store or by navigating to **Settings** and then **Activation** on the device.
@@ -52,7 +49,6 @@ Note these differences affecting switching modes in various releases of Windows
 - In Windows 10, version 1803, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store or **Settings**.
 -  Windows 10, version 1809, you can switch devices running any S mode edition to the equivalent non-S mode edition one at a time by using the Microsoft Store, **Settings**, or you can switch multiple devices in bulk by using Intune. You can also block users from switching devices themselves.
 
-
 1. Sign into the Microsoft Store using your Microsoft account. 
 2. Search for "S mode".
 3. In the offer, select **Buy**, **Get**, or **Learn more.**
@@ -61,26 +57,24 @@ You'll be prompted to save your files before the switch starts. Follow the promp
 
 ## Switch one or more devices by using Microsoft Intune
 
-Starting with Windows 10, version 1809, if you need to switch multiple devices in your environment from Windows 10 Pro in S mode to Windows 10 Pro, you can use Microsoft Intune or any other supported mobile device management software. You can configure devices to switch out of S mode during OOBE or post-OOBE - this gives you flexibility to manage Windows 10 in S mode devices at any point during the device lifecycle.
+Starting with Windows 10, version 1809, if you need to switch multiple devices in your environment from Windows 10 Pro in S mode to Windows 10 Pro, you can use Microsoft Intune or any other supported mobile device management software. You can configure devices to switch out of S mode during OOBE or post-OOBE. Switching out of S mode gives you flexibility to manage Windows 10 in S mode devices at any point during the device lifecycle.
 
 1. Start Microsoft Intune.
 2. Navigate to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch**.
 3. Follow the instructions to complete the switch.
 
-
 ## Block users from switching
 
 You can control which devices or users can use the Microsoft Store to switch out of S mode in Windows 10.
-To set this, go to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch in Microsoft Intune**, and then choose **Keep in S mode**.
+To set this policy, go to **Device configuration > Profiles > Windows 10 and later > Edition upgrade and mode switch in Microsoft Intune**, and then choose **Keep in S mode**.
 
 ## S mode management with CSPs
 
 In addition to using Microsoft Intune or another modern device management tool to manage S mode, you can also use the [WindowsLicensing](/windows/client-management/mdm/windowslicensing-csp) configuration service provider (CSP). In Windows 10, version 1809, we added S mode functionality that lets you switch devices, block devices from switching, and check the status (whether a device is in S mode).
 
-
-## Related topics
+## Related articles
 
 [FAQs](https://support.microsoft.com/help/4020089/windows-10-in-s-mode-faq)<br>
 [Compare Windows 10 editions](https://www.microsoft.com/WindowsForBusiness/Compare)<BR>
 [Windows 10 Pro Education](/education/windows/test-windows10s-for-edu)<BR>
-[Introduction to Microsoft Intune in the Azure portal](/intune/what-is-intune)
+[Introduction to Microsoft Intune in the Azure portal](/intune/what-is-intune)
\ No newline at end of file
diff --git a/windows/deployment/windows-10-subscription-activation.md b/windows/deployment/windows-10-subscription-activation.md
index 4c949502eb..29d62e08fa 100644
--- a/windows/deployment/windows-10-subscription-activation.md
+++ b/windows/deployment/windows-10-subscription-activation.md
@@ -4,16 +4,16 @@ description: In this article, you'll learn how to dynamically enable Windows 10
 ms.prod: windows-client
 ms.technology: itpro-fundamentals
 ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.collection: 
   - M365-modern-desktop
   - highpri
 search.appverid: 
   - MET150
 ms.topic: conceptual
-ms.date: 07/12/2022
+ms.date: 10/31/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
@@ -83,7 +83,7 @@ The following list illustrates how deploying Windows client has evolved with eac
 
 - **Windows 10, version 1803** updated Windows 10 subscription activation to enable pulling activation keys directly from firmware for devices that support firmware-embedded keys. It was no longer necessary to run a script to activate Windows 10 Pro before activating Enterprise. For virtual machines and hosts running Windows 10, version 1803, [inherited activation](#inherited-activation) was also enabled.
 
-- **Windows 10, version 1903** updated Windows 10 subscription activation to enable step up from Windows 10 Pro Education to Windows 10 Education for devices with a qualifying Windows 10 or Microsoft 365 subscription.
+- **Windows 10, version 1903** updated Windows 10 subscription activation to enable step-up from Windows 10 Pro Education to Windows 10 Education for devices with a qualifying Windows 10 or Microsoft 365 subscription.
 
 - **Windows 11, version 21H2** updated subscription activation to work on both Windows 10 and Windows 11 devices.
 
@@ -161,9 +161,9 @@ The following figure summarizes how the subscription activation model works:
 
 > [!NOTE]
 >
-> - A Windows 10 Pro Education device will only step up to Windows 10 Education edition when you assign a **Windows 10 Enterprise** license from the Microsoft 365 admin center.
+> - A Windows 10 Pro Education device will only step-up to Windows 10 Education edition when you assign a **Windows 10 Enterprise** license from the Microsoft 365 admin center.
 >
-> - A Windows 10 Pro device will only step up to Windows 10 Enterprise edition when you assign a **Windows 10 Enterprise** license from the Microsoft 365 admin center.
+> - A Windows 10 Pro device will only step-up to Windows 10 Enterprise edition when you assign a **Windows 10 Enterprise** license from the Microsoft 365 admin center.
 
 ### Scenarios
 
diff --git a/windows/deployment/windows-adk-scenarios-for-it-pros.md b/windows/deployment/windows-adk-scenarios-for-it-pros.md
index f2730a6d87..f2fce638d0 100644
--- a/windows/deployment/windows-adk-scenarios-for-it-pros.md
+++ b/windows/deployment/windows-adk-scenarios-for-it-pros.md
@@ -1,21 +1,21 @@
 ---
 title: Windows ADK for Windows 10 scenarios for IT Pros (Windows 10)
 description: The Windows Assessment and Deployment Kit (Windows ADK) contains tools that can be used by IT Pros to deploy Windows.
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: frankroj
+ms.author: frankroj
+manager: aaroncz
 ms.prod: windows-client
 ms.localizationpriority: medium
-ms.date: 07/27/2017
+ms.date: 10/31/2022
 ms.topic: article
+ms.technology: itpro-deploy
 ---
 
 # Windows ADK for Windows 10 scenarios for IT Pros
 
+The [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](/windows-hardware/get-started/what-s-new-in-kits-and-tools).
 
-The [Windows Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK) contains tools that can be used by IT Pros to deploy Windows. For an overview of what's new in the Windows ADK for Windows 10, see [What's new in kits and tools](/windows-hardware/get-started/what-s-new-in-kits-and-tools).
-
-In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](/windows-hardware/manufacture/desktop/).
+In previous releases of Windows, the Windows ADK docs were published on both TechNet and the MSDN Hardware Dev Center. Starting with the Windows 10 release, Windows ADK documentation is available on the MSDN Hardware Dev Center. For the Windows 10 ADK reference content, see [Desktop manufacturing](/windows-hardware/manufacture/desktop/).
 
 Here are some key scenarios that will help you find the content on the MSDN Hardware Dev Center.
 
@@ -41,7 +41,7 @@ Here are some things you can do with Sysprep:
 -   [Customize the default user profile](/windows-hardware/manufacture/desktop/customize-the-default-user-profile-by-using-copyprofile)
 -   [Use answer files](/windows-hardware/manufacture/desktop/use-answer-files-with-sysprep)
 
-[Windows PE (WinPE)](/windows-hardware/manufacture/desktop/winpe-intro) is a small operating system used to boot a computer that does not have an operating system. You can boot to Windows PE and then install a new operating system, recover data, or repair an existing operating system.
+[Windows PE (WinPE)](/windows-hardware/manufacture/desktop/winpe-intro) is a small operating system used to boot a computer that doesn't have an operating system. You can boot to Windows PE and then install a new operating system, recover data, or repair an existing operating system.
 
 Here are ways you can create a WinPE image:
 
@@ -68,7 +68,7 @@ For a list of settings you can change, see [Unattended Windows Setup Reference](
 
 ### Create a provisioning package using Windows ICD
 
-Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) or Windows 10 IoT Core (IoT Core) image.
+Introduced in Windows 10, [Windows Imaging and Configuration Designer (ICD)](/windows/configuration/provisioning-packages/provisioning-install-icd) streamlines the customizing and provisioning of a Windows 10 for desktop editions (Home, Pro, Enterprise, and Education) or Windows 10 IoT Core (IoT Core) image.
 
 Here are some things you can do with Windows ICD:
 
@@ -80,8 +80,4 @@ Here are some things you can do with Windows ICD:
 There are also a few tools included in the Windows ADK that are specific to IT Pros and this documentation is available on TechNet:
 
 -   [Volume Activation Management Tool (VAMT) Technical Reference](volume-activation/volume-activation-management-tool.md)
--   [User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md)
-
- 
-
- 
+-   [User State Migration Tool (USMT) Technical Reference](usmt/usmt-technical-reference.md)
\ No newline at end of file
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
index 4e13034d35..d3cf70f023 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-admin-contacts.md
@@ -35,7 +35,7 @@ Your admin contacts will receive notifications about support request updates and
 
 **To add admin contacts:**
 
-1. Sign into [Microsoft Endpoint Manager](https://endpoint.microsoft.com/).
+1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Under **Tenant administration** in the **Windows Autopatch** section, select **Admin contacts**.
 1. Select **+Add**.
 1. Enter the contact details including name, email, phone number and preferred language. For a support ticket, the ticket's primary contact's preferred language will determine the language used for email communications.
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
index 10d9c81172..d1e52e4ced 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview.md
@@ -44,7 +44,7 @@ See the following detailed workflow diagram. The diagram covers the Windows Auto
 | ----- | ----- |
 | **Step 1: Identify devices** | IT admin identifies devices to be managed by the Windows Autopatch service. |
 | **Step 2: Add devices** | IT admin adds devices through direct membership or nests other Azure AD assigned or dynamic groups into the **Windows Autopatch Device Registration** Azure AD assigned group. |
-| **Step 3: Discover devices** | The Windows Autopatch Discover Devices function hourly discovers devices previously added by the IT admin into the **Windows Autopatch Device Registration** Azure AD assigned group in **step #2**. The Azure AD device ID is used by Windows Autopatch to query device attributes in both Microsoft Endpoint Manager-Intune and Azure AD when registering devices into its service.<ol><li>Once devices are discovered from the Azure AD group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Azure AD in this step:</li><ol><li>**AzureADDeviceID**</li><li>**OperatingSystem**</li><li>**DisplayName (Device name)**</li><li>**AccountEnabled**</li><li>**RegistrationDateTime**</li><li>**ApproximateLastSignInDateTime**</li></ol><li>In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements prior to registration.</li></ol> |
+| **Step 3: Discover devices** | The Windows Autopatch Discover Devices function hourly discovers devices previously added by the IT admin into the **Windows Autopatch Device Registration** Azure AD assigned group in **step #2**. The Azure AD device ID is used by Windows Autopatch to query device attributes in both Microsoft Intune and Azure AD when registering devices into its service.<ol><li>Once devices are discovered from the Azure AD group, the same function gathers additional device attributes and saves it into its memory during the discovery operation. The following device attributes are gathered from Azure AD in this step:</li><ol><li>**AzureADDeviceID**</li><li>**OperatingSystem**</li><li>**DisplayName (Device name)**</li><li>**AccountEnabled**</li><li>**RegistrationDateTime**</li><li>**ApproximateLastSignInDateTime**</li></ol><li>In this same step, the Windows Autopatch discover devices function calls another function, the device prerequisite check function. The device prerequisite check function evaluates software-based device-level prerequisites to comply with Windows Autopatch device readiness requirements prior to registration.</li></ol> |
 | **Step 4: Check prerequisites** | The Windows Autopatch prerequisite function makes an Intune Graph API call to sequentially validate device readiness attributes required for the registration process. For detailed information, see the [Detailed prerequisite check workflow diagram](#detailed-prerequisite-check-workflow-diagram) section. The service checks the following device readiness attributes, and/or prerequisites:<ol><li>**Serial number, model, and manufacturer.**</li><ol><li>Checks if the serial number already exists in the Windows Autopatch’s managed device database.</li></ol><li>**If the device is Intune-managed or not.**</li><ol><li>Windows Autopatch looks to see **if the Azure AD device ID has an Intune device ID associated with it**.</li><ol><li>If **yes**, it means this device is enrolled into Intune.</li><li>If **not**, it means the device isn't enrolled into Intune, hence it can't be managed by the Windows Autopatch service.</li></ol><li>**If the device is not managed by Intune**, the Windows Autopatch service can't gather device attributes such as operating system version, Intune enrollment date, device name and other attributes. When this happens, the Windows Autopatch service uses the Azure AD device attributes gathered and saved to its memory in **step 3a**.</li><ol><li>Once it has the device attributes gathered from Azure AD in **step 3a**, the device is flagged with the **Prerequisite failed** status, then added to the **Not registered** tab so the IT admin can review the reason(s) the device wasn't registered into Windows Autopatch. The IT admin will remediate these devices. In this case, the IT admin should check why the device wasn’t enrolled into Intune.</li><li>A common reason is when the Azure AD device ID is stale, it doesn’t have an Intune device ID associated with it anymore. To remediate, [clean up any stale Azure AD device records from your tenant](windows-autopatch-register-devices.md#clean-up-dual-state-of-hybrid-azure-ad-joined-and-azure-registered-devices-in-your-azure-ad-tenant).</li></ol><li>**If the device is managed by Intune**, the Windows Autopatch prerequisite check function continues to the next prerequisite check, which evaluates whether the device has checked into Intune in the last 28 days.</li></ol><li>**If the device is a Windows device or not.**</li><ol><li>Windows Autopatch looks to see if the device is a Windows and corporate-owned device.</li><ol><li>**If yes**, it means this device can be registered with the service because it's a Windows corporate-owned device.</li><li>**If not**, it means the device is a non-Windows device, or it's a Windows device but it's a personal device.</li></ol></ol><li>**Windows Autopatch checks the Windows SKU family**. The SKU must be either:</li><ol><li>**Enterprise**</li><li>**Pro**</li><li>**Pro Workstation**</li></ol><li>**If the device meets the operating system requirements**, Windows Autopatch checks whether the device is either:</li><ol><li>**Only managed by Intune.**</li><ol><li>If the device is only managed by Intune, the device is marked as Passed all prerequisites.</li></ol><li>**Co-managed by both Configuration Manager and Intune.**</li><ol><li>If the device is co-managed by both Configuration Manager and Intune, an additional prerequisite check is evaluated to determine if the device satisfies the co-management-enabled workloads required by Windows Autopatch to manage devices in a co-managed state. The required co-management workloads evaluated in this step are:</li><ol><li>**Windows Updates Policies**</li><li>**Device Configuration**</li><li>**Office Click to Run**</li></ol><li>If Windows Autopatch determines that one of these workloads isn’t enabled on the device, the service marks the device as **Prerequisite failed** and moves the device to the **Not registered** tab.</li></ol></ol></ol>|
 | **Step 5: Calculate deployment ring assignment** | Once the device passes all prerequisites described in **step #4**, Windows Autopatch starts its deployment ring assignment calculation. The following logic is used to calculate the Windows Autopatch deployment ring assignment:<ol><li>If the Windows Autopatch tenant’s existing managed device size is **≤ 200**, the deployment ring assignment is **First (5%)**, **Fast (15%)**, remaining devices go to the **Broad ring (80%)**.</li><li>If the Windows Autopatch tenant’s existing managed device size is **>200**, the deployment ring assignment will be **First (1%)**, **Fast (9%)**, remaining devices go to the **Broad ring (90%)**.</li></ol> |
 | **Step 6: Assign devices to a deployment ring group** | Once the deployment ring calculation is done, Windows Autopatch assigns devices to one of the following deployment ring groups:<ol><li>**Modern Workplace Devices-Windows Autopatch-First**</li><ol><li>The Windows Autopatch device registration process doesn’t automatically assign devices to the Test ring represented by the Azure AD group (Modern Workplace Devices-Windows Autopatch-Test). It’s important that you assign devices to the Test ring to validate the update deployments before the updates are deployed to a broader population of devices.</li></ol><li>**Modern Workplace Devices-Windows Autopatch-Fast**</li><li>**Modern Workplace Devices-Windows Autopatch-Broad**</li></ol> |
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
index e5c4617772..985c852e6f 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-post-reg-readiness-checks.md
@@ -49,7 +49,7 @@ Windows Autopatch has three tabs within its Devices blade. Each tab is designed
 | Tab | Description |
 | ----- | ----- |
 | Ready | This tab only lists devices with the **Active** status. Devices with the **Active** status successfully:<ul><li>Passed the prerequisite checks.</li><li>Registered with Windows Autopatch.</li></ul>This tab also lists devices that have passed all postdevice registration readiness checks. |
-| Not ready | This tab only lists devices with the **Readiness failed** and **Inactive** status.<ul><li>**Readiness failed status**: Devices that didn’t pass one or more post-device registration readiness checks.</li><li>**Inactive**: Devices that haven’t communicated with the Microsoft Endpoint Manager-Intune service in the last 28 days.</li></ul> |
+| Not ready | This tab only lists devices with the **Readiness failed** and **Inactive** status.<ul><li>**Readiness failed status**: Devices that didn’t pass one or more post-device registration readiness checks.</li><li>**Inactive**: Devices that haven’t communicated with the Microsoft Intune service in the last 28 days.</li></ul> |
 | Not registered | Only lists devices with the **Prerequisite failed** status in it. Devices with the **Prerequisite failed** status didn’t pass one or more prerequisite checks during the device registration process. |
 
 ## Details about the post-device registration readiness checks
@@ -67,9 +67,9 @@ The following list of post-device registration readiness checks is performed in
 | Check | Description |
 | ----- | ----- |
 | **Windows OS build, architecture, and edition** | Checks to see if devices support Windows 1809+ build (10.0.17763), 64-bit architecture and either Pro or Enterprise SKUs. |
-| **Windows update policies managed via Microsoft Endpoint Manager-Intune** | Checks to see if devices have Windows Updates policies managed via Microsoft Endpoint Manager-Intune (MDM). |
-| **Windows update policies managed via Group Policy Object (GPO)** | Checks to see if devices have Windows update policies managed via GPO. Windows Autopatch doesn’t support Windows update policies managed via GPOs. Windows update must be managed via Microsoft Endpoint Manager-Intune. |
-| **Microsoft Office update policy managed via Group Policy Object (GPO)** | Checks to see if devices have Microsoft Office updates policies managed via GPO. Windows Autopatch doesn’t support Microsoft Office update policies managed via GPOs. Office updates must be managed via Microsoft Endpoint Manager-Intune or another Microsoft Office policy management method where Office update bits are downloaded directly from the Office Content Delivery Network (CDN). |
+| **Windows update policies managed via Microsoft Intune** | Checks to see if devices have Windows Updates policies managed via Microsoft Intune (MDM). |
+| **Windows update policies managed via Group Policy Object (GPO)** | Checks to see if devices have Windows update policies managed via GPO. Windows Autopatch doesn’t support Windows update policies managed via GPOs. Windows update must be managed via Microsoft Intune. |
+| **Microsoft Office update policy managed via Group Policy Object (GPO)** | Checks to see if devices have Microsoft Office updates policies managed via GPO. Windows Autopatch doesn’t support Microsoft Office update policies managed via GPOs. Office updates must be managed via Microsoft Intune or another Microsoft Office policy management method where Office update bits are downloaded directly from the Office Content Delivery Network (CDN). |
 | **Windows Autopatch network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that Windows Autopatch services must be able to reach for the various aspects of the Windows Autopatch service. |
 | **Microsoft Teams network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that devices with Microsoft Teams must be able to reach for software updates management. |
 | **Microsoft Edge network endpoints** | There's a set of [network endpoints](../prepare/windows-autopatch-configure-network.md) that devices with Microsoft Edge must be able to reach for software updates management. |
diff --git a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
index 4d7fb522a0..eff03275a8 100644
--- a/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
+++ b/windows/deployment/windows-autopatch/deploy/windows-autopatch-register-devices.md
@@ -71,9 +71,9 @@ To be eligible for Windows Autopatch management, devices must meet a minimum set
 
 - Windows 10 (1809+)/11 Enterprise or Professional editions (only x64 architecture).
 - Either [Hybrid Azure AD-Joined](/azure/active-directory/devices/concept-azure-ad-join-hybrid) or [Azure AD-joined only](/azure/active-directory/devices/concept-azure-ad-join-hybrid) (personal devices aren't supported).
-- Managed by Microsoft Endpoint Manager.
+- Managed by Microsoft Intune.
     - [Already enrolled into Microsoft Intune](/mem/intune/user-help/enroll-windows-10-device) and/or [Configuration Manager co-management](/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites#configuration-manager-co-management-requirements).
-        - Must switch the following Microsoft Endpoint Manager-Configuration Manager [co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Endpoint Manager-Intune (either set to Pilot Intune or Intune):
+        - Must switch the following Microsoft Configuration Manager [co-management workloads](/mem/configmgr/comanage/how-to-switch-workloads) to Microsoft Intune (either set to Pilot Intune or Intune):
             - Windows updates policies
             - Device configuration
             - Office Click-to-run
@@ -102,7 +102,7 @@ See all possible device readiness statuses in Windows Autopatch:
 | ----- | ----- | ----- |
 | Active | Devices with this status successfully passed all prerequisite checks and then successfully registered with Windows Autopatch. Additionally, devices with this status successfully passed all post-device registration readiness checks. |  Ready |
 | Readiness failed | Devices with this status haven't passed one or more post-device registration readiness checks. These devices aren't ready to have one or more software update workloads managed by Windows Autopatch. | Not ready |
-| Inactive | Devices with this status haven't communicated with Microsoft Endpoint Manager-Intune in the last 28 days. | Not ready |
+| Inactive | Devices with this status haven't communicated with Microsoft Intune in the last 28 days. | Not ready |
 | Pre-requisites failed | Devices with this status haven't passed one or more pre-requisite checks and haven't successfully registered with Windows Autopatch | Not registered |
 
 ## Built-in roles required for device registration
@@ -116,7 +116,7 @@ A role defines the set of permissions granted to users assigned to that role. Yo
 For more information, see [Azure AD built-in roles](/azure/active-directory/roles/permissions-reference) and [Role-based access control (RBAC) with Microsoft Intune](/mem/intune/fundamentals/role-based-access-control).
 
 > [!NOTE]
-> The Modern Workplace Intune Admin role is a custom created role during the Windows Autopatch tenant enrollment process. This role can assign administrators to Endpoint Manager roles, and allows you to create and configure custom Endpoint Manager roles.
+> The Modern Workplace Intune Admin role is a custom created role during the Windows Autopatch tenant enrollment process. This role can assign administrators to Intune roles, and allows you to create and configure custom Intune roles.
 
 ## Details about the device registration process
 
@@ -134,7 +134,7 @@ Since existing Windows 365 Cloud PCs already have an existing Azure AD device ID
 
 **To register devices with Windows Autopatch:**
 
-1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
+1. Go to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Devices** from the left navigation menu.
 3. Under the **Windows Autopatch** section, select **Devices**.
 4. Select either the **Ready** or the **Not registered** tab, then select the **Windows Autopatch Device Registration** hyperlink. The Azure Active Directory group blade opens.
@@ -154,7 +154,7 @@ Windows 365 Enterprise gives IT admins the option to register devices with the W
 
 **To register new Windows 365 Cloud PC devices with Windows Autopatch from the Windows 365 Provisioning Policy:**
 
-1. Go to the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) admin center.
+1. Go to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. In the left pane, select **Devices**.
 1. Navigate to Provisioning > **Windows 365**.
 1. Select Provisioning policies > **Create policy**.
@@ -211,7 +211,7 @@ There's a few more device management lifecycle scenarios to consider when planni
 
 ### Device refresh
 
-If a device was previously registered into the Windows Autopatch service, but it needs to be reimaged, you must run one of the device provisioning processes available in Microsoft Endpoint Manager to reimage the device.
+If a device was previously registered into the Windows Autopatch service, but it needs to be reimaged, you must run one of the device provisioning processes available in Microsoft Intune to reimage the device.
 
 The device will be rejoined to Azure AD (either Hybrid or Azure AD-only). Then, re-enrolled into Intune as well. No further action is required from you or the Windows Autopatch service, because the Azure AD device ID record of that device remains the same.
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
index 52448ca4c5..15b45c91d4 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices.md
@@ -18,7 +18,7 @@ To avoid end-user disruption, device deregistration in Windows Autopatch only de
 
 **To deregister a device:**
 
-1. Sign into the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/).
+1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Select **Windows Autopatch** in the left navigation menu.
 1. Select **Devices**.
 1. In either **Ready** or **Not ready** tab, select the device(s) you want to deregister.
@@ -42,7 +42,7 @@ You can hide unregistered devices you don't expect to be remediated anytime soon
 
 **To hide unregistered devices:**
 
-1. Sign into the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/).
+1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Select **Windows Autopatch** in the left navigation menu.
 1. Select **Devices**.
 1. In the **Not ready** tab, select an unregistered device or a group of unregistered devices you want to hide then select **Status == All**.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md
index 610298bbb9..dec4bcff3a 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-end-user-exp.md
@@ -25,7 +25,7 @@ In this section we'll review what an end user would see in the following three s
 3. Feature update grace period
 
 > [!NOTE]
-> Windows Autopatch doesn't yet support feature updates without notifying end users.
+> Windows Autopatch doesn't yet support feature updates without notifying end users.<p>The "It's almost time to restart" and "Your organization requires your device to restart" notifications won't disappear until the user interacts with the notification.</p>
 
 ### Typical update experience
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
index 244d0ad114..023003d400 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-fu-overview.md
@@ -73,7 +73,7 @@ When releasing a feature update, there are two policies that are configured by t
 
 During a release, the service modifies the Modern Workplace DSS policy to change the target version for a specific ring in Intune. That change is deployed to devices and updates the devices prior to the update deadline.  
 
-To understand how devices will react to the change in the Modern Workplace DSS policy, it's important to understand how deferral, deadline, and grace periods effect devices.
+To understand how devices will react to the change in the Modern Workplace DSS policy, it's important to understand how deferral, deadline, and grace periods affect devices.
 
 | Policy | Description |
 | ----- | ----- |
@@ -93,7 +93,7 @@ To allow customers to test Windows 11 in their environment, there's a separate D
 
 ## Pausing and resuming a release
 
-You can pause or resume a Windows feature update from the Release management tab in Microsoft Endpoint Manager.
+You can pause or resume a Windows feature update from the Release management tab in the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
 ## Rollback
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
index 628de1a67f..3089035470 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-microsoft-365-apps-enterprise.md
@@ -23,9 +23,8 @@ Windows Autopatch aims to keep at least 90% of eligible devices on a [supported
 
 ## Device eligibility
 
-For a device to be eligible for Microsoft 365 Apps for enterprise updates, as a part of Windows Autopatch, they must meet the following criteria:  
+For a device to be eligible for Microsoft 365 Apps for enterprise updates (both 32-bit and 64-bit versions), as a part of Windows Autopatch, they must meet the following criteria:  
 
-- Microsoft 365 Apps for enterprise 64-bit must be installed.
 - There are no policy conflicts between Microsoft Autopatch policies and customer policies.
 - The device must have checked into the Intune service in the last five days.
 
@@ -86,7 +85,7 @@ Since quality updates are bundled together into a single release in the [Monthly
 
 [Servicing profiles](/deployoffice/admincenter/servicing-profile) is a feature in the [Microsoft 365 Apps admin center](https://config.office.com/) that provides controlled update management of monthly Office updates, including controls for user and device targeting, scheduling, rollback, and reporting.
 
-A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other management tools, such as Microsoft Endpoint Manager or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management.
+A [service profile](/deployoffice/admincenter/servicing-profile#compatibility-with-other-management-tools) takes precedence over other policies, such as a Microsoft Intune policy or the Office Deployment Tool. This means that the servicing profile will affect all devices that meet the [device eligibility requirements](#device-eligibility) regardless of existing management tools in your environment. So, if you're targeting a managed device with a servicing profile it will be ineligible for Microsoft 365 App update management.
 
 However, the device may still be eligible for other managed updates. For more information about a device's eligibility for a given [software update workload](windows-autopatch-update-management.md#software-update-workloads), see the Device eligibility section of each respective software update workload.
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
index a6b6ffc78b..ab63a52ddf 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-support-request.md
@@ -25,7 +25,7 @@ Support requests are triaged and responded to as they're received.
 
 **To submit a new support request:**
 
-1. Sign into [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) and navigate to the **Tenant administration** menu.
+1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant administration** menu.
 1. In the **Windows Autopatch** section, select **Support requests**.
 1. In the **Support requests** section, select **+ New support request**.
 1. Enter your question(s) and/or a description of the problem.
@@ -42,7 +42,7 @@ You can see the summary status of all your support requests. At any time, you ca
 
 **To view all your active support requests:**
 
-1. Sign into [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) and navigate to the **Tenant Administration** menu.
+1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
 1. In the **Windows Autopatch** section, select **Support request**.
 1. From this view, you can export the summary view or select any case to view the details.
 
@@ -52,7 +52,7 @@ You can edit support request details, for example, updating the primary case con
 
 **To edit support request details:**
 
-1. Sign into [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) and navigate to the **Tenant Administration** menu.
+1. Sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) and navigate to the **Tenant Administration** menu.
 1. In the **Windows Autopatch** section, select **Support request**.
 1. In the **Support requests** section, use the search bar or filters to find the case you want to edit.
 1. Select the case to open the request's details.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
index a92c0fbdef..ec414612c4 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
@@ -41,7 +41,7 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro
 | ----- | ----- |
 | Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices.  You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. |
 | Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. For more information, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). |
-| Microsoft Endpoint Manager roles | After unenrollment, you may safely remove the Modern Workplace Intune Admin role. |
+| Microsoft Intune roles | After unenrollment, you may safely remove the Modern Workplace Intune Admin role. |
 
 ## Unenroll from Windows Autopatch
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
index c3548183a3..549d7d5bba 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management.md
@@ -64,7 +64,7 @@ The Windows Autopatch deployment ring calculation happens during the [device reg
 | Test | **zero** | Windows Autopatch doesn't automatically add devices to this deployment ring. You must manually add devices to the Test ring following the required procedure. For more information on these procedures, see [Moving devices in between deployment rings](/windows/deployment/windows-autopatch/operate/windows-autopatch-update-management#moving-devices-in-between-deployment-rings). The recommended number of devices in this ring, based upon your environment size, is as follows:<br><ul><li>**0–500** devices: minimum **one** device.</li><li>**500–5000** devices: minimum **five** devices.</li><li>**5000+** devices: minimum **50** devices.</li></ul>Devices in this group are intended for your IT Administrators and testers since changes are released here first. This release schedule provides your organization the opportunity to validate updates prior to reaching production users. |
 | First |  **1%** | The First ring is the first group of production users to receive a change.<p><p>This group is the first set of devices to send data to Windows Autopatch and are used to generate a health signal across all end-users. For example, Windows Autopatch can generate a statistically significant signal saying that critical errors are trending up in a specific release for all end-users, but can't be confident that it's doing so in your organization.<p><p>Since Windows Autopatch doesn't yet have sufficient data to inform a release decision, devices in this deployment ring might experience outages if there are scenarios that weren't covered during early testing in the Test ring.|
 | Fast | **9%** | The Fast ring is the second group of production users to receive changes. The signals from the First ring are considered as a part of the release process to the Broad ring.<p><p>The goal with this deployment ring is to cross the **500**-device threshold needed to generate statistically significant analysis at the tenant level. These extra devices allow Windows Autopatch to consider the effect of a release on the rest of your devices and evaluate if a targeted action for your tenant is needed.</p> |
-| Broad | Either **80%** or **90%** | The Broad ring is the last group of users to receive software update deployments. Since it contains most of the devices registered with Windows Autopatch, it favors stability over speed in an software update deployment.|
+| Broad | Either **80%** or **90%** | The Broad ring is the last group of users to receive software update deployments. Since it contains most of the devices registered with Windows Autopatch, it favors stability over speed in a software update deployment.|
 
 ## Moving devices in between deployment rings
 
@@ -72,7 +72,7 @@ If you want to move separate devices to different deployment rings, after Window
 
 **To move devices in between deployment rings:**
 
-1. In Microsoft Endpoint Manager, select **Devices** in the left pane.
+1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** in the left pane.
 2. In the **Windows Autopatch** section, select **Devices**.
 3. In the **Ready** tab, select one or more devices you want to assign. All selected devices will be assigned to the deployment ring you specify.
 4. Select **Device actions** from the menu.
@@ -82,7 +82,7 @@ If you want to move separate devices to different deployment rings, after Window
 When the assignment is complete, the **Ring assigned by** column changes to **Admin** (which indicates that you made the change) and the **Ring** column shows the new deployment ring assignment.
 
 > [!NOTE]
-> You can only move devices to other deployment rings when they're in an active state in the **Ready** tab.<p>If you don't see the **Ring assigned by column** change to **Pending** in Step 5, check to see whether the device exists in Microsoft Endpoint Manager-Intune or not by searching for it in its device blade. For more information, see [Device details in Intune](/mem/intune/remote-actions/device-inventory).
+> You can only move devices to other deployment rings when they're in an active state in the **Ready** tab.<p>If you don't see the **Ring assigned by column** change to **Pending** in Step 5, check to see whether the device exists in Microsoft Intune or not by searching for it in its device blade. For more information, see [Device details in Intune](/mem/intune/remote-actions/device-inventory).
   
 > [!WARNING]   
 > Moving devices between deployment rings through directly changing Azure AD group membership isn't supported and may cause unintended configuration conflicts within the Windows Autopatch service. To avoid service interruption to devices, use the **Assign device to ring** action described previously to move devices between deployment rings.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md
index 5633916a46..ffb70992db 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-communications.md
@@ -34,7 +34,7 @@ Communications are posted to Message center, Service health dashboard, and the W
 
 ## Communications during release
 
-The most common type of communication during a release is a customer advisory. Customer advisories are posted to both Message center and the Messages blade of the Microsoft Endpoint Manager portal shortly after Autopatch becomes aware of the new information.
+The most common type of communication during a release is a customer advisory. Customer advisories are posted to both Message center and the Messages blade of the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) shortly after Autopatch becomes aware of the new information.
 
 There are some circumstances where Autopatch will need to change the release schedule based on new information.
 
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md
index cb11459161..9f8570c024 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-end-user-exp.md
@@ -24,6 +24,9 @@ In this section we'll review what an end user would see in the following three s
 2. Quality update deadline forces an update
 3. Quality update grace period
 
+> [!NOTE]
+> The "It's almost time to restart" and "Your organization requires your device to restart" notifications won't disappear until the user interacts with the notification.
+
 ### Typical update experience
 
 The Windows 10 quality update is published and devices in the Broad ring have a deferral period of nine days. Devices will wait nine days before downloading the latest quality update.
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
index b4fc0d3673..d922d4a3cc 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-wqu-overview.md
@@ -72,7 +72,7 @@ If Windows Autopatch detects a [significant issue with a release](../operate/win
 
 If we pause the release, a policy will be deployed which prevents devices from updating while the issue is investigated. Once the issue is resolved, the release will be resumed.
 
-You can pause or resume a Windows quality update from the Release management tab in Microsoft Endpoint Manager.
+You can pause or resume a Windows quality update from the Release management tab in the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
 ## Incidents and outages
 
diff --git a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
index df7c2b8966..7f5b4cf23e 100644
--- a/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
+++ b/windows/deployment/windows-autopatch/overview/windows-autopatch-faq.yml
@@ -111,6 +111,9 @@ sections:
       - question: What support is available for customers who need help with onboarding to Windows Autopatch?
         answer: |
           The FastTrack Center is the primary mode of support for customers who need assistance from Microsoft to meet the pre-requisites (such as Intune and Azure or Hybrid AD) for onboarding to Windows Autopatch. For more information, see [Microsoft FastTrack for Windows Autopatch](../operate/windows-autopatch-support-request.md#microsoft-fasttrack). When you've onboarded with Windows Autopatch, you can [submit a support request](../operate/windows-autopatch-support-request.md) with the Windows Autopatch Service Engineering Team.
+      - question: Does Windows Autopatch Support Dual Scan for Windows Update?
+        answer: |
+          Dual Scan for Windows has been deprecated and replaced with the [scan source policy](/windows/deployment/update/wufb-wsus). Windows Autopatch supports the scan source policy if the Feature updates, and Windows quality updates workloads are configured for Windows update. If Feature and Windows updates are configured for WSUS, it could cause disruptions to the service and your release schedules.
   - name: Other
     questions:
       - question: Are there Autopatch specific APIs or PowerShell scripts available?
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
index b48a7a2a5f..a1c0a63417 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-configure-network.md
@@ -47,3 +47,9 @@ There are URLs from several Microsoft products that must be in the allowed list
 | Microsoft Edge | [Allowlist for Microsoft Edge Endpoints](/deployedge/microsoft-edge-security-endpoints) |
 | Microsoft Teams | [Office 365 URLs and IP address ranges](/microsoft-365/enterprise/urls-and-ip-address-ranges) |
 | Windows Update for Business (WUfB) | [Windows Update for Business firewall and proxy requirements](https://support.microsoft.com/help/3084568/can-t-download-updates-from-windows-update-from-behind-a-firewall-or-p)
+
+### Delivery Optimization
+
+Delivery Optimization is a peer-to-peer distribution technology available in Windows 10 and Windows 11 that allows devices to share content, such as updates, that the devices downloaded from Microsoft over the internet. Delivery Optimization can help reduce network bandwidth because the device can get portions of the update from another device on the same local network instead of having to download the update completely from Microsoft.
+
+Windows Autopatch supports and recommends you configure and validate Delivery Optimization when you enroll into the Window Autopatch service. For more information, see [What is Delivery Optimization?](/windows/deployment/do/waas-delivery-optimization)
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
index 140d728afa..2dfa7a8912 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
@@ -19,7 +19,7 @@ Before you enroll in Windows Autopatch, there are settings, and other parameters
 > [!IMPORTANT]
 > You must be a Global Administrator to enroll your tenant.
 
-The Readiness assessment tool, accessed through the [Windows Autopatch admin center](https://endpoint.microsoft.com/), checks management or configuration-related settings. This tool allows you to check the relevant settings, and details steps to fix any settings that aren't configured properly for Windows Autopatch.  
+The Readiness assessment tool, accessed in the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), checks management or configuration-related settings. This tool allows you to check the relevant settings, and details steps to fix any settings that aren't configured properly for Windows Autopatch.  
 
 ## Step 1: Review all prerequisites
 
@@ -30,18 +30,18 @@ To start using the Windows Autopatch service, ensure you meet the [Windows Autop
 > [!IMPORTANT]
 > The online Readiness assessment tool helps you check your readiness to enroll in Windows Autopatch for the first time. Once you enroll, you'll no longer be able to access the  tool again.
 
-The Readiness assessment tool checks the settings in [Microsoft Endpoint Manager](#microsoft-intune-settings) (specifically, Microsoft Intune) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
+The Readiness assessment tool checks the settings in [Microsoft Intune](#microsoft-intune-settings) and [Azure Active Directory](#azure-active-directory-settings) (Azure AD) to ensure they'll work with Windows Autopatch. We aren't, however, checking the workloads in Configuration Manager necessary for Windows Autopatch. For more information about workload prerequisites, see [Configuration Manager co-management requirements](../prepare/windows-autopatch-prerequisites.md#configuration-manager-co-management-requirements).
 
 **To access and run the Readiness assessment tool:**
 
 > [!IMPORTANT]
 > You must be a Global Administrator to run the Readiness assessment tool.
 
-1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
+1. Go to the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. In the left pane, select Tenant administration and then navigate to Windows Autopatch > **Tenant enrollment**.
 
 > [!IMPORTANT]
-> If you don't see the Tenant enrollment blade, this is because you don't meet the prerequisites or the proper licenses. For more information, see [Windows Autopatch prerequisites](windows-autopatch-prerequisites.md#more-about-licenses).
+> All Intune customers can see the Windows Autopatch Tenant enrollment blade. However, if you don't meet the prerequisites or have the proper licensing, you won't be able to enroll into the Windows Autopatch service. For more information, see [Windows Autopatch prerequisites](windows-autopatch-prerequisites.md#more-about-licenses).
 
 The Readiness assessment tool checks the following settings:
 
@@ -109,7 +109,7 @@ Windows Autopatch retains the data associated with these checks for 12 months af
 
 **To delete the data we collect:**
 
-1. Go to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
+1. Go to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Navigate to Windows Autopatch > **Tenant enrollment**.
 3. Select **Delete all data**.
 
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
index 77a8ae20a5..4b87f046dd 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-fix-issues.md
@@ -32,7 +32,7 @@ For each check, the tool will report one of four possible results:
 
 ## Microsoft Intune settings
 
-You can access Intune settings at the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
+You can access Intune settings at the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
 ### Unlicensed admins
 
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
index 5008b76d7a..fa58f8fac2 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-prerequisites.md
@@ -29,7 +29,7 @@ Getting started with Windows Autopatch has been designed to be easy. This articl
 
 ## More about licenses
 
-Windows Autopatch is included with Window 10/11 Enterprise E3 or higher (user-based only). The following are the service plan SKUs that are eligible for Windows Autopatch:
+Windows Autopatch is included with Windows 10/11 Enterprise E3 or higher (user-based only). The following are the service plan SKUs that are eligible for Windows Autopatch:
 
 | License | ID | GUID number |
 | ----- | ----- | ------|
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
index 1b883ebe0b..b2ac14cb00 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -1,7 +1,7 @@
 ---
 title: Changes made at tenant enrollment
 description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
-ms.date: 08/08/2022
+ms.date: 11/02/2022
 ms.prod: windows-client
 ms.technology: itpro-updates
 ms.topic: reference
@@ -17,9 +17,22 @@ msreviewer: hathind
 The following configuration details are provided as information to help you understand the changes made to your tenant when enrolling into the Windows Autopatch service.
 
 > [!IMPORTANT]
-> The service manages and maintains the following configuration items. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service.  
+> The service manages and maintains the following configuration items. Don't change, edit, add to, or remove any of the configurations. Doing so might cause unintended configuration conflicts and impact the Windows Autopatch service.
 
-## Service principal
+## Windows Autopatch enterprise applications
+
+Enterprise applications are applications (software) that a business uses to do its work.
+
+Windows Autopatch creates an enterprise application in your tenant. This enterprise application is a first party application used to run the Windows Autopatch service.
+
+| Enterprise application name | Usage | Permissions |
+| ----- | ------ | ----- |
+| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This application is used to manage the service, publish baseline configuration updates, and maintain overall service health. | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.Read.Write.All</li></ul> |
+
+> [!NOTE]
+> Enterprise application authentication is only available on tenants enrolled after July 9th, 2022. For tenants enrolled before this date, Enterprise Application authentication will be made available for enrollment soon.
+
+### Service principal
 
 Windows Autopatch will create a service principal in your tenant allowing the service to establish an identity and restrict access to what resources the service has access to within the tenant. For more information, see [Application and service principal objects in Azure Active Directory](/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object). The service principal created by Windows Autopatch is:  
 
@@ -38,40 +51,21 @@ Windows Autopatch will create Azure Active Directory groups that are required to
 | Modern Workplace Devices-Windows Autopatch-First | First production deployment ring for early adopters |
 | Modern Workplace Devices-Windows Autopatch-Fast | Fast deployment ring for quick rollout and adoption |
 | Modern Workplace Devices-Windows Autopatch-Broad | Final deployment ring for broad rollout into the organization |
-| Modern Workplace Devices Dynamic - Windows 10 | Microsoft Managed Desktop Devices with Windows 10<p>Group Rule:<ul><li>`(device.devicePhysicalIds -any _ -startsWith \"[OrderID]:Microsoft365Managed_\")`</li><li>`(device.deviceOSVersion -notStartsWith \"10.0.22000\")`</li></ul><br>Exclusions:<ul><li>Modern Workplace - Telemetry Settings for Windows 11</li></ul>  |
-| Modern Workplace Devices Dynamic - Windows 11 | Microsoft Managed Desktop Devices with Windows 11<p>Group Rule:<ul><li>`(device.devicePhysicalIds -any _ -startsWith \"[OrderID]:Microsoft365Managed_\")`</li><li>`(device.deviceOSVersion -startsWith \"10.0.22000\")`</li></ul><br>Exclusions:<ul><li>Modern Workplace - Telemetry Settings for Windows 10</li></ul> |
 | Modern Workplace Roles - Service Administrator | All users granted access to Modern Workplace Service Administrator Role |
 | Modern Workplace Roles - Service Reader | All users granted access to Modern Workplace Service Reader Role |
 | Windows Autopatch Device Registration | Group for automatic device registration for Windows Autopatch |
 
-## Windows Autopatch enterprise applications
-
-Enterprise applications are applications (software) that a business uses to do its work.
-
-Windows Autopatch creates an enterprise application in your tenant. This enterprise application is a first party application used to run the Windows Autopatch service.
-
-| Enterprise application name | Usage | Permissions |
-| ----- | ------ | ----- |
-| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This application is used to manage the service, publish baseline configuration updates, and maintain overall service health. | <ul><li>DeviceManagementApps.ReadWrite.All</li><li>DeviceManagementConfiguration.ReadWrite.All</li><li>DeviceManagementManagedDevices.PriviligedOperation.All</li><li>DeviceManagementManagedDevices.ReadWrite.All</li><li>DeviceManagementRBAC.ReadWrite.All</li><li>DeviceManagementServiceConfig.ReadWrite.All</li><li>Directory.Read.All</li><li>Group.Create</li><li>Policy.Read.All</li><li>WindowsUpdates.Read.Write.All</li></ul> |
-
-> [!NOTE]
-> Enterprise application authentication is only available on tenants enrolled after July 9th, 2022. For tenants enrolled before this date, Enterprise Application authentication will be made available for enrollment soon.
-
 ## Device configuration policies
 
-- Modern Workplace - Set MDM to Win Over GPO
-- Modern Workplace - Telemetry Settings for Windows 10
-- Modern Workplace - Telemetry Settings for Windows 11
-- Modern Workplace-Window Update Detection Frequency
-- Modern Workplace - Data Collection
+- Windows Autopatch - Set MDM to Win Over GPO
+- Windows Autopatch - Data Collection
+- Windows Autopatch-Window Update Detection Frequency
 
-| Policy name | Policy description | OMA | Value |
+| Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Modern Workplace - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| | |
-| Modern Workplace - Telemetry Settings for Windows 10 | Telemetry settings for Windows 10<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|[./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | 2 |
-| Modern Workplace - Telemetry Settings for Windows 11 | Telemetry settings for Windows 11<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>[./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry ](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDumpCollection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDiagnosticLogCollection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ul>|<ul><li>3</li><li>1</li><li>1</li><li>1</li> |
-| Modern Workplace - Windows Update Detection Frequency | Sets Windows update detection frequency<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
-| Modern Workplace - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul> | | |
+| Windows Autopatch - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPO<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| | |
+| Windows Autopatch - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop and Telemetry settings for Windows devices. <p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>|<ul><li>[./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry ](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDumpCollection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)</li><li>[./Device/Vendor/MSFT/Policy/Config/System/LimitDiagnosticLogCollection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)</li></ul>|<ul><li>Full</li><li>1</li><li>1</li><li>1</li> |
+| Windows Autopatch - Windows Update Detection Frequency | Sets Windows update detection frequency<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
 
 ## Update rings for Windows 10 and later
 
@@ -105,33 +99,29 @@ Windows Autopatch creates an enterprise application in your tenant. This enterpr
 
 ## Microsoft Office update policies
 
-- Modern Workplace - Office ADMX Deployment
-- Modern Workplace - Office Configuration v5
-- Modern Workplace - Office Update Configuration [Test]
-- Modern Workplace - Office Update Configuration [First]
-- Modern Workplace - Office Update Configuration [Fast]
-- Modern Workplace - Office Update Configuration [Broad]
+- Windows Autopatch - Office Configuration v5
+- Windows Autopatch - Office Update Configuration [Test]
+- Windows Autopatch - Office Update Configuration [First]
+- Windows Autopatch - Office Update Configuration [Fast]
+- Windows Autopatch - Office Update Configuration [Broad]
 
-| Policy name | Policy description | OMA | Value |
+| Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Modern Workplace - Office ADMX Deployment | ADMX file for Office<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul> | | |
-| Modern Workplace - Office Configuration v5 | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| | |
-| Modern Workplace - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul> |<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul>|<li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 0</li>|
-| Modern Workplace - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li></ul> |<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul> | <li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 0</li>|
-| Modern Workplace - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul>|<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul>| <li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 3</li>|
-| Modern Workplace - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul>|<li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 7</li> |
+| Windows Autopatch - Office Configuration v5 | Sets Office Update Channel to the Monthly Enterprise servicing branch.<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| | |
+| Windows Autopatch - Office Update Configuration [Test] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li></ul> |<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul>|<li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 0</li>|
+| Windows Autopatch - Office Update Configuration [First] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li></ul> |<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul> | <li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 0</li>|
+| Windows Autopatch - Office Update Configuration [Fast] | Sets the Office update deadline<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Fast</li></ul>|<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul>| <li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 3</li>|
+| Windows Autopatch - Office Update Configuration [Broad] | Sets the Office update deadline<br>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Broad</li>|<ul><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`</li><li>`./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`</li></ul>|<li>Enabled; L_UpdateDeadlineID == 7</li><li>Enabled; L_DeferUpdateDaysID == 7</li> |
 
 ## Microsoft Edge update policies
 
-- Modern Workplace - Edge Update ADMX Deployment
-- Modern Workplace - Edge Update Channel Stable
-- Modern Workplace - Edge Update Channel Beta
+- Windows Autopatch - Edge Update Channel Stable
+- Windows Autopatch - Edge Update Channel Beta
 
-| Policy name | Policy description | OMA | Value |
+| Policy name | Policy description | Properties | Value |
 | ----- | ----- | ----- | ----- |
-| Modern Workplace - Edge Update ADMX Deployment | Deploys ADMX update policy for Edge<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test</li><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| | |
-| Modern Workplace - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
-| Modern Workplace - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test </li></ul>| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
+| Windows Autopatch - Edge Update Channel Stable | Deploys updates via the Edge Stable Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-First</li><li>Modern Workplace Devices-Windows Autopatch-Fast</li><li>Modern Workplace Devices-Windows Autopatch-Broad</li></ul>| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
+| Windows Autopatch - Edge Update Channel Beta | Deploys updates via the Edge Beta Channel<p>Assigned to:<ul><li>Modern Workplace Devices-Windows Autopatch-Test </li></ul>| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
 
 ## PowerShell scripts
 
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
index 49f08db4a3..4850fddac3 100644
--- a/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-privacy.md
@@ -1,9 +1,9 @@
 ---
 title: Privacy
-description: This article provides details about the data platform and privacy compliance for Autopatch
-ms.date: 05/30/2022
-ms.prod: windows-client
-ms.technology: itpro-updates
+description:  This article provides details about the data platform and privacy compliance for Autopatch
+ms.date: 11/08/2022
+ms.prod: w11
+ms.technology: windows
 ms.topic: reference
 ms.localizationpriority: medium
 author: tiaraquan
@@ -26,8 +26,8 @@ The sources include Azure Active Directory (Azure AD), Microsoft Intune, and Mic
 | ------ | ------ |
 | [Microsoft Windows 10/11 Enterprise](/windows/windows-10/) | Management of device setup experience, managing connections to other services, and operational support for IT pros. |
 | [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb) | Uses Windows 10 Enterprise diagnostic data to provide additional information on Windows 10/11 update. |
-| [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) | Device management and to keep your data secure. The following data sources fall under Microsoft Endpoint Manager:<br><ul><li>[Microsoft Azure Active Directory](/azure/active-directory/): Authentication and identification of all user accounts.</li><li>[Microsoft Intune](/mem/intune/): Distributing device configurations, device management and application management.</li></ul>
-| [Windows Autopatch](https://endpoint.microsoft.com/#home) | Data provided by the customer or generated by the service during running of the service. |
+| [Microsoft Intune](/mem/intune/fundamentals/what-is-intune) | Device management and to keep your data secure. The following endpoint management data sources are used:<br><ul><li>[Microsoft Azure Active Directory](/azure/active-directory/): Authentication and identification of all user accounts.</li><li>[Microsoft Intune](/mem/intune/): Distributing device configurations, device management and application management.</li></ul>
+| [Windows Autopatch](https://go.microsoft.com/fwlink/?linkid=2109431) | Data provided by the customer or generated by the service during running of the service. |
 | [Microsoft 365 Apps for enterprise](https://www.microsoft.com/microsoft-365/enterprise/compare-office-365-plans)| Management of Microsoft 365 Apps. |
 
 ## Windows Autopatch data process and storage
@@ -40,9 +40,12 @@ Processor duties of Windows Autopatch include ensuring appropriate confidentiali
 
 ## Windows Autopatch data storage and staff location
 
-Windows Autopatch stores its data in the Azure data centers in the United States.
+Windows Autopatch stores its data in the Azure data centers based on your data residency. For more information, see [Microsoft 365 data center locations](/microsoft-365/enterprise/o365-data-locations).
 
-Personal data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep personal data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview).
+> [!IMPORTANT]
+> <ul><li>As of November 8, 2022, only <b>new</b> Windows Autopatch customers (EU, UK, Africa, Middle East) will have their data live in the European data centers.</li><li>Existing European Union (EU) Windows Autopatch customers will move from the North American data centers to the European data centers by the end of 2022.</li><li>If you're an existing Windows Autopatch customer, but <b>not</b> part of the European Union, data migration from North America to your respective data residency will occur next year.</li></ul>
+
+Data obtained by Windows Autopatch and other services are required to keep the service operational. If a device is removed from Windows Autopatch, we keep data for a maximum of 30 days. For more information on data retention, see [Data retention, deletion, and destruction in Microsoft 365](/compliance/assurance/assurance-data-retention-deletion-and-destruction-overview).
 
 Windows Autopatch Service Engineering Team is in the United States, India and Romania.
 
@@ -54,9 +57,9 @@ The enhanced diagnostic data setting includes more detailed information about th
 
 The diagnostic data terminology will change in future versions of Windows. Windows Autopatch is committed to processing only the data that the service needs. The diagnostic level will change to **Optional**, but Windows Autopatch will implement the limited diagnostic policies to fine-tune diagnostic data collection required for the service. For more information, see [Changes to Windows diagnostic data collection](/windows/privacy/changes-to-windows-diagnostic-data-collection).
 
-Windows Autopatch only processes and stores system-level data from Windows 10 optional diagnostic data that originates from enrolled devices such as application and device reliability, and performance information. Windows Autopatch doesn't process and store customers' personal data such as chat and browser history, voice, text, or speech data.
+Windows Autopatch only processes and stores system-level data from Windows 10 optional diagnostic data that originates from enrolled devices such as application and device reliability, and performance information. Windows Autopatch doesn't process and store customers' data such as chat and browser history, voice, text, or speech data.
 
-For more information about the diagnostic data collection of Microsoft Windows 10, see the [Where we store and process personal data](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) section of the Microsoft Privacy Statement.
+For more information about the diagnostic data collection of Microsoft Windows 10, see the [Where we store and process data](https://privacy.microsoft.com/privacystatement#mainwherewestoreandprocessdatamodule) section of the Microsoft Privacy Statement.
 
 ## Tenant access
 
@@ -107,11 +110,11 @@ Changes to the types of data gathered and where it's stored are considered a mat
 
 ## Data subject requests
 
-Windows Autopatch follows General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) privacy regulations, which give data subjects specific rights to their personal data.
+Windows Autopatch follows General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) privacy regulations, which give data subjects specific rights to their data.
 
 These rights include:
 
-- Obtaining copies of personal data
+- Obtaining copies of data
 - Requesting corrections to it
 - Restricting the processing of it
 - Deleting it
@@ -123,7 +126,7 @@ To exercise data subject requests on data collected by the Windows Autopatch cas
 
 | Data subject requests | Description |
 | ------ | ------ |
-| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of personal data related support requests by submitting a report request at the [admin center](https://aka.ms/memadmin). <br><br> Provide the following information: <ul><li>Request type: Change request</li><li>Category: Security</li><li>Subcategory: Other</li><li>Description: Provide the relevant device names or user names.</li></ul> |
+| Data from Windows Autopatch support requests | Your IT administrator can request deletion, or extraction of data related support requests by submitting a report request at the [admin center](https://aka.ms/memadmin). <br><br> Provide the following information: <ul><li>Request type: Change request</li><li>Category: Security</li><li>Subcategory: Other</li><li>Description: Provide the relevant device names or user names.</li></ul> |
 
 For DSRs from other products related to the service, see the following articles:
 
diff --git a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
index 1737cd6618..14d1e1698a 100644
--- a/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
+++ b/windows/deployment/windows-autopilot/demonstrate-deployment-on-vm.md
@@ -1,22 +1,22 @@
 ---
 title: Demonstrate Autopilot deployment
-manager: dougeby
+manager: aaroncz
 description: Step-by-step instructions on how to set up a virtual machine with a Windows Autopilot deployment.
 ms.prod: windows-client
 ms.technology: itpro-deploy
 ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
+author: frankroj
+ms.author: frankroj
 ms.collection: 
   - M365-modern-desktop
   - highpri
 ms.topic: tutorial
-ms.date: 07/12/2022
+ms.date: 10/28/2022
 ---
 
 # Demonstrate Autopilot deployment
 
-*Applies to*
+**Applies to**
 
 - Windows 10
 
@@ -53,39 +53,42 @@ A summary of the sections and procedures in the lab is provided below. Follow ea
 
 If you already have Hyper-V and a Windows 10 VM, you can skip directly to the [Capture the hardware ID](#capture-the-hardware-id) step. The VM must be running Windows 10, version 1903 or later.
 
-- [Verify support for Hyper-V](#verify-support-for-hyper-v)
-- [Enable Hyper-V](#enable-hyper-v)
-- [Create a demo VM](#create-a-demo-vm)
-  - [Set ISO file location](#set-iso-file-location)
-  - [Determine network adapter name](#determine-network-adapter-name)
-  - [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm)
-  - [Install Windows 10](#install-windows-10)
-- [Capture the hardware ID](#capture-the-hardware-id)
-- [Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe)
-- [Verify subscription level](#verify-subscription-level)
-- [Configure company branding](#configure-company-branding)
-- [Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment)
-- [Register your VM](#register-your-vm)
-  - [Autopilot registration using Intune](#autopilot-registration-using-intune)
-  - [Autopilot registration using MSfB](#autopilot-registration-using-msfb)
-- [Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile)
-  - [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
-    - [Create a device group](#create-a-device-group)
-    - [Create the deployment profile](#create-the-deployment-profile)
-  - [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb)
-- [See Windows Autopilot in action](#see-windows-autopilot-in-action)
-- [Remove devices from Autopilot](#remove-devices-from-autopilot)
-  - [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device)
-- [Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v)
-- [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile)
-  - [Add a Win32 app](#add-a-win32-app)
-    - [Prepare the app for Intune](#prepare-the-app-for-intune)
-    - [Create app in Intune](#create-app-in-intune)
-    - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
-  - [Add Office 365](#add-microsoft-365-apps)
-    - [Create app in Intune](#create-app-in-intune)
-    - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
-- [Glossary](#glossary)
+- [Demonstrate Autopilot deployment](#demonstrate-autopilot-deployment)
+  - [Prerequisites](#prerequisites)
+  - [Procedures](#procedures)
+  - [Verify support for Hyper-V](#verify-support-for-hyper-v)
+  - [Enable Hyper-V](#enable-hyper-v)
+  - [Create a demo VM](#create-a-demo-vm)
+    - [Set ISO file location](#set-iso-file-location)
+    - [Determine network adapter name](#determine-network-adapter-name)
+    - [Use Windows PowerShell to create the demo VM](#use-windows-powershell-to-create-the-demo-vm)
+    - [Install Windows 10](#install-windows-10)
+  - [Capture the hardware ID](#capture-the-hardware-id)
+  - [Reset the VM back to Out-Of-Box-Experience (OOBE)](#reset-the-vm-back-to-out-of-box-experience-oobe)
+  - [Verify subscription level](#verify-subscription-level)
+  - [Configure company branding](#configure-company-branding)
+  - [Configure Microsoft Intune auto-enrollment](#configure-microsoft-intune-auto-enrollment)
+  - [Register your VM](#register-your-vm)
+    - [Autopilot registration using Intune](#autopilot-registration-using-intune)
+    - [Autopilot registration using MSfB](#autopilot-registration-using-msfb)
+  - [Create and assign a Windows Autopilot deployment profile](#create-and-assign-a-windows-autopilot-deployment-profile)
+    - [Create a Windows Autopilot deployment profile using Intune](#create-a-windows-autopilot-deployment-profile-using-intune)
+      - [Create a device group](#create-a-device-group)
+      - [Create the deployment profile](#create-the-deployment-profile)
+    - [Create a Windows Autopilot deployment profile using MSfB](#create-a-windows-autopilot-deployment-profile-using-msfb)
+  - [See Windows Autopilot in action](#see-windows-autopilot-in-action)
+  - [Remove devices from Autopilot](#remove-devices-from-autopilot)
+    - [Delete (deregister) Autopilot device](#delete-deregister-autopilot-device)
+  - [Appendix A: Verify support for Hyper-V](#appendix-a-verify-support-for-hyper-v)
+  - [Appendix B: Adding apps to your profile](#appendix-b-adding-apps-to-your-profile)
+    - [Add a Win32 app](#add-a-win32-app)
+      - [Prepare the app for Intune](#prepare-the-app-for-intune)
+      - [Create app in Intune](#create-app-in-intune)
+      - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile)
+    - [Add Microsoft 365 Apps](#add-microsoft-365-apps)
+      - [Create app in Microsoft Intune](#create-app-in-microsoft-intune)
+      - [Assign the app to your Intune profile](#assign-the-app-to-your-intune-profile-1)
+  - [Glossary](#glossary)
 
 ## Verify support for Hyper-V
 
@@ -247,7 +250,7 @@ After the VM restarts, during OOBE, it's fine to select **Set up for personal us
 
    ![Windows setup example 7.](images/winsetup7.png)
 
-Once the installation is complete, sign in and verify that you're at the Windows 10 desktop. Then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
+Once the installation is complete, sign in, and verify that you're at the Windows 10 desktop. Then create your first Hyper-V checkpoint. Checkpoints are used to restore the VM to a previous state.
 
    > [!div class="mx-imgBorder"]
    > ![Windows setup example 8.](images/winsetup8.png)
@@ -395,7 +398,7 @@ Your VM (or device) can be registered either via Intune or Microsoft Store for B
 
 ### Autopilot registration using Intune
 
-1. In the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/), choose **Devices** > **Device enrollment | Enroll devices** > **Windows enrollment** > **Windows Autopilot Deployment Program | Devices** and then on the **Windows Autopilot devices** page, choose **Import**.
+1. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), choose **Devices** > **Device enrollment | Enroll devices** > **Windows enrollment** > **Windows Autopilot Deployment Program | Devices** and then on the **Windows Autopilot devices** page, choose **Import**.
 
     ![Intune device import.](images/enroll1.png)
 
@@ -600,7 +603,7 @@ To use the device (or VM) for other purposes after completion of this lab, you n
 
 ### Delete (deregister) Autopilot device
 
-You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), log into the Microsoft Endpoint Manager admin center, then go to **Intune > Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
+You need to delete (or retire, or factory reset) the device from Intune before deregistering the device from Autopilot. To delete the device from Intune (not Azure AD), sign into the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), then go to **Devices > All Devices**. Select the device you want to delete, then select the **Delete** button along the top menu.
 
 > [!div class="mx-imgBorder"]
 > ![Delete device step 1.](images/delete-device1.png)
@@ -802,7 +805,7 @@ For more information on adding apps to Intune, see [Intune Standalone - Win32 ap
 
 ### Add Microsoft 365 Apps
 
-#### Create app in Microsoft Endpoint Manager
+#### Create app in Microsoft Intune
 
 Sign in to the Azure portal and select **Intune**.
 
diff --git a/windows/deployment/windows-autopilot/index.yml b/windows/deployment/windows-autopilot/index.yml
index b7cd40346e..edec9d080e 100644
--- a/windows/deployment/windows-autopilot/index.yml
+++ b/windows/deployment/windows-autopilot/index.yml
@@ -1,7 +1,7 @@
 ### YamlMime:Landing
 
 title: Windows Autopilot deployment resources and documentation # < 60 chars
-summary: 'Note: Windows Autopilot documentation has moved! A few additional resources will also be available here. See the links on this page for more information.'  # < 160 chars
+summary: 'Note: Windows Autopilot documentation has moved! A few more resources will also be available here. For more information, see the links on this page.'  # < 160 chars
 
 metadata:
   title: Windows Autopilot deployment resources and documentation # Required; page title displayed in search results. Include the brand. < 60 chars.
@@ -13,10 +13,10 @@ metadata:
   ms.collection:
     - windows-10
     - highpri
-  author: aczechowski
-  ms.author: aaroncz
-  manager: dougeby
-  ms.date: 08/05/2020 #Required; mm/dd/yyyy format.
+  author: frankroj
+  ms.author: frankroj
+  manager: aaroncz
+  ms.date: 10/28/2022 #Required; mm/dd/yyyy format.
   localization_priority: medium
     
 # linkListType: architecture | concept | deploy | download | get-started | how-to-guide | learn | overview | quickstart | reference | tutorial | video | whats-new
diff --git a/windows/deployment/windows-deployment-scenarios-and-tools.md b/windows/deployment/windows-deployment-scenarios-and-tools.md
index 6162df9266..d939130747 100644
--- a/windows/deployment/windows-deployment-scenarios-and-tools.md
+++ b/windows/deployment/windows-deployment-scenarios-and-tools.md
@@ -1,16 +1,18 @@
 ---
 title: Windows 10 deployment scenarios and tools
 description: Learn about the tools you can use to deploy Windows 10 and related applications to your organization. Explore deployment scenarios.
-manager: dougeby
-ms.author: aaroncz
-author: aczechowski
+manager: aaroncz
+ms.author: frankroj
+author: frankroj
 ms.prod: windows-client
 ms.topic: article
+ms.date: 10/31/2022
+ms.technology: itpro-deploy
 ---
 
 # Windows 10 deployment scenarios and tools
 
-To successfully deploy the Windows 10 operating system and applications for your organization, understand the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment.
+To successfully deploy the Windows 10 operating system and applications for your organization, understand the available tools to help with the process. In this article, you'll learn about the most commonly used tools for Windows 10 deployment.
 
 Microsoft provides many tools, services, and solutions. These tools include Windows Deployment Services (WDS), the Volume Activation Management Tool (VAMT), the User State Migration Tool (USMT), Windows System Image Manager (Windows SIM), Windows Preinstallation Environment (Windows PE), and Windows Recovery Environment (Windows RE). These tools aren't a complete solution on their own. Combine these tools with solutions like [Configuration Manager](deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md) to get a complete deployment solution.
 
@@ -18,7 +20,6 @@ In this article, you also learn about different types of reference images that y
 
 ## Windows Assessment and Deployment Kit
 
-
 Windows ADK contains core assessment and deployment tools and technologies, including Deployment Image Servicing and Management (DISM), Windows Imaging and Configuration Designer (Windows ICD), Windows System Image Manager (Windows SIM), User State Migration Tool (USMT), Volume Activation Management Tool (VAMT), Windows Preinstallation Environment (Windows PE), Windows Assessment Services, Windows Performance Toolkit (WPT), Application Compatibility Toolkit (ACT), and Microsoft SQL Server 2012 Express. For more information, see [Windows ADK for Windows 10](/windows-hardware/get-started/adk-install) or [Windows ADK for Windows 10 scenarios for IT Pros](windows-adk-scenarios-for-it-pros.md).
 
 ![The Windows 10 ADK feature selection page.](images/win-10-adk-select.png)
@@ -73,7 +74,53 @@ USMT supports capturing data and settings from Windows Vista and later, and rest
 By default USMT migrates many settings, most of which are related to the user profile but also to Control Panel configurations, file types, and more. The default templates that are used in Windows 10 deployments are MigUser.xml and MigApp.xml. These two default templates migrate the following data and settings:
 
 -   Folders from each profile, including those folders from user profiles, and shared and public profiles. For example, the My Documents, My Video, My Music, My Pictures, desktop files, Start menu, Quick Launch settings, and Favorites folders are migrated.
--   Specific file types. USMT templates migrate the following file types: .accdb, .ch3, .csv, dif, .doc\*, .dot\*, .dqy, .iqy, .mcw, .mdb\*, .mpp, .one\*, .oqy, .or6, .pot\*, .ppa, .pps\*, .ppt\*, .pre, .pst, .pub, .qdf, .qel, .qph, .qsd, .rqy, .rtf, .scd, .sh3, .slk, .txt, .vl\*, .vsd, .wk\*, .wpd, .wps, .wq1, .wri, .xl\*, .xla, .xlb, .xls\*.
+- Specific file types.
+    <details>
+        <summary>USMT templates migrate the following file types:</summary>
+
+     - `.accdb`
+     - `.ch3`
+     - `.csv`
+     - `.dif`
+     - `.doc*`
+     - `.dot*`
+     - `.dqy`
+     - `.iqy`
+     - `.mcw`
+     - `.mdb*`
+     - `.mpp`
+     - `.one*`
+     - `.oqy`
+     - `.or6`
+     - `.pot*`
+     - `.ppa`
+     - `.pps*`
+     - `.ppt*`
+     - `.pre`
+     - `.pst`
+     - `.pub`
+     - `.qdf`
+     - `.qel`
+     - `.qph`
+     - `.qsd`
+     - `.rqy`
+     - `.rtf`
+     - `.scd`
+     - `.sh3`
+     - `.slk`
+     - `.txt`
+     - `.vl*`
+     - `.vsd`
+     - `.wk*`
+     - `.wpd`
+     - `.wps`
+     - `.wq1`
+     - `.wri`
+     - `.xl*`
+     - `.xla`
+     - `.xlb`
+     - `.xls*`
+    </details>
 
     > [!NOTE]
     > The OpenDocument extensions (`*.odt`, `*.odp`, `*.ods`) that Microsoft Office applications can use aren't migrated by default.
@@ -105,7 +152,7 @@ For more information, see [Windows System Image Manager Technical Reference]( ht
 
 ### Volume Activation Management Tool (VAMT)
 
-If you don’t use KMS, manage your MAKs centrally with the Volume Activation Management Tool (VAMT). Use this tool to install and manage product keys throughout the organization. VAMT can also activate on behalf of clients without internet access, acting as a MAK proxy.
+If you don't use KMS, manage your MAKs centrally with the Volume Activation Management Tool (VAMT). Use this tool to install and manage product keys throughout the organization. VAMT can also activate on behalf of clients without internet access, acting as a MAK proxy.
 
 ![The updated Volume Activation Management Tool.](images/mdt-11-fig08.png)
 
@@ -133,7 +180,6 @@ For more information on Windows PE, see [Windows PE (WinPE)](/windows-hardware/m
 
 ## <a href="" id="sec07"></a>Windows Recovery Environment
 
-
 Windows Recovery Environment (Windows RE) is a diagnostics and recovery toolset included in Windows Vista and later operating systems. The latest version of Windows RE is based on Windows PE. You can also extend Windows RE and add your own tools if needed. If a Windows installation fails to start and Windows RE is installed, you'll see an automatic failover into Windows RE.
 
 ![A Windows 10 client booted into Windows RE, showing Advanced options.](images/mdt-11-fig10.png)
@@ -144,7 +190,6 @@ For more information on Windows RE, see [Windows Recovery Environment](/windows-
 
 ## Windows Deployment Services
 
-
 Windows Deployment Services (WDS) has been updated and improved in several ways starting with Windows 8. Remember that the two main functions you'll use are the PXE boot support and multicast. Most of the changes are related to management and increased performance. In Windows Server 2012 R2, WDS also can be used for the Network Unlock feature in BitLocker.
 
 ![Windows Deployment Services using multicast to deploy three machines.](images/mdt-11-fig11.png)
@@ -177,8 +222,6 @@ MDT has two main parts: the first is Lite Touch, which is a stand-alone deployme
 **Note**  
 Lite Touch and Zero Touch are marketing names for the two solutions that MDT supports, and the naming has nothing to do with automation. You can fully automate the stand-alone MDT solution (Lite Touch), and you can configure the solution integration with Configuration Manager to prompt for information.
 
- 
-
 ![The Deployment Workbench in, showing a task sequence.](images/mdt-11-fig13.png)
 
 The Deployment Workbench in, showing a task sequence.
@@ -187,7 +230,6 @@ For more information on MDT, see the [Microsoft Deployment Toolkit](/mem/configm
 
 ## Microsoft Security Compliance Manager 2013
 
-
 [Microsoft SCM](https://www.microsoft.com/download/details.aspx?id=53353) is a free utility used to create baseline security settings for the Windows client and server environment. The baselines can be exported and then deployed via Group Policy, local policies, MDT, or Configuration Manager. The current version of Security Compliance Manager includes baselines for Windows 8.1 and several earlier versions of Windows, Windows Server, and Internet Explorer.
 
 ![The SCM console showing a baseline configuration for a fictional client's computer security compliance.](images/mdt-11-fig14.png)
@@ -196,7 +238,6 @@ The SCM console showing a baseline configuration for a fictional client's comput
 
 ## Microsoft Desktop Optimization Pack
 
-
 MDOP is a suite of technologies available to Software Assurance customers through another subscription.
 
 The following components are included in the MDOP suite:
@@ -207,7 +248,7 @@ The following components are included in the MDOP suite:
 
 -   **Microsoft Advanced Group Policy Management (AGPM).** AGPM enables advanced management of Group Policy objects by providing change control, offline editing, and role-based delegation.
 -   **Microsoft Diagnostics and Recovery Toolset (DaRT).** DaRT provides additional tools that extend Windows RE to help you troubleshoot and repair your machines.
--   **Microsoft BitLocker Administration and Monitoring (MBAM).** MBAM is an administrator interface used to manage BitLocker drive encryption. It allows you to configure your enterprise with the correct BitLocker encryption policy options, as well as monitor compliance with these policies.
+-   **Microsoft BitLocker Administration and Monitoring (MBAM).** MBAM is an administrator interface used to manage BitLocker drive encryption. It allows you to configure your enterprise with the correct BitLocker encryption policy options, and monitor compliance with these policies.
 
 For more information on the benefits of an MDOP subscription, see [Microsoft Desktop Optimization Pack](/microsoft-desktop-optimization-pack/).
 
@@ -223,7 +264,6 @@ To download IEAK 11, see the [Internet Explorer Administration Kit (IEAK) Inform
 
 ## Windows Server Update Services
 
-
 WSUS is a server role in Windows Server 2012 R2 that enables you to maintain a local repository of Microsoft updates and then distribute them to machines on your network. WSUS offers approval control and reporting of update status in your environment.
 
 ![The Windows Server Update Services console.](images/mdt-11-fig16.png)
@@ -292,4 +332,4 @@ For more information on UEFI, see the [UEFI firmware](/previous-versions/windows
 ## Related articles
 
 [Sideload apps in Windows 10](/windows/application-management/sideload-apps-in-windows-10)<br>
-[Windows ADK for Windows 10 scenarios for IT pros](windows-adk-scenarios-for-it-pros.md)
+[Windows ADK for Windows 10 scenarios for IT pros](windows-adk-scenarios-for-it-pros.md)
\ No newline at end of file
diff --git a/windows/hub/docfx.json b/windows/hub/docfx.json
index 508d741a9b..f1b885b970 100644
--- a/windows/hub/docfx.json
+++ b/windows/hub/docfx.json
@@ -37,7 +37,7 @@
       "audience": "ITPro",
       "breadcrumb_path": "/windows/resources/breadcrumb/toc.json",
       "uhfHeaderId": "MSDocsHeader-M365-IT",
-      "ms.technology": "windows",
+      "ms.technology": "itpro-fundamentals",
       "ms.topic": "article",
       "feedback_system": "GitHub",
       "feedback_github_repo": "MicrosoftDocs/windows-itpro-docs",
diff --git a/windows/hub/index.yml b/windows/hub/index.yml
index 0794c284fd..dc624bbd9f 100644
--- a/windows/hub/index.yml
+++ b/windows/hub/index.yml
@@ -230,19 +230,17 @@ additionalContent:
 
     - title: Other resources
       items:
-        - title: Microsoft Endpoint Manager
+        - title: Microsoft endpoint management with Intune
           links:
-            - text: Microsoft Endpoint Manager documentation
-              url: /mem
-            - text: Overview of Microsoft Endpoint Manager
+            - text: Intune is a family of products
               url: /mem/endpoint-manager-overview
-            - text: Getting started with Microsoft Endpoint Manager
-              url: /mem/endpoint-manager-getting-started
+            - text: What is Microsoft Intune?
+              url: /mem/intune/fundamentals/what-is-intune
             - text: Microsoft Endpoint Manager simplifies upgrades to Windows 11
               url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/endpoint-manager-simplifies-upgrades-to-windows-11/ba-p/2771886
             - text: Understanding readiness for Windows 11 with Microsoft Endpoint Manager
               url: https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/understanding-readiness-for-windows-11-with-microsoft-endpoint/ba-p/2770866
-            - text: Microsoft Endpoint Manager blog
+            - text: Microsoft endpoint management blog
               url: https://aka.ms/memblog
         - title: Windows 365
           links:
diff --git a/windows/privacy/changes-to-windows-diagnostic-data-collection.md b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
index 13b8872c26..48eab123cc 100644
--- a/windows/privacy/changes-to-windows-diagnostic-data-collection.md
+++ b/windows/privacy/changes-to-windows-diagnostic-data-collection.md
@@ -17,7 +17,7 @@ ms.topic: conceptual
 - Windows 10, version 1903 and later
 - Windows Server 2022
 
-Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. As part of this effort, we have moved our major products and services to a model where data sent back to Microsoft from customer devices will be classified as either **Required** or **Optional**. We believe this will provide our customers with a simpler experience – information should be easier to find, easier to understand, and easier to act upon through the tools we provide.
+Microsoft is committed to providing you with effective controls over your data and ongoing transparency into our data handling practices. As part of this effort, we've moved our major products and services to a model where data sent back to Microsoft from customer devices will be classified as either **Required** or **Optional**. We believe this change will provide our customers with a simpler experience – information should be easier to find, easier to understand, and easier to act upon through the tools we provide.
 
 This article is meant for IT administrators and explains the changes Windows is making to align to the new data collection taxonomy. These changes are focused in two areas:
 
@@ -26,7 +26,7 @@ This article is meant for IT administrators and explains the changes Windows is
 
 ## Summary of changes
 
-In Windows 10, version 1903 and later, you will see taxonomy updates in both the **Out-of-box-experience** (OOBE) and the **Diagnostics & feedback** privacy settings page. These changes are explained in the section named **Taxonomy** changes.
+In Windows 10, version 1903 and later, you'll see taxonomy updates in both the **Out-of-box-experience** (OOBE) and the **Diagnostics & feedback** privacy settings page. These changes are explained in the section named **Taxonomy** changes.
 
 Additionally, starting in Windows 11 and Windows Server 2022, we’re simplifying your diagnostic data controls by moving from four diagnostic data controls to three: **Diagnostic data off**, **Required**, and **Optional**. We’re also clarifying the Security diagnostic data level to reflect its behavior more accurately by changing it to **Diagnostic data off**. All these changes are explained in the section named **Behavioral changes**.
 
@@ -42,9 +42,9 @@ Starting in Windows 10, version 1903 and later, both the **Out-of-Box-Experience
 
 ## Behavioral changes
 
-Starting in Windows 11 and Windows Server 2022, we’re simplifying the Windows diagnostic data controls by moving from four diagnostic data settings to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they are upgraded to a supported version of the operating system, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that leverage enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change.
+Starting in Windows 11 and Windows Server 2022, we’re simplifying the Windows diagnostic data controls by moving from four diagnostic data settings to three: **Diagnostic data off**, **Required**, and **Optional**. If your devices are set to **Enhanced** when they're upgraded to a supported version of the operating system, the device settings will be evaluated to be at the more privacy-preserving setting of **Required diagnostic data**, which means that analytic services that use enhanced data collection may not work properly. For a list of services, see [Services that rely on Enhanced diagnostic data](#services-that-rely-on-enhanced-diagnostic-data). Administrators should read through the details and determine whether to apply these new policies to restore the same collection settings as they had before this change.
 
-Additionally, you will see the following policy changes in Windows Server 2022, Windows 11, and Windows Holographic, version 21H1 (HoloLens 2):
+Additionally, you'll see the following policy changes in Windows Server 2022, Windows 11, and Windows Holographic, version 21H1 (HoloLens 2):
 
 | Policy type | Current policy | Renamed policy |
 | --- | --- | --- |
@@ -65,9 +65,9 @@ For more info, see [Configure Windows diagnostic data in your organization](conf
 
 ## Services that rely on Enhanced diagnostic data
 
-Customers who use services that depend on Windows diagnostic data, such as Microsoft Managed Desktop or Desktop Analytics, may be impacted by the behavioral changes when they are released. These services will be updated to address these changes and guidance will be published on how to configure them properly.
+Customers who use services that depend on Windows diagnostic data, such as Microsoft Managed Desktop or Desktop Analytics, may be impacted by the behavioral changes when they're released. These services will be updated to address these changes and guidance will be published on how to configure them properly.
 
-The following provides information on the current configurations:
+The following articles provide information on the current configurations:
 
 - [Microsoft Managed Desktop](/microsoft-365/managed-desktop/service-description/device-policies#windows-diagnostic-data)
 - [Desktop Analytics](/mem/configmgr/desktop-analytics/overview)
@@ -95,7 +95,7 @@ For Windows devices with diagnostic data turned on and that are joined to an [Az
 - [Update Compliance](/windows/deployment/update/update-compliance-monitor)
 - [Windows Update for Business deployment service](/windows/deployment/update/deployment-service-overview)
 - [Microsoft Managed Desktop](/managed-desktop/intro/)
-- [Endpoint analytics (in Microsoft Endpoint Manager)](/mem/analytics/overview)
+- [Endpoint analytics (in Microsoft Intune)](/mem/analytics/overview)
 
 *(Additional licensing requirements may apply to use these services.)*
 
diff --git a/windows/privacy/essential-services-and-connected-experiences.md b/windows/privacy/essential-services-and-connected-experiences.md
index cac24b1acb..f111d92f7a 100644
--- a/windows/privacy/essential-services-and-connected-experiences.md
+++ b/windows/privacy/essential-services-and-connected-experiences.md
@@ -44,7 +44,7 @@ Although enterprise admins can turn off most essential services, we recommend, w
 | Diagnostic Data | Microsoft collects diagnostic data including error data about your devices with the help of the telemetry service. Diagnostic data gives every user a voice in the operating system’s development and ongoing improvement. It helps us understand how Windows behaves in the real world, focus on user priorities, find and fix problems, and improve services. This data allows Microsoft to improve the Windows experience. Setting diagnostic data to off means important information to help fix issues and improve quality won't be available to Microsoft. <br/><br/>To turn it off, see [Telemetry Services](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#1816-feedback--diagnostics).|
 | Update | Windows Update ensures devices are kept up to date and secure by downloading the latest updates and security patches for Windows. This service also enables users to download apps from the Microsoft Store and keep them up to date. Turning off Windows Update will potentially leave your Windows devices in a vulnerable state and more prone to security threats. <br/><br/>Other services like Device metadata retrieval and Font streaming also ensure that the content on your devices is kept up to date. <br/><br/>To turn off updates, see [Windows Update](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#29-windows-update), [Device Metadata Retrieval](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#4-device-metadata-retrieval), and [Font Streaming](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#6-font-streaming).|
 | Microsoft Store | Microsoft Store enables users to purchase and download apps, games, and digital content. The Store also enables the developers of these apps to send toast, tile, badge, and raw updates from their own cloud service. This provides a mechanism to deliver new updates to store apps in a power-efficient and dependable way. The Store can also revoke malicious apps. <br/><br/>To turn it off, see [Microsoft Store](/windows/privacy/manage-connections-from-windows-operating-system-components-to-microsoft-services#26-microsoft-store).|
-|Device Management |Device management includes Mobile Device Management (MDM), which helps IT pros manage company security policies and business applications. A built-in management component can communicate with the management server. If this is turned off, the device may no longer be compliant with company policy and the user might lose access to company resources.<br/><br/> [Learn more about Mobile Device Management](../client-management/mdm-overview) |
+|Device Management |Device management includes Mobile Device Management (MDM), which helps IT pros manage company security policies and business applications. A built-in management component can communicate with the management server. If this is turned off, the device may no longer be compliant with company policy and the user might lose access to company resources.<br/><br/> [Learn more about Mobile Device Management](/windows/client-management/mdm-overview) |
 
 ## Windows connected experiences
 
diff --git a/windows/security/TOC.yml b/windows/security/TOC.yml
index 63ab9a4a86..c364767760 100644
--- a/windows/security/TOC.yml
+++ b/windows/security/TOC.yml
@@ -244,7 +244,7 @@
               href: information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
             - name: Determine the enterprise context of an app running in WIP
               href: information-protection/windows-information-protection/wip-app-enterprise-context.md
-         - name: Create a WIP policy using Microsoft Endpoint Configuration Manager
+         - name: Create a WIP policy using Microsoft Configuration Manager
            href: information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
            items:
             - name: Create and deploy a WIP policy in Configuration Manager
diff --git a/windows/security/cloud.md b/windows/security/cloud.md
index 213647487d..0c96ff69db 100644
--- a/windows/security/cloud.md
+++ b/windows/security/cloud.md
@@ -23,9 +23,9 @@ Windows 11 includes the cloud services that are listed in the following table:<b
 
 | Service type | Description |
 |:---|:---|
-| Mobile device management (MDM) and Microsoft Endpoint Manager | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [Mobile device management](/windows/client-management/mdm/). |
+| Mobile device management (MDM) and Microsoft Intune | Windows 11 supports MDM, an enterprise management solution to help you manage your organization's security policies and business applications. MDM enables your security team to manage devices without compromising people's privacy on their personal devices.<br/><br/>Non-Microsoft servers can be used to manage Windows 11 by using industry standard protocols.<br/><br/>To learn more, see [Mobile device management](/windows/client-management/mdm/). |
 | Microsoft account | When users add their Microsoft account to Windows 11, they can bring their Windows, Microsoft Edge, Xbox settings, web page favorites, files, photos, and more across their devices. <br/><br/>The Microsoft account enables people to manage everything in one place. They can keep tabs on their subscriptions and order history, organize their family's digital life, update their privacy and security settings, track the health and safety of their devices, and even get rewards. <br/><br/>To learn more, see [Microsoft Accounts](identity-protection/access-control/microsoft-accounts.md).|
-| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>In the event of a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
+| OneDrive | OneDrive is your online storage for your files, photos, and data. OneDrive provides extra security, backup, and restore options for important files and photos. With options for both personal and business, people can use OneDrive to store and protect files in the cloud, allowing users to them on their laptops, desktops, and mobile devices. If a device is lost or stolen, people can quickly recover all their important files, photos, and data. <br/><br/>The OneDrive Personal Vault also provides protection for your most sensitive files without losing the convenience of anywhere access. Files are secured by identity verification, yet easily accessible to users across their devices. [Learn how to set up your Personal Vault](https://support.microsoft.com/office/protect-your-onedrive-files-in-personal-vault-6540ef37-e9bf-4121-a773-56f98dce78c4). <br/><br/>If there's a ransomware attack, OneDrive can enable recovery. And if you’ve configured backups in OneDrive, you have more options to mitigate and recover from a ransomware attack. [Learn more about how to recover from a ransomware attack using Office 365](/microsoft-365/security/office-365-security/recover-from-ransomware). |
 | Access to Azure Active Directory | Microsoft Azure Active Directory (Azure AD) is a complete cloud identity and access management solution for managing identities and directories, enabling access to applications, and protecting identities from security threats.<br/><br/>With Azure AD, you can manage and secure identities for your employees, partners, and customers to access the applications and services they need. Windows 11 works seamlessly with Azure Active Directory to provide secure access, identity management, and single sign-on to apps and services from anywhere.<br/><br/>To learn more, see [What is Azure AD?](/azure/active-directory/fundamentals/active-directory-whatis) |
 
 ## Next steps
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index abf2dc6eec..f900a31aa3 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -14,6 +14,7 @@ ms.date: 07/18/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows Server 2016</b>
+ms.technology: itpro-security
 ---
 
 # Access Control Overview
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index b68832d816..6d48d39a9a 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -18,6 +18,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Local Accounts
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
index bb3788ad3c..6fadaf74b4 100644
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@@ -12,6 +12,7 @@ ms.date: 07/27/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 91ab852722..92b3296a71 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -10,6 +10,7 @@ manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/17/2017
+ms.technology: itpro-security
 ---
 
 # Additional mitigations
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index 84f85e1113..69d69300a1 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Considerations when using Windows Defender Credential Guard
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index c170a5c421..55fe9628bb 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # How Windows Defender Credential Guard works
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index f979b9c441..2c5fe11327 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 # Windows Defender Credential Guard: Known issues
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index 9d8bb4a982..80be359c38 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -20,12 +20,13 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 # Manage Windows Defender Credential Guard
 
 ## Default Enablement
 
-Starting in **Windows 11 Enterprise, version 22H2** and **Windows 11 Education, version 22H2**, compatible systems have Windows Defender Credential Guard turned on by default. This changes the default state of the feature in Windows, though system administrators can still modify this enablement state. Windows Defender Credential Guard can still be manually [enabled](#enable-windows-defender-credential-guard) or [disabled](#disable-windows-defender-credential-guard) via the methods documented below.
+Starting in **Windows 11 Enterprise, version 22H2** and **Windows 11 Education, version 22H2**, compatible systems have Windows Defender Credential Guard turned on by default. This feature changes the default state of the feature in Windows, though system administrators can still modify this enablement state. Windows Defender Credential Guard can still be manually [enabled](#enable-windows-defender-credential-guard) or [disabled](#disable-windows-defender-credential-guard) via the methods documented below.
 
 ### Requirements for automatic enablement
 
@@ -34,7 +35,7 @@ Windows Defender Credential Guard will be enabled by default when a PC meets the
 |Component|Requirement|
 |---|---|
 |Operating System|**Windows 11 Enterprise, version 22H2** or **Windows 11 Education, version 22H2**|
-|Existing Windows Defender Credential Guard Requirements|Only devices which meet the [existing hardware and software requirements](credential-guard-requirements.md#hardware-and-software-requirements) to run Windows Defender Credential Guard will have it enabled by default.|
+|Existing Windows Defender Credential Guard Requirements|Only devices that meet the [existing hardware and software requirements](credential-guard-requirements.md#hardware-and-software-requirements) to run Windows Defender Credential Guard will have it enabled by default.|
 |Virtualization-based Security (VBS) Requirements|VBS must be enabled in order to run Windows Defender Credential Guard. Starting with Windows 11 Enterprise 22H2 and Windows 11 Education 22H2, devices that meet the requirements to run Windows Defender Credential Guard as well as the [minimum requirements to enable VBS](/windows-hardware/design/device-experiences/oem-vbs) will have both Windows Defender Credential Guard and VBS enabled by default.
 
 > [!NOTE]
@@ -55,7 +56,7 @@ The same set of procedures used to enable Windows Defender Credential Guard on p
 
 ### Enable Windows Defender Credential Guard by using Group Policy
 
-You can use Group Policy to enable Windows Defender Credential Guard. This will add and enable the virtualization-based security features for you if needed.
+You can use Group Policy to enable Windows Defender Credential Guard. When enabled, it will add and enable the virtualization-based security features for you if needed.
 
 1. From the Group Policy Management Console, go to **Computer Configuration** > **Administrative Templates** > **System** > **Device Guard**.
 
@@ -73,32 +74,32 @@ You can use Group Policy to enable Windows Defender Credential Guard. This will
 
 To enforce processing of the group policy, you can run `gpupdate /force`.
 
-### Enable Windows Defender Credential Guard by using Microsoft Endpoint Manager
+### Enable Windows Defender Credential Guard by using Microsoft Intune
 
-1. From **Microsoft Endpoint Manager admin center**, select **Devices**.
+1. In the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices**.
 
 1. Select **Configuration Profiles**.
 
 1. Select  **Create Profile** > **Windows 10 and later** > **Settings catalog** > **Create**.
 
-   1. Configuration settings: In the settings picker select **Device Guard** as category and add the needed settings.
+   1. Configuration settings: In the settings picker, select **Device Guard** as category and add the needed settings.
 
 > [!NOTE]
 > Enable VBS and Secure Boot and you can do it with or without UEFI Lock. If you will need to disable Credential Guard remotely, enable it without UEFI lock.
 
 > [!TIP]
-> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Microsoft Endpoint Manager](/mem/intune/protect/endpoint-security-account-protection-profile-settings).
+> You can also configure Credential Guard by using an account protection profile in endpoint security. For more information, see [Account protection policy settings for endpoint security in Microsoft Intune](/mem/intune/protect/endpoint-security-account-protection-profile-settings).
 
 ### Enable Windows Defender Credential Guard by using the registry
 
-If you don't use Group Policy, you can enable Windows Defender Credential Guard by using the registry. Windows Defender Credential Guard uses virtualization-based security features which have to be enabled first on some operating systems.
+If you don't use Group Policy, you can enable Windows Defender Credential Guard by using the registry. Windows Defender Credential Guard uses virtualization-based security features that have to be enabled first on some operating systems.
 
 #### Add the virtualization-based security features
 
-Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security is not necessary and this step can be skipped.
+Starting with Windows 10, version 1607 and Windows Server 2016, enabling Windows features to use virtualization-based security isn't necessary and this step can be skipped.
 
-If you are using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security.
-You can do this by using either the Control Panel or the Deployment Image Servicing and Management tool (DISM).
+If you're using Windows 10, version 1507 (RTM) or Windows 10, version 1511, Windows features have to be enabled to use virtualization-based security.
+To enable, use the Control Panel or the Deployment Image Servicing and Management tool (DISM).
 
 > [!NOTE]
 > If you enable Windows Defender Credential Guard by using Group Policy, the steps to enable Windows features through Control Panel or DISM are not required. Group Policy will install Windows features for you.
@@ -201,9 +202,9 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
 > [!NOTE]
 > For client machines that are running Windows 10 1703, LsaIso.exe is running whenever virtualization-based security is enabled for other features.
 
-- We recommend enabling Windows Defender Credential Guard before a device is joined to a domain. If Windows Defender Credential Guard is enabled after domain join, the user and device secrets may already be compromised. In other words, enabling Credential Guard will not help to secure a device or identity that has already been compromised, which is why we recommend turning on Credential Guard as early as possible.
+- We recommend enabling Windows Defender Credential Guard before a device is joined to a domain. If Windows Defender Credential Guard is enabled after domain join, the user and device secrets may already be compromised. In other words, enabling Credential Guard won't help to secure a device or identity that has already been compromised. So, we recommend turning on Credential Guard as early as possible.
 
-- You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. This can be done with security audit policies or WMI queries. Here's a list of WinInit event IDs to look for:
+- You should perform regular reviews of the PCs that have Windows Defender Credential Guard enabled. You can use security audit policies or WMI queries. Here's a list of WinInit event IDs to look for:
 
   - **Event ID 13** Windows Defender Credential Guard (LsaIso.exe) was started and will protect LSA credentials.
 
@@ -213,13 +214,13 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
 
     - The second variable: **0** means that it's configured to run in protect mode. **1** means that it's configured to run in test mode. This variable should always be **0**.
 
-  - **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel is not running; continuing without Windows Defender Credential Guard.
+  - **Event ID 15** Windows Defender Credential Guard (LsaIso.exe) is configured but the secure kernel isn't running; continuing without Windows Defender Credential Guard.
 
   - **Event ID 16** Windows Defender Credential Guard (LsaIso.exe) failed to launch: \[error code\]
 
   - **Event ID 17** Error reading Windows Defender Credential Guard (LsaIso.exe) UEFI configuration: \[error code\]  
 
-- You can also verify that TPM is being used for key protection by checking **Event ID 51** in *Applications and Services logs > Microsoft > Windows > Kernel-Boot* event log. The full event text will read like this: `VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0.` If you are running with a TPM, the TPM PCR mask value will be something other than 0.
+- You can also verify that TPM is being used for key protection by checking **Event ID 51** in *Applications and Services logs > Microsoft > Windows > Kernel-Boot* event log. The full event text will read like this: `VSM Master Encryption Key Provisioning. Using cached copy status: 0x0. Unsealing cached copy status: 0x1. New key generation status: 0x1. Sealing status: 0x1. TPM PCR mask: 0x0.` If you're running with a TPM, the TPM PCR mask value will be something other than 0.
 
 - You can use Windows PowerShell to determine whether credential guard is running on a client computer. On the computer in question, open an elevated PowerShell window and run the following command:
 
@@ -238,9 +239,9 @@ DG_Readiness_Tool_v3.6.ps1 -Ready
 
 ## Disable Windows Defender Credential Guard
 
-Windows Defender Credential Guard can be disabled via several methods explained below, depending on how the feature was enabled. For devices that had Windows Defender Credential Guard automatically enabled in the 22H2 update and did not have it enabled prior to the update, it is sufficient to [disable via Group Policy](#disabling-windows-defender-credential-guard-using-group-policy).
+Windows Defender Credential Guard can be disabled via several methods explained below, depending on how the feature was enabled. For devices that had Windows Defender Credential Guard automatically enabled in the 22H2 update and didn't have it enabled prior to the update, it's sufficient to [disable via Group Policy](#disabling-windows-defender-credential-guard-using-group-policy).
 
-If Windows Defender Credential Guard was enabled with UEFI Lock, the procedure described in [Disabling Windows Defender Credential Guard with UEFI Lock](#disabling-windows-defender-credential-guard-with-uefi-lock) must be followed. Note that the default enablement change in eligible 22H2 devices does **not** use a UEFI Lock.
+If Windows Defender Credential Guard was enabled with UEFI Lock, the procedure described in [Disabling Windows Defender Credential Guard with UEFI Lock](#disabling-windows-defender-credential-guard-with-uefi-lock) must be followed. The default enablement change in eligible 22H2 devices does **not** use a UEFI Lock.
 
 If Windows Defender Credential Guard was enabled via Group Policy without UEFI Lock, Windows Defender Credential Guard should be [disabled via Group Policy](#disabling-windows-defender-credential-guard-using-group-policy).
 
@@ -262,7 +263,7 @@ If Windows Defender Credential Guard was enabled via Group Policy and without UE
 
 ### Disabling Windows Defender Credential Guard using Registry Keys
 
-If Windows Defender Credential Guard was enabled without UEFI Lock and without Group Policy, it is sufficient to edit the registry keys as described below to disable Windows Defender Credential Guard.
+If Windows Defender Credential Guard was enabled without UEFI Lock and without Group Policy, it's sufficient to edit the registry keys as described below to disable Windows Defender Credential Guard.
 
 1. Change the following registry settings to 0:
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index 3223fe70ac..5ff4d5dadc 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Windows Defender Credential Guard protection limits and mitigations
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
index 708b5921a2..6444af7ea5 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 # Windows Defender Credential Guard protection limits
 
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index 2089f49bde..2e2a82219b 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -17,6 +17,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Windows Defender Credential Guard: Requirements
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
index 118e9f9b2f..8b39b99573 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
@@ -10,6 +10,7 @@ manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.date: 08/17/2017
+ms.technology: itpro-security
 ---
 
 # Windows Defender Credential Guard: Scripts for Certificate Authority Issuance Policies
diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index 186993b2fb..950eb3a95c 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -18,6 +18,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Protect derived domain credentials with Windows Defender Credential Guard
diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index 62c4d19d36..bfb971ef4f 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index 04aadd070b..9217ed606d 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -13,6 +13,7 @@ manager: aaroncz
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Multi-factor Unlock
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
index b488757dd8..d42b632977 100644
--- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
@@ -13,6 +13,7 @@ manager: aaroncz
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Azure Active Directory join cloud only deployment
 
@@ -27,7 +28,7 @@ You may wish to disable the automatic Windows Hello for Business enrollment prom
 
 ## Prerequisites
 
-Cloud only deployments will use Azure AD multi-factor authentication (MFA) during Windows Hello for Business (WHfB) enrollment and there's no additional MFA configuration needed. If you aren't already registered in Azure AD MFA, you will be guided though the MFA registration as part of the Windows Hello for Business enrollment process.
+Cloud only deployments will use Azure AD multi-factor authentication (MFA) during Windows Hello for Business (WHfB) enrollment and there's no additional MFA configuration needed. If you aren't already registered in Azure AD MFA, you'll be guided through the MFA registration as part of the Windows Hello for Business enrollment process.
 
 The necessary Windows Hello for Business prerequisites are located at [Cloud Only Deployment](hello-identity-verification.md#azure-ad-cloud-only-deployment).
 
@@ -37,7 +38,7 @@ Check and view this setting with the following MSOnline PowerShell command:
 
 `Get-MsolDomainFederationSettings –DomainName <your federated domain name>`
 
-To disable this setting, run the following command. Note that this change impacts ALL Azure AD MFA scenarios for this federated domain.
+To disable this setting, run the following command. This change impacts ALL Azure AD MFA scenarios for this federated domain.
 
 `Set-MsolDomainFederationSettings -DomainName <your federated domain name> -SupportsMfa $false`
 
@@ -55,11 +56,11 @@ We recommend that you disable or manage Windows Hello for Business provisioning
 
 The following method explains how to disable Windows Hello for Business enrollment without Intune.
 
-1. Sign into the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/) admin center.
+1. Sign into the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Go to **Devices** > **Enrollment** > **Enroll devices** > **Windows enrollment** > **Windows Hello for Business**. The Windows Hello for Business pane opens.
 3. If you don't want to enable Windows Hello for Business during device enrollment, select **Disabled** for **Configure Windows Hello for Business**.
 
-    When disabled, users cannot provision Windows Hello for Business. When set to Disabled, you can still configure the subsequent settings for Windows Hello for Business even though this policy won't enable Windows Hello for Business.
+    When disabled, users can't provision Windows Hello for Business. When set to Disabled, you can still configure the subsequent settings for Windows Hello for Business even though this policy won't enable Windows Hello for Business.
 
 > [!NOTE]
 > This policy is only applied during new device enrollments. For currently enrolled devices, you can [set the same settings in a device configuration policy](hello-manage-in-organization.md).
diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
index 30c337b738..edcdd4c52f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
+++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016 or later</b>
   - ✅ <b>Hybrid or On-Premises deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
index 7a1fee430a..8f6de2d563 100644
--- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
+++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
@@ -13,6 +13,7 @@ manager: aaroncz
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Windows Hello and password changes
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
index 99713dc227..df42f82380 100644
--- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
   - ✅ <b>Windows Holographic for Business</b>
+ms.technology: itpro-security
 ---
 
 # Windows Hello biometrics in the enterprise
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index e6e1f62714..20352aa60a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployments</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Prepare and Deploy Windows Server 2016 Active Directory Federation Services - Certificate Trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index 3b8de8ea72..760d69ed2e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -17,6 +17,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployments</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Configure Windows Hello for Business Policy settings - Certificate Trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index 2ef4c3f4b0..c324b543eb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployments</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Validate Active Directory prerequisites for cert-trust deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
index 546fd12013..38589541ad 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployments</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Validate and Deploy Multi-Factor Authentication feature
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index 900b6c7f79..15298bba55 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployments</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Validate and Configure Public Key Infrastructure - Certificate Trust Model
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
index cc32057f9c..0c3dce349f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployments</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # On Premises Certificate Trust Deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index 21fc22d1de..e760eecda3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -11,6 +11,7 @@ ms.collection:
 ms.topic: article
 localizationpriority: medium
 ms.date: 02/15/2022
+ms.technology: itpro-security
 ---
 # Windows Hello for Business Deployment Overview
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
index 7781a9a4ff..b64a57e89f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
@@ -11,6 +11,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 05/03/2021
+ms.technology: itpro-security
 ---
 # Windows Hello for Business Known Deployment Issues
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
index 913d912198..770fc668c9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # On Premises Key Trust Deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
index 2f4234f9b6..ed5f5c0edc 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
   - ✅ <b>Cloud Kerberos trust</b>
+ms.technology: itpro-security
 ---
 
 # Deploy Certificates to Key Trust and Cloud Kerberos Trust Users to Enable RDP
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index 200d0eba93..28bab60966 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -14,6 +14,7 @@ ms.date: 05/05/2018
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # Windows Hello errors during PIN creation
diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md
index aa8a027b1f..32ec0a5204 100644
--- a/windows/security/identity-protection/hello-for-business/hello-event-300.md
+++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md
@@ -13,6 +13,7 @@ ms.date: 07/27/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # Event ID 300 - Windows Hello successfully created
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 88115dc1cb..751ec8d3bc 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -47,11 +47,11 @@ sections:
           Remote Desktop Protocol (RDP) doesn't currently support using key-based authentication and self-signed certificates as supplied credentials. However, you can deploy certificates in the key trust model to enable RDP. For more information, see [Deploying certificates to key trust users to enable RDP](hello-deployment-rdp-certs.md). In addition, Windows Hello for Business key trust can be also used with RDP with [Windows Defender Remote Credential Guard](../remote-credential-guard.md) without deploying certificates.
 
           
-      - question: Can I deploy Windows Hello for Business by using Microsoft Endpoint Configuration Manager?
+      - question: Can I deploy Windows Hello for Business by using Microsoft Configuration Manager?
         answer: |
           Windows Hello for Business deployments using Configuration Manager should follow the hybrid deployment model that uses Active Directory Federation Services. Starting in Configuration Manager version 1910, certificate-based authentication with Windows Hello for Business settings isn't supported. Key-based authentication is still valid with Configuration Manager. For more information, see [Windows Hello for Business settings in Configuration Manager](/configmgr/protect/deploy-use/windows-hello-for-business-settings).
 
-      - question: Can I deploy Windows Hello for Business by using Microsoft Endpoint Manager Intune?
+      - question: Can I deploy Windows Hello for Business by using Microsoft Intune?
         answer: |
           Windows Hello for Business deployments using Intune allow for a great deal of flexibility in deployment. For more information, see [Integrate Windows Hello for Business with Microsoft Intune](/mem/intune/protect/windows-hello).
           
@@ -63,7 +63,18 @@ sections:
         answer: |
           When using Windows Hello for Business, the PIN isn't a symmetric key, whereas the password is a symmetric key.  With passwords, there's a server that has some representation of the password. With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server doesn't have a copy of the PIN. For that matter, the Windows client doesn't have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key.
           The statement "PIN is stronger than Password" is not directed at the strength of the entropy used by the PIN. It's about the difference between providing entropy versus continuing the use of a symmetric key (the password). The TPM has anti-hammering features that thwart brute-force PIN attacks (an attacker's continuous attempt to try all combination of PINs). Some organizations may worry about shoulder surfing. For those organizations, rather than increase the complexity of the PIN, implement the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
-          
+
+      - question: What's a container?
+        answer: |  
+          In the context of Windows Hello for Business, it's shorthand for a logical grouping of key material or data. Windows Hello uses a single container that holds user key material for personal accounts, including key material associated with the user's Microsoft account or with other consumer identity providers, and credentials associated with a workplace or school account.
+          The container holds enterprise credentials only on devices that have been registered with an organization; it contains key material for the enterprise IDP, such as on-premises Active Directory or Azure AD.
+          Note that there are no physical containers on disk, in the registry, or elsewhere. Containers are logical units used to group related items. The keys, certificates, and credentials of Windows Hello stores, are protected without the creation of actual containers or folders.
+          The container contains a set of keys, some of which are used to protect other keys. The following image shows an example: the protector key is used to encrypt the authentication key, and the authentication key is used to encrypt the individual keys stored in the container. [Each logical container holds one or more sets of keys.](./images/passport-fig3-logicalcontainer.png)
+
+      - question: How do I delete a Windows Hello for Business container on a device?
+        answer: |  
+          You can effectively disable Windows Hello for Business by launching `certutil.exe -deleteHelloContainer` on the end device under a user account, and then restarting the device.
+
       - question: How does Windows Hello for Business work with Azure AD registered devices?
         answer: |
           A user will be prompted to set up a Windows Hello for Business key on an Azure AD registered devices  if the feature is enabled by policy. If the user has an existing Windows Hello container, the Windows Hello for Business key will be enrolled in that container and will be protected using their exiting gestures.
@@ -155,11 +166,11 @@ sections:
 
       - question: Where is Windows Hello biometrics data stored?
         answer: |
-            When you enroll in Windows Hello, a representation of your face called an enrollment profile is created more information can be found on [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication). This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server.  For more details see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored).
+            When you enroll in Windows Hello, a representation of your face called an enrollment profile is created more information can be found on [Windows Hello face authentication](/windows-hardware/design/device-experiences/windows-hello-face-authentication). This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn't roam, never leaves the module, and is never sent to Microsoft cloud or external server.  For more details, see [Windows Hello biometrics in the enterprise](/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored).
       
       - question: What is the format used to store Windows Hello biometrics data on the device?
         answer: |
-          Windows Hello biometrics data is stored on the device as an encrypted template database. The data from the biometrics sensor (e.g., face camera or fingerprint reader) creates a data representation—or graph—that is then encrypted before it’s stored on the device. Each biometrics sensor on the device which is used by Windows Hello (face or fingerprint) will have its own biometric database file where template data is stored. Each biometrics database file is encrypted with unique, randomly generated key that is encrypted to the system using AES encryption producing an SHA256 hash. 
+          Windows Hello biometrics data is stored on the device as an encrypted template database. The data from the biometrics sensor (like face camera or fingerprint reader) creates a data representation—or graph—that is then encrypted before it’s stored on the device. Each biometrics sensor on the device which is used by Windows Hello (face or fingerprint) will have its own biometric database file where template data is stored. Each biometrics database file is encrypted with unique, randomly generated key that is encrypted to the system using AES encryption producing an SHA256 hash. 
       
       - question: Who has access on Windows Hello biometrics data? 
         answer: |
@@ -167,11 +178,11 @@ sections:
       
       - question: When is Windows Hello biometrics database file created? How is a user enrolled into Windows Hello face or fingerprint authentication?
         answer: |
-          Windows Hello biometrics template database file is created on the device only when a user is enrolled into Windows Hello biometrics-based authentication. Your workplace or IT administrator may have turned certain authentication functionality, however, it is always your choice if you want to use Windows Hello or an alternative method (e.g. pin). Users can check their current enrollment into Windows Hello biometrics by going to sign-in options on their device. Go to **Start** > **Settings** > **Accounts** > **Sign-in** options. Or just click on **Go to Sign-in options**. To enroll into Windows Hello, user can go to **Start** > **Settings** > **Accounts** > **Sign-in** options, select the Windows Hello method that they want to set up, and then select **Set up**. If you don't see Windows Hello in Sign-in options, then it may not be available for your device or blocked by admin via policy. Admins can by policy request users to enroll into Windows Hello during autopilot or during initial setup of the device. Admins can disallow users to enroll into biometrics via Windows hello for business policy configurations. However, when allowed via policy configurations, enrollment into Windows Hello biometrics is always optional for users.
+          Windows Hello biometrics template database file is created on the device only when a user is enrolled into Windows Hello biometrics-based authentication. Your workplace or IT administrator may have turned certain authentication functionality, however, it is always your choice if you want to use Windows Hello or an alternative method, like a pin. Users can check their current enrollment into Windows Hello biometrics by going to sign-in options on their device. Go to **Start** > **Settings** > **Accounts** > **Sign-in** options. Or just select on **Go to Sign-in options**. To enroll into Windows Hello, user can go to **Start** > **Settings** > **Accounts** > **Sign-in** options, select the Windows Hello method that they want to set up, and then select **Set up**. If you don't see Windows Hello in Sign-in options, then it may not be available for your device or blocked by admin via policy. Admins can by policy request users to enroll into Windows Hello during autopilot or during initial setup of the device. Admins can disallow users to enroll into biometrics via Windows hello for business policy configurations. However, when allowed via policy configurations, enrollment into Windows Hello biometrics is always optional for users.
 
       - question: When is Windows Hello biometrics database file deleted? How can a user be unenrolled from Windows Hello face or fingerprint authentication?
         answer: |
-            To remove Windows Hello and any associated biometric identification data from the device, user can go to **Start** > **Settings** > **Accounts** > **Sign-in options**. Select the Windows Hello biometrics authentication method you want to remove, and then select **Remove**. This will unenroll the user from Windows Hello biometrics auth and will also delete the associated biometrics template database file. For more details see [Windows sign-in options and account protection (microsoft.com)](https://support.microsoft.com/en-us/windows/windows-sign-in-options-and-account-protection-7b34d4cf-794f-f6bd-ddcc-e73cdf1a6fbf#bkmk_helloandprivacy).
+            To remove Windows Hello and any associated biometric identification data from the device, user can go to **Start** > **Settings** > **Accounts** > **Sign-in options**. Select the Windows Hello biometrics authentication method you want to remove, and then select **Remove**. This will unenroll the user from Windows Hello biometrics auth and will also delete the associated biometrics template database file. For more details, see [Windows sign-in options and account protection (microsoft.com)](https://support.microsoft.com/en-us/windows/windows-sign-in-options-and-account-protection-7b34d4cf-794f-f6bd-ddcc-e73cdf1a6fbf#bkmk_helloandprivacy).
       
       - question: What about any diagnostic data coming out when WHFB is enabled?
         answer: |
@@ -187,7 +198,7 @@ sections:
 
       - question: Can I wear a mask to enroll or unlock using Windows Hello face authentication?
         answer: |
-          Wearing a mask to enroll is a security concern because other users wearing a similar mask may be able to unlock your device. The product group is aware of this behavior and is investigating this topic further. Remove a mask if you're wearing one when you enroll or unlock with Windows Hello face authentication. If your working environment doesn’t allow you to remove a mask temporarily, consider unenrolling from face authentication and only using PIN or fingerprint.
+          Wearing a mask to enroll is a security concern because other users wearing a similar mask may be able to unlock your device. The product group is aware of this behavior and is investigating this article further. Remove a mask if you're wearing one when you enroll or unlock with Windows Hello face authentication. If your working environment doesn’t allow you to remove a mask temporarily, consider unenrolling from face authentication and only using PIN or fingerprint.
 
       - question: What's the difference between Windows Hello and Windows Hello for Business?
         answer: |
@@ -248,7 +259,7 @@ sections:
           Windows Hello for Business works with any third-party federation servers that support the protocols used during the provisioning experience.<br><br>
           
           | Protocol | Description |
-          | :---: | :--- |
+          | :--- | :--- |
           | [[MS-KPP]: Key Provisioning Protocol](/openspecs/windows_protocols/ms-kpp/25ff7bd8-50e3-4769-af23-bcfd0b4d4567) | Specifies the Key Provisioning Protocol, which defines a mechanism for a client to register a set of cryptographic keys on a user and device pair. |
           | [[MS-OAPX]: OAuth 2.0 Protocol Extensions](/openspecs/windows_protocols/ms-oapx/7612efd4-f4c8-43c3-aed6-f5c5ce359da2)| Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the OAuth 2.0 Authorization Framework. These extensions enable authorization features such as resource specification, request identifiers, and log in hints. |  
           | [[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients](/openspecs/windows_protocols/ms-oapxbc/2f7d8875-0383-4058-956d-2fb216b44706) | Specifies the OAuth 2.0 Protocol Extensions for Broker Clients, extensions to RFC6749 (the OAuth 2.0 Authorization Framework) that allow a broker client to obtain access tokens on behalf of calling clients. |
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md
index 2f6fbbe9f5..8ac9d29d9f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md
@@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 09/09/2019
+ms.technology: itpro-security
 ---
 
 # Conditional access
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
index 9e5806c9c3..24c66f9452 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
@@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 09/09/2019
+ms.technology: itpro-security
 ---
 
 # Dual Enrollment
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
index 12f635cba9..bb878fcd09 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
@@ -13,6 +13,7 @@ ms.date: 07/12/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # Dynamic lock
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
index 7964c96198..b50e72d0ef 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
@@ -15,6 +15,7 @@ ms.date: 07/29/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # PIN reset
@@ -35,7 +36,7 @@ There are two forms of PIN reset called destructive and non-destructive. Destruc
 - Reset from settings - Windows 10, version 1703 or later, Windows 11
 - Reset above Lock - Windows 10, version 1709 or later, Windows 11
 
-Destructive and non-destructive PIN reset use the same steps for initiating a PIN reset. If users have forgotten their PINs, but have an alternate sign-in method, they can navigate to Sign-in options in *Settings* and initiate a PIN reset from the PIN options. If users do not have an alternate way to sign into their devices, PIN reset can also be initiated from the Windows lock screen in the PIN credential provider.
+Destructive and non-destructive PIN reset use the same steps for initiating a PIN reset. If users have forgotten their PINs, but have an alternate sign-in method, they can navigate to Sign-in options in *Settings* and initiate a PIN reset from the PIN options. If users don't have an alternate way to sign into their devices, PIN reset can also be initiated from the Windows lock screen in the PIN credential provider.
 
 
 >[!IMPORTANT]
@@ -52,16 +53,16 @@ Destructive and non-destructive PIN reset use the same steps for initiating a PI
 
 For Azure AD-joined devices:
 
-1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon.
+1. If the PIN credential provider isn't selected, expand the **Sign-in options** link, and select the PIN pad icon.
 1. Select **I forgot my PIN** from the PIN credential provider.
-1. Select an authentication option from the list of presented options. This list will be based on the different authentication methods enabled in your tenant (e.g., Password, PIN, Security key).
+1. Select an authentication option from the list of presented options. This list will be based on the different authentication methods enabled in your tenant (like Password, PIN, Security key).
 1. Follow the instructions provided by the provisioning process.
 1. When finished, unlock your desktop using your newly created PIN.
 
 
 For Hybrid Azure AD-joined devices:
 
-1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon.
+1. If the PIN credential provider isn't selected, expand the **Sign-in options** link, and select the PIN pad icon.
 1. Select **I forgot my PIN** from the PIN credential provider.
 1. Enter your password and press enter.
 1. Follow the instructions provided by the provisioning process.
@@ -70,19 +71,19 @@ For Hybrid Azure AD-joined devices:
 > [!NOTE]
 > Key trust on hybrid Azure AD-joined devices does not support destructive PIN reset from above the Lock Screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. For this deployment model, you must deploy non-destructive PIN reset for above lock PIN reset to work.
 
-You may find that PIN reset from settings only works post login, and that the "lock screen" PIN reset function will not work if you have any matching limitation of self-service password reset from the lock screen. For more information, see [Enable Azure Active Directory self-service password reset at the Windows sign-in screen - General ](/azure/active-directory/authentication/howto-sspr-windows#general-limitations).
+You may find that PIN reset from settings only works post login. Also, the "lock screen" PIN reset function won't work if you have any matching limitation of self-service password reset from the lock screen. For more information, see [Enable Azure Active Directory self-service password reset at the Windows sign-in screen - General ](/azure/active-directory/authentication/howto-sspr-windows#general-limitations).
 
 ## Non-Destructive PIN reset
 
 **Requirements:**
 
 - Azure Active Directory
-- Windows 10, version 1709 to 1809, Enterprise Edition. There is no licensing requirement for this feature since version 1903.
+- Windows 10, version 1709 to 1809, Enterprise Edition. There's no licensing requirement for this feature since version 1903.
 - Hybrid Windows Hello for Business deployment
 - Azure AD registered, Azure AD joined, and Hybrid Azure AD joined
 
 
-When non-destructive PIN reset is enabled on a client, a 256-bit AES key is generated locally and added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication and multi-factor authentication to Azure AD, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it is then cleared from memory.
+When non-destructive PIN reset is enabled on a client, a 256-bit AES key is generated locally. The key is added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication and multi-factor authentication to Azure AD, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it's then cleared from memory.
 
 Using Group Policy, Microsoft Intune or a compatible MDM solution, you can configure Windows devices to securely use the **Microsoft PIN Reset Service** which enables users to reset their forgotten PIN without requiring re-enrollment.
 
@@ -95,10 +96,10 @@ Using Group Policy, Microsoft Intune or a compatible MDM solution, you can confi
 |Category|Destructive PIN Reset|Non-Destructive PIN Reset|
 |--- |--- |--- |
 |**Functionality**|The user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, will be deleted from the client and a new logon key and PIN are provisioned.|You must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. For more information on how to deploy the Microsoft PIN reset service and client policy, see [Connect Azure Active Directory with the PIN reset service](#connect-azure-active-directory-with-the-pin-reset-service). During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed.|
-|**Windows editions and versions**|Reset from settings - Windows 10, version 1703 or later, Windows 11. Reset above Lock - Windows 10, version 1709 or later, Windows 11.|Windows 10, version 1709 to 1809, Enterprise Edition. There is no licensing requirement for this feature since version 1903. Enterprise Edition and Pro edition with Windows 10, version 1903 and newer Windows 11.|
+|**Windows editions and versions**|Reset from settings - Windows 10, version 1703 or later, Windows 11. Reset above Lock - Windows 10, version 1709 or later, Windows 11.|Windows 10, version 1709 to 1809, Enterprise Edition. There isn't any licensing requirement for this feature since version 1903. Enterprise Edition and Pro edition with Windows 10, version 1903 and newer Windows 11.|
 |**Azure Active Directory Joined**|Cert Trust, Key Trust, and cloud Kerberos trust|Cert Trust, Key Trust, and cloud Kerberos trust|
 |**Hybrid Azure Active Directory Joined**|Cert Trust and cloud Kerberos trust for both settings and above the lock support destructive PIN reset. Key Trust doesn't support this from above the lock screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. It does support from the settings page and the users must have a corporate network connectivity to the DC. |Cert Trust, Key Trust, and cloud Kerberos trust for both settings and above the lock support non-destructive PIN reset. No network connection is required for the DC.|
-|**On Premises**|If ADFS is being used for on premises deployments, users must have a corporate network connectivity to federation services. |The PIN reset service relies on Azure Active Directory identities, so it is only available for Hybrid Azure Active Directory Joined and Azure Active Directory Joined devices.|
+|**On Premises**|If ADFS is being used for on premises deployments, users must have a corporate network connectivity to federation services. |The PIN reset service relies on Azure Active Directory identities, so it's only available for Hybrid Azure Active Directory Joined and Azure Active Directory Joined devices.|
 |**Additional Configuration required**|Supported by default and doesn't require configuration|Deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature On-board the Microsoft PIN reset service to respective Azure Active Directory tenant Configure Windows devices to use PIN reset using Group *Policy\MDM*.|
 |**MSA/Enterprise**|MSA and Enterprise|Enterprise only.|
 
@@ -117,13 +118,13 @@ Before you can remotely reset PINs, you must register two applications in your A
 #### Connect Azure Active Directory with the PIN Reset Service
 
 1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant.
-1. After you have logged in, select **Accept** to give consent to the **PIN Reset Service** to access your organization.
+1. After you've logged in, select **Accept** to give consent to the **PIN Reset Service** to access your organization.
    ![PIN reset service application in Azure.](images/pinreset/pin-reset-service-prompt.png)
 
 #### Connect Azure Active Directory with the PIN Reset Client
 
 1. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant.
-1. After you have logged in, select **Accept** to give consent for the **PIN Reset Client** to access your organization.
+1. After you've logged in, select **Accept** to give consent for the **PIN Reset Client** to access your organization.
    ![PIN reset client application in Azure.](images/pinreset/pin-reset-client-prompt.png)
 
 #### Confirm that the two PIN Reset service principals are registered in your tenant
@@ -137,11 +138,11 @@ Before you can remotely reset PINs, you must register two applications in your A
 
 Before you can remotely reset PINs, your devices must be configured to enable PIN Recovery. Follow the instructions below to configure your devices using either Microsoft Intune, Group Policy Objects (GPO), or Configuration Service Providers (CSP).
 
-#### [✅ **Intune**](#tab/intune)
+#### [:::image type="icon" source="../../images/icons/intune.svg"::: **Intune**](#tab/intune)
 
 You can configure Windows devices to use the **Microsoft PIN Reset Service** using Microsoft Intune.
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Select **Devices** > **Configuration profiles** > **Create profile**.
 1. Enter the following properties:
     - **Platform**: Select **Windows 10 and later**.
@@ -163,10 +164,10 @@ You can configure Windows devices to use the **Microsoft PIN Reset Service** usi
 
 >[!NOTE]
 > You can also configure PIN recovery from the **Endpoint security** blade:
-> 1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
+> 1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 > 1. Select **Endpoint security** > **Account protection** > **Create Policy**.
 
-#### [✅ **GPO**](#tab/gpo)
+#### [:::image type="icon" source="../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
 
 You can configure Windows devices to use the **Microsoft PIN Reset Service** using a Group Policy Object (GPO).
 
@@ -175,7 +176,7 @@ You can configure Windows devices to use the **Microsoft PIN Reset Service** usi
 1. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business**.
 1. Close the Group Policy Management Editor to save the Group Policy object.
 
-#### [✅ **CSP**](#tab/csp)
+#### [:::image type="icon" source="../../images/icons/windows-os.svg"::: **CSP**](#tab/CSP)
 
 You can configure Windows devices to use the **Microsoft PIN Reset Service** using the [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp).
 
@@ -236,11 +237,11 @@ The _PIN reset_ configuration can be viewed by running [**dsregcmd /status**](/a
 
 - Azure AD joined devices
 
-The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that can be reached during PIN reset flows on Azure AD-joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
+The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that can be reached during PIN reset flows on Azure AD-joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, then this policy should be set. When set, it ensures that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
 
 ### Configure Web Sign-in Allowed URLs using Microsoft Intune
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com)
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
 1. Select **Devices** > **Configuration profiles** > **Create profile**
 1. Enter the following properties:
     - **Platform**: Select **Windows 10 and later**
@@ -266,7 +267,7 @@ The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-au
 > [!NOTE]
 > For Azure Government, there is a known issue with PIN reset on Azure AD Joined devices failing. When the user attempts to launch PIN reset, the PIN reset UI shows an error page that says, "We can't open that page right now." The ConfigureWebSignInAllowedUrls policy can be used to work around this issue. If you are experiencing this problem and you are using Azure US Government cloud, set **login.microsoftonline.us** as the value for the ConfigureWebSignInAllowedUrls policy.
 
-## Related topics
+## Related articles
 
 - [Windows Hello for Business](hello-identity-verification.md)
 - [Manage Windows Hello for Business in your organization](hello-manage-in-organization.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index 7df9f23a47..31cdaa7534 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 02/24/2021
+ms.technology: itpro-security
 ---
 
 # Remote Desktop
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
index d255b5fc1a..d3817c3e30 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
@@ -13,6 +13,7 @@ ms.date: 02/15/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Windows Hello for Business and Authentication
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index 2f167aa675..ab75ccda70 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -13,6 +13,7 @@ ms.date: 2/15/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Windows Hello for Business Provisioning
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
index 17d08a88d2..719c27216d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
@@ -13,6 +13,7 @@ ms.date: 10/08/2018
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # Technology and terms
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
index 3615e97d8f..c5d8b5a96a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
@@ -13,6 +13,7 @@ ms.date: 05/05/2018
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # How Windows Hello for Business works in Windows Devices
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index a4c55e0fdd..ce22c81e4f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -17,27 +17,28 @@ appliesto:
   - ✅ <b>Azure Active Directory-join</b>
   - ✅ <b>Hybrid Deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business
 ## Prerequisites
 
-Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD-joined devices.  Unlike hybrid Azure AD-joined devices, Azure AD-joined devices do not have a relationship with your Active Directory domain.  This factor changes the way in which users authenticate to Active Directory.  Validate the following configurations to ensure they support Azure AD-joined devices.
+Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD-joined devices.  Unlike hybrid Azure AD-joined devices, Azure AD-joined devices don't have a relationship with your Active Directory domain.  This factor changes the way in which users authenticate to Active Directory.  Validate the following configurations to ensure they support Azure AD-joined devices.
 
 - Azure Active Directory Connect synchronization
 - Device Registration
 - Certificate Revocation List (CRL) Distribution Point (CDP)
 - 2016 Domain Controllers
 - Domain Controller certificate
-- Network infrastructure in place to reach your on-premises domain controller. If the machines are external, this can be achieved using any VPN solution.
+- Network infrastructure in place to reach your on-premises domain controller. If the machines are external, you can use any VPN solution.
 
 ### Azure Active Directory Connect synchronization
-Azure AD join, as well as hybrid Azure AD join devices register the user's Windows Hello for Business credential with Azure.  To enable on-premises authentication, the credential must be synchronized to the on-premises Active Directory, regardless whether you are using a key or a certificate.  Ensure you have Azure AD Connect installed and functioning properly.  To learn more about Azure AD Connect, read [Integrate your on-premises directories with Azure Active Directory](/azure/active-directory/connect/active-directory-aadconnect).
+Azure AD join, and hybrid Azure AD join devices register the user's Windows Hello for Business credential with Azure.  To enable on-premises authentication, the credential must be synchronized to the on-premises Active Directory, regardless whether you're using a key or a certificate.  Ensure you have Azure AD Connect installed and functioning properly.  To learn more about Azure AD Connect, read [Integrate your on-premises directories with Azure Active Directory](/azure/active-directory/connect/active-directory-aadconnect).
 
 If you upgraded your Active Directory schema to the Windows Server 2016 schema after installing Azure AD Connect, run Azure AD Connect and run **Refresh directory schema** from the list of tasks.
 ![Azure AD Connect Schema Refresh.](images/aadj/aadconnectschema.png)
 
 ### Azure Active Directory Device Registration
-A fundamental prerequisite of all cloud and hybrid Windows Hello for Business deployments is device registration.  A user cannot provision Windows Hello for Business unless the device from which they are trying to provision has registered with Azure Active Directory.  For more information about device registration, read [Introduction to device management in Azure Active Directory](/azure/active-directory/devices/overview).
+A fundamental prerequisite of all cloud and hybrid Windows Hello for Business deployments is device registration.  A user can't provision Windows Hello for Business unless the device from which they're trying to provision has registered with Azure Active Directory.  For more information about device registration, read [Introduction to device management in Azure Active Directory](/azure/active-directory/devices/overview).
 
 You can use the **dsregcmd.exe** command to determine if your device is registered to Azure Active Directory.
 ![dsregcmd output.](images/aadj/dsregcmd.png)
@@ -48,24 +49,24 @@ Certificates issued by a certificate authority can be revoked.  When a certifica
 
 ![Domain Controller Certificate with LDAP CDP.](images/aadj/Certificate-CDP.png)
 
-The preceding domain controller certificate shows a CRL distribution path (CDP) using Active Directory.  You can determine this because the value in the URL begins with **ldap**.  Using Active Directory for domain joined devices provides a highly available CRL distribution point.  However, Azure Active Directory-joined devices and users on Azure Active Directory-joined devices cannot read data from Active Directory, and certificate validation does not provide an opportunity to authenticate prior to reading the certificate revocation list.  This becomes a circular problem as the user is attempting to authenticate, but must read Active Directory to complete the authentication, but the user cannot read Active Directory because they have not authenticated.
+The preceding domain controller certificate shows a CRL distribution path (CDP) using Active Directory. The value in the URL begins with **ldap**.  Using Active Directory for domain joined devices provides a highly available CRL distribution point.  However, Azure Active Directory-joined devices and users on Azure Active Directory-joined devices can't read data from Active Directory, and certificate validation doesn't provide an opportunity to authenticate prior to reading the certificate revocation list.  The authentication becomes a circular problem. The user is attempting to authenticate, but must read Active Directory to complete the authentication, but the user can't read Active Directory because they haven't authenticated.
 
-To resolve this issue, the CRL distribution point must be a location that is accessible by Azure Active Directory-joined devices that does not require authentication.  The easiest solution is to publish the CRL distribution point on a web server that uses HTTP (not HTTPS).
+To resolve this issue, the CRL distribution point must be a location that is accessible by Azure Active Directory-joined devices that doesn't require authentication.  The easiest solution is to publish the CRL distribution point on a web server that uses HTTP (not HTTPS).
 
-If your CRL distribution point does not list an HTTP distribution point, then you need to reconfigure the issuing certificate authority to include an HTTP CRL distribution point, preferably first in the list of distribution points.
+If your CRL distribution point doesn't list an HTTP distribution point, then you need to reconfigure the issuing certificate authority to include an HTTP CRL distribution point, preferably first in the list of distribution points.
 
 > [!NOTE]
 > If your CA has published both the Base and the Delta CRL, please make sure you have included publishing the Delta CRL in the HTTP path. Include web server to fetch the Delta CRL by allowing double escaping in the (IIS) web server.
 
 ### Windows Server 2016 Domain Controllers
 
-If you are interested in configuring your environment to use the Windows Hello for Business key rather than a certificate, then your environment must have an adequate number of Windows Server 2016 domain controllers.  Only Windows Server 2016 domain controllers are capable of authenticating user with a Windows Hello for Business key.  What do we mean by adequate?  We are glad you asked.  Read [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
+If you're interested in configuring your environment to use the Windows Hello for Business key rather than a certificate, then your environment must have an adequate number of Windows Server 2016 domain controllers.  Only Windows Server 2016 domain controllers are capable of authenticating user with a Windows Hello for Business key.  What do we mean by adequate?  We're glad you asked.  Read [Planning an adequate number of Windows Server 2016 Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) to learn more.
 
-If you are interested in configuring your environment to use the Windows Hello for Business certificate rather than key, then you are the right place.  The same certificate configuration on the domain controllers is needed, whether you are using Windows Server 2016 domain controllers or domain controllers running earlier versions of Windows Server.  You can simply ignore the Windows Server 2016 domain controller requirement.  
+If you're interested in configuring your environment to use the Windows Hello for Business certificate rather than key, then you're the right place.  The same certificate configuration on the domain controllers is needed, whether you're using Windows Server 2016 domain controllers or domain controllers running earlier versions of Windows Server.  You can ignore the Windows Server 2016 domain controller requirement.  
 
 ### Domain Controller Certificates
 
-Certificate authorities write CRL distribution points in certificates as they are issued.  If the distribution point changes, then previously issued certificates must be reissued for the certificate authority to include the new CRL distribution point.  The domain controller certificate is one the critical components of Azure AD-joined devices authenticating to Active Directory
+Certificate authorities write CRL distribution points in certificates as they're issued.  If the distribution point changes, then previously issued certificates must be reissued for the certificate authority to include the new CRL distribution point.  The domain controller certificate is one the critical components of Azure AD-joined devices authenticating to Active Directory
 
 #### Why does Windows need to validate the domain controller certificate?
 
@@ -79,7 +80,7 @@ Windows Hello for Business enforces the strict KDC validation security feature w
 - The domain controller's certificate's signature hash algorithm is **sha256**.
 - The domain controller's certificate's public key is **RSA (2048 Bits)**.
 
-Authenticating from a Hybrid Azure AD joined device to a domain using Windows Hello for Business does not enforce that the domain controller certificate includes the **KDC Authentication** EKU. If you are adding Azure AD-joined devices to an existing domain environment, make sure to verify that your domain controller certificate has been updated to include the **KDC Authentication** EKU. If you need to update your domain controller certificate to include the **KDC Authentication** EKU, follow the instructions in [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](hello-hybrid-key-whfb-settings-pki.md)
+Authenticating from a Hybrid Azure AD joined device to a domain using Windows Hello for Business doesn't enforce that the domain controller certificate includes the **KDC Authentication** EKU. If you're adding Azure AD-joined devices to an existing domain environment, make sure to verify that your domain controller certificate has been updated to include the **KDC Authentication** EKU. If you need to update your domain controller certificate to include the **KDC Authentication** EKU, follow the instructions in [Configure Hybrid Windows Hello for Business: Public Key Infrastructure](hello-hybrid-key-whfb-settings-pki.md)
 
 > [!Tip]
 > If you are using Windows Server 2008, **Kerberos Authentication** is not the default template, so make sure to use the correct template when issuing or re-issuing the certificate.
@@ -88,7 +89,7 @@ Authenticating from a Hybrid Azure AD joined device to a domain using Windows He
 
 Use this set of procedures to update your certificate authority that issues your domain controller certificates to include an http-based CRL distribution point. 
 
-Steps you will perform include:
+Steps you'll perform include:
 
 - [Configure Internet Information Services to host CRL distribution point](#configure-internet-information-services-to-host-crl-distribution-point) 
 - [Prepare a file share to host the certificate revocation list](#prepare-a-file-share-to-host-the-certificate-revocation-list)
@@ -99,40 +100,40 @@ Steps you will perform include:
 
 ### Configure Internet Information Services to host CRL distribution point
 
-You need to host your new certificate revocation list of a web server so Azure AD-joined devices can easily validate certificates without authentication.  You can host these files on web servers many ways.  The following steps is just one and may be useful for those unfamiliar with adding a new CRL distribution point.
+You need to host your new certificate revocation list of a web server so Azure AD-joined devices can easily validate certificates without authentication.  You can host these files on web servers many ways.  The following steps are just one and may be useful for admins unfamiliar with adding a new CRL distribution point.
 
 > [!IMPORTANT]
 > Do not configure the IIS server hosting your CRL distribution point to use https or a server authentication certificate.  Clients should access the distribution point using http. 
 
 #### Installing the Web Server
 
-1. Sign-in to your server as a local administrator and start **Server Manager** if it did not start during your sign in. 
-2. Click the **Local Server** node in the navigation pane.  Click **Manage** and click **Add Roles and Features**.
-3. In the **Add Role and Features Wizard**, click **Server Selection**.  Verify the selected server is the local server.  Click **Server Roles**.  Select the check box next to **Web Server (IIS)**.
-4. Click **Next** through the remaining options in the wizard, accepting the defaults, and install the Web Server role.
+1. Sign-in to your server as a local administrator and start **Server Manager** if it didn't start during your sign in. 
+2. Select the **Local Server** node in the navigation pane.  Select **Manage** and select **Add Roles and Features**.
+3. In the **Add Role and Features Wizard**, select **Server Selection**.  Verify the selected server is the local server.  Select **Server Roles**.  Select the check box next to **Web Server (IIS)**.
+4. Select **Next** through the remaining options in the wizard, accepting the defaults, and install the Web Server role.
  
 #### Configure the Web Server
 
 1. From **Windows Administrative Tools**, Open **Internet Information Services (IIS) Manager**.
-2. Expand the navigation pane to show **Default Web Site**.  Select and then right-click **Default Web site** and click **Add Virtual Directory...**.
-3. In the **Add Virtual Directory** dialog box, type **cdp** in **alias**.  For physical path, type or browse for the physical file location where you will host the certificate revocation list.  For this example, the path **c:\cdp** is used. Click **OK**.
+2. Expand the navigation pane to show **Default Web Site**.  Select and then right-click **Default Web site** and select **Add Virtual Directory...**.
+3. In the **Add Virtual Directory** dialog box, type **cdp** in **alias**.  For physical path, type or browse for the physical file location where you'll host the certificate revocation list.  For this example, the path **c:\cdp** is used. Select **OK**.
    ![Add Virtual Directory.](images/aadj/iis-add-virtual-directory.png) 
    > [!NOTE]
    > Make note of this path as you will use it later to configure share and file permissions.
 
-4. Select **CDP** under **Default Web Site** in the navigation pane.  Double-click **Directory Browsing** in the content pane.  Click **Enable** in the details pane.
+4. Select **CDP** under **Default Web Site** in the navigation pane.  Double-click **Directory Browsing** in the content pane.  Select **Enable** in the details pane.
 5. Select **CDP** under **Default Web Site** in the navigation pane.  Double-click **Configuration Editor**.
 6. In the **Section** list, navigate to **system.webServer/security/requestFiltering**.
    ![IIS Configuration Editor requestFiltering.](images/aadj/iis-config-editor-requestFiltering.png)   
-   In the list of named value-pairs in the content pane, configure **allowDoubleEscaping** to **True**.  Click **Apply** in the actions pane.
+   In the list of named value-pairs in the content pane, configure **allowDoubleEscaping** to **True**.  Select **Apply** in the actions pane.
    ![IIS Configuration Editor double escaping.](images/aadj/iis-config-editor-allowDoubleEscaping.png)
 7. Close **Internet Information Services (IIS) Manager**. 
 
 #### Create a DNS resource record for the CRL distribution point URL 
 
 1. On your DNS server or from an administrative workstation, open **DNS Manager** from **Administrative Tools**.
-2. Expand **Forward Lookup Zones** to show the DNS zone for your domain.  Right-click your domain name in the navigation pane and click **New Host (A or AAAA)...**.
-3. In the **New Host** dialog box, type **crl** in **Name**.  Type the IP address of the web server you configured in **IP Address**. Click **Add Host**.  Click **OK** to close the **DNS** dialog box.  Click **Done**.
+2. Expand **Forward Lookup Zones** to show the DNS zone for your domain.  Right-click your domain name in the navigation pane and select **New Host (A or AAAA)...**.
+3. In the **New Host** dialog box, type **crl** in **Name**.  Type the IP address of the web server you configured in **IP Address**. Select **Add Host**.  Select **OK** to close the **DNS** dialog box.  Select **Done**.
 ![Create DNS host record.](images/aadj/dns-new-host-dialog.png)
 4. Close the **DNS Manager**. 
 
@@ -143,37 +144,37 @@ These procedures configure NTFS and share permissions on the web server to allow
 #### Configure the CDP file share
 
 1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server).
-2. Right-click the **cdp** folder and click **Properties**.  Click the **Sharing** tab.  Click **Advanced Sharing**.
-3. Select **Share this folder**. Type **cdp$** in **Share name**. Click **Permissions**.
+2. Right-click the **cdp** folder and select **Properties**.  Select the **Sharing** tab.  Select **Advanced Sharing**.
+3. Select **Share this folder**. Type **cdp$** in **Share name**. Select **Permissions**.
 ![cdp sharing.](images/aadj/cdp-sharing.png)
-4. In the **Permissions for cdp$** dialog box, click **Add**.
-5. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, click **Object Types**.  In the **Object Types** dialog box, select **Computers**, and then click **OK**.
-7. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, in **Enter the object names to select**, type the name of the server running the certificate authority issuing the certificate revocation list, and then click **Check Names**. Click **OK**.
-8. In the **Permissions for cdp$** dialog box, select the certificate authority from the **Group or user names list**. In the **Permissions for** section, select **Allow** for **Full control**. Click **OK**.
+4. In the **Permissions for cdp$** dialog box, select **Add**.
+5. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, select **Object Types**.  In the **Object Types** dialog box, select **Computers**, and then select **OK**.
+7. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, in **Enter the object names to select**, type the name of the server running the certificate authority issuing the certificate revocation list, and then select **Check Names**. Select **OK**.
+8. In the **Permissions for cdp$** dialog box, select the certificate authority from the **Group or user names list**. In the **Permissions for** section, select **Allow** for **Full control**. Select **OK**.
 ![CDP Share Permissions.](images/aadj/cdp-share-permissions.png)
-9. In the **Advanced Sharing** dialog box, click **OK**.
+9. In the **Advanced Sharing** dialog box, select **OK**.
 
 > [!Tip]
 > Make sure that users can access **\\\Server FQDN\sharename**.
 
 #### Disable Caching 
 1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server).
-2. Right-click the **cdp** folder and click **Properties**.  Click the **Sharing** tab.  Click **Advanced Sharing**.
-3. Click **Caching**. Select **No files or programs from the shared folder are available offline**.
+2. Right-click the **cdp** folder and select **Properties**.  Select the **Sharing** tab.  Select **Advanced Sharing**.
+3. Select **Caching**. Select **No files or programs from the shared folder are available offline**.
 ![CDP disable caching.](images/aadj/cdp-disable-caching.png)
-4. Click **OK**. 
+4. Select **OK**. 
 
 #### Configure NTFS permission for the CDP folder
 
 1. On the web server, open **Windows Explorer** and navigate to the **cdp** folder you created in step 3 of [Configure the Web Server](#configure-the-web-server).
-2. Right-click the **cdp** folder and click **Properties**.  Click the **Security** tab.
-3. On the **Security** tab, click Edit.
-5. In the **Permissions for cdp** dialog box, click **Add**.
+2. Right-click the **cdp** folder and select **Properties**.  Select the **Security** tab.
+3. On the **Security** tab, select Edit.
+5. In the **Permissions for cdp** dialog box, select **Add**.
 ![CDP NTFS Permissions.](images/aadj/cdp-ntfs-permissions.png)
-6. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, click **Object Types**.  In the **Object Types** dialog box, select **Computers**. Click **OK**.
-7. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, in **Enter the object names to select**, type the name of the certificate authority, and then click **Check Names**. Click **OK**.
-8. In the **Permissions for cdp** dialog box, select the name of the certificate authority from the **Group or user names** list. In the **Permissions for** section, select **Allow** for **Full control**. Click **OK**.
-9. Click **Close** in the **cdp Properties** dialog box.
+6. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, select **Object Types**.  In the **Object Types** dialog box, select **Computers**. Select **OK**.
+7. In the **Select Users, Computers, Service Accounts, or Groups** dialog box, in **Enter the object names to select**, type the name of the certificate authority, and then select **Check Names**. Select **OK**.
+8. In the **Permissions for cdp** dialog box, select the name of the certificate authority from the **Group or user names** list. In the **Permissions for** section, select **Allow** for **Full control**. Select **OK**.
+9. Select **Close** in the **cdp Properties** dialog box.
 
 
 ### Configure the new CRL distribution point and Publishing location in the issuing certificate authority
@@ -183,17 +184,17 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 
 #### Configure the CRL distribution Point
 1. On the issuing certificate authority, sign-in as a local administrator.  Start the **Certificate Authority** console from **Administrative Tools**. 
-2. In the navigation pane, right-click the name of the certificate authority and click **Properties**
-3. Click **Extensions**.  On the **Extensions** tab, select **CRL Distribution Point (CDP)** from the **Select extension** list.
-4. On the **Extensions** tab, click **Add**. Type <b>http://crl.[domainname]/cdp/</b> in **location**.  For example, `<http://crl.corp.contoso.com/cdp/>` or `<http://crl.contoso.com/cdp/>` (do not forget the trailing forward slash). 
+2. In the navigation pane, right-click the name of the certificate authority and select **Properties**
+3. Select **Extensions**.  On the **Extensions** tab, select **CRL Distribution Point (CDP)** from the **Select extension** list.
+4. On the **Extensions** tab, select **Add**. Type <b>http://crl.[domainname]/cdp/</b> in **location**.  For example, `<http://crl.corp.contoso.com/cdp/>` or `<http://crl.contoso.com/cdp/>` (don't forget the trailing forward slash). 
    ![CDP New Location dialog box.](images/aadj/cdp-extension-new-location.png)
-5. Select **\<CaName>** from the **Variable** list and click **Insert**.  Select **\<CRLNameSuffix>** from the **Variable** list and click **Insert**.  Select **\<DeltaCRLAllowed>** from the **Variable** list and click **Insert**.
-6. Type **.crl** at the end of the text in **Location**. Click **OK**.
+5. Select **\<CaName>** from the **Variable** list and select **Insert**.  Select **\<CRLNameSuffix>** from the **Variable** list and select **Insert**.  Select **\<DeltaCRLAllowed>** from the **Variable** list and select **Insert**.
+6. Type **.crl** at the end of the text in **Location**. Select **OK**.
 7. Select the CDP you just created.
    ![CDP complete http.](images/aadj/cdp-extension-complete-http.png)
 8. Select **Include in CRLs.  Clients use this to find Delta CRL locations**.
 9. Select **Include in the CDP extension of issued certificates**.
-10. Click **Apply** save your selections.  Click **No** when ask to restart the service.
+10. Select **Apply** save your selections.  Select **No** when ask to restart the service.
 
 > [!NOTE]
 > Optionally, you can remove unused CRL distribution points and publishing locations.
@@ -201,43 +202,43 @@ The web server is ready to host the CRL distribution point.  Now, configure the
 #### Configure the CRL publishing location
 
 1. On the issuing certificate authority, sign-in as a local administrator.  Start the **Certificate Authority** console from **Administrative Tools**. 
-2. In the navigation pane, right-click the name of the certificate authority and click **Properties**
-3. Click **Extensions**.  On the **Extensions** tab, select **CRL Distribution Point (CDP)** from the **Select extension** list.
-4. On the **Extensions** tab, click **Add**.  Type the computer and share name you create for your CRL distribution point in [Configure the CDP file share](#configure-the-cdp-file-share).  For example, **\\\app\cdp$\\** (do not forget the trailing backwards slash).
-5. Select **\<CaName>** from the **Variable** list and click **Insert**.  Select **\<CRLNameSuffix>** from the **Variable** list and click **Insert**.  Select **\<DeltaCRLAllowed>** from the **Variable** list and click **Insert**.
-6. Type **.crl** at the end of the text in **Location**. Click **OK**.
+2. In the navigation pane, right-click the name of the certificate authority and select **Properties**
+3. Select **Extensions**.  On the **Extensions** tab, select **CRL Distribution Point (CDP)** from the **Select extension** list.
+4. On the **Extensions** tab, select **Add**.  Type the computer and share name you create for your CRL distribution point in [Configure the CDP file share](#configure-the-cdp-file-share).  For example, **\\\app\cdp$\\** (don't forget the trailing backwards slash).
+5. Select **\<CaName>** from the **Variable** list and select **Insert**.  Select **\<CRLNameSuffix>** from the **Variable** list and select **Insert**.  Select **\<DeltaCRLAllowed>** from the **Variable** list and select **Insert**.
+6. Type **.crl** at the end of the text in **Location**. Select **OK**.
 7. Select the CDP you just created. <br/>
    ![CDP publishing location.](images/aadj/cdp-extension-complete-unc.png)
 8. Select **Publish CRLs to this location**.
 9. Select **Publish Delta CRLs to this location**.
-10. Click **Apply** save your selections.  Click **Yes** when ask to restart the service.  Click **OK** to close the properties dialog box.
+10. Select **Apply** save your selections.  Select **Yes** when ask to restart the service.  Select **OK** to close the properties dialog box.
 
 ### Publish a new CRL
 
 1. On the issuing certificate authority, sign-in as a local administrator.  Start the **Certificate Authority** console from **Administrative Tools**.
-2. In the navigation pane, right-click **Revoked Certificates**, hover over **All Tasks**, and click **Publish**
+2. In the navigation pane, right-click **Revoked Certificates**, hover over **All Tasks**, and select **Publish**
 ![Publish a New CRL.](images/aadj/publish-new-crl.png)
-3. In the **Publish CRL** dialog box, select **New CRL** and click **OK**.
+3. In the **Publish CRL** dialog box, select **New CRL** and select **OK**.
 
 #### Validate CDP Publishing
 
 Validate your new CRL distribution point is working. 
 
-1. Open a web browser. Navigate to <b>http://crl.[yourdomain].com/cdp</b>.  You should see two files created from publishing your new CRL.
+1. Open a web browser. Navigate to `http://crl.[yourdomain].com/cdp`.  You should see two files created from publishing your new CRL.
    ![Validate the new CRL.](images/aadj/validate-cdp-using-browser.png)
 
 ### Reissue domain controller certificates
 
-With the CA properly configured with a valid HTTP-based CRL distribution point, you need to reissue certificates to domain controllers as the old certificate does not have the updated CRL distribution point. 
+With the CA properly configured with a valid HTTP-based CRL distribution point, you need to reissue certificates to domain controllers as the old certificate doesn't have the updated CRL distribution point. 
 
 1. Sign-in a domain controller using administrative credentials.
 2. Open the **Run** dialog box.  Type **certlm.msc** to open the **Certificate Manager** for the local computer.
-3. In the navigation pane, expand **Personal**.  Click **Certificates**.  In the details pane, select the existing domain controller certificate includes **KDC Authentication** in the list of **Intended Purposes**.
+3. In the navigation pane, expand **Personal**.  Select **Certificates**.  In the details pane, select the existing domain controller certificate includes **KDC Authentication** in the list of **Intended Purposes**.
 ![Certificate Manager Personal store.](images/aadj/certlm-personal-store.png)
-4. Right-click the selected certificate.  Hover over **All Tasks** and then select **Renew Certificate with New Key...**.  In the **Certificate Enrollment** wizard, click **Next**.
+4. Right-click the selected certificate.  Hover over **All Tasks** and then select **Renew Certificate with New Key...**.  In the **Certificate Enrollment** wizard, select **Next**.
 ![Renew with New key.](images/aadj/certlm-renew-with-new-key.png) 
-5. In the **Request Certificates** page of the wizard, verify the selected certificate has the correct certificate template and ensure the status is available.  Click **Enroll**.
-6. After the enrollment completes, click **Finish** to close the wizard. 
+5. In the **Request Certificates** page of the wizard, verify the selected certificate has the correct certificate template and ensure the status is available.  Select **Enroll**.
+6. After the enrollment completes, select **Finish** to close the wizard. 
 7. Repeat this procedure on all your domain controllers.
 
 > [!NOTE]
@@ -250,16 +251,16 @@ With the CA properly configured with a valid HTTP-based CRL distribution point,
 
 1. Sign-in a domain controller using administrative credentials.
 2. Open the **Run** dialog box.  Type **certlm.msc** to open the **Certificate Manager** for the local computer.
-3. In the navigation pane, expand **Personal**.  Click **Certificates**.  In the details pane, double-click the existing domain controller certificate includes **KDC Authentication** in the list of **Intended Purposes**.
-4. Click the **Details** tab.  Scroll down the list until **CRL Distribution Points** is visible in the **Field** column of the list.  Select **CRL Distribution Point**.
-5. Review the information below the list of fields to confirm the new URL for the CRL distribution point is present in the certificate.  Click **OK**.</br>
+3. In the navigation pane, expand **Personal**.  Select **Certificates**.  In the details pane, double-click the existing domain controller certificate includes **KDC Authentication** in the list of **Intended Purposes**.
+4. Select the **Details** tab.  Scroll down the list until **CRL Distribution Points** is visible in the **Field** column of the list.  Select **CRL Distribution Point**.
+5. Review the information below the list of fields to confirm the new URL for the CRL distribution point is present in the certificate.  Select **OK**.</br>
 ![New Certificate with updated CDP.](images/aadj/dc-cert-with-new-cdp.png)
 
 ## Configure and Assign a Trusted Certificate Device Configuration Profile
 
-Your domain controllers have new certificate that include the new CRL distribution point.  Next, you need your enterprise root certificate so you can deploy it to Azure AD-joined devices.  Deploying the enterprise root certificates to the device, ensures the device trusts any certificates issued by the certificate authority.  Without the certificate, Azure AD-joined devices do not trust domain controller certificates and authentication fails. 
+Your domain controllers have new certificates that include the new CRL distribution point.  Next, you need your enterprise root certificate so you can deploy it to Azure AD-joined devices. When you deploy the enterprise root certificates to the device, it ensures the device trusts any certificates issued by the certificate authority.  Without the certificate, Azure AD-joined devices don't trust domain controller certificates and authentication fails. 
 
-Steps you will perform include:
+Steps you'll perform include:
 - [Export Enterprise Root certificate](#export-enterprise-root-certificate)
 - [Create and Assign a Trust Certificate Device Configuration Profile](#create-and-assign-a-trust-certificate-device-configuration-profile)
 
@@ -267,30 +268,30 @@ Steps you will perform include:
 
 1. Sign-in a domain controller using administrative credentials.
 2. Open the **Run** dialog box.  Type **certlm.msc** to open the **Certificate Manager** for the local computer.
-3. In the navigation pane, expand **Personal**.  Click **Certificates**.  In the details pane, double-click the existing domain controller certificate includes **KDC Authentication** in the list of **Intended Purposes**.
-4. Click the **Certification Path** tab.  In the **Certification path** view, select the top most node and click **View Certificate**.
+3. In the navigation pane, expand **Personal**.  Select **Certificates**.  In the details pane, double-click the existing domain controller certificate includes **KDC Authentication** in the list of **Intended Purposes**.
+4. Select the **Certification Path** tab.  In the **Certification path** view, select the topmost node and select **View Certificate**.
 ![Certificate Path.](images/aadj/certlm-cert-path-tab.png)
-5. In the new **Certificate** dialog box, click the **Details** tab. Click **Copy to File**.
+5. In the new **Certificate** dialog box, select the **Details** tab. Select **Copy to File**.
 ![Details tab and copy to file.](images/aadj/certlm-root-cert-details-tab.png)
-6. In the **Certificate Export Wizard**, click **Next**.  
-7. On the **Export File Format** page of the wizard, click **Next**.  
-8. On the **File to Export** page in the wizard, type the name and location of the root certificate and click **Next**. Click **Finish** and then click **OK** to close the success dialog box. <br>
+6. In the **Certificate Export Wizard**, select **Next**.  
+7. On the **Export File Format** page of the wizard, select **Next**.  
+8. On the **File to Export** page in the wizard, type the name and location of the root certificate and select **Next**. Select **Finish** and then select **OK** to close the success dialog box. <br>
 ![Export root certificate.](images/aadj/certlm-export-root-certificate.png)
-9. Click **OK**  two times to return to the **Certificate Manager** for the local computer.  Close the **Certificate Manager**.
+9. Select **OK**  two times to return to the **Certificate Manager** for the local computer.  Close the **Certificate Manager**.
 
 ### Create and Assign a Trust Certificate Device Configuration Profile
 
 A **Trusted Certificate** device configuration profile is how you deploy trusted certificates to Azure AD-joined devices.
 
-1. Sign-in to the [Microsoft Azure Portal](https://portal.azure.com) and select **Microsoft Intune**.
-2. Click **Device configuration**.  In the **Device Configuration** blade, click **Create profile**.
+1. Sign-in to the [Microsoft Azure portal](https://portal.azure.com) and select **Microsoft Intune**.
+2. Select **Device configuration**.  In the **Device Configuration** blade, select **Create profile**.
 ![Intune Create Profile.](images/aadj/intune-create-device-config-profile.png)
-3. In the **Create profile** blade, type **Enterprise Root Certificate** in **Name**.  Provide a description.  Select **Windows 10 and later** from the **Platform** list.  Select **Trusted certificate** from the **Profile type** list.  Click **Configure**.
-4. In the **Trusted Certificate** blade, use the folder icon to browse for the location of the enterprise root certificate file you created in step 8 of [Export Enterprise Root certificate](#export-enterprise-root-certificate).  Click **OK**.  Click **Create**.
+3. In the **Create profile** blade, type **Enterprise Root Certificate** in **Name**.  Provide a description.  Select **Windows 10 and later** from the **Platform** list.  Select **Trusted certificate** from the **Profile type** list.  Select **Configure**.
+4. In the **Trusted Certificate** blade, use the folder icon to browse for the location of the enterprise root certificate file you created in step 8 of [Export Enterprise Root certificate](#export-enterprise-root-certificate).  Select **OK**.  Select **Create**.
 ![Intune Trusted Certificate Profile.](images/aadj/intune-create-trusted-certificate-profile.png)
-5. In the **Enterprise Root Certificate** blade, click **Assignments**.  In the **Include** tab, select **All Devices** from the **Assign to** list.  Click **Save**.
+5. In the **Enterprise Root Certificate** blade, select **Assignments**.  In the **Include** tab, select **All Devices** from the **Assign to** list.  Select **Save**.
 ![Intune Profile assignment.](images/aadj/intune-device-config-enterprise-root-assignment.png)
-6. Sign out of the Microsoft Azure Portal.
+6. Sign out of the Microsoft Azure portal.
 > [!NOTE]
 > After the creation, the **supported platform** parameter of the profile will contain the value "Windows 8.1 and later", as the certificate configuration for Windows 8.1 and Windows 10 is the same.
 
@@ -298,14 +299,14 @@ A **Trusted Certificate** device configuration profile is how you deploy trusted
 
 Sign-in a workstation with access equivalent to a _domain user_.
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 2. Select **Devices**.
 3. Choose **Enroll devices**.
 4. Select **Windows enrollment**.
 5. Under **Windows enrollment**, select **Windows Hello for Business**.
    ![Create Windows Hello for Business Policy.](images/aadj/MEM.png)
 6. Select **Enabled** from the **Configure Windows Hello for Business** list.
-7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and does not allow fall back to software-based keys.
+7. Select **Required** next to **Use a Trusted Platform Module (TPM)**. By default, Windows Hello for Business prefers TPM 2.0 or falls backs to software. Choosing **Required** forces Windows Hello for Business to only use TPM 2.0 or TPM 1.2 and doesn't allow fall back to software-based keys.
 8. Enter the desired **Minimum PIN length** and **Maximum PIN length**.
     > [!IMPORTANT]
     > The default minimum PIN length for Windows Hello for Business on Windows 10 and Windows 11 is six.  Microsoft Intune defaults the minimum PIN length to four, which reduces the security of the user's PIN.  If you do not have a desired PIN length, set the minimum PIN length to six.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 2d0fd8eb2a..441651ecdb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Azure AD-join</b>
   - ✅ <b>Hybrid Deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 
 # Using Certificates for AADJ On-premises Single-sign On
@@ -25,7 +26,7 @@ If you plan to use certificates for on-premises single-sign on, then follow thes
 > [!IMPORTANT]
 > Ensure you have performed the configurations in [Azure AD-joined devices for On-premises Single-Sign On](hello-hybrid-aadj-sso-base.md) before you continue.
 
-Steps you will perform include:
+Steps you'll perform include:
 
 - [Prepare Azure AD Connect](#prepare-azure-ad-connect)
 - [Prepare the Network Device Enrollment Services Service Account](#prepare-the-network-device-enrollment-services-ndes-service-account)
@@ -46,7 +47,7 @@ You need to install and configure additional infrastructure to provide Azure AD-
 
 The Network Device Enrollment Services (NDES) server role acts as a certificate registration authority.  Certificate registration servers enroll certificates on behalf of the user.  Users request certificates from the NDES service rather than directly from the issuing certificate authority.
 
-The architecture of the NDES server prevents it from being clustered or load balanced for high availability.  To provide high availability, you need to install more than one identically configured NDES servers and use Microsoft Intune to load balance then (in round-robin fashion).
+The architecture of the NDES server prevents it from being clustered or load balanced for high availability.  To provide high availability, you need to install more than one identically configured NDES servers, and use Microsoft Intune to load balance then (in round-robin fashion).
 
 The Network Device Enrollment Service (NDES) server role can issue up to three unique certificate templates.  The server role accomplishes this by mapping the purpose of the certificate request to a configured certificate template.  The certificate request purpose has three options:
 
@@ -74,9 +75,9 @@ Sign-in to computer running Azure AD Connect with access equivalent to _local ad
 
 1. Open **Synchronization Services** from the **Azure AD Connect** folder.
 
-2. In the **Synchronization Service Manager**, click **Help** and then click **About**.
+2. In the **Synchronization Service Manager**, select **Help** and then select **About**.
 
-3. If the version number is not **1.1.819** or later, then upgrade Azure AD Connect to the latest version.
+3. If the version number isn't **1.1.819** or later, then upgrade Azure AD Connect to the latest version.
 
 ### Verify the onPremisesDistinguishedName attribute is synchronized
 
@@ -89,7 +90,7 @@ The easiest way to verify that the onPremisesDistingushedNamne attribute is sync
 > [!NOTE]
 > To successfully query the Graph API, adequate [permissions](/graph/api/user-get?) must be granted.
 
-3. Select **Modify permissions (Preview)**. Scroll down and locate **User.Read.All** (or any other required permission) and select **Consent**. You will now be prompted for delegated permissions consent.
+3. Select **Modify permissions (Preview)**. Scroll down and locate **User.Read.All** (or any other required permission) and select **Consent**. You'll now be prompted for delegated permissions consent.
 
 4. In the Graph Explorer URL, enter `https://graph.microsoft.com/v1.0/users/[userid]?$select=displayName,userPrincipalName,onPremisesDistinguishedName`, where **[userid]** is the user principal name of a user in Azure Active Directory.  Select **Run query**.
 
@@ -106,7 +107,7 @@ The easiest way to verify that the onPremisesDistingushedNamne attribute is sync
 GET https://graph.microsoft.com/v1.0/users/{id | userPrincipalName}?$select=displayName,userPrincipalName,onPremisesDistinguishedName
 ```
 
-5. In the returned results, review the JSON data for the **onPremisesDistinguishedName** attribute.  Ensure the attribute has a value and that the value is accurate for the given user. If the **onPremisesDistinguishedName** attribute is not synchronized the value will be **null**.
+5. In the returned results, review the JSON data for the **onPremisesDistinguishedName** attribute.  Ensure the attribute has a value and that the value is accurate for the given user. If the **onPremisesDistinguishedName** attribute isn't synchronized the value will be **null**.
 
 #### Response
 <!-- {
@@ -138,11 +139,11 @@ Sign-in to a domain controller or management workstation with access equivalent
 
 2. Expand the domain node from the navigation pane.
 
-3. Right-click the **Users** container. Hover over **New** and click **Group**.
+3. Right-click the **Users** container. Hover over **New** and select **Group**.
 
 4. Type **NDES Servers** in the **Group Name** text box.
 
-5. Click **OK**.
+5. Select **OK**.
 
 ### Add the NDES server to the NDES Servers global security group
 
@@ -152,26 +153,26 @@ Sign-in to a domain controller or management workstation with access equivalent
 
 2. Expand the domain node from the navigation pane.
 
-3. Click **Computers** from the navigation pane. Right-click the name of the NDES server that will host the NDES server role.  Click **Add to a group**.
+3. Select **Computers** from the navigation pane. Right-click the name of the NDES server that will host the NDES server role.  Select **Add to a group**.
 
-4. Type **NDES Servers** in **Enter the object names to select**.  Click **OK**.  Click **OK** on the **Active Directory Domain Services** success dialog.
+4. Type **NDES Servers** in **Enter the object names to select**.  Select **OK**.  Select **OK** on the **Active Directory Domain Services** success dialog.
 
 > [!NOTE]
 > For high-availability, you should have more than one NDES server to service Windows Hello for Business certificate requests.  You should add additional Windows Hello for Business NDES servers to this group to ensure they receive the proper configuration.
 
 ### Create the NDES Service Account
 
-The Network Device Enrollment Services (NDES) role runs under a service account. Typically, it is preferential to run services using a Group Managed Service Account (GMSA).  While the NDES role can be configured to run using a GMSA, the Intune Certificate Connector was not designed nor tested using a GMSA and is considered an unsupported configuration.  The deployment uses a normal services account.
+The Network Device Enrollment Services (NDES) role runs under a service account. Typically, it's preferential to run services using a Group Managed Service Account (GMSA).  While the NDES role can be configured to run using a GMSA, the Intune Certificate Connector wasn't designed nor tested using a GMSA and is considered an unsupported configuration.  The deployment uses a normal services account.
 
 Sign-in to a domain controller or management workstation with access equivalent to _domain administrator_.
 
 1. In the navigation pane, expand the node that has your domain name.  Select **Users**.
 
-2. Right-click the **Users** container. Hover over **New** and then select **User**.  Type **NDESSvc** in  **Full Name** and **User logon name**. Click **Next**.
+2. Right-click the **Users** container. Hover over **New** and then select **User**.  Type **NDESSvc** in  **Full Name** and **User logon name**. Select **Next**.
 
-3. Type a secure password in **Password**.  Confirm the secure password in **Confirm Password**.  Clear **User must change password at next logon**.  Click **Next**.
+3. Type a secure password in **Password**.  Confirm the secure password in **Confirm Password**.  Clear **User must change password at next logon**.  Select **Next**.
 
-4. Click **Finish**.
+4. Select **Finish**.
 
 > [!IMPORTANT]
 > Configuring the service's account password to **Password never expires** may be more convenient, but it presents a security risk.  Normal service account passwords should expire in accordance with the organizations user password expiration policy.  Create a reminder to change the service account's password two weeks before it will expire.  Share the reminder with others that are allowed to change the password to ensure the password is changed before it expires.
@@ -188,19 +189,19 @@ Sign-in a domain controller or management workstations with _Domain Admin_ equiv
 
 3. Right-click **Group Policy object** and select **New**.
 
-4. Type **NDES Service Rights** in the name box and click **OK**.
+4. Type **NDES Service Rights** in the name box and select **OK**.
 
-5. In the content pane, right-click the **NDES Service Rights** Group Policy object and click **Edit**.
+5. In the content pane, right-click the **NDES Service Rights** Group Policy object and select **Edit**.
 
 6. In the navigation pane, expand **Policies** under **Computer Configuration**.
 
 7. Expand **Windows Settings > Security Settings > Local Policies**. Select **User Rights Assignments**.
 
-8. In the content pane, double-click **Allow log on locally**. Select **Define these policy settings** and click **OK**.  Click **Add User or Group...**.  In the **Add User or Group** dialog box, click **Browse**.  In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **Administrators;Backup Operators;DOMAINNAME\NDESSvc;Users** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**.  Click **OK** twice.
+8. In the content pane, double-click **Allow log on locally**. Select **Define these policy settings** and select **OK**.  Select **Add User or Group...**.  In the **Add User or Group** dialog box, select **Browse**.  In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **Administrators;Backup Operators;DOMAINNAME\NDESSvc;Users** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**.  Select **OK** twice.
 
-9. In the content pane, double-click **Log on as a batch job**. Select **Define these policy settings** and click **OK**.  Click **Add User or Group...**.  In the **Add User or Group** dialog box, click **Browse**.  In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **Administrators;Backup Operators;DOMAINNAME\NDESSvc;Performance Log Users** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**.  Click **OK** twice.
+9. In the content pane, double-click **Log on as a batch job**. Select **Define these policy settings** and select **OK**.  Select **Add User or Group...**.  In the **Add User or Group** dialog box, select **Browse**.  In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **Administrators;Backup Operators;DOMAINNAME\NDESSvc;Performance Log Users** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**.  Select **OK** twice.
 
-10. In the content pane, double-click **Log on as a service**. Select **Define these policy settings** and click **OK**.  Click **Add User or Group...**.  In the **Add User or Group** dialog box, click **Browse**.  In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **NT SERVICE\ALL SERVICES;DOMAINNAME\NDESSvc** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**.  Click **OK** three times.
+10. In the content pane, double-click **Log on as a service**. Select **Define these policy settings** and select **OK**.  Select **Add User or Group...**.  In the **Add User or Group** dialog box, select **Browse**.  In the **Select Users, Computers, Service Accounts, or Groups** dialog box, type **NT SERVICE\ALL SERVICES;DOMAINNAME\NDESSvc** where **DOMAINNAME** is the NetBios name of the domain (Example CONTOSO\NDESSvc) in **User and group names**.  Select **OK** three times.
 
 11. Close the **Group Policy Management Editor**.
 
@@ -216,11 +217,11 @@ Sign-in to a domain controller or management workstation with access equivalent
 
 3. Double-click the **NDES Service User Rights** Group Policy object.
 
-4. In the **Security Filtering** section of the content pane, click **Add**.  Type **NDES Servers** or the name of the security group you previously created and click **OK**.
+4. In the **Security Filtering** section of the content pane, select **Add**.  Type **NDES Servers** or the name of the security group you previously created and select **OK**.
 
-5. Click the **Delegation** tab. Select **Authenticated Users** and click **Advanced**.
+5. Select the **Delegation** tab. Select **Authenticated Users** and select **Advanced**.
 
-6. In the **Group or User names** list, select **Authenticated Users**.  In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Click **OK**.
+6. In the **Group or User names** list, select **Authenticated Users**.  In the **Permissions for Authenticated Users** list, clear the **Allow** check box for the **Apply Group Policy** permission. Select **OK**.
 
 ### Deploy the NDES Service User Rights Group Policy object
 
@@ -230,16 +231,16 @@ Sign-in to a domain controller or management workstation with access equivalent
 
 1. Start the **Group Policy Management Console** (gpmc.msc)
 
-2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and click **Link an existing GPO**
+2. In the navigation pane, expand the domain and right-click the node that has your Active Directory domain name and select **Link an existing GPO**
 
-3. In the **Select GPO** dialog box, select **NDES Service User Rights** or the name of the Group Policy object you previously created and click **OK**.
+3. In the **Select GPO** dialog box, select **NDES Service User Rights** or the name of the Group Policy object you previously created and select **OK**.
 
 > [!IMPORTANT]
 > Linking the **NDES Service User Rights** Group Policy object to the domain ensures the Group Policy object is in scope for all computers. However, not all computers will have the policy settings applied to them. Only computers that are members of the **NDES Servers** global security group receive the policy settings. All others computers ignore the Group Policy object.
 
 ## Prepare Active Directory Certificate Authority
 
-You must prepare the public key infrastructure and the issuing certificate authority to support issuing certificates using Microsoft Intune and the Network Devices Enrollment Services (NDES) server role.  In this task, you will
+You must prepare the public key infrastructure and the issuing certificate authority to support issuing certificates using Microsoft Intune and the Network Devices Enrollment Services (NDES) server role.  In this task, you'll
 
 - Configure the certificate authority to let Intune provide validity periods
 - Create an NDES-Intune Authentication Certificate template
@@ -271,9 +272,9 @@ Sign-in to the issuing certificate authority or management workstations with _Do
 
 1. Open the **Certificate Authority** management console.
 
-2. Right-click **Certificate Templates** and click **Manage**.
+2. Right-click **Certificate Templates** and select **Manage**.
 
-3. In the **Certificate Template Console**, right-click the **Computer** template in the details pane and click **Duplicate Template**.
+3. In the **Certificate Template Console**, right-click the **Computer** template in the details pane and select **Duplicate Template**.
 
 4. On the **General** tab, type **NDES-Intune Authentication** in **Template display name**.  Adjust the validity and renewal period to meet your enterprise's needs.
 
@@ -284,15 +285,15 @@ Sign-in to the issuing certificate authority or management workstations with _Do
 
 6. On the **Cryptography** tab, validate the **Minimum key size** is **2048**.
 
-7. On the **Security** tab, click **Add**.
+7. On the **Security** tab, select **Add**.
 
-8. Select **Object Types**, then, in the window that appears, choose **Computers** and click **OK**.
+8. Select **Object Types**, then in the window that appears, choose **Computers** and select **OK**.
 
-9. Type **NDES server** in the **Enter the object names to select** text box and click **OK**.
+9. Type **NDES server** in the **Enter the object names to select** text box and select **OK**.
 
-10. Select **NDES server** from the **Group or users names** list. In the **Permissions for** section, select the **Allow** check box for the **Enroll** permission. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes are not already cleared. Click **OK**.
+10. Select **NDES server** from the **Group or users names** list. In the **Permissions for** section, select the **Allow** check box for the **Enroll** permission. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other items in the **Group or users names** list if the check boxes aren't already cleared. Select **OK**.
 
-11. Click on the **Apply** to save changes and close the console.
+11. Select on the **Apply** to save changes and close the console.
 
 ### Create an Azure AD joined Windows Hello for Business authentication certificate template
 
@@ -302,7 +303,7 @@ Sign in a certificate authority or management workstations with _Domain Admin eq
 
 1. Open the **Certificate Authority** management console.
 
-2. Right-click **Certificate Templates** and click **Manage**.
+2. Right-click **Certificate Templates** and select **Manage**.
 
 3. Right-click the **Smartcard Logon** template and choose **Duplicate Template**.
 
@@ -321,9 +322,9 @@ Sign in a certificate authority or management workstations with _Domain Admin eq
 
 9. On the **Request Handling** tab, select **Signature and encryption** from the **Purpose** list.  Select the **Renew with same key** check box. Select **Enroll subject without requiring any user input**.
 
-10. On the **Security** tab, click **Add**. Type **NDESSvc** in the **Enter the object names to select** text box and click **OK**.
+10. On the **Security** tab, select **Add**. Type **NDESSvc** in the **Enter the object names to select** text box and select **OK**.
 
-11. Select  **NDESSvc** from the **Group or users names** list. In the **Permissions for NDES Servers** section, select the **Allow** check box for **Read** and **Enroll**. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes are not already cleared. Click **OK**.
+11. Select  **NDESSvc** from the **Group or users names** list. In the **Permissions for NDES Servers** section, select the **Allow** check box for **Read** and **Enroll**. Clear the **Allow** check box for the **Enroll** and **Autoenroll** permissions for all other entries in the **Group or users names** section if the check boxes aren't already cleared. Select **OK**.
 
 12. Close the console.
 
@@ -340,17 +341,17 @@ Sign in to the certificate authority or management workstations with an _enterpr
 
 2. Expand the parent node from the navigation pane.
 
-3. Click **Certificate Templates** in the navigation pane.
+3. Select **Certificate Templates** in the navigation pane.
 
-4. Right-click the **Certificate Templates** node.  Click **New**, and click **Certificate Template** to issue.
+4. Right-click the **Certificate Templates** node.  Select **New**, and select **Certificate Template** to issue.
 
-5. In the **Enable Certificates Templates** window, select the **NDES-Intune Authentication** and **AADJ WHFB Authentication** templates you created in the previous steps.  Click **OK** to publish the selected certificate templates to the certificate authority.
+5. In the **Enable Certificates Templates** window, select the **NDES-Intune Authentication** and **AADJ WHFB Authentication** templates you created in the previous steps.  Select **OK** to publish the selected certificate templates to the certificate authority.
 
 6. Close the console.
 
 ## Install and Configure the NDES Role
 
-This section includes the following topics:
+This section includes the following articles:
 
 - Install the Network Device Enrollment Service Role
 - Configure the NDES service account
@@ -364,13 +365,13 @@ This section includes the following topics:
 
 Install the Network Device Enrollment Service role on a computer other than the issuing certificate authority.
 
-Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
+Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credential.
 
 1. Open **Server Manager** on the NDES server.
 
-2. Click **Manage**.  Click **Add Roles and Features**.
+2. Select **Manage**.  Select **Add Roles and Features**.
 
-3. In the **Add Roles and Features Wizard**, on the **Before you begin** page, click **Next**.  Select **Role-based or feature-based installation** on the **Select installation type** page.  Click **Next**.  Click **Select a server from the server pool**.  Select the local server from the **Server Pool** list.  Click **Next**.
+3. In the **Add Roles and Features Wizard**, on the **Before you begin** page, select **Next**.  Select **Role-based or feature-based installation** on the **Select installation type** page.  Select **Next**.  Select **Select a server from the server pool**.  Select the local server from the **Server Pool** list.  Select **Next**.
 
    ![Server Manager destination server.](images/aadjCert/servermanager-destination-server-ndes.png)
 
@@ -378,21 +379,21 @@ Sign-in to the certificate authority or management workstations with an _Enterpr
 
    ![Server Manager AD CS Role.](images/aadjCert/servermanager-adcs-role.png)
 
-   Click **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Click **Next**.
+   Select **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Select **Next**.
 
    ![Server Manager Add Features.](images/aadjcert/servermanager-adcs-add-features.png)
 
-5. On the **Features** page, expand **.NET Framework 3.5 Features**.  Select **HTTP Activation**.  Click **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Expand **.NET Framework 4.5 Features**.  Expand **WCF Services**.  Select **HTTP Activation**.  Click **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Click **Next**.
+5. On the **Features** page, expand **.NET Framework 3.5 Features**.  Select **HTTP Activation**.  Select **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Expand **.NET Framework 4.5 Features**.  Expand **WCF Services**.  Select **HTTP Activation**.  Select **Add Features** on the **Add Roles and Feature Wizard** dialog box.  Select **Next**.
 
    ![Server Manager Feature HTTP Activation.](images/aadjcert/servermanager-adcs-http-activation.png)
 
-6. On the **Select role services** page, clear the **Certificate Authority** check box. Select the **Network Device Enrollment Service**.  Click **Add Features** on the **Add Roles and Features Wizard** dialog box. Click **Next**.
+6. On the **Select role services** page, clear the **Certificate Authority** check box. Select the **Network Device Enrollment Service**.  Select **Add Features** on the **Add Roles and Features Wizard** dialog box. Select **Next**.
 
    ![Server Manager ADCS NDES Role.](images/aadjcert/servermanager-adcs-ndes-role-checked.png)
 
-7. Click **Next** on the **Web Server Role (IIS)** page.
+7. Select **Next** on the **Web Server Role (IIS)** page.
 
-8. On the **Select role services** page for the Web Serve role, Select the following additional services if they are not already selected and then click **Next**.
+8. On the **Select role services** page for the Web Serve role, Select the following additional services if they aren't already selected and then select **Next**.
 
    - **Web Server > Security > Request Filtering**
    - **Web Server > Application Development > ASP.NET 3.5**.
@@ -402,7 +403,7 @@ Sign-in to the certificate authority or management workstations with an _Enterpr
 
    ![Server Manager Web Server Role.](images/aadjcert/servermanager-adcs-webserver-role.png)
 
-9. Click **Install**. When the installation completes, continue with the next procedure.  **Do not click Close**.
+9. Select **Install**. When the installation completes, continue with the next procedure.  **Do not click Close**.
 
    > [!IMPORTANT]
    > .NET Framework 3.5 is not included in the typical installation.  If the server is connected to the Internet, the installation attempts to get the files using Windows Update.  If the server is not connected to the Internet, you need to **Specify an alternate source path** such as \<driveLetter>:\\Sources\SxS\
@@ -421,7 +422,7 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 
 2. Select **Groups** from the navigation pane. Double-click the IIS_IUSRS group.
 
-3. In the **IIS_IUSRS Properties** dialog box, click **Add**.  Type **NDESSvc** or the name of your NDES service account.  Click **Check Names** to verify the name and then click **OK**. Click **OK** to close the properties dialog box.
+3. In the **IIS_IUSRS Properties** dialog box, select **Add**.  Type **NDESSvc** or the name of your NDES service account.  Select **Check Names** to verify the name and then select **OK**. Select **OK** to close the properties dialog box.
 
 4. Close the management console.
 
@@ -456,7 +457,7 @@ Sign-in a domain controller with a minimum access equivalent to _Domain Admins_.
 
 1. Open **Active Directory Users and Computers**
 
-2. Locate the NDES Service account (NDESSvc). Right-click and select **Properties**. Click the **Delegation** tab.
+2. Locate the NDES Service account (NDESSvc). Right-click and select **Properties**. Select the **Delegation** tab.
 
    ![NDES Delegation Tab.](images/aadjcert/ndessvcdelegationtab.png)
 
@@ -464,21 +465,21 @@ Sign-in a domain controller with a minimum access equivalent to _Domain Admins_.
 
 4. Select **Use any authentication protocol**.
 
-5. Click **Add**.
+5. Select **Add**.
 
-6. Click **Users or Computers...**  Type the name of the _NDES Server_ you use to issue Windows Hello for Business authentication certificates to Azure AD-joined devices.  From the **Available services** list, select **HOST**.  Click **OK**.
+6. Select **Users or Computers...**  Type the name of the _NDES Server_ you use to issue Windows Hello for Business authentication certificates to Azure AD-joined devices.  From the **Available services** list, select **HOST**.  Select **OK**.
 
    ![NDES Service delegation to NDES host.](images/aadjcert/ndessvcdelegation-host-ndes-spn.png)
 
-7. Repeat steps 5 and 6 for each NDES server using this service account. Click **Add**.
+7. Repeat steps 5 and 6 for each NDES server using this service account. Select **Add**.
 
-8. Click **Users or computers...**  Type the name of the issuing certificate authority this NDES service account uses to issue Windows Hello for Business authentication certificates to Azure AD-joined devices.  From the **Available services** list, select **dcom**.  Hold the **CTRL** key and select **HOST**. Click **OK**.
+8. Select **Users or computers...**  Type the name of the issuing certificate authority this NDES service account uses to issue Windows Hello for Business authentication certificates to Azure AD-joined devices.  From the **Available services** list, select **dcom**.  Hold the **CTRL** key and select **HOST**. Select **OK**.
 
 9. Repeat steps 8 and 9 for each issuing certificate authority from which one or more NDES servers request certificates.
 
    ![NDES Service delegation complete.](images/aadjcert/ndessvcdelegation-host-ca-spn.png)
 
-10. Click **OK**.  Close **Active Directory Users and Computers**.
+10. Select **OK**.  Close **Active Directory Users and Computers**.
 
 ### Configure the NDES Role and Certificate Templates
 
@@ -486,40 +487,40 @@ This task configures the NDES role and the certificate templates the NDES server
 
 #### Configure the NDES Role
 
-Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
+Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credential.
 
 > [!NOTE]
 > If you closed Server Manger from the last set of tasks, start Server Manager and click the action flag that shows a yellow exclamation point.
 
 ![Server Manager Post-Install Yellow flag.](images/aadjcert/servermanager-post-ndes-yellowactionflag.png)
 
-1. Click the **Configure Active Directory Certificate Services on the destination server** link.
+1. Select the **Configure Active Directory Certificate Services on the destination server** link.
 
-2. On the **Credentials** page, click **Next**.
+2. On the **Credentials** page, select **Next**.
 
    ![NDES Installation Credentials.](images/aadjcert/ndesconfig01.png)
 
-3. On the **Role Services** page, select **Network Device Enrollment Service** and then click **Next**
+3. On the **Role Services** page, select **Network Device Enrollment Service** and then select **Next**
 
    ![NDES Role Services.](images/aadjcert/ndesconfig02.png)
 
-4. On the **Service Account for NDES** page, select **Specify service account (recommended)**.  Click **Select...**. Type the user name and password for the NDES service account in the **Windows Security** dialog box.  Click **Next**.
+4. On the **Service Account for NDES** page, select **Specify service account (recommended)**.  Select **Select...**. Type the user name and password for the NDES service account in the **Windows Security** dialog box.  Select **Next**.
 
    ![NDES Service Account for NDES.](images/aadjcert/ndesconfig03b.png)
 
-5. On the **CA for NDES** page, select **CA name**. Click **Select...**.  Select the issuing certificate authority from which the NDES server requests certificates.  Click **Next**.
+5. On the **CA for NDES** page, select **CA name**. Select **Select...**.  Select the issuing certificate authority from which the NDES server requests certificates.  Select **Next**.
 
    ![NDES CA selection.](images/aadjcert/ndesconfig04.png)
 
-6. On the **RA Information**, click **Next**.
+6. On the **RA Information**, select **Next**.
 
-7. On the **Cryptography for NDES** page, click **Next**.
+7. On the **Cryptography for NDES** page, select **Next**.
 
-8. Review the **Confirmation** page.  Click **Configure**.
+8. Review the **Confirmation** page.  Select **Configure**.
 
    ![NDES Confirmation.](images/aadjcert/ndesconfig05.png)
 
-9. Click **Close** after the configuration completes.
+9. Select **Close** after the configuration completes.
 
 #### Configure Certificate Templates on NDES
 
@@ -545,7 +546,7 @@ Sign-in to the NDES Server with _local administrator_ equivalent credentials.
 
 1. Open an elevated command prompt.
 
-2. Using the table above, decide which registry value name you will use to request Windows Hello for Business authentication certificates for Azure AD-joined devices.
+2. Using the table above, decide which registry value name you'll use to request Windows Hello for Business authentication certificates for Azure AD-joined devices.
 
 3. Type the following command:
 
@@ -580,13 +581,13 @@ Connector group automatically round-robin, load balance the Azure AD Application
 
 Sign-in a workstation with access equivalent to a _domain user_.
 
-1. Sign-in to the [Azure Portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
+1. Sign-in to the [Azure portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
 
-2. Select **All Services**.  Type **Azure Active Directory** to filter the list of services.  Under **SERVICES**, Click **Azure Active Directory**.
+2. Select **All Services**.  Type **Azure Active Directory** to filter the list of services.  Under **SERVICES**, select **Azure Active Directory**.
 
-3. Under **MANAGE**, click **Application proxy**.
+3. Under **MANAGE**, select **Application proxy**.
 
-4. Click **Download connector service**.  Click **Accept terms & Download**.  Save the file (AADApplicationProxyConnectorInstaller.exe) in a location accessible by others on the domain.
+4. Select **Download connector service**.  Select **Accept terms & Download**.  Save the file (AADApplicationProxyConnectorInstaller.exe) in a location accessible by others on the domain.
 
    ![Azure Application Proxy Connectors.](images/aadjcert/azureconsole-applicationproxy-connectors-empty.png)
 
@@ -597,7 +598,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
 6. Start **AADApplicationProxyConnectorInstaller.exe**.
 
-7. Read the license terms and then select **I agree to the license terms and conditions**.  Click **Install**.
+7. Read the license terms and then select **I agree to the license terms and conditions**.  Select **Install**.
 
    ![Azure Application Proxy Connector: license terms](images/aadjcert/azureappproxyconnectorinstall-01.png)
 
@@ -605,7 +606,7 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
    ![Azure Application Proxy Connector: sign-in](images/aadjcert/azureappproxyconnectorinstall-02.png)
 
-9. When the installation completes. Read the information regarding outbound proxy servers.  Click **Close**.
+9. When the installation completes. Read the information regarding outbound proxy servers.  Select **Close**.
 
    ![Azure Application Proxy Connector: read](images/aadjcert/azureappproxyconnectorinstall-03.png)
 
@@ -615,39 +616,39 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
 Sign-in a workstation with access equivalent to a _domain user_.
 
-1. Sign-in to the [Azure Portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
+1. Sign-in to the [Azure portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
 
-2. Select **All Services**.  Type **Azure Active Directory** to filter the list of services.  Under **SERVICES**, Click **Azure Active Directory**.
+2. Select **All Services**.  Type **Azure Active Directory** to filter the list of services.  Under **SERVICES**, select **Azure Active Directory**.
 
-3. Under **MANAGE**, click **Application proxy**.
+3. Under **MANAGE**, select **Application proxy**.
 
    ![Azure Application Proxy Connector groups.](images/aadjcert/azureconsole-applicationproxy-connectors-default.png)
 
-4. Click **New Connector Group**. Under **Name**, type **NDES WHFB Connectors**.
+4. Select **New Connector Group**. Under **Name**, type **NDES WHFB Connectors**.
 
    ![Azure Application New Connector Group.](images/aadjcert/azureconsole-applicationproxy-connectors-newconnectorgroup.png)
 
 5. Select each connector agent in the **Connectors** list that will service Windows Hello for Business certificate enrollment requests.
 
-6. Click **Save**.
+6. Select **Save**.
 
 #### Create the Azure Application Proxy
 
 Sign-in a workstation with access equivalent to a _domain user_.
 
-1. Sign-in to the [Azure Portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
+1. Sign-in to the [Azure portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
 
-2. Select **All Services**.  Type **Azure Active Directory** to filter the list of services.  Under **SERVICES**, Click **Azure Active Directory**.
+2. Select **All Services**.  Type **Azure Active Directory** to filter the list of services.  Under **SERVICES**, select **Azure Active Directory**.
 
-3. Under **MANAGE**, click **Application proxy**.
+3. Under **MANAGE**, select **Application proxy**.
 
-4. Click **Configure an app**.
+4. Select **Configure an app**.
 
-5. Under **Basic Settings** next to **Name**, type **WHFB NDES 01**.  Choose a name that correlates this Azure AD Application Proxy setting with the on-premises NDES server.  Each NDES server must have its own Azure AD Application Proxy as two NDES servers cannot share the same internal URL.
+5. Under **Basic Settings** next to **Name**, type **WHFB NDES 01**.  Choose a name that correlates this Azure AD Application Proxy setting with the on-premises NDES server.  Each NDES server must have its own Azure AD Application Proxy as two NDES servers can't share the same internal URL.
 
 6. Next to **Internal URL**, type the internal, fully qualified DNS name of the NDES server associated with this Azure AD Application Proxy.  For example, ```https://ndes.corp.mstepdemo.net```.  You need to match the primary host name (AD Computer Account name) of the NDES server, and prefix the URL with **https**.
 
-7. Under **Internal URL**, select **https://** from the first list.  In the text box next to **https://**, type the hostname you want to use as your external hostname for the Azure AD Application Proxy.  In the list next to the hostname you typed, select a DNS suffix you want to use externally for the Azure AD Application Proxy.  It is recommended to use the default, -[tenantName].msapproxy.net where **[tenantName]** is your current Azure Active Directory tenant name (-mstephendemo.msappproxy.net).
+7. Under **Internal URL**, select **https://** from the first list.  In the text box next to **https://**, type the hostname you want to use as your external hostname for the Azure AD Application Proxy.  In the list next to the hostname you typed, select a DNS suffix you want to use externally for the Azure AD Application Proxy.  It's recommended to use the default, -[tenantName].msapproxy.net where **[tenantName]** is your current Azure Active Directory tenant name (-mstephendemo.msappproxy.net).
 
    ![Azure NDES Application Proxy Configuration.](images/aadjcert/azureconsole-appproxyconfig.png)
 
@@ -657,9 +658,9 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
 10. Under **Additional Settings**, select **Default** from **Backend Application Timeout**.  Under the **Translate URLs In** section, select **Yes** next to **Headers** and select **No** next to **Application Body**.
 
-11. Click **Add**.
+11. Select **Add**.
 
-12. Sign-out of the Azure Portal.
+12. Sign-out of the Azure portal.
 
     > [!IMPORTANT]
     > Write down the internal and external URLs.  You will need this information when you enroll the NDES-Intune Authentication certificate.
@@ -676,21 +677,21 @@ Sign-in the NDES server with access equivalent to _local administrators_.
 
 3. Right-click **Personal**. Select **All Tasks** and **Request New Certificate**.
 
-4. Click **Next** on the **Before You Begin** page.
+4. Select **Next** on the **Before You Begin** page.
 
-5. Click **Next** on the **Select Certificate Enrollment Policy** page.
+5. Select **Next** on the **Select Certificate Enrollment Policy** page.
 
 6. On the **Request Certificates** page, Select the **NDES-Intune Authentication** check box.
 
-7. Click the **More information is required to enroll for this certificate. Click here to configure settings** link
+7. Select the **More information is required to enroll for this certificate. Click here to configure settings** link
 
    ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link.](images/aadjcert/ndes-TLS-Cert-Enroll-subjectNameWithExternalName.png)
 
-8. Under **Subject name**, select **Common Name** from the **Type** list.  Type the internal URL used in the previous task (without the https://, for example **ndes.corp.mstepdemo.net**) and then click **Add**.
+8. Under **Subject name**, select **Common Name** from the **Type** list.  Type the internal URL used in the previous task (without the https://, for example **ndes.corp.mstepdemo.net**) and then select **Add**.
 
-9. Under **Alternative name**, select **DNS** from the **Type** list.  Type the internal URL used in the previous task (without the https://, for example **ndes.corp.mstepdemo.net**).  Click **Add**. Type the external URL used in the previous task (without the https://, for example **ndes-mstephendemo.msappproxy.net**). Click **Add**. Click **OK** when finished.
+9. Under **Alternative name**, select **DNS** from the **Type** list.  Type the internal URL used in the previous task (without the https://, for example **ndes.corp.mstepdemo.net**).  Select **Add**. Type the external URL used in the previous task (without the https://, for example **ndes-mstephendemo.msappproxy.net**). Select **Add**. Select **OK** when finished.
 
-10. Click **Enroll**
+10. Select **Enroll**
 
 11. Repeat these steps for all NDES Servers used to request Windows Hello for Business authentication certificates for Azure AD-joined devices.
 
@@ -706,7 +707,7 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 
    ![NDES IIS Console](images/aadjcert/ndes-iis-console.png)
 
-3. Click **Bindings...** under **Actions**.  Click **Add**.
+3. Select **Bindings...** under **Actions**.  Select **Add**.
 
    ![NDES IIS Console: Add](images/aadjcert/ndes-iis-bindings.png)
 
@@ -716,9 +717,9 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 
    ![NDES IIS Console: Certificate List](images/aadjcert/ndes-iis-bindings-add-443.png)
 
-6. Select **http** from the **Site Bindings** list.  Click **Remove**.
+6. Select **http** from the **Site Bindings** list.  Select **Remove**.
 
-7. Click **Close** on the **Site Bindings** dialog box.
+7. Select **Close** on the **Site Bindings** dialog box.
 
 8. Close **Internet Information Services (IIS) Manager**.
 
@@ -730,11 +731,11 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 
 #### Disable Internet Explorer Enhanced Security Configuration
 
-1. Open **Server Manager**. Click **Local Server** from the navigation pane.
+1. Open **Server Manager**. Select **Local Server** from the navigation pane.
 
-2. Click **On** next to **IE Enhanced Security Configuration** in the **Properties** section.
+2. Select **On** next to **IE Enhanced Security Configuration** in the **Properties** section.
 
-3. In the **Internet Explorer Enhanced Security Configuration** dialog, under **Administrators**, select **Off**.  Click **OK**.
+3. In the **Internet Explorer Enhanced Security Configuration** dialog, under **Administrators**, select **Off**.  Select **OK**.
 
 4. Close **Server Manager**.
 
@@ -750,7 +751,7 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 
    where **[fqdnHostName]** is the fully qualified internal DNS host name of the NDES server.
 
-A web page similar to the following should appear in your web browser.  If you do not see a similar page, or you get a **503 Service unavailable** message, ensure the NDES Service account has the proper user rights.  You can also review the application event log for events with the **NetworkDeviceEnrollmentService** source.
+A web page similar to the following should appear in your web browser.  If you don't see a similar page, or you get a **503 Service unavailable** message, ensure the NDES Service account has the proper user rights.  You can also review the Application event log for events with the **NetworkDeviceEnrollmentService** source.
 
 ![NDES IIS Console: Source](images/aadjcert/ndes-https-website-test-01.png)
 
@@ -760,7 +761,7 @@ Confirm the web site uses the server authentication certificate.
 
 ## Configure Network Device Enrollment Services to work with Microsoft Intune
 
-You have successfully configured the Network Device Enrollment Services.  You must now modify the configuration to work with the Intune Certificate Connector.  In this task, you will enable the NDES server and http.sys to handle long URLs.
+You have successfully configured the Network Device Enrollment Services.  You must now modify the configuration to work with the Intune Certificate Connector.  In this task, you'll enable the NDES server and http.sys to handle long URLs.
 
 - Configure NDES to support long URLs
 
@@ -774,7 +775,7 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 
 2. Expand the node that has the name of the NDES server.  Expand **Sites** and select **Default Web Site**.
 
-3. In the content pane, double-click **Request Filtering**.  Click **Edit Feature Settings...** in the action pane.
+3. In the content pane, double-click **Request Filtering**.  Select **Edit Feature Settings...** in the action pane.
 
    ![Intune NDES Request filtering.](images/aadjcert/NDES-IIS-RequestFiltering.png)
 
@@ -790,7 +791,7 @@ Sign-in the NDES server with access equivalent to _local administrator_.
 
 9. Type **65534** in **Maximum query string (Bytes)**.
 
-10. Click **OK**.  Close **Internet Information Services (IIS) Manager**.
+10. Select **OK**.  Close **Internet Information Services (IIS) Manager**.
 
 #### Configure Parameters for HTTP.SYS
 
@@ -833,11 +834,11 @@ Optionally (not required), you can configure the Intune connector for certificat
 
 Sign-in a workstation with access equivalent to a _domain user_.
 
-1. Sign-in to the [Azure Portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
+1. Sign-in to the [Azure portal](https://portal.azure.com/) with access equivalent to **Global Administrator**.
 
-2. Select **All Services**.  Type **Azure Active Directory** to filter the list of services.  Under **SERVICES**, Click **Azure Active Directory**.
+2. Select **All Services**.  Type **Azure Active Directory** to filter the list of services.  Under **SERVICES**, select **Azure Active Directory**.
 
-3. Click **Groups**.  Click **New group**.
+3. Select **Groups**.  Select **New group**.
 
 4. Select **Security** from the **Group type** list.
 
@@ -849,17 +850,17 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
    ![Azure AD new group creation.](images/aadjcert/azureadcreatewhfbcertgroup.png)
 
-8. Click **Members**.  Use the  **Select members** pane to add members to this group. When finished, click **Select**.
+8. Select **Members**.  Use the  **Select members** pane to add members to this group. When finished, select **Select**.
 
-9. Click **Create**.
+9. Select **Create**.
 
 ### Create a SCEP Certificate Profile
 
 Sign-in a workstation with access equivalent to a _domain user_.
 
-1. Sign-in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-2. Select **Devices**, and then click **Configuration Profiles**.
+2. Select **Devices**, and then select **Configuration Profiles**.
 
 3. Select **Create Profile**.
 
@@ -894,37 +895,37 @@ Sign-in a workstation with access equivalent to a _domain user_.
 
 14. Select a previously configured **Trusted certificate** profile that matches the root certificate of the issuing certificate authority as a root certificate for the profile.
 
-15. Under **Extended key usage**, type **Smart Card Logon** under **Name**. Type **1.3.6.1.4.1.311.20.2.2** under **Object identifier**. Click **Add**.
+15. Under **Extended key usage**, type **Smart Card Logon** under **Name**. Type **1.3.6.1.4.1.311.20.2.2** under **Object identifier**. Select **Add**.
 
 16. Type a percentage (without the percent sign) next to **Renewal Threshold** to determine when the certificate should attempt to renew. The recommended value is **20**.
 
     ![WHFB SCEP certificate Profile EKUs.](images/aadjcert/profile03.png)
 
-17. Under **SCEP Server URLs**, type the fully qualified external name of the Azure AD Application proxy you configured. Append to the name **/certsrv/mscep/mscep.dll**. For example, ```https://ndes-mtephendemo.msappproxy.net/certsrv/mscep/mscep.dll```. Click **Add**. Repeat this step for each additional NDES Azure AD Application Proxy you configured to issue Windows Hello for Business certificates. Microsoft Intune round-robin load balances requests among the URLs listed in the SCEP certificate profile.
+17. Under **SCEP Server URLs**, type the fully qualified external name of the Azure AD Application proxy you configured. Append to the name **/certsrv/mscep/mscep.dll**. For example, ```https://ndes-mtephendemo.msappproxy.net/certsrv/mscep/mscep.dll```. Select **Add**. Repeat this step for each additional NDES Azure AD Application Proxy you configured to issue Windows Hello for Business certificates. Microsoft Intune round-robin load balances requests among the URLs listed in the SCEP certificate profile.
 
-18. Click **Next**.
+18. Select **Next**.
 
-19. Click **Next** several times to skip the **Scope tags**, **Assignments**, and **Applicability Rules** steps of the wizard and click **Create**.
+19. Select **Next** several times to skip the **Scope tags**, **Assignments**, and **Applicability Rules** steps of the wizard and select **Create**.
 
 ### Assign Group to the WHFB Certificate Enrollment Certificate Profile
 
 Sign-in a workstation with access equivalent to a _domain user_.
 
-1. Sign-in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
+1. Sign-in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
-2. Select **Devices**, and then click **Configuration Profiles**.
+2. Select **Devices**, and then select **Configuration Profiles**.
 
-3. Click **WHFB Certificate Enrollment**.
+3. Select **WHFB Certificate Enrollment**.
 
-4. Select **Properties**, and then click **Edit** next to the **Assignments** section.
+4. Select **Properties**, and then select **Edit** next to the **Assignments** section.
 
-5. In the **Assignments** pane, select **Selected Groups** from the **Assign to** list.  Click **Select groups to include**.
+5. In the **Assignments** pane, select **Selected Groups** from the **Assign to** list.  Select **Select groups to include**.
 
    ![WHFB SCEP Profile Assignment.](images/aadjcert/profile04.png)
 
-6. Select the **AADJ WHFB Certificate Users** group. Click **Select**.
+6. Select the **AADJ WHFB Certificate Users** group. Select **Select**.
 
-7. Click **Review + Save**, and then **Save**.
+7. Select **Review + Save**, and then **Save**.
 
 You have successfully completed the configuration.  Add users that need to enroll a Windows Hello for Business authentication certificate to the **AADJ WHFB Certificate Users** group.  This group, combined with the device enrollment Windows Hello for Business configuration prompts the user to enroll for Windows Hello for Business and enroll a certificate that can be used to authentication to on-premises resources.
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
index 054c5e49da..8d2c2d3eb7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@@ -13,6 +13,7 @@ ms.date: 08/19/2018
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Azure AD Join Single Sign-on Deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
index 11b796f23e..d68fe373c4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index 8cbbe74b30..912929f030 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index b0935914a6..f3bd6859f8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Hybrid Azure AD joined Windows Hello for Business Prerequisites
 
@@ -35,8 +36,8 @@ Hybrid Windows Hello for Business needs two directories: on-premises Active Dire
 
 A hybrid Windows Hello for Business deployment needs an Azure Active Directory subscription.  Different deployment configurations are supported by different Azure subscriptions.  The hybrid-certificate trust deployment needs an Azure Active Directory premium subscription because it uses the device write-back synchronization feature.  Other deployments, such as the hybrid key-trust deployment, may not require Azure Active Directory premium subscription.
 
-Windows Hello for Business can be deployed in any environment with Windows Server 2008 R2 or later domain controllers.  Azure device registration and Windows Hello for Business require the Windows Server 2016 Active Directory or later schema.
- 
+Windows Hello for Business can be deployed in any environment with Windows Server 2012 or later domain controllers.  Azure device registration and Windows Hello for Business require the Windows Server 2016 Active Directory or later schema.
+
 Review these requirements and those from the Windows Hello for Business planning guide and worksheet.  Based on your deployment decisions you may need to upgrade your on-premises Active Directory or your Azure Active Directory subscription to meet your needs.
 
 ### Section Review ###
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
index 233b4c173b..fbf527bf4b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Hybrid Azure AD joined Certificate Trust Deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index 2facdf2055..191ad50880 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
index b1fc0efe56..82c2369b6c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index 046b6a6f2f..55a8c1fe51 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
index 37d2dd92f9..9340b2698b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 
 # Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 742efcfa52..0c6e6e4808 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 
 # Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
index 85d6397be8..9665843315 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
index 21cb247a84..68da777df7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Certificate trust</b>
+ms.technology: itpro-security
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
index ac011f842f..4772e5f355 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-kerberos-trust.md
@@ -1,5 +1,5 @@
 ---
-title: Hybrid cloud Kerberos trust Deployment (Windows Hello for Business)
+title: Hybrid cloud Kerberos trust deployment (Windows Hello for Business)
 description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario.
 ms.prod: windows-client
 author: paolomatarazzo
@@ -9,83 +9,93 @@ ms.reviewer: prsriva
 ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
-ms.date: 2/15/2022
+ms.date: 11/1/2022
 appliesto: 
   - ✅ <b>Windows 10, version 21H2 and later</b>
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
-  - ✅ <b>Cloud Kerberos trust</b>
+  - ✅ <b>Hybrid cloud Kerberos trust</b>
+ms.technology: itpro-security
 ---
-# Hybrid Cloud Kerberos Trust Deployment
+# Hybrid cloud Kerberos trust deployment
 
-Windows Hello for Business replaces username and password Windows sign-in with strong authentication using an asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario.
+Windows Hello for Business replaces password sign-in with strong authentication, using an asymmetric key pair. This deployment guide provides the information to successfully deploy Windows Hello for Business in a hybrid cloud Kerberos trust scenario.
 
-## Introduction to Cloud Kerberos Trust
+## Introduction to cloud Kerberos trust
 
-The goal of the Windows Hello for Business cloud Kerberos trust is to bring the simplified deployment experience of [on-premises SSO with passwordless security keys](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises) to Windows Hello for Business. This deployment model can be used for new Windows Hello for Business deployments or existing deployments can move to this model using policy controls.
+The goal of **Windows Hello for Business cloud Kerberos trust** is to bring the simplified deployment experience of [*passwordless security key sign-in*][AZ-1] to Windows Hello for Business, and it can be used for new or existing Windows Hello for Business deployments.
 
-Windows Hello for Business cloud Kerberos trust uses Azure Active Directory (AD) Kerberos to address pain points of the key trust deployment model:
+*Windows Hello for Business cloud Kerberos trust* uses **Azure AD Kerberos**, which enables a simpler deployment when compared to the *key trust model*:
 
-- Windows Hello for Business cloud Kerberos trust provides a simpler deployment experience because it doesn't require the deployment of public key infrastructure (PKI) or changes to existing PKI
-- Cloud Kerberos trust doesn't require syncing of public keys between Azure AD and on-premises domain controllers (DCs) for users to access on-premises resources and applications. This change means there isn't a delay between the user provisioning and being able to authenticate
-- Deploying Windows Hello for Business cloud Kerberos trust enables you to also deploy passwordless security keys with minimal extra setup
+- No need to deploy a public key infrastructure (PKI) or to change an existing PKI
+- No need to synchronize public keys between Azure AD and Active Directory for users to access on-premises resources. This means that there isn't delay between the user's WHFB provisioning and being able to authenticate to Active Directory
+- [Passwordless security key sign-in][AZ-1] can be deployed with minimal extra setup
 
 > [!NOTE]
-> Windows Hello for Business cloud Kerberos trust is recommended instead of key trust if you meet the prerequisites to deploy cloud Kerberos trust. Cloud Kerberos trust is the preferred deployment model if you do not need to support certificate authentication scenarios.
+> Windows Hello for Business cloud Kerberos trust is the recommended deployment model when compared to the *key trust model*. It is also the preferred deployment model if you do not need to support certificate authentication scenarios.
 
-## Azure Active Directory Kerberos and Cloud Kerberos Trust Authentication
+## Azure AD Kerberos and cloud Kerberos trust authentication
 
-Key trust and certificate trust use certificate authentication based Kerberos for requesting kerberos ticket-granting-tickets (TGTs) for on-premises authentication. This type of authentication requires PKI for DC certificates, and requires end-user certificates for certificate trust. Single sign-on (SSO) to on-premises resources from Azure AD-joined devices requires more PKI configuration to publish a certificate revocation list (CRL) to a public endpoint. cloud Kerberos trust uses Azure AD Kerberos that doesn't require any of the above PKI to get the user a TGT.
+*Key trust* and *certificate trust* use certificate authentication-based Kerberos for requesting kerberos ticket-granting-tickets (TGTs) for on-premises authentication. This type of authentication requires a PKI for DC certificates, and requires end-user certificates for certificate trust.\
+For *Azure AD joined devices* to have single sign-on (SSO) to on-premises resources protected by Active Directory, they must trust and validate the DC certificates. For this to happen, a certificate revocation list (CRL) must be published to an endpoint accessible by the Azure AD joined devices.
 
-With Azure AD Kerberos, Azure AD can issue TGTs for one or more of your AD domains. Windows can request a TGT from Azure AD when authenticating with Windows Hello for Business and use the returned TGT for logon or to access traditional AD-based resources. Kerberos service tickets and authorization continue to be controlled by your on-premises AD DCs.
+*Cloud Kerberos trust* uses *Azure AD Kerberos*, which doesn't require any of the above PKI to request TGTs.
 
-When you enable Azure AD Kerberos in a domain, an Azure AD Kerberos Server object is created in your on-premises AD. This object will appear as a Read Only Domain Controller (RODC) object but isn't associated with any physical servers. This resource is only used by Azure Active Directory to generate TGTs for your Active Directory Domain. The same rules and restrictions used for RODCs apply to the Azure AD Kerberos Server object.
+With *Azure AD Kerberos*, Azure AD can issue TGTs for one or more AD domains. Windows can request a TGT from Azure AD when authenticating with Windows Hello for Business, and use the returned TGT for logon or to access traditional AD-based resources. Kerberos service tickets and authorization continue to be controlled by the on-premises Domain Controllers.
 
-More details on how Azure AD Kerberos enables access to on-premises resources are available in our documentation on [enabling passwordless security key sign-in to on-premises resources](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). There's more information on how Azure AD Kerberos works with Windows Hello for Business cloud Kerberos trust in the [Windows Hello for Business authentication technical deep dive](hello-how-it-works-authentication.md#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-kerberos-trust).
+When *Azure AD Kerberos* is enabled in an Active Directory domain, an *Azure AD Kerberos server object* is created in the domain. This object:
 
-If you're using the hybrid cloud Kerberos trust deployment model, you _must_ ensure that you have adequate (one or more, depending on your authentication load) Windows Server 2016 or later read-write domain controllers in each Active Directory site where users will be authenticating for Windows Hello for Business.
+- Appears as a Read Only Domain Controller (RODC) object, but isn't associated with any physical servers
+- Is only used by Azure AD to generate TGTs for the Active Directory domain. The same rules and restrictions used for RODCs apply to the Azure AD Kerberos Server object
+
+:::image type="content" source="images/azuread-kerberos-object.png" alt-text="Active Directory Users and Computers console, showing the computer object representing the Azure AD Kerberos server ":::
+
+For more information about how Azure AD Kerberos enables access to on-premises resources, see [enabling passwordless security key sign-in to on-premises resources][AZ-1].\
+For more information about how Azure AD Kerberos works with Windows Hello for Business cloud Kerberos trust, see [Windows Hello for Business authentication technical deep dive](hello-how-it-works-authentication.md#hybrid-azure-ad-join-authentication-using-azure-ad-kerberos-cloud-kerberos-trust).
+
+> [!IMPORTANT]
+> When implementing the *hybrid cloud Kerberos trust* deployment model, you *must* ensure that you have an adequate number of *read-write domain controllers* in each Active Directory site where users will be authenticating with Windows Hello for Business. For more information, see [Capacity planning for Active Directory][SERV-1].
 
 ## Prerequisites
 
 | Requirement | Notes |
 | --- | --- |
 | Multi-factor Authentication | This requirement can be met using [Azure AD multi-factor authentication](/azure/active-directory/authentication/howto-mfa-getstarted), multi-factor authentication provided through AD FS, or a comparable solution. |
-| Patched Windows 10, version 21H2 or patched Windows 11 and later | If you're using Windows 10 21H2, KB5010415 must be installed. If you're using Windows 11 21H2, KB5010414 must be installed. There's no Windows version support difference between Azure AD joined and Hybrid Azure AD-joined devices. |
-| Fully patched Windows Server 2016 or later Domain Controllers | Domain controllers should be fully patched to support updates needed for Azure AD Kerberos. If you're using Windows Server 2016, [KB3534307](https://support.microsoft.com/en-us/topic/january-23-2020-kb4534307-os-build-14393-3474-b181594e-2c6a-14ea-e75b-678efea9d27e) must be installed. If you're using Server 2019, [KB4534321](https://support.microsoft.com/en-us/topic/january-23-2020-kb4534321-os-build-17763-1012-023e84c3-f9aa-3b55-8aff-d512911c459f) must be installed. |
+| Windows 10, version 21H2 or Windows 11 and later | If you're using Windows 10 21H2, KB5010415 must be installed. If you're using Windows 11 21H2, KB5010414 must be installed. There's no Windows version support difference between Azure AD joined and Hybrid Azure AD-joined devices. |
+| Windows Server 2016 or later Domain Controllers | If you're using Windows Server 2016, [KB3534307][SUP-1] must be installed. If you're using Server 2019, [KB4534321][SUP-2] must be installed. |
 | Azure AD Kerberos PowerShell module | This module is used for enabling and managing Azure AD Kerberos. It's available through the [PowerShell Gallery](https://www.powershellgallery.com/packages/AzureADHybridAuthenticationManagement).|
 | Device management | Windows Hello for Business cloud Kerberos trust can be managed with group policy or through mobile device management (MDM) policy. This feature is disabled by default and must be enabled using policy. |
 
-### Unsupported Scenarios
+### Unsupported scenarios
 
 The following scenarios aren't supported using Windows Hello for Business cloud Kerberos trust:
 
 - On-premises only deployments
 - RDP/VDI scenarios using supplied credentials (RDP/VDI can be used with Remote Credential Guard or if a certificate is enrolled into the Windows Hello for Business container)
-- Scenarios that require a certificate for authentication
 - Using cloud Kerberos trust for "Run as"
 - Signing in with cloud Kerberos trust on a Hybrid Azure AD joined device without previously signing in with DC connectivity
 
 > [!NOTE]
 > The default security policy for AD does not grant permission to sign high privilege accounts on to on-premises resources with cloud Kerberos trust or FIDO2 security keys.
-> 
-> To unblock the accounts, use Active Directory Users and Computers to modify the msDS-NeverRevealGroup property of the Azure AD Kerberos Computer object (CN=AzureADKerberos,OU=Domain Controllers,\<domain-DN\>).
+>
+> To unblock the accounts, use Active Directory Users and Computers to modify the msDS-NeverRevealGroup property of the Azure AD Kerberos Computer object `CN=AzureADKerberos,OU=Domain Controllers,<domain-DN>`.
 
-## Deployment Instructions
+## Deployment steps
 
-Deploying Windows Hello for Business cloud Kerberos trust consists of two steps:
+Deploying *Windows Hello for Business cloud Kerberos trust* consists of two steps:
 
-1. Set up Azure AD Kerberos in your hybrid environment.
-1. Configure Windows Hello for Business policy and deploy it to devices.
+1. Set up *Azure AD Kerberos*
+1. Configure a Windows Hello for Business policy and deploy it to the devices
 
 ### Deploy Azure AD Kerberos
 
 If you've already deployed on-premises SSO for passwordless security key sign-in, then you've already deployed Azure AD Kerberos in your hybrid environment. You don't need to redeploy or change your existing Azure AD Kerberos deployment to support Windows Hello for Business and you can skip this section.
 
-If you haven't deployed Azure AD Kerberos, follow the instructions in the [Enable passwordless security key sign-in to on-premises resources by using Azure AD](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises#install-the-azure-ad-kerberos-powershell-module) documentation. This page includes information on how to install and use the Azure AD Kerberos Powershell module. Use the module to create an Azure AD Kerberos Server object for the domains where you want to use Windows Hello for Business cloud Kerberos trust.
+If you haven't deployed Azure AD Kerberos, follow the instructions in the [Enable passwordless security key sign-in to on-premises resources by using Azure AD][AZ-2] documentation. This page includes information on how to install and use the Azure AD Kerberos PowerShell module. Use the module to create an Azure AD Kerberos Server object for the domains where you want to use Windows Hello for Business cloud Kerberos trust.
 
-### Configure Windows Hello for Business Policy
+### Configure Windows Hello for Business policy
 
-After setting up the Azure AD Kerberos Object, Windows Hello for business cloud Kerberos trust must be enabled on your Windows devices. Follow the instructions below to configure your devices using either Microsoft Intune or group policy (GPO).
+After setting up the *Azure AD Kerberos object*, Windows Hello for business cloud Kerberos trust must be enabled on your Windows devices. Follow the instructions below to configure your devices using either Microsoft Intune or group policy (GPO).
 
 #### [:::image type="icon" source="../../images/icons/intune.svg"::: **Intune**](#tab/intune)
 
@@ -93,29 +103,15 @@ Windows Hello for Business can be enabled using device enrollment or device conf
 
 The cloud Kerberos trust policy needs to be configured using a custom template and is configured separately from enabling Windows Hello from Business.
 
-### Create a user Group that will be targeted for Windows Hello for Business
-
-If you have an existing group you want to target with Windows Hello for Business cloud Kerberos trust policy, you can skip this step.
-
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/)
-1. Browse to **Groups** and select **New group**
-1. Configure the following group settings:
-    1. Group type: **Security**
-    1. Group name: *WHFB cloud Kerberos trust users* or a group name of your choosing
-    1. Membership type: **Assigned**
-1. Select **Members** and add users that you want to target with Windows Hello for Business cloud Kerberos trust
-
-You can also create a group through the Azure portal instead of using the Microsoft Endpoint Manager admin center
-
 ### Enable Windows Hello for Business
 
-If you already enabled Windows Hello for Business for a target set of users or devices, you can skip below to configuring the cloud Kerberos trust policy. Otherwise, follow the instructions at [Integrate Windows Hello for Business with Microsoft Intune](/mem/intune/protect/windows-hello) to create a Windows Hello for Business device enrollment policy.
+If you already enabled Windows Hello for Business, you can skip to **configure the cloud Kerberos trust policy**. Otherwise, follow the instructions at [Integrate Windows Hello for Business with Microsoft Intune](/mem/intune/protect/windows-hello) to create a Windows Hello for Business device enrollment policy.
 
-You can also follow these steps to create a device configuration policy instead of a device enrollment policy:
+You can also follow these steps to create a device configuration policy instead of using the device enrollment policy:
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
-1. Browse to Devices > Windows > Configuration Profiles > Create profile.
-1. For Platform, select Windows 10 and later.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Devices** > **Windows** > **Configuration Profiles** > **Create profile**.
+1. For Platform, select **Windows 10 and later**.
 1. For Profile Type, select **Templates** and select the **Identity Protection** Template.
 1. Name the profile with a familiar name. For example, "Windows Hello for Business".
 1. In **Configurations settings**, set the **Configure Windows Hello for Business** option to **Enable**.
@@ -123,42 +119,30 @@ You can also follow these steps to create a device configuration policy instead
 
     [![Intune custom device configuration policy creation](./images/hello-intune-enable.png)](./images/hello-intune-enable-large.png#lightbox)
 
-1. Select Next to move to **Assignments**.
-1. Under Included groups, select **Add groups**.
-1. Select the user group you would like to use Windows Hello for Business cloud Kerberos trust. This group may be *WHFB cloud Kerberos trust users* or a group of your choosing.
-1. Select Next to move to the Applicability Rules.
-1. Select Next again to move to the **Review + create** tab and select the option to create the policy.
+Assign the policy to a security group that contains as members the devices or users that you want to configure.
 
 Windows Hello for Business settings are also available in the settings catalog. For more information, see [Use the settings catalog to configure settings on Windows and macOS devices - preview](/mem/intune/configuration/settings-catalog).
 
-### Configure Cloud Kerberos Trust policy
+### Configure cloud Kerberos trust policy
 
-To configure the cloud Kerberos trust policy, follow the steps below:
+To configure the *cloud Kerberos trust* policy, follow the steps below:
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com/).
-1. Browse to Devices > Windows > Configuration Profiles > Create profile.
-1. For Platform, select Windows 10 and later.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Devices** > **Windows** > **Configuration Profiles** > **Create profile**.
 1. For Profile Type, select **Templates** and select the **Custom** Template.
 1. Name the profile with a familiar name. For example, "Windows Hello for Business cloud Kerberos trust".
 1. In Configuration Settings, add a new configuration with the following settings:
-    
+
     | Setting |
     |--------|
     | <ul><li>Name: **Windows Hello for Business cloud Kerberos trust** or another familiar name</li><li>Description (optional): *Enable Windows Hello for Business cloud Kerberos trust for sign-in and on-premises SSO*</li><li>OMA-URI: **`./Device/Vendor/MSFT/PassportForWork/`*\<tenant ID>*`/Policies/UseCloudTrustForOnPremAuth`** </li><li>Data type: **Boolean** </li><li>Value: **True**</li></ul>|
-    
-    >[!IMPORTANT]
-    >*Tenant ID* in the OMA-URI must be replaced with the tenant ID for your Azure AD tenant. See [How to find your Azure AD tenant ID](/azure/active-directory/fundamentals/active-directory-how-to-find-tenant) for instructions on looking up your tenant ID.
-    
-    [![Intune custom-device configuration policy creation](./images/hello-cloud-trust-intune.png)](./images/hello-cloud-trust-intune-large.png#lightbox)
-    
-1. Select Next to navigate to **Assignments**.
-1. Under Included groups, select **Add groups**.
-1. Select the user group you would like to use Windows Hello for Business cloud Kerberos trust. This group may be *WHFB cloud Kerberos trust users* or a group of your choosing.
-1. Select Next to move to the Applicability Rules.
-1. Select Next again to move to the **Review + create** tab and select the option to create the policy.
 
-> [!Important]
-> If the Use certificate for on-premises authentication policy is enabled, we will enforce certificate trust instead of cloud Kerberos trust on the client. Please make sure that any machines that you want to use Windows Hello for Business cloud Kerberos trust have this policy not configured or disabled.
+    >[!IMPORTANT]
+    >*Tenant ID* in the OMA-URI must be replaced with the tenant ID for your Azure AD tenant. See [How to find your Azure AD tenant ID][AZ-3] for instructions on looking up your tenant ID.
+
+    [![Intune custom-device configuration policy creation](./images/hello-cloud-trust-intune.png)](./images/hello-cloud-trust-intune-large.png#lightbox)
+
+Assign the policy to a security group that contains as members the devices or users that you want to configure.
 
 #### [:::image type="icon" source="../../images/icons/group-policy.svg"::: **GPO**](#tab/gpo)
 
@@ -171,98 +155,95 @@ You can configure the Enable Windows Hello for Business Group Policy setting for
 cloud Kerberos trust requires setting a dedicated policy for it to be enabled. This policy is only available as a computer configuration.
 
 > [!NOTE]
-> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows device settings to enable Windows Hello for Business in Intune](/mem/intune/protect/identity-protection-windows-settings) and [PassportForWork CSP](/windows/client-management/mdm/passportforwork-csp). For more information about policy conflicts, see [Policy conflicts from multiple policy sources](hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources)
+> If you deployed Windows Hello for Business configuration using both Group Policy and Microsoft Intune, Group Policy settings will take precedence and Intune settings will be ignored. For more information about deploying Windows Hello for Business configuration using Microsoft Intune, see [Windows device settings to enable Windows Hello for Business in Intune][MEM-1] and [PassportForWork CSP][WIN-1]. For more information about policy conflicts, see [Policy conflicts from multiple policy sources](hello-manage-in-organization.md#policy-conflicts-from-multiple-policy-sources).
 
-#### Update Group Policy Objects
+#### Update administrative templates
 
-You may need to update your Group Policy definitions to be able to configure the cloud Kerberos trust policy. You can copy the ADMX and ADML files from a Windows 10 21H2 or Windows 11 device that supports cloud Kerberos trust to their respective language folder on your Group Policy management server. Windows Hello for Business settings are in the Passport.admx and Passport.adml files.
+You may need to update your Group Policy definitions to be able to configure the cloud Kerberos trust policy. You can copy the ADMX and ADML files from a Windows client that supports cloud Kerberos trust to their respective language folder on your Group Policy management server. Windows Hello for Business settings are in the *Passport.admx* and *Passport.adml* files.
 
-You can also create a Group Policy Central Store and copy them their respective language folder. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows](/troubleshoot/windows-client/group-policy/create-and-manage-central-store).
+You can also create a Group Policy Central Store and copy them their respective language folder. For more information, see [How to create and manage the Central Store for Group Policy Administrative Templates in Windows][TS-1].
 
-#### Create the Windows Hello for Business Group Policy object
+#### Create the Windows Hello for Business group policy object
 
-Sign-in a domain controller or management workstations with *Domain Admin* equivalent credentials.
+You can configure Windows devices to enable *Windows Hello for Business cloud Kerberos trust* using a Group Policy Object (GPO).
 
-1. Start the **Group Policy Management Console** (gpmc.msc).
-1. Expand the domain and select the **Group Policy Object** node in the navigation pane.
-1. Right-click **Group Policy object** and select **New**.
-1. Type *Enable Windows Hello for Business* in the name box and click **OK**.
-1. In the content pane, right-click the **Enable Windows Hello for Business** Group Policy object and click **Edit**.
-1. In the navigation pane, expand **Policies** under **Device Configuration**.
-1. Expand **Administrative Templates > Windows Component**, and select **Windows Hello for Business**.
-1. In the content pane, double-click **Use Windows Hello for Business**. Click **Enable** and click **OK**.
-1. In the content pane, double-click **Use cloud Kerberos trust for on-premises authentication**. Click **Enable** and click **OK**.
-1. *Optional but recommended*: In the content pane, double-click **Use a hardware security device**. Click **Enable** and click **OK**.
-
-This group policy should be targeted at the computer group that you've created for that you want to use Windows Hello for Business.
-
-> [!Important]
-> If the Use certificate for on-premises authentication policy is enabled, we will enforce certificate trust instead of cloud Kerberos trust on the client. Please make sure that any machines that you want to use Windows Hello for Business cloud Kerberos trust have this policy not configured or disabled.
+1. Using the Group Policy Management Console (GPMC), scope a domain-based Group Policy to computer objects in Active Directory
+1. Edit the Group Policy object from Step 1
+1. Expand **Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business**
+1. Select **Use Windows Hello for Business** > **Enable** > **OK**
+1. Select **Use cloud Kerberos trust for on-premises authentication** > **Enable** > **OK**
+1. *Optional, but recommended*: select **Use a hardware security device** > **Enable** > **OK**
 
 ---
 
-## Provisioning
+> [!IMPORTANT]
+> If the *Use certificate for on-premises authentication* policy is enabled, *certificate trust* will take precedence over *cloud Kerberos trust*. Ensure that the machines that you want to enable *cloud Kerberos trust* have this policy *not configured* or *disabled*.
 
-The Windows Hello for Business provisioning process begins immediately after a user has signed in if certain prerequisite checks are passed. Windows Hello for Business cloud Kerberos trust adds a prerequisite check for Hybrid Azure AD-joined devices when cloud Kerberos trust is enabled by policy.
+## Provision Windows Hello for Business
 
-You can determine the status of the prerequisite check by viewing the **User Device Registration** admin log under **Applications and Services Logs\Microsoft\Windows**. This information is also available using the [**dsregcmd /status**](/azure/active-directory/devices/troubleshoot-device-dsregcmd) command from a console.  
+The Windows Hello for Business provisioning process begins immediately after a user has signed in if certain prerequisite checks are passed. Windows Hello for Business *cloud Kerberos trust* adds a prerequisite check for Hybrid Azure AD-joined devices when cloud Kerberos trust is enabled by policy.
 
-  ![cloud Kerberos trust prerequisite check in the user device registration log](./images/cloud-trust-prereq-check.png)
+You can determine the status of the prerequisite check by viewing the **User Device Registration** admin log under **Applications and Services Logs** > **Microsoft** > **Windows**.\
+This information is also available using the `dsregcmd /status` command from a console. For more information, see [dsregcmd][AZ-4].
 
-The cloud Kerberos trust prerequisite check detects whether the user has a partial TGT before allowing provisioning to start. The purpose of this check is to validate whether Azure AD Kerberos is set up for the user's domain and tenant. If Azure AD Kerberos is set up, the user will receive a partial TGT during sign-in with one of their other unlock methods. This check has three states: Yes, No, and Not Tested. The *Not Tested* state is reported if cloud Kerberos trust is not being enforced by policy or if the device is Azure AD joined.
+  ![Cloud Kerberos trust prerequisite check in the user device registration log](./images/cloud-trust-prereq-check.png)
 
-This prerequisite check isn't done for provisioning on Azure AD-joined devices. If Azure AD Kerberos isn't provisioned, a user on an Azure AD joined device will still be able to sign in.
+The cloud Kerberos trust prerequisite check detects whether the user has a partial TGT before allowing provisioning to start. The purpose of this check is to validate whether Azure AD Kerberos is set up for the user's domain and tenant. If Azure AD Kerberos is set up, the user will receive a partial TGT during sign-in with one of their other unlock methods. This check has three states: Yes, No, and Not Tested. The *Not Tested* state is reported if cloud Kerberos trust isn't being enforced by policy or if the device is Azure AD joined.
+
+> [!NOTE]
+> The cloud Kerberos trust prerequisite check isn't done on Azure AD-joined devices. If Azure AD Kerberos isn't provisioned, a user on an Azure AD joined device will still be able to sign in, but won't have SSO to on-premises resources secured by Active Directory.
 
 ### PIN Setup
 
-When Windows Hello for Business provisioning begins, the user will see a full screen page with the title **Setup a PIN** and button with the same name.  The user clicks **Setup a PIN**.
+This is the process that occurs after a user signs in, to enroll in Windows Hello for Business:
 
-![Setup a PIN Provisioning.](images/setupapin.png)
+1. The user is prompted with a full screen page to use Windows Hello with the organization account. The user selects **OK**
+1. The provisioning flow proceeds to the multi-factor authentication portion of the enrollment.  Provisioning informs the user that it's actively attempting to contact the user through their configured form of MFA. The provisioning process doesn't proceed until authentication succeeds, fails or times out. A failed or timeout MFA results in an error and asks the user to retry
+1. After a successful MFA, the provisioning flow asks the user to create and validate a PIN. This PIN must observe any PIN complexity policies configured on the device
 
-The provisioning flow proceeds to the multi-factor authentication portion of the enrollment.  Provisioning informs the user that it's actively attempting to contact the user through their configured form of MFA.  The provisioning process doesn't proceed until authentication succeeds, fails or times out. A failed or timeout MFA results in an error and asks the user to retry.
-  
-![MFA prompt during provisioning.](images/mfa.png)
-
-After a successful MFA, the provisioning flow asks the user to create and validate a PIN.  This PIN must observe any PIN complexity requirements that you deployed to the environment.
-
-![Create a PIN during provisioning.](images/createPin.png)
+:::image type="content" source="images/haadj-whfb-pin-provisioning.gif" alt-text="Animation showing a user logging on to an HAADJ device with a password, and being prompted to enroll in Windows Hello for Business.":::
 
 ### Sign-in
 
-Once a user has set up a PIN with cloud Kerberos trust, it can be used immediately for sign-in. On a Hybrid Azure AD joined device, the first use of the PIN requires line of sight to a DC. Once the user has signed in or unlocked with the DC, cached logon can be used for subsequent unlocks without line of sight or network connectivity.
+Once a user has set up a PIN with *cloud Kerberos trust*, it can be used **immediately** for sign-in. On a Hybrid Azure AD joined device, the first use of the PIN requires line of sight to a DC. Once the user has signed in or unlocked with the DC, cached sign-in can be used for subsequent unlocks without line of sight or network connectivity.
 
 ## Migrate from key trust deployment model to cloud Kerberos trust
 
-If you deployed WHFB using the **key trust** deployment model, and want to migrate to the **cloud Kerberos trust** deployment model, follow these steps:
+If you deployed Windows Hello for Business using the *key trust model*, and want to migrate to the *cloud Kerberos trust model*, follow these steps:
 
 1. [Set up Azure AD Kerberos in your hybrid environment](#deploy-azure-ad-kerberos)
 1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy)
-1. For hybrid Azure AD joined devices, sign out and sign in the device using Windows Hello for Business with line of sight to a domain controller (DC). Without line of sight to DC, even when the policy is set to "UseCloudTrustForOnPremAuth", the system will fall back to key trust if cloud Kerberos trust login fails
+1. For hybrid Azure AD joined devices, sign out and sign in to the device using Windows Hello for Business
+
+> [!NOTE]
+> For hybrid Azure AD joined devices, users must perform the first sign in with new credentials while having line of sight to a DC.
+>
+> Without line of sight to a DC, even when the client is configured to use *cloud Kerberos trust*, the system will fall back to *key trust* if *cloud Kerberos trust* login fails.
 
 ## Migrate from certificate trust deployment model to cloud Kerberos trust
 
 > [!IMPORTANT]
-> There is no direct migration path from certificate trust deployment to cloud Kerberos trust deployment.
+> There is no *direct* migration path from *certificate trust* deployment to *cloud Kerberos trust* deployment. The Windows Hello container must be deleted before you can migrate to cloud Kerberos trust.
 
-If you have deployed WHFB using a **certificate trust** deployment model, and want to use **cloud Kerberos trust**, you will need to clean up the existing deployments and redeploy by following these steps:
+If you deployed Windows Hello for Business using the *certificate trust model*, and want to use the *cloud Kerberos trust model*, you must redeploy Windows Hello for Business by following these steps:
 
 1. Disable the certificate trust policy
 1. [Enable cloud Kerberos trust via Group Policy or Intune](#configure-windows-hello-for-business-policy)
 1. Remove the certificate trust credential using the command `certutil -deletehellocontainer` from the user context
-1. Reboot or sign out and sign back in
-1. Provision Windows Hello for Business (Enroll PIN/Face/Fingerprint)
+1. Sign out and sign back in
+1. Provision Windows Hello for Business using a method of your choice
 
 > [!NOTE]
-> For hybrid Azure AD joined devices, sign in with new credentials while having line of sight to a DC.
+> For hybrid Azure AD joined devices, users must perform the first sign in with new credentials while having line of sight to a DC.
 
 ## Troubleshooting
 
-If you encounter issues or want to share feedback about Windows Hello for Business cloud Kerberos trust, share via the Windows Feedback Hub app by following these steps:
+If you encounter issues or want to share feedback about Windows Hello for Business cloud Kerberos trust, share via the *Windows Feedback Hub* app by following these steps:
 
-1. Open **Feedback Hub**, and make sure that you're signed in.
+1. Open **Feedback Hub**, and make sure that you're signed in
 1. Submit feedback by selecting the following categories:
-    - Category: Security and Privacy
-    - Subcategory: Windows Hello PIN
+  - Category: Security and Privacy
+  - Subcategory: Windows Hello PIN
 
 ## Frequently Asked Questions
 
@@ -270,20 +251,37 @@ If you encounter issues or want to share feedback about Windows Hello for Busine
 
 This feature doesn't work in a pure on-premises AD domain services environment.
 
-### Does Windows Hello for Business cloud Kerberos trust work in a Windows login with RODC present in the hybrid environment?
+### Does Windows Hello for Business cloud Kerberos trust work in a Windows sign-in with RODC present in the hybrid environment?
 
 Windows Hello for Business cloud Kerberos trust looks for a writeable DC to exchange the partial TGT. As long as you have at least one writeable DC per site, login with cloud Kerberos trust will work.
 
 ### Do I need line of sight to a domain controller to use Windows Hello for Business cloud Kerberos trust?
 
-Windows Hello for Business cloud Kerberos trust requires line of sight to a domain controller for some scenarios:
-- The first sign-in or unlock with Windows Hello for Business after provisioning
-- When attempting to access an on-premises resource from a Hybrid Azure AD joined device
+Windows Hello for Business cloud Kerberos trust requires line of sight to a domain controller when:
+
+- a user signs-in for the first time or unlocks with Windows Hello for Business after provisioning. 
+- attempting to access on-premises resources secured by Active Directory. 
 
 ### Can I use RDP/VDI with Windows Hello for Business cloud Kerberos trust?
 
-Windows Hello for Business cloud Kerberos trust cannot be used as a supplied credential with RDP/VDI. Similar to key trust, cloud Kerberos trust can be used for RDP with [remote credential guard](/windows/security/identity-protection/remote-credential-guard) or if a [certificate is enrolled into Windows Hello for Business](hello-deployment-rdp-certs.md) for this purpose.
+Windows Hello for Business cloud Kerberos trust can't be used as a supplied credential with RDP/VDI. Similar to key trust, cloud Kerberos trust can be used for RDP with [remote credential guard][WIN-2] or if a [certificate is enrolled into Windows Hello for Business](hello-deployment-rdp-certs.md) for this purpose.
 
 ### Do all my domain controllers need to be fully patched as per the prerequisites for me to use Windows Hello for Business cloud Kerberos trust?
 
 No, only the number necessary to handle the load from all cloud Kerberos trust devices.
+
+---
+
+[AZ-1]: /azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises
+[AZ-2]: /azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises#install-the-azure-ad-kerberos-powershell-module
+[AZ-3]: /azure/active-directory/fundamentals/active-directory-how-to-find-tenant
+[AZ-4]: /azure/active-directory/devices/troubleshoot-device-dsregcmd
+
+[SERV-1]: /windows-server/administration/performance-tuning/role/active-directory-server/capacity-planning-for-active-directory-domain-services
+[TS-1]: /troubleshoot/windows-client/group-policy/create-and-manage-central-store
+
+[MEM-1]: /mem/intune/protect/identity-protection-windows-settings
+[WIN-1]: /windows/client-management/mdm/passportforwork-csp
+[WIN-2]: /windows/security/identity-protection/remote-credential-guard
+[SUP-1]: https://support.microsoft.com/topic/january-23-2020-kb4534307-os-build-14393-3474-b181594e-2c6a-14ea-e75b-678efea9d27e
+[SUP-2]: https://support.microsoft.com/topic/january-23-2020-kb4534321-os-build-17763-1012-023e84c3-f9aa-3b55-8aff-d512911c459f
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
index 65028cc803..98e359fe83 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
index fd9fad17ad..60421b9698 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
index 58389706ba..883e949f0a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 7e0ee11ade..a91f625b7b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -14,6 +14,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
index 139b688429..addf5f5a20 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Hybrid Azure AD joined Key Trust Deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 7e8b605a06..85b0134eed 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning
 ## Provisioning
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
index 82635e9dc7..eefcf80dae 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
@@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 4/30/2021
+ms.technology: itpro-security
 ---
 # Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory
 appliesto:
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
index 450505d7d9..4a6cacda34 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
index f7988f68c5..7d80a9ac21 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure
 
@@ -84,7 +85,7 @@ The certificate template is configured to supersede all the certificate template
 
 The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
 
-Sign-in to the certificate authority or management workstations with an _enterprise administrator_ equivalent credentials.
+Sign-in to the certificate authority or management workstations with _enterprise administrator_ equivalent credentials.
 
 1. Open the **Certificate Authority** management console.
 2. Expand the parent node from the navigation pane.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
index 7efeafa243..6d891a5b53 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy
 
@@ -27,7 +28,7 @@ Alternatively, you can create copy the .ADMX and .ADML files from a Windows 10 C
 
 Domain controllers of Windows Hello for Business deployments need one Group Policy setting, which enables automatic certificate enrollment for the newly create domain controller authentication certificate. This policy setting ensures domain controllers (new and existing) automatically request and renew the correct domain controller certificate.  
 
-Hybrid Azure AD-joined devices needs one Group Policy setting:
+Hybrid Azure AD-joined devices need one Group Policy setting:
 * Enable Windows Hello for Business
 
 ### Configure Domain Controllers for Automatic Certificate Enrollment
@@ -123,13 +124,13 @@ The default configuration for Windows Hello for Business is to prefer hardware p
 
 You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials.  Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business.
 
-Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
+Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
 
 #### Use biometrics
 
 Windows Hello for Business provides a great user experience when combined with the use of biometrics.  Rather than providing a PIN to sign-in, a user can use a fingerprint or facial recognition to sign-in to Windows, without sacrificing security.  
 
-The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers.  The policy setting disabled all biometrics. Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint.
+The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers.  The policy setting disabled all biometrics. Currently, Windows doesn't provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition but disallowing fingerprint recognition.
 
 ### PIN Complexity
 
@@ -150,7 +151,7 @@ Windows provides eight PIN Complexity Group Policy settings that give you granul
 
 ## Add users to the Windows Hello for Business Users group
 
-Users must receive the Windows Hello for Business group policy settings and have the proper permission to provision  Windows Hello for Business . You can provide users with these settings and permissions by adding the users or groups to the **Windows Hello for Business Users** group.   Users and groups who are not members of this group will not attempt to enroll for Windows Hello for Business.
+Users must receive the Windows Hello for Business group policy settings and have the proper permission to provision  Windows Hello for Business. You can provide users with these settings and permissions by adding the users or groups to the **Windows Hello for Business Users** group.   Users and groups who are not members of this group will not attempt to enroll for Windows Hello for Business.
 
 ### Section Review
 > [!div class="checklist"]
@@ -174,4 +175,4 @@ Users must receive the Windows Hello for Business group policy settings and have
 4. [Configure Directory Synchronization](hello-hybrid-key-trust-dirsync.md)
 5. [Configure Azure Device Registration](hello-hybrid-key-trust-devreg.md)
 6. Configure Windows Hello for Business policy settings (*You are here*)
-7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
\ No newline at end of file
+7. [Sign-in and Provision](hello-hybrid-key-whfb-provision.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
index 7ab9f2066d..48fe302c63 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>Hybrid deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Configure Hybrid Azure AD joined Windows Hello for Business key trust settings
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index acc55181b3..1b10ff4e76 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -12,6 +12,7 @@ ms.collection:
 ms.topic: article
 localizationpriority: medium
 ms.date: 2/15/2022
+ms.technology: itpro-security
 ---
 
 # Windows Hello for Business Deployment Prerequisite Overview
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index bba82b4054..b9d46ebca9 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -15,22 +15,23 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust
 
-Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update.  The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration.
+Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration.
 
 The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts.
 
 If your environment exceeds either of these factors or needs to provide SAML artifact resolution, token replay detection, or needs Active Directory Federation Services to operate in a federated provider role, then your deployment needs to use a SQL for your configuration database. To deploy the Active Directory Federation Services using SQL as its configuration database, please review the [Deploying a Federation Server Farm](/windows-server/identity/ad-fs/deployment/deploying-a-federation-server-farm) checklist.
 
-If your environment has an existing instance of Active Directory Federation Services, then you’ll need to upgrade all nodes in the farm to Windows Server 2016 along with the Windows Server 2016 update.  If your environment uses Windows Internal Database (WID) for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 using a WID database](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) to upgrade your environment.  If your environment uses SQL for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 with SQL Server](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016-sql) to upgrade your environment.
+If your environment has an existing instance of Active Directory Federation Services, then you’ll need to upgrade all nodes in the farm to Windows Server 2016 along with the Windows Server 2016 update. If your environment uses Windows Internal Database (WID) for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 using a WID database](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016) to upgrade your environment. If your environment uses SQL for the configuration database, please read [Upgrading to AD FS in Windows Server 2016 with SQL Server](/windows-server/identity/ad-fs/deployment/upgrading-to-ad-fs-in-windows-server-2016-sql) to upgrade your environment.
 
 Ensure you apply the Windows Server 2016 Update to all nodes in the farm after you have successfully completed the upgrade. 
 
-A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with an external networking peripherals, or with using the Network Load Balancing Role included in Windows Server.
+A new Active Directory Federation Services farm should have a minimum of two federation servers for proper load balancing, which can be accomplished with external networking peripherals, or with using the Network Load Balancing Role included in Windows Server.
 
-Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers.  Ensure the update listed below is applied to each server before continuing.    
+Prepare the Active Directory Federation Services deployment by installing and updating two Windows Server 2016 Servers. Ensure the update listed below is applied to each server before continuing. 
 
 ## Update Windows Server 2016
 
@@ -43,19 +44,19 @@ Sign-in the federation server with _local admin_ equivalent credentials.
 
 ## Enroll for a TLS Server Authentication Certificate
 
-Key trust Windows Hello for Business on-premises deployments need a federation server for device registration and key registration.  Typically, a federation service is an edge facing role.  However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity.  
+Key trust Windows Hello for Business on-premises deployments need a federation server for device registration and key registration. Typically, a federation service is an edge facing role. However, the federation services and instance used with the on-premises deployment of Windows Hello for Business does not need Internet connectivity. 
 
-The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority.  The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm:
+The AD FS role needs a server authentication certificate for the federation services, but you can use a certificate issued by your enterprise (internal) certificate authority. The server authentication certificate should have the following names included in the certificate if you are requesting an individual certificate for each node in the federation farm:
 * Subject Name: The internal FQDN of the federation server (the name of the computer running AD FS)
 * Subject Alternate Name: Your federation service name, such as *fs.corp.contoso.com* (or an appropriate wildcard entry such as *.corp.contoso.com)
 
-You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**.  The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com.
+You configure your federation service name when you configure the AD FS role. You can choose any name, but that name must be different than the name of the server or host. For example, you can name the host server **adfs** and the federation service **fs**. The FQDN of the host is adfs.corp.contoso.com and the FQDN of the federation service is fs.corp.contoso.com.
 
-You can, however, issue one certificate for all hosts in the farm.  If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request.  All names should include the FQDN of each host in the farm and the federation service name.  
+You can, however, issue one certificate for all hosts in the farm. If you chose this option, then leave the subject name blank, and include all the names in the subject alternate name when creating the certificate request. All names should include the FQDN of each host in the farm and the federation service name. 
 
 When creating a wildcard certificate, it is recommended that you mark the private key as exportable so that the same certificate can be deployed across each federation server and web application proxy within your AD FS farm. Note that the certificate must be trusted (chain to a trusted root CA). Once you have successfully requested and enrolled the server authentication certificate on one node, you can export the certificate and private key to a PFX file using the Certificate Manager console. You can then import the certificate on the remaining nodes in the AD FS farm. 
 
-Be sure to enroll or import the certificate into the AD FS server’s computer certificate store.  Also, ensure all nodes in the farm have the proper TLS server authentication certificate.
+Be sure to enroll or import the certificate into the AD FS server’s computer certificate store. Also, ensure all nodes in the farm have the proper TLS server authentication certificate.
 
 ### Internal Server Authentication Certificate Enrollment
 
@@ -68,7 +69,7 @@ Sign-in the federation server with domain administrator equivalent credentials.
 6. On the **Request Certificates** page, Select the **Internal Web Server** check box.
 7. Click the **More information is required to enroll for this certificate. Click here to configure settings** link   
     ![Example of Certificate Properties Subject Tab - This is what shows when you click the above link.](images/hello-internal-web-server-cert.png)
-8. Under **Subject name**, select **Common Name** from the **Type** list.  Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**.  Under **Alternative name**, select **DNS** from the **Type** list.  Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role.  Click **Add**. Click **OK** when finished.
+8. Under **Subject name**, select **Common Name** from the **Type** list. Type the FQDN of the computer hosting the Active Directory Federation Services role and then click **Add**. Under **Alternative name**, select **DNS** from the **Type** list. Type the FQDN of the name you will use for your federation services (fs.corp.contoso.com). The name you use here MUST match the name you use when configuring the Active Directory Federation Services server role. Click **Add**. Click **OK** when finished.
 9. Click **Enroll**.
 
 A server authentication certificate should appear in the computer’s Personal certificate store.
@@ -80,17 +81,17 @@ The Active Directory Federation Service (AD FS) role provides the following serv
 * Key registration 
 
 >[!IMPORTANT]
-> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm.  Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. 
+> Finish the entire AD FS configuration on the first server in the farm before adding the second server to the AD FS farm. Once complete, the second server receives the configuration through the shared configuration database when it is added the AD FS farm. 
 
-Windows Hello for Business depends on proper device registration.  For on-premises key trust deployments, Windows Server 2016 AD FS handles device and key registration.
+Windows Hello for Business depends on proper device registration. For on-premises key trust deployments, Windows Server 2016 AD FS handles device and key registration.
 
 Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
-1. Start **Server Manager**.  Click **Local Server** in the navigation pane.
+1. Start **Server Manager**. Click **Local Server** in the navigation pane.
 2. Click **Manage** and then click **Add Roles and Features**.
 3. Click **Next** on the **Before you begin** page.
 4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**.
-5. On the **Select destination server** page, choose **Select a server from the server pool**.  Select the federation server from the **Server Pool** list.  Click **Next**.
-6. On the **Select server roles** page, select **Active Directory Federation Services**.  Click **Next**.
+5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**.
+6. On the **Select server roles** page, select **Active Directory Federation Services**. Click **Next**.
 7. Click **Next** on the **Select features** page.
 8. Click **Next** on the **Active Directory Federation Service** page.
 9. Click **Install** to start the role installation.
@@ -107,16 +108,16 @@ Before you continue with the deployment, validate your deployment progress by re
 
 ## Device Registration Service Account Prerequisite
 
-The service account used for the device registration server depends on the domain controllers in the environment.  
+The service account used for the device registration server depends on the domain controllers in the environment.
 
 >[!NOTE]
->Follow the procedures below based on the domain controllers deployed in your environment.  If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
+>Follow the procedures below based on the domain controllers deployed in your environment. If the domain controller is not listed below, then it is not supported for Windows Hello for Business.
 
 ### Windows Server 2012 or later Domain Controllers
 
-Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them.  Group Managed Service Accounts, or GMSA have security advantages over normal user accounts because Windows handles password management.  This means the password is long, complex, and changes periodically.  The best part of GMSA is all this happens automatically.  AD FS supports GMSA and should be configured using them for additional defense in depth security.
+Windows Server 2012 or later domain controllers support Group Managed Service Accounts—the preferred way to deploy service accounts for services that support them. Group Managed Service Accounts, or GMSA, have security advantages over normal user accounts because Windows handles password management. This means the password is long, complex, and changes periodically. The best part of GMSA is all this happens automatically. AD FS supports GMSA and should be configured using them for additional defense in depth security.
 
-GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers.  Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA.  Before you can create a GSMA, you must first create a root key for the service.  You can skip this if your environment already uses GSMA.
+GSMA uses the Microsoft Key Distribution Service that is located on Windows Server 2012 or later domain controllers. Windows uses the Microsoft Key Distribution Service to protect secrets stored and used by the GSMA. Before you can create a GSMA, you must first create a root key for the service. You can skip this if your environment already uses GSMA.
 
 #### Create KDS Root Key
 
@@ -126,14 +127,14 @@ Sign-in a domain controller with _Enterprise Admin_ equivalent credentials.
 
 ### Windows Server 2008 or 2008 R2 Domain Controllers
 
-Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts.  Therefore, you must use create a normal user account as a service account where you are responsible for changing the password on a regular basis.
+Windows Server 2008 and 2008 R2 domain controllers do not host the Microsoft Key Distribution Service, nor do they support Group Managed Service Accounts. Therefore, you must use or create a normal user account as a service account where you are responsible for changing the password on a regular basis.
 
 #### Create an AD FS Service Account
 
 Sign-in a domain controller or management workstation with _Domain Admin_ equivalent credentials.
 1. Open **Active Directory Users and Computers**.
 2. Right-click the **Users** container, Click **New**. Click **User**.
-3. In the **New Object – User** window, type **adfssvc** in the **Full name** text box.  Type **adfssvc** in the **User logon name** text box.  Click **Next**.
+3. In the **New Object – User** window, type **adfssvc** in the **Full name** text box. Type **adfssvc** in the **User logon name** text box. Click **Next**.
 4. Enter and confirm a password for the **adfssvc** user. Clear the **User must change password at next logon** check box.
 5. Click **Next** and then click **Finish**.
 
@@ -144,19 +145,19 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 
 ### Windows Server 2016, 2012 R2 or later Domain Controllers
 
-Use the following procedures to configure AD FS when your environment uses **Windows Server 2012 or later Domain Controllers**.  If you are not using Windows Server 2012 or later Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2008 or 2008R2 Domain Controllers)](#windows-server-2008-or-2008-r2-domain-controllers) section.
+Use the following procedures to configure AD FS when your environment uses **Windows Server 2012 or later Domain Controllers**. If you are not using Windows Server 2012 or later Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2008 or 2008R2 Domain Controllers)](#windows-server-2008-or-2008-r2-domain-controllers) section.
 
 Sign-in the federation server with _Domain Admin_ equivalent credentials. These procedures assume you are configuring the first federation server in a federation server farm.
 1. Start **Server Manager**.
-2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**.   
+2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**. 
    ![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png)
 
 3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**.
 4. Click **Next** on the **Connect to Active Directory Domain Services** page.
-5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list.  The certificate is likely named after your federation service, such as *fs.corp.contoso.com* or *fs.contoso.com*.
+5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as *fs.corp.contoso.com* or *fs.contoso.com*.
 6. Select the federation service name from the **Federation Service Name** list.
-7. Type the Federation Service Display Name in the text box.  This is the name users see when signing in.  Click **Next**.
-8. On the **Specify Service Account** page, select **Create a Group Managed Service Account**.  In the **Account Name** box, type **adfssvc**.
+7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**.
+8. On the **Specify Service Account** page, select **Create a Group Managed Service Account**. In the **Account Name** box, type **adfssvc**.
 9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**.
 10. On the **Review Options** page, click **Next**.
 11. On the **Pre-requisite Checks** page, click **Configure**.
@@ -164,11 +165,11 @@ Sign-in the federation server with _Domain Admin_ equivalent credentials. These
 
 ### Windows Server 2008 or 2008 R2 Domain Controllers
 
-Use the following procedures to configure AD FS when your environment uses **Windows Server 2008 or 2008 R2 Domain Controllers**.  If you are not using Windows Server 2008 or 2008 R2 Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2012 or later Domain Controllers)](#windows-server-2012-or-later-domain-controllers) section.
+Use the following procedures to configure AD FS when your environment uses **Windows Server 2008 or 2008 R2 Domain Controllers**. If you are not using Windows Server 2008 or 2008 R2 Domain Controllers, follow the procedures under the [Configure the Active Directory Federation Service Role (Windows Server 2012 or later Domain Controllers)](#windows-server-2012-or-later-domain-controllers) section.
 
-Sign-in the federation server with _Domain Admin_ equivalent credentials.  These instructions assume you are configuring the first federation server in a federation server farm.
+Sign-in the federation server with _Domain Admin_ equivalent credentials. These instructions assume you are configuring the first federation server in a federation server farm.
 1. Start **Server Manager**.
-2. Click the notification flag in the upper right corner.  Click **Configure federation services on this server**.   
+2. Click the notification flag in the upper right corner. Click **Configure federation services on this server**.
     ![Example of pop-up notification as described above.](images/hello-adfs-configure-2012r2.png)
 
 3. On the **Welcome** page, click **Create the first federation server farm** and click **Next**.
@@ -176,7 +177,7 @@ Sign-in the federation server with _Domain Admin_ equivalent credentials.  These
 5. On the **Specify Service Properties** page, select the recently enrolled or imported certificate from the **SSL Certificate** list. The certificate is likely named after your federation service, such as fs.corp.mstepdemo.net or fs.mstepdemo.net.
 6. Select the federation service name from the **Federation Service Name** list.
 7. Type the Federation Service Display Name in the text box. This is the name users see when signing in. Click **Next**.
-8. On the **Specify Service Account** page, Select **Use an existing domain user account or group Managed Service Account** and click **Select**.   
+8. On the **Specify Service Account** page, Select **Use an existing domain user account or group Managed Service Account** and click **Select**. 
     * In the **Select User or Service Account** dialog box, type the name of the previously created AD FS service account (example adfssvc) and click **OK**. Type the password for the AD FS service account and click **Next**.
 9. On the **Specify Configuration Database** page, select **Create a database on this server using Windows Internal Database** and click **Next**.
 10. On the **Review Options** page, click **Next**.
@@ -194,7 +195,7 @@ Sign-in a domain controller or management workstation with _Domain Admin_ equiva
 2. Click the **Users** container in the navigation pane.
 3. Right-click **KeyAdmins** in the details pane and click **Properties**.
 4. Click the **Members** tab and click **Add…**
-5. In the **Enter the object names to select** text box, type **adfssvc**.  Click **OK**.
+5. In the **Enter the object names to select** text box, type **adfssvc**. Click **OK**.
 6. Click **OK** to return to **Active Directory Users and Computers**.
 7. Change to server hosting the AD FS role and restart it.
 
@@ -231,11 +232,11 @@ Before you continue with the deployment, validate your deployment progress by re
 
 ## Additional Federation Servers
 
-Organizations should deploy more than one federation server in their federation farm for high-availability.  You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more.  This largely depends on the number of devices and users using the services provided by the AD FS farm. 
+Organizations should deploy more than one federation server in their federation farm for high-availability. You should have a minimum of two federation services in your AD FS farm, however most organizations are likely to have more. This largely depends on the number of devices and users using the services provided by the AD FS farm. 
 
 ### Server Authentication Certificate
 
-Each server you add to the AD FS farm must have a proper server authentication certificate.  Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate.  As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities.
+Each server you add to the AD FS farm must have a proper server authentication certificate. Refer to the [Enroll for a TLS Server Authentication Certificate](#enroll-for-a-tls-server-authentication-certificate) section of this document to determine the requirements for your server authentication certificate. As previously stated, AD FS servers used exclusively for on-premises deployments of Windows Hello for Business can use enterprise server authentication certificates rather than server authentication certificates issued by public certificate authorities.
 
 ### Install Additional Servers
 
@@ -243,16 +244,16 @@ Adding federation servers to the existing AD FS farm begins with ensuring the se
 
 ## Load Balance AD FS Federation Servers
 
-Many environments load balance using hardware devices.  Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm.  Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced.
+Many environments load balance using hardware devices. Environments without hardware load-balancing capabilities can take advantage the network load-balancing feature included in Windows Server to load balance the AD FS servers in the federation farm. Install the Windows Network Load Balancing feature on all nodes participating in the AD FS farm that should be load balanced.
 
 ### Install Network Load Balancing Feature on AD FS Servers
 
 Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
-1. Start **Server Manager**.  Click **Local Server** in the navigation pane.
+1. Start **Server Manager**. Click **Local Server** in the navigation pane.
 2. Click **Manage** and then click **Add Roles and Features**.
 3. Click **Next** On the **Before you begin** page.
 4. On the **Select installation type** page, select **Role-based or feature-based installation** and click **Next**.
-5. On the **Select destination server** page, choose **Select a server from the server pool**.  Select the federation server from the **Server Pool** list.  Click **Next**.
+5. On the **Select destination server** page, choose **Select a server from the server pool**. Select the federation server from the **Server Pool** list. Click **Next**.
 6. On the **Select server roles** page, click **Next**.
 7. Select **Network Load Balancing** on the **Select features** page.
 8. Click **Install** to start the feature installation   
@@ -260,33 +261,33 @@ Sign-in the federation server with _Enterprise Admin_ equivalent credentials.
 
 ### Configure Network Load Balancing for AD FS
 
-Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster.  Once you have created the cluster, then you can add new nodes to that cluster.
+Before you can load balance all the nodes in the AD FS farm, you must first create a new load balance cluster. Once you have created the cluster, then you can add new nodes to that cluster.
 
 Sign-in a node of the federation farm with _Admin_ equivalent credentials.
-1. Open **Network Load Balancing Manager** from **Administrative Tools**.   
+1. Open **Network Load Balancing Manager** from **Administrative Tools**. 
     ![NLB Manager user interface.](images/hello-nlb-manager.png)
 2. Right-click **Network Load Balancing Clusters**, and then click **New Cluster**.
-3. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then click **Connect**.   
+3. To connect to the host that is to be a part of the new cluster, in the **Host** text box, type the name of the host, and then click **Connect**. 
     ![NLB Manager - Connect to new Cluster screen.](images/hello-nlb-connect.png)
 4. Select the interface that you want to use with the cluster, and then click **Next**. (The interface hosts the virtual IP address and receives the client traffic to load balance.)
 5. In **Host Parameters**, select a value in **Priority (Unique host identifier)**. This parameter specifies a unique ID for each host. The host with the lowest numerical priority among the current members of the cluster handles all of the cluster's network traffic that is not covered by a port rule. Click **Next**.
-6. In **Cluster IP Addresses**, click **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Click **Next**.   
+6. In **Cluster IP Addresses**, click **Add** and type the cluster IP address that is shared by every host in the cluster. NLB adds this IP address to the TCP/IP stack on the selected interface of all hosts that are chosen to be part of the cluster. Click **Next**. 
     ![NLB Manager - Add IP to New Cluster screen.](images/hello-nlb-add-ip.png)
-7. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster.   
+7. In **Cluster Parameters**, select values in **IP Address** and **Subnet mask** (for IPv6 addresses, a subnet mask value is not needed). Type the full Internet name that users will use to access this NLB cluster. 
     ![NLB Manager - Cluster IP Configuration screen.](images/hello-nlb-cluster-ip-config.png)
 8. In **Cluster operation mode**, click **Unicast** to specify that a unicast media access control (MAC) address should be used for cluster operations. In unicast mode, the MAC address of the cluster is assigned to the network adapter of the computer, and the built-in MAC address of the network adapter is not used. We recommend that you accept the unicast default settings. Click **Next**.
-9. In Port Rules, click Edit to modify the default port rules to use port 443.   
+9. In Port Rules, click Edit to modify the default port rules to use port 443. 
     ![NLB Manager - Add\Edit Port Rule screen.](images/hello-nlb-cluster-port-rule.png)
 
 ### Additional AD FS Servers
 
 1. To add more hosts to the cluster, right-click the new cluster, and then click **Add Host to Cluster**.
-2. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same.   
+2. Configure the host parameters (including host priority, dedicated IP addresses, and load weight) for the additional hosts by following the same instructions that you used to configure the initial host. Because you are adding hosts to an already configured cluster, all the cluster-wide parameters remain the same. 
     ![NLB Manager - Cluster with nodes.](images/hello-nlb-cluster.png)
 
 ## Configure DNS for Device Registration
 
-Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials.  You’ll need the Federation service name to complete this task.  You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server.
+Sign-in the domain controller or administrative workstation with domain administrator equivalent credentials. You’ll need the Federation service name to complete this task. You can view the federation service name by clicking **Edit Federation Service Properties** from the **Action** pan of the **AD FS** management console, or by using `(Get-AdfsProperties).Hostname.` (PowerShell) on the AD FS server.
 1. Open the **DNS Management** console.
 2. In the navigation pane, expand the domain controller name node and **Forward Lookup Zones**.
 3. In the navigation pane, select the node that has the name of your internal Active Directory domain name.
@@ -302,7 +303,7 @@ Sign-in the domain controller or administrative workstation with domain administ
 
 ## Configure the Intranet Zone to include the federation service
 
-The Windows Hello provisioning presents web pages from the federation service.  Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication.  Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication. 
+The Windows Hello provisioning presents web pages from the federation service. Configuring the intranet zone to include the federation service enables the user to authenticate to the federation service using integrated authentication. Without this setting, the connection to the federation service during Windows Hello provisioning prompts the user for authentication. 
 
 ### Create an Intranet Zone Group Policy
 
@@ -315,7 +316,7 @@ Sign-in the domain controller or administrative workstation with _Domain Admin_
 6. In the navigation pane, expand **Policies** under **Computer Configuration**.
 7. Expand **Administrative Templates > Windows Component > Internet Explorer > Internet Control Panel**, and select **Security Page**.
 8. In the content pane, double-click **Site to Zone Assignment List**. Click **Enable**.
-9. Click **Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**.  Click OK twice, then close the Group Policy Management Editor.
+9. Click **Show**. In the **Value Name** column, type the url of the federation service beginning with https. In the **Value** column, type the number **1**. Click OK twice, then close the Group Policy Management Editor.
 
 ### Deploy the Intranet Zone Group Policy object
 
@@ -342,4 +343,4 @@ Before you continue with the deployment, validate your deployment progress by re
 2. [Validate and Configure Public Key Infrastructure](hello-key-trust-validate-pki.md)
 3. Prepare and Deploy Windows Server 2016 Active Directory Federation Services (*You are here*)
 4. [Validate and Deploy Multifactor Authentication Services (MFA)](hello-key-trust-validate-deploy-mfa.md)
-5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
\ No newline at end of file
+5. [Configure Windows Hello for Business Policy settings](hello-key-trust-policy-settings.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index b5cae63015..090e46cd72 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Configure Windows Hello for Business Policy settings - Key Trust
 
@@ -76,13 +77,13 @@ The default configuration for Windows Hello for Business is to prefer hardware p
 
 You can enable and deploy the **Use a hardware security device** Group Policy Setting to force Windows Hello for Business to only create hardware protected credentials.  Users that sign-in from a computer incapable of creating a hardware protected credential do not enroll for Windows Hello for Business.
 
-Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Therefore, some organization may want not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, simply select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
+Another policy setting becomes available when you enable the **Use a hardware security device** Group Policy setting that enables you to prevent Windows Hello for Business enrollment from using version 1.2 Trusted Platform Modules (TPM). Version 1.2 TPMs typically perform cryptographic operations slower than version 2.0 TPMs and are more unforgiving during anti-hammering and PIN lockout activities. Some organizations may not want slow sign-in performance and management overhead associated with version 1.2 TPMs. To prevent Windows Hello for Business from using version 1.2 TPMs, select the TPM 1.2 check box after you enable the Use a hardware security device Group Policy object.
 
 ### Use biometrics
 
 Windows Hello for Business provides a great user experience when combined with the use of biometrics.  Rather than providing a PIN to sign-in, a user can use a fingerprint or facial recognition to sign-in to Windows, without sacrificing security.  
 
-The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers.  The policy setting disabled all biometrics. Currently, Windows does not provide granular policy setting that enable you to disable specific modalities of biometrics such as allow facial recognition, but disallow fingerprint.
+The default Windows Hello for Business enables users to enroll and use biometrics. However, some organization may want more time before using biometrics and want to disable their use until they are ready. To not allow users to use biometrics, configure the **Use biometrics** Group Policy setting to disabled and apply it to your computers.  The policy setting disabled all biometrics.  Currently, Windows does not provide the ability to set granular policies that enable you to disable specific modalities of biometrics, such as allowing facial recognition, but disallowing fingerprint recognition.
 
 ### PIN Complexity
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index 52f79740bf..a7cf2a4367 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Validate Active Directory prerequisites - Key Trust
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
index f2b2ad6a0c..42ee5bdd01 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Validate and Deploy Multifactor Authentication (MFA)
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index 4e174f4e5d..5a4c114b16 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -15,20 +15,21 @@ appliesto:
   - ✅ <b>Windows 11</b>
   - ✅ <b>On-premises deployment</b>
   - ✅ <b>Key trust</b>
+ms.technology: itpro-security
 ---
 # Validate and Configure Public Key Infrastructure - Key Trust
 
-Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model.  All trust models depend on the domain controllers having a certificate.  The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller.  
+Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model.  All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller.  
 
 ## Deploy an enterprise certificate authority
 
-This guide assumes most enterprise have an existing public key infrastructure.  Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later.
+This guide assumes most enterprises have an existing public key infrastructure.  Windows Hello for Business depends on a Windows enterprise public key infrastructure running the Active Directory Certificate Services role from Windows Server 2012 or later.
 
 ### Lab-based public key infrastructure
 
 The following instructions may be used to deploy simple public key infrastructure that is suitable for a lab environment.
 
-Sign-in using _Enterprise Admin_ equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed.
+Sign in using **Enterprise Admin** equivalent credentials on Windows Server 2012 or later server where you want the certificate authority installed.
 
 >[!NOTE]
 >Never install a certificate authority on a domain controller in a production environment.
@@ -56,7 +57,7 @@ Domain controllers automatically request a domain controller certificate (if pub
 
 By default, the Active Directory Certificate Authority provides and publishes the Kerberos Authentication certificate template.  However, the cryptography configuration included in the provided template is based on older and less performant cryptography APIs.  To ensure domain controllers request the proper certificate with the best available cryptography, use the Kerberos Authentication certificate template as a baseline to create an updated domain controller certificate template.
 
-Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
+Sign in to a certificate authority or management workstations with **Domain Admin** equivalent credentials.
 
 1. Open the **Certificate Authority** management console.
 
@@ -64,7 +65,7 @@ Sign-in to a certificate authority or management workstations with _Domain Admin
 
 3. In the **Certificate Template Console**, right-click the **Kerberos Authentication** template in the details pane and click **Duplicate Template**.
 
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box.  Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2008 R2** from the **Certification Authority** list. Select **Windows 7.Server 2008 R2** from the **Certification Recipient** list.
 
 5. On the **General** tab, type **Domain Controller Authentication (Kerberos)** in Template display name.  Adjust the validity and renewal period to meet your enterprise’s needs.   
 
@@ -83,7 +84,7 @@ Many domain controllers may have an existing domain controller certificate.  The
 
 The Kerberos Authentication certificate template is the most current certificate template designated for domain controllers and should be the one you deploy to all your domain controllers (2008 or later).   The autoenrollment feature in Windows enables you to effortlessly replace these domain controller certificates.  You can use the following configuration to replace older domain controller certificates with a new certificate using the Kerberos Authentication certificate template. 
 
-Sign-in to a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
+Sign in to a certificate authority or management workstations with _Enterprise Admin_ equivalent credentials.
 
 1. Open the **Certificate Authority** management console.
 
@@ -109,7 +110,7 @@ The certificate template is configured to supersede all the certificate template
 
 Windows clients use the https protocol when communicating with Active Directory Federation Services.  To meet this need, you must issue a server authentication certificate to all the nodes in the Active Directory Federation Services farm.  On-premises deployments can use a server authentication certificate issued by their enterprise PKI.  You must configure a server authentication certificate template so the host running the Active Directory Federation Service can request the certificate. 
 
-Sign-in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
+Sign in to a certificate authority or management workstations with _Domain Admin_ equivalent credentials.
 
 1. Open the **Certificate Authority** management console.
 
@@ -140,7 +141,7 @@ The certificate authority only issues certificates based on published certificat
 
 The newly created domain controller authentication certificate template supersedes previous domain controller certificate templates.  Therefore, you need to unpublish these certificate templates from all issuing certificate authorities.
 
-Sign-in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials.
+Sign in to the certificate authority or management workstation with _Enterprise Admin_ equivalent credentials.
 
 1. Open the **Certificate Authority** management console.
 
@@ -156,7 +157,7 @@ Sign-in to the certificate authority or management workstation with _Enterprise
 
 The certificate authority may only issue certificates for certificate templates that are published to that certificate authority.  If you have more than one certificate authority and you want that certificate authority to issue certificates based on a specific certificate template, then you must publish the certificate template to all certificate authorities that are expected to issue the certificate.
 
-Sign-in to the certificate authority or management workstations with an _Enterprise Admin_ equivalent credentials.
+Sign in to the certificate authority or management workstations with **Enterprise Admin** equivalent credentials.
 
 1. Open the **Certificate Authority** management console.
 
@@ -204,7 +205,7 @@ Domain controllers automatically request a certificate from the domain controlle
 
 ### Deploy the Domain Controller Auto Certificate Enrollment Group Policy Object
 
-Sign-in to a domain controller or management workstations with _Domain Admin_ equivalent credentials.
+Sign in to domain controller or management workstations with _Domain Admin_ equivalent credentials.
 
 1. Start the **Group Policy Management Console** (gpmc.msc).
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index 040e423688..ef4ec913e4 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -15,6 +15,7 @@ ms.date: 2/15/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # Manage Windows Hello for Business in your organization
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 7a7fb4b8fe..eb85e9ca3b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -15,6 +15,7 @@ appliesto:
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
   - ✅ <b>Windows Holographic for Business</b>
+ms.technology: itpro-security
 ---
 # Windows Hello for Business Overview
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index a47024a34d..36ba184666 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -14,6 +14,7 @@ ms.date: 09/16/2020
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Planning a Windows Hello for Business Deployment
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
index 4a53de6f97..78291dadbd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
+++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
@@ -13,6 +13,7 @@ ms.date: 08/19/2018
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Prepare people to use Windows Hello
 
diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md
index 0cc2a08540..3a99c148bd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-videos.md
+++ b/windows/security/identity-protection/hello-for-business/hello-videos.md
@@ -13,6 +13,7 @@ ms.date: 07/26/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Windows Hello for Business Videos
 ## Overview of Windows Hello for Business and Features
diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index d7dd7adec6..68cc9b2ecd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -1,6 +1,6 @@
 ---
 title: Why a PIN is better than an online password (Windows)
-description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password .
+description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password.
 ms.prod: windows-client
 author: paolomatarazzo
 ms.author: paoloma
@@ -15,6 +15,7 @@ ms.date: 10/23/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Why a PIN is better than an online password
 
diff --git a/windows/security/identity-protection/hello-for-business/images/azuread-kerberos-object.png b/windows/security/identity-protection/hello-for-business/images/azuread-kerberos-object.png
new file mode 100644
index 0000000000..a1cffd3665
Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/azuread-kerberos-object.png differ
diff --git a/windows/security/identity-protection/hello-for-business/images/haadj-whfb-pin-provisioning.gif b/windows/security/identity-protection/hello-for-business/images/haadj-whfb-pin-provisioning.gif
new file mode 100644
index 0000000000..7bff02eada
Binary files /dev/null and b/windows/security/identity-protection/hello-for-business/images/haadj-whfb-pin-provisioning.gif differ
diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
index db16a0bdac..a446e2b52f 100644
--- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
+++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
@@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 11/14/2018
+ms.technology: itpro-security
 ---
 # What is a Microsoft-compatible security key?
 
@@ -26,6 +27,6 @@ A security key **MUST** implement the following features and extensions from the
 | #</br> | Feature / Extension trust</br> | Why is this required? </br> |
 | --- | --- | --- | 
 | 1 | Resident key | This feature enables the security key to be portable, where your credential is stored on the security key |
-| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have an user interface|
+| 2 | Client pin | This feature enables you to protect your credentials with a second factor and applies to security keys that do not have a user interface|
 | 3 | hmac-secret | This extension ensures you can sign-in to your device when it's off-line or in airplane mode |
 | 4 | Multiple accounts per RP | This feature ensures you can use the same security key across multiple services like Microsoft Account (MSA) and Azure Active Directory (AAD) |
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index 6da7cc1034..5c2b1147af 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -13,6 +13,7 @@ ms.date: 05/24/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # Password-less strategy
diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md
index ecddd67b7f..bf8a6a57bf 100644
--- a/windows/security/identity-protection/hello-for-business/reset-security-key.md
+++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md
@@ -10,6 +10,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 localizationpriority: medium
 ms.date: 11/14/2018
+ms.technology: itpro-security
 ---
 # How to reset a Microsoft-compatible security key? 
 > [!Warning]
diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
index 21756b8260..4653d23331 100644
--- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
@@ -11,6 +11,7 @@ ms.topic: article
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # How Windows Hello for Business works in Windows devices
 
diff --git a/windows/security/identity-protection/hello-for-business/webauthn-apis.md b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
index 9d8fa5c21b..afac158d28 100644
--- a/windows/security/identity-protection/hello-for-business/webauthn-apis.md
+++ b/windows/security/identity-protection/hello-for-business/webauthn-apis.md
@@ -13,6 +13,7 @@ ms.date: 09/15/2022
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # WebAuthn APIs for passwordless authentication on Windows
 <!--MAXADO-6021798-->
diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md
index cf8573f679..efab24f84a 100644
--- a/windows/security/identity-protection/index.md
+++ b/windows/security/identity-protection/index.md
@@ -12,6 +12,7 @@ ms.date: 02/05/2018
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # Identity and access management
diff --git a/windows/security/identity-protection/password-support-policy.md b/windows/security/identity-protection/password-support-policy.md
index 5b65618db7..fe76412c23 100644
--- a/windows/security/identity-protection/password-support-policy.md
+++ b/windows/security/identity-protection/password-support-policy.md
@@ -11,6 +11,7 @@ author: paolomatarazzo
 ms.author: paoloma
 manager: aaroncz
 ms.date: 11/20/2019
+ms.technology: itpro-security
 ---
 
 # Technical support policy for lost or forgotten passwords
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index 81ceb05cfd..943feee191 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -14,6 +14,7 @@ ms.date: 01/12/2018
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows Server 2016</b>
+ms.technology: itpro-security
 ---
 # Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
index 45274c687c..94d820ba53 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 # Smart Card and Remote Desktop Services
 
diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
index 7277b044d4..8fdd044d15 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Smart Card Architecture
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
index 00b2152267..664a098b48 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Certificate Propagation Service
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
index 5707ce0650..eafc1a53ec 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Certificate Requirements and Enumeration
diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index 7604db531a..041be309ae 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -18,6 +18,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Smart Card Troubleshooting
diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md
index fd2d69b73f..82b2141687 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-events.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-events.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Smart Card Events
diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
index c32bc12fe2..9ba33317ac 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Smart Card Group Policy and Registry Settings
diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
index 7faa54e44a..75800f2ed8 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
@@ -17,6 +17,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # How Smart Card Sign-in Works in Windows
diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
index bd2846b176..1dde909358 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Smart Card Removal Policy Service
diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
index af5b9e8bb6..60ec54e817 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Smart Cards for Windows Service
diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
index 106071d129..fe25ba9e7c 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Smart Card Tools and Settings
diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
index f1676735c7..073e9fb3e9 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
@@ -16,6 +16,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # Smart Card Technical Reference
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index 49a56c854a..9736d287a0 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -18,6 +18,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # How User Account Control works
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
index 540e4342f1..aeae137539 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@@ -18,6 +18,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # User Account Control Group Policy and registry key settings
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
index 39dfcbd0bc..1e1fb5f9a7 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
@@ -18,6 +18,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # User Account Control
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
index a31f0a2547..2b860883d7 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
@@ -17,6 +17,7 @@ appliesto:
   - ✅ <b>Windows Server 2016</b>
   - ✅ <b>Windows Server 2019</b>
   - ✅ <b>Windows Server 2022</b>
+ms.technology: itpro-security
 ---
 
 # User Account Control security policy settings
@@ -34,7 +35,7 @@ This policy setting controls the behavior of Admin Approval Mode for the built-i
 
 This policy setting controls whether User Interface Accessibility (UIAccess or UIA) programs can automatically disable the secure desktop for elevation prompts used by a standard user.
 
--   **Enabled** UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you do not disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
+-   **Enabled** UIA programs, including Windows Remote Assistance, automatically disable the secure desktop for elevation prompts. If you don't disable the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting, the prompts appear on the interactive user's desktop instead of the secure desktop.
 -   **Disabled** (Default) The secure desktop can be disabled only by the user of the interactive desktop or by disabling the "User Account Control: Switch to the secure desktop when prompting for elevation" policy setting.
 
 ## User Account Control: Behavior of the elevation prompt for administrators in Admin Approval Mode
@@ -64,29 +65,33 @@ This policy setting controls the behavior of the elevation prompt for standard u
 This policy setting controls the behavior of application installation detection for the computer.
 
 -   **Enabled** (Default) When an app installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.
--   **Disabled** App installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies, such as Group Policy or Microsoft Endpoint Manager should disable this policy setting. In this case, installer detection is unnecessary.
+-   **Disabled** App installation packages aren't detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies, such as Group Policy or Microsoft Intune should disable this policy setting. In this case, installer detection is unnecessary.
 
 ## User Account Control: Only elevate executable files that are signed and validated
 
 This policy setting enforces public key infrastructure (PKI) signature checks for any interactive applications that request elevation of privilege. Enterprise administrators can control which applications are allowed to run by adding certificates to the Trusted Publishers certificate store on local computers.
 
--   **Enabled** Enforces the certificate certification path validation for a given executable file before it is permitted to run.
--   **Disabled** (Default) Does not enforce the certificate certification path validation before a given executable file is permitted to run.
+-   **Enabled** Enforces the certificate certification path validation for a given executable file before it's permitted to run.
+-   **Disabled** (Default) Doesn't enforce the certificate certification path validation before a given executable file is permitted to run.
 
 ## User Account Control: Only elevate UIAccess applications that are installed in secure locations
 
-This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following: - …\\Program Files\\, including subfolders - …\\Windows\\system32\\ - …\\Program Files (x86)\\, including subfolders for 64-bit versions of Windows
+This policy setting controls whether applications that request to run with a User Interface Accessibility (UIAccess) integrity level must reside in a secure location in the file system. Secure locations are limited to the following folders: 
+
+- …\\Program Files\\, including subfolders
+- …\\Windows\\system32\\ 
+- …\\Program Files (x86)\\, including subfolders for 64-bit versions of Windows
 
 >**Note:**  Windows enforces a digital signature check on any interactive app that requests to run with a UIAccess integrity level regardless of the state of this security setting.
  
 -   **Enabled** (Default) If an app resides in a secure location in the file system, it runs only with UIAccess integrity.
--   **Disabled** An app runs with UIAccess integrity even if it does not reside in a secure location in the file system.
+-   **Disabled** An app runs with UIAccess integrity even if it doesn't reside in a secure location in the file system.
 
 ## User Account Control: Turn on Admin Approval Mode
 
 This policy setting controls the behavior of all User Account Control (UAC) policy settings for the computer. If you change this policy setting, you must restart your computer.
 
--   **Enabled** (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately to allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
+-   **Enabled** (Default) Admin Approval Mode is enabled. This policy must be enabled and related UAC policy settings must also be set appropriately. They'll allow the built-in Administrator account and all other users who are members of the Administrators group to run in Admin Approval Mode.
 -   **Disabled** Admin Approval Mode and all related UAC policy settings are disabled. Note: If this policy setting is disabled, the Windows Security app notifies you that the overall security of the operating system has been reduced.
 
 ## User Account Control: Switch to the secure desktop when prompting for elevation
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
index 0f5fef56ab..7154750f0b 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@@ -12,6 +12,7 @@ ms.date: 04/19/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows Server 2016</b>
+ms.technology: itpro-security
 ---
 
 # Deploy Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
index f5ce64521a..8aff0f477f 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@@ -12,6 +12,7 @@ ms.date: 04/19/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows Server 2016</b>
+ms.technology: itpro-security
 ---
 
 # Evaluate Virtual Smart Card Security
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index ab366df26d..3dbfc81372 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -12,6 +12,7 @@ ms.date: 04/19/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows Server 2016</b>
+ms.technology: itpro-security
 ---
 
 # Get Started with Virtual Smart Cards: Walkthrough Guide
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
index acb3e89bb3..361c943258 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@@ -12,6 +12,7 @@ ms.date: 10/13/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows Server 2016</b>
+ms.technology: itpro-security
 ---
 
 # Virtual Smart Card Overview
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
index 62b4f01d0c..c4bbcf77bd 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@@ -12,6 +12,7 @@ ms.date: 04/19/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows Server 2016</b>
+ms.technology: itpro-security
 ---
 
 # Tpmvscmgr
@@ -34,7 +35,7 @@ The Create command sets up new virtual smart cards on the user’s system. It re
 | /AdminKey | Indicates the desired administrator key that can be used to reset the PIN of the card if the user forgets the PIN.<br>**DEFAULT** Specifies the default value of 010203040506070801020304050607080102030405060708.<br>**PROMPT**&nbsp;&nbsp;Prompts the user to enter a value for the administrator key.<br>**RANDOM**&nbsp;&nbsp;Results in a random setting for the administrator key for a card that is not returned to the user. This creates a card that might not be manageable by using smart card management tools. When generated with RANDOM, the administrator key is set as 48 hexadecimal characters. |
 | /PIN | Indicates desired user PIN value.<br>**DEFAULT**&nbsp;&nbsp;Specifies the default PIN of 12345678.<br>**PROMPT**&nbsp;&nbsp;Prompts the user to enter a PIN at the command line. The PIN must be a minimum of eight characters, and it can contain numerals, characters, and special characters. |
 | /PUK | Indicates the desired PIN Unlock Key (PUK) value. The PUK value must be a minimum of eight characters, and it can contain numerals, characters, and special characters. If the parameter is omitted, the card is created without a PUK.<br>**DEFAULT**&nbsp;&nbsp;Specifies the default PUK of 12345678.<br>**PROMPT**&nbsp;&nbsp;Prompts the user to enter a PUK at the command line. |
-| /generate | Generates the files in storage that are necessary for the virtual smart card to function. If the /generate parameter is omitted, it is equivalent to creating a card without this file system. A card without a file system can be managed only by a smart card management system such as Microsoft Endpoint Configuration Manager. |
+| /generate | Generates the files in storage that are necessary for the virtual smart card to function. If the /generate parameter is omitted, it is equivalent to creating a card without this file system. A card without a file system can be managed only by a smart card management system such as Microsoft Configuration Manager. |
 | /machine | Allows you to specify the name of a remote computer on which the virtual smart card can be created. This can be used in a domain environment only, and it relies on DCOM. For the command to succeed in creating a virtual smart card on a different computer, the user running this command must be a member in the local administrators group on the remote computer. |
 | /pinpolicy | If **/pin prompt** is used, **/pinpolicy** allows you to specify the following PIN policy options:<br>**minlen** &lt;minimum PIN length&gt;<br>&nbsp;&nbsp;&nbsp;If not specified, defaults to 8. The lower bound is 4.<br>**maxlen** &lt;maximum PIN length&gt;<br>&nbsp;&nbsp;&nbsp;If not specified, defaults to 127. The upper bound is 127.<br>**uppercase**&nbsp;&nbsp;Can be **ALLOWED**, **DISALLOWED**, or **REQUIRED.** Default is **ALLOWED.**<br>**lowercase**&nbsp;&nbsp;Can be **ALLOWED**, **DISALLOWED**, or **REQUIRED.** Default is **ALLOWED.**<br>**digits**&nbsp;&nbsp;Can be **ALLOWED**, **DISALLOWED**, or **REQUIRED.** Default is **ALLOWED.**<br>**specialchars**&nbsp;&nbsp;Can be **ALLOWED**, **DISALLOWED**, or **REQUIRED.** Default is **ALLOWED.**<br><br>When using **/pinpolicy**, PIN characters must be printable ASCII characters. |
 | /attestation | Configures attestation (subject only). This attestation uses an [Attestation Identity Key (AIK) certificate](/openspecs/windows_protocols/ms-dha/a4a71926-3639-4d62-b915-760c2483f489#gt_89a2ba3c-80af-4d1f-88b3-06ec3489fd5a) as a trust anchor to vouch that the virtual smart card keys and certificates are truly hardware bound. The attestation methods are:<br>**AIK_AND_CERT**&nbsp;&nbsp;Creates an AIK and obtains an AIK certificate from the Microsoft cloud certification authority (CA). This requires the device to have a TPM with an [EK certificate](/openspecs/windows_protocols/ms-wcce/719b890d-62e6-4322-b9b1-1f34d11535b4#gt_6aaaff7f-d380-44fb-91d3-b985e458eb6d). If this option is specified and there is no network connectivity, it is possible that creation of the virtual smart card will fail.<br>**AIK_ONLY**&nbsp;&nbsp;Creates an AIK but does not obtain an AIK certificate. |
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
index 6b9c28ede3..7145692213 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@@ -12,6 +12,7 @@ ms.date: 04/19/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows Server 2016</b>
+ms.technology: itpro-security
 ---
 
 # Understanding and Evaluating Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
index 713f1ab1f6..c8e7f675e5 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@@ -12,6 +12,7 @@ ms.date: 10/13/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows Server 2016</b>
+ms.technology: itpro-security
 ---
 
 # Use Virtual Smart Cards
diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index 863eec92a6..5ca81d5c91 100644
--- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -11,6 +11,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # How to configure Diffie Hellman protocol over IKEv2 VPN connections
diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index d7cefe3eee..4b167fab27 100644
--- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -10,6 +10,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # How to use Single Sign-On (SSO) over VPN and Wi-Fi connections
diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md
index 508f1851bc..fa541c4f87 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/identity-protection/vpn/vpn-authentication.md
@@ -11,6 +11,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # VPN authentication options
diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index 84b2d6c66b..e7e1f831ab 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -11,6 +11,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # VPN auto-triggered profile options
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index 2589095203..5d7a695376 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -11,6 +11,7 @@ ms.date: 09/23/2021
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # VPN and conditional access
diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md
index 473b6fede7..c3b4995351 100644
--- a/windows/security/identity-protection/vpn/vpn-connection-type.md
+++ b/windows/security/identity-protection/vpn/vpn-connection-type.md
@@ -11,6 +11,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # VPN connection types
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index 54ef63f227..40331b878d 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -11,6 +11,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # Windows VPN technical guide
diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md
index cc0d1c17d1..61fccf4518 100644
--- a/windows/security/identity-protection/vpn/vpn-name-resolution.md
+++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md
@@ -11,6 +11,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # VPN name resolution
diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
index 3512900011..6e45c35a7e 100644
--- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
+++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
@@ -12,6 +12,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client
 
diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index 07f0f4e317..ebd414e637 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -11,11 +11,12 @@ ms.date: 05/17/2018
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # VPN profile options
 
-Most of the VPN settings in Windows 10 and Windows 11 can be configured in VPN profiles using Microsoft Intune or Microsoft Endpoint Configuration Manager. All VPN settings in Windows 10 and Windows 11 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). 
+Most of the VPN settings in Windows 10 and Windows 11 can be configured in VPN profiles using Microsoft Intune or Microsoft Configuration Manager. All VPN settings in Windows 10 and Windows 11 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp). 
 
 >[!NOTE]
 >If you're not familiar with CSPs, read [Introduction to configuration service providers (CSPs)](/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers) first.
diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md
index 8a4d2a49b8..195202fe24 100644
--- a/windows/security/identity-protection/vpn/vpn-routing.md
+++ b/windows/security/identity-protection/vpn/vpn-routing.md
@@ -11,6 +11,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 # VPN routing decisions
 
diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index 852ee0c9d5..d21e11182a 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -11,6 +11,7 @@ ms.reviewer: pesmith
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # VPN security features
diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
index 1e475ba610..9b7bb26672 100644
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
@@ -12,6 +12,7 @@ ms.date: 04/19/2017
 appliesto: 
   - ✅ <b>Windows 10</b>
   - ✅ <b>Windows 11</b>
+ms.technology: itpro-security
 ---
 
 # Windows Credential Theft Mitigation Guide Abstract
diff --git a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
index 4a3b3e57ca..a2bd69a418 100644
--- a/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bcd-settings-and-bitlocker.md
@@ -11,6 +11,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # Boot Configuration Data settings and BitLocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
index 76f08567b4..9e61120973 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-basic-deployment.md
@@ -12,6 +12,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker basic deployment
diff --git a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
index 857466fec6..e515250330 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-countermeasures.md
@@ -12,6 +12,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker Countermeasures
diff --git a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
index 3811e7cb94..50fa530e4f 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-deployment-comparison.md
@@ -10,6 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 05/20/2021
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker deployment comparison
@@ -24,7 +25,7 @@ This article depicts the BitLocker deployment comparison chart.
 
 ## BitLocker deployment comparison chart
 
-| Requirements |Microsoft Intune  |Microsoft Endpoint Configuration Manager  |Microsoft BitLocker Administration and Monitoring (MBAM) |
+| Requirements |Microsoft Intune  |Microsoft Configuration Manager  |Microsoft BitLocker Administration and Monitoring (MBAM) |
 |---------|---------|---------|---------|
 |Minimum client operating system version     |Windows 11 and Windows 10    | Windows 11, Windows 10, and Windows 8.1  | Windows 7, Windows 8, Windows 8.1, Windows 10, Windows 10 IoT, and Windows 11      |
 |Supported Windows SKUs     |    Enterprise, Pro, Education     |    Enterprise, Pro, Education     |     Enterprise    |
diff --git a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
index 5b84d41717..314bdaff4d 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-device-encryption-overview-windows-10.md
@@ -12,6 +12,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 03/10/2022
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # Overview of BitLocker Device Encryption in Windows
@@ -51,7 +52,7 @@ In Windows 7, preparing the TPM for use offered a couple of challenges:
 * You can turn on the TPM in the BIOS, which requires someone to either go into the BIOS settings to turn it on or to install a driver to turn it on from within Windows.
 * When you enable the TPM, it may require one or more restarts.
 
-Basically, it was a big hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or simply leave BitLocker disabled.
+Basically, it was a hassle. If IT staff were provisioning new PCs, they could handle all of this, but if you wanted to add BitLocker to devices that were already in users’ hands, those users would have struggled with the technical challenges and would either call IT for support or leave BitLocker disabled.
 
 Microsoft includes instrumentation in Windows 11 and Windows 10 that enable the operating system to fully manage the TPM. There's no need to go into the BIOS, and all scenarios that required a restart have been eliminated.
 
@@ -72,7 +73,7 @@ Unlike a standard BitLocker implementation, BitLocker device encryption is enabl
 * When a clean installation of Windows 11 or Windows 10 is completed and the out-of-box experience is finished, the computer is prepared for first use. As part of this preparation, BitLocker Device Encryption is initialized on the operating system drive and fixed data drives on the computer with a clear key (this is the equivalent of standard BitLocker suspended state). In this state, the drive is shown with a warning icon in Windows Explorer.  The yellow warning icon is removed after the TPM protector is created and the recovery key is backed up, as explained in the following bullet points.
 * If the device isn't domain joined, a Microsoft account that has been granted administrative privileges on the device is required. When the administrator uses a Microsoft account to sign in, the clear key is removed, a recovery key is uploaded to the online Microsoft account, and a TPM protector is created. Should a device require the recovery key, the user will be guided to use an alternate device and navigate to a recovery key access URL to retrieve the recovery key by using his or her Microsoft account credentials.
 * If the user uses a domain account to sign in, the clear key isn't removed until the user joins the device to a domain and the recovery key is successfully backed up to Active Directory Domain Services (AD DS). You must enable the **Computer Configuration\\Administrative Templates\\Windows Components\\BitLocker Drive Encryption\\Operating System Drives** Group Policy setting, and select the **Do not enable BitLocker until recovery information is stored in AD DS for operating system drives** option. With this configuration, the recovery password is created automatically when the computer joins the domain, and then the recovery key is backed up to AD DS, the TPM protector is created, and the clear key is removed.
-* Similar to signing in with a domain account, the clear key is removed when the user logs on to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
+* Similar to signing in with a domain account, the clear key is removed when the user signs in to an Azure AD account on the device. As described in the bullet point above, the recovery password is created automatically when the user authenticates to Azure AD. Then, the recovery key is backed up to Azure AD, the TPM protector is created, and the clear key is removed.
 
 Microsoft recommends that BitLocker Device Encryption be enabled on any systems that support it, but the automatic BitLocker Device Encryption process can be prevented by changing the following registry setting:
 - **Subkey**: HKEY\_LOCAL\_MACHINE\\SYSTEM\\CurrentControlSet\\Control\\BitLocker
@@ -87,7 +88,7 @@ Administrators can manage domain-joined devices that have BitLocker device encry
 ## Used Disk Space Only encryption
 
 BitLocker in earlier Windows versions could take a long time to encrypt a drive, because it encrypted every byte on the volume (including parts that didn't have data). That is still the most secure way to encrypt a drive, especially if a drive has previously contained confidential data that has since been moved or deleted. In that case, traces of the confidential data could remain on portions of the drive marked as unused.
-But why encrypt a new drive when you can simply encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 11 and Windows 10 let users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent.
+But why encrypt a new drive when you can encrypt the data as it is being written? To reduce encryption time, BitLocker in Windows 11 and Windows 10 let users choose to encrypt just their data. Depending on the amount of data on the drive, this option can reduce encryption time by more than 99 percent.
 Exercise caution when encrypting only used space on an existing volume on which confidential data may have already been stored in an unencrypted state, however, because those sectors can be recovered through disk-recovery tools until they're overwritten by new encrypted data. In contrast, encrypting only used space on a brand-new volume can significantly decrease deployment time without the security risk because all new data will be encrypted as it's written to the disk.
 
 ## Encrypted hard drive support
@@ -129,13 +130,13 @@ Part of the Microsoft Desktop Optimization Pack, Microsoft BitLocker Administrat
 
 * Enables administrators to automate the process of encrypting volumes on client computers across the enterprise.
 * Enables security officers to quickly determine the compliance state of individual computers or even of the enterprise itself.
-* Provides centralized reporting and hardware management with Microsoft Endpoint Configuration Manager.
+* Provides centralized reporting and hardware management with Microsoft Configuration Manager.
 * Reduces the workload on the help desk to assist end users with BitLocker recovery requests.
 * Enables end users to recover encrypted devices independently by using the Self-Service Portal.
 * Enables security officers to easily audit access to recovery key information.
 * Empowers Windows Enterprise users to continue working anywhere with the assurance that their corporate data is protected.
 * Enforces the BitLocker encryption policy options that you set for your enterprise.
-* Integrates with existing management tools, such as Microsoft Endpoint Configuration Manager.
+* Integrates with existing management tools, such as Microsoft Configuration Manager.
 * Offers an IT-customizable recovery user experience.
 * Supports Windows 11 and Windows 10.
 
@@ -144,4 +145,4 @@ Part of the Microsoft Desktop Optimization Pack, Microsoft BitLocker Administrat
 
 Going forward, the functionality of MBAM will be incorporated into Configuration Manager. For more information, see [Features in Configuration Manager technical preview version 1909](/mem/configmgr/core/get-started/2019/technical-preview-1909#bkmk_bitlocker).
 
-Enterprises not using Configuration Manager can use the built-in features of Azure AD and Microsoft Intune in Microsoft Endpoint Manager for administration and monitoring. For more information, see [Monitor device encryption with Intune](/mem/intune/protect/encryption-monitor).
+Enterprises not using Configuration Manager can use the built-in features of Azure AD and Microsoft Intune for administration and monitoring. For more information, see [Monitor device encryption with Intune](/mem/intune/protect/encryption-monitor).
diff --git a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
index 8f2e37d39f..2294d0cd3e 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-group-policy-settings.md
@@ -13,6 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 04/17/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker group policy settings
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
index 17dd8a1f09..531619802d 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-deploy-on-windows-server.md
@@ -11,6 +11,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker: How to deploy on Windows Server 2012 and later
diff --git a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
index 4face62ddf..0865f08910 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-how-to-enable-network-unlock.md
@@ -12,6 +12,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker: How to enable network unlock
diff --git a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
index cc4705af8e..55b4f6d837 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-management-for-enterprises.md
@@ -11,6 +11,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker management for enterprises
diff --git a/windows/security/information-protection/bitlocker/bitlocker-overview.md b/windows/security/information-protection/bitlocker/bitlocker-overview.md
index 8d83958580..10c1086676 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-overview.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-overview.md
@@ -12,6 +12,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 01/26/2018
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker
diff --git a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
index 62c8fe56d0..30291fe4c7 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-recovery-loop-break.md
@@ -12,6 +12,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 10/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # Breaking out of a BitLocker recovery loop
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
index c276611731..a78f47ee01 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-drive-encryption-tools-to-manage-bitlocker.md
@@ -13,6 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker: Use BitLocker Drive Encryption Tools to manage BitLocker
@@ -29,7 +30,7 @@ BitLocker Drive Encryption Tools include the command-line tools manage-bde and r
 
 Both manage-bde and the BitLocker cmdlets can be used to perform any task that can be accomplished through the BitLocker control panel and are appropriate to use for automated deployments and other scripting scenarios.
 
-Repair-bde is a special circumstance tool that is provided for disaster recovery scenarios in which a BitLocker protected drive cannot be unlocked normally or using the recovery console.
+Repair-bde is a special circumstance tool that is provided for disaster recovery scenarios in which a BitLocker protected drive can't be unlocked normally or using the recovery console.
 
 1.  [Manage-bde](#bkmk-managebde)
 2.  [Repair-bde](#bkmk-repairbde)
@@ -73,20 +74,20 @@ manage-bde -protectors -add C: -pw -sid <user or group>
 
 This command will require you to enter and then confirm the password protector before adding them to the volume. With the protectors enabled on the volume, you can then turn on BitLocker.
 
-On computers with a TPM, it is possible to encrypt the operating system volume without any defined protectors using manage-bde. Use this command:
+On computers with a TPM, it's possible to encrypt the operating system volume without any defined protectors using manage-bde. Use this command:
 
 ```powershell
 manage-bde -on C:
 ```
 
-This command encrypts the drive using the TPM as the default protector. If you are not sure if a TPM protector is available, to list the protectors available for a volume, run the following command:
+This command encrypts the drive using the TPM as the default protector. If you aren't sure if a TPM protector is available, to list the protectors available for a volume, run the following command:
 
 ```powershell
  manage-bde -protectors -get <volume>
 ```
 ### Using manage-bde with data volumes
 
-Data volumes use the same syntax for encryption as operating system volumes but they do not require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on <drive letter>` or you can choose to add additional protectors to the volume first. We recommend that you add at least one primary protector and a recovery protector to a data volume.
+Data volumes use the same syntax for encryption as operating system volumes but they don't require protectors for the operation to complete. Encrypting data volumes can be done using the base command: `manage-bde -on <drive letter>` or you can choose to add additional protectors to the volume first. We recommend that you add at least one primary protector and a recovery protector to a data volume.
 
 A common protector for a data volume is the password protector. In the example below, we add a password protector to the volume and turn on BitLocker.
 
@@ -102,20 +103,20 @@ You may experience a problem that damages an area of a hard disk on which BitLoc
 The BitLocker Repair Tool (Repair-bde) can be used to access encrypted data on a severely damaged hard disk if the drive was encrypted by using BitLocker. Repair-bde can reconstruct critical parts of the drive and salvage recoverable data as long as a valid recovery password or recovery key is used to decrypt the data. If the BitLocker metadata data on the drive has become corrupt, you must be able to supply a backup key package in addition to the recovery password or recovery key. This key package is backed up in Active Directory Domain Services (AD DS) if you used the default setting for AD DS backup. With this key package and either the recovery password or recovery key, you can decrypt portions of a BitLocker-protected drive if the disk is corrupted. Each key package will work only for a drive that has the corresponding drive identifier. You can use the BitLocker Recovery Password Viewer to obtain this key package from AD DS.
 
 > [!TIP]
-> If you are not backing up recovery information to AD DS or if you want to save key packages alternatively, you can use the command `manage-bde -KeyPackage` to generate a key package for a volume.
+> If you aren't backing up recovery information to AD DS or if you want to save key packages alternatively, you can use the command `manage-bde -KeyPackage` to generate a key package for a volume.
  
-The Repair-bde command-line tool is intended for use when the operating system does not start or when you cannot start the BitLocker Recovery Console. Use Repair-bde if the following conditions are true:
+The Repair-bde command-line tool is intended for use when the operating system doesn't start or when you can't start the BitLocker Recovery Console. Use Repair-bde if the following conditions are true:
 
 - You have encrypted the drive by using BitLocker Drive Encryption.
-- Windows does not start, or you cannot start the BitLocker recovery console.
-- You do not have a copy of the data that is contained on the encrypted drive.
+- Windows doesn't start, or you can't start the BitLocker recovery console.
+- You don't have a copy of the data that is contained on the encrypted drive.
 
 > [!NOTE]
 > Damage to the drive may not be related to BitLocker. Therefore, we recommend that you try other tools to help diagnose and resolve the problem with the drive before you use the BitLocker Repair Tool. The Windows Recovery Environment (Windows RE) provides additional options to repair computers.
  
 The following limitations exist for Repair-bde:
 
--   The Repair-bde command-line tool cannot repair a drive that failed during the encryption or decryption process.
+-   The Repair-bde command-line tool can't repair a drive that failed during the encryption or decryption process.
 -   The Repair-bde command-line tool assumes that if the drive has any encryption, then the drive has been fully encrypted.
 
 For more information about using repair-bde, see [Repair-bde](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/ff829851(v=ws.11)).
@@ -139,14 +140,14 @@ Windows PowerShell cmdlets provide a new way for administrators to use when work
 |**Suspend-BitLocker**|<li>Confirm<li>MountPoint<li>RebootCount<li>WhatIf|
 |**Unlock-BitLocker**|<li>AdAccountOrGroup<li>Confirm<li>MountPoint<li>Password<li>RecoveryKeyPath<li>RecoveryPassword<li>RecoveryPassword<li>WhatIf|
  
-Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they are encrypting prior to running Windows PowerShell cmdlets.
+Similar to manage-bde, the Windows PowerShell cmdlets allow configuration beyond the options offered in the control panel. As with manage-bde, users need to consider the specific needs of the volume they're encrypting prior to running Windows PowerShell cmdlets.
 
 A good initial step is to determine the current state of the volume(s) on the computer. You can do this using the <code>Get-BitLockerVolume</code> cmdlet.
 
 The <code>Get-BitLockerVolume</code> cmdlet output gives information on the volume type, protectors, protection status, and other details.
 
 > [!TIP]
-> Occasionally, all protectors may not be shown when using `Get-BitLockerVolume` due to lack of space in the output display. If you do not see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a full listing of the protectors.
+> Occasionally, all protectors may not be shown when using `Get-BitLockerVolume` due to lack of space in the output display. If you don't see all of the protectors for a volume, you can use the Windows PowerShell pipe command (|) to format a full listing of the protectors.
 `Get-BitLockerVolume C: | fl`
  
 If you want to remove the existing protectors prior to provisioning BitLocker on the volume, you could use the `Remove-BitLockerKeyProtector` cmdlet. Accomplishing this requires the GUID associated with the protector to be removed.
@@ -198,7 +199,7 @@ Enable-BitLockerKeyProtector E: -PasswordProtector -Password $pw
 
 ### Using an AD Account or Group protector in Windows PowerShell
 
-The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it does not unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly fail over to and be unlocked by any member computer of the cluster.
+The **ADAccountOrGroup** protector, introduced in Windows 8 and Windows Server 2012, is an Active Directory SID-based protector. This protector can be added to both operating system and data volumes, although it doesn't unlock operating system volumes in the pre-boot environment. The protector requires the SID for the domain account or group to link with the protector. BitLocker can protect a cluster-aware disk by adding a SID-based protector for the Cluster Name Object (CNO) that lets the disk properly fail over to and be unlocked by any member computer of the cluster.
 
 > [!WARNING]
 > The **ADAccountOrGroup** protector requires the use of an additional protector for use (such as TPM, PIN, or recovery key) when used on operating system volumes
@@ -219,7 +220,7 @@ get-aduser -filter {samaccountname -eq "administrator"}
 ```
 
 > [!TIP]
-> In addition to the PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This does not require the use of additional features.
+> In addition to the PowerShell command above, information about the locally logged on user and group membership can be found using: WHOAMI /ALL. This doesn't require the use of additional features.
  
 The following example adds an **ADAccountOrGroup** protector to the previously encrypted operating system volume using the SID of the account:
 
diff --git a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
index 56d645428f..5d93cacbd9 100644
--- a/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
+++ b/windows/security/information-protection/bitlocker/bitlocker-use-bitlocker-recovery-password-viewer.md
@@ -13,6 +13,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # BitLocker: Use BitLocker Recovery Password Viewer
diff --git a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
index 079b849ca8..054be23605 100644
--- a/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
+++ b/windows/security/information-protection/bitlocker/prepare-your-organization-for-bitlocker-planning-and-policies.md
@@ -12,6 +12,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 04/24/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # Prepare your organization for BitLocker: Planning and policies
diff --git a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
index 803ad864c1..e8b8312363 100644
--- a/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
+++ b/windows/security/information-protection/bitlocker/protecting-cluster-shared-volumes-and-storage-area-networks-with-bitlocker.md
@@ -11,6 +11,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/28/2019
 ms.custom: bitlocker
+ms.technology: itpro-security
 ---
 
 # Protecting cluster shared volumes and storage area networks with BitLocker
diff --git a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
index 235e4aca66..1ba88008b1 100644
--- a/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
+++ b/windows/security/information-protection/bitlocker/ts-bitlocker-intune-issues.md
@@ -110,9 +110,9 @@ list volume
 
 ![Output of the list volume command in the Diskpart app.](./images/4509195-en-1.png)
 
-If the status of any of the volumes is not healthy or if the recovery partition is missing, you may have to reinstall Windows. Before you do this, check the configuration of the Windows image that you are using for provisioning. Make sure that the image uses the correct disk configuration. The image configuration should resemble the following (this example is from Microsoft Endpoint Configuration Manager):
+If the status of any of the volumes is not healthy or if the recovery partition is missing, you may have to reinstall Windows. Before you do this, check the configuration of the Windows image that you are using for provisioning. Make sure that the image uses the correct disk configuration. The image configuration should resemble the following (this example is from Microsoft Configuration Manager):
 
-![Windows image configuration in Microsoft Endpoint Configuration Manager.](./images/configmgr-imageconfig.jpg)
+![Windows image configuration in Microsoft Configuration Manager.](./images/configmgr-imageconfig.jpg)
 
 #### Step 2: Verify the status of WinRE
 
diff --git a/windows/security/information-protection/encrypted-hard-drive.md b/windows/security/information-protection/encrypted-hard-drive.md
index 33e815d670..96c61886e5 100644
--- a/windows/security/information-protection/encrypted-hard-drive.md
+++ b/windows/security/information-protection/encrypted-hard-drive.md
@@ -7,6 +7,7 @@ ms.author: dansimp
 ms.prod: windows-client
 author: dulcemontemayor
 ms.date: 04/02/2019
+ms.technology: itpro-security
 ---
 
 # Encrypted Hard Drive
diff --git a/windows/security/information-protection/index.md b/windows/security/information-protection/index.md
index c95e39d0c0..39c23c342b 100644
--- a/windows/security/information-protection/index.md
+++ b/windows/security/information-protection/index.md
@@ -8,6 +8,7 @@ manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 10/10/2018
+ms.technology: itpro-security
 ---
 
 # Information protection
diff --git a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
index 147e0ad051..63520fd7a9 100644
--- a/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
+++ b/windows/security/information-protection/kernel-dma-protection-for-thunderbolt.md
@@ -10,6 +10,7 @@ ms.collection:
   - highpri
 ms.topic: conceptual
 ms.date: 03/26/2019
+ms.technology: itpro-security
 ---
 
 # Kernel DMA Protection
diff --git a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
index 3939be9c9d..b80634992b 100644
--- a/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
+++ b/windows/security/information-protection/pluton/microsoft-pluton-security-processor.md
@@ -13,6 +13,7 @@ ms.topic: conceptual
 ms.date: 09/15/2022
 appliesto: 
   - ✅ <b>Windows 11, version 22H2</b>
+ms.technology: itpro-security
 ---
 
 # Microsoft Pluton security processor
diff --git a/windows/security/information-protection/pluton/pluton-as-tpm.md b/windows/security/information-protection/pluton/pluton-as-tpm.md
index 2eba011694..17a05782e9 100644
--- a/windows/security/information-protection/pluton/pluton-as-tpm.md
+++ b/windows/security/information-protection/pluton/pluton-as-tpm.md
@@ -13,6 +13,7 @@ ms.topic: conceptual
 ms.date: 09/15/2022
 appliesto: 
   - ✅ <b>Windows 11, version 22H2</b>
+ms.technology: itpro-security
 ---
 
 # Microsoft Pluton as Trusted Platform Module
diff --git a/windows/security/information-protection/secure-the-windows-10-boot-process.md b/windows/security/information-protection/secure-the-windows-10-boot-process.md
index fec7e2f25b..95230d2990 100644
--- a/windows/security/information-protection/secure-the-windows-10-boot-process.md
+++ b/windows/security/information-protection/secure-the-windows-10-boot-process.md
@@ -11,6 +11,7 @@ ms.collection:
 ms.topic: conceptual
 ms.date: 05/12/2022
 ms.author: dansimp
+ms.technology: itpro-security
 ---
 
 # Secure the Windows boot process
diff --git a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
index 88de60b907..5122a7ca67 100644
--- a/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
+++ b/windows/security/information-protection/tpm/backup-tpm-recovery-information-to-ad-ds.md
@@ -9,6 +9,7 @@ manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/03/2021
+ms.technology: itpro-security
 ---
 
 # Back up the TPM recovery information to AD DS
diff --git a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
index 16f70af2df..5dd050c200 100644
--- a/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
+++ b/windows/security/information-protection/tpm/change-the-tpm-owner-password.md
@@ -9,6 +9,7 @@ manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/18/2022
+ms.technology: itpro-security
 ---
 
 # Change the TPM owner password
diff --git a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
index 8dac1018ca..bd02dc2445 100644
--- a/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
+++ b/windows/security/information-protection/tpm/how-windows-uses-the-tpm.md
@@ -11,6 +11,7 @@ ms.collection:
   - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/03/2021
+ms.technology: itpro-security
 ---
 
 # How Windows uses the Trusted Platform Module
diff --git a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
index f0ed4e0e7e..907c31420d 100644
--- a/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
+++ b/windows/security/information-protection/tpm/initialize-and-configure-ownership-of-the-tpm.md
@@ -11,6 +11,7 @@ ms.collection:
   - highpri
 ms.topic: conceptual
 ms.date: 09/06/2021
+ms.technology: itpro-security
 ---
 
 # Troubleshoot the TPM
@@ -38,35 +39,35 @@ Starting with Windows 10 and Windows 11, the operating system automatically init
 
 ## Troubleshoot TPM initialization
 
-If you find that Windows is not able to initialize the TPM automatically, review the following information:
+If you find that Windows isn't able to initialize the TPM automatically, review the following information:
 
 -   You can try clearing the TPM to the factory default values and allowing Windows to re-initialize it. For important precautions for this process, and instructions for completing it, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this article.
 
--   If the TPM is a TPM 2.0 and is not detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM has not been disabled or hidden from the operating system.
+-   If the TPM is a TPM 2.0 and isn't detected by Windows, verify that your computer hardware contains a Unified Extensible Firmware Interface (UEFI) that is Trusted Computing Group-compliant. Also, ensure that in the UEFI settings, the TPM hasn't been disabled or hidden from the operating system.
 
--   If you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it is turned back on, Windows will re-initialize it.
+-   If you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, the TPM might be turned off, and need to be turned back on, as described in [Turn on the TPM](#turn-on-the-tpm). When it's turned back on, Windows will re-initialize it.
 
--   If you are attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM is not present on the computer. If you have a non-Microsoft driver installed, remove it and then allow the operating system to initialize the TPM.
+-   If you're attempting to set up BitLocker with the TPM, check which TPM driver is installed on the computer. We recommend always using one of the TPM drivers that is provided by Microsoft and is protected with BitLocker. If a non-Microsoft TPM driver is installed, it may prevent the default TPM driver from loading and cause BitLocker to report that a TPM isn't present on the computer. If you have a non-Microsoft driver installed, remove it and then allow the operating system to initialize the TPM.
 
 ### Troubleshoot network connection issues for Windows 10, versions 1507 and 1511, or Windows 11
 
-If you have Windows 10, version 1507 or 1511, or Windows 11, the initialization of the TPM cannot complete when your computer has network connection issues and both of the following conditions exist:
+If you have Windows 10, version 1507 or 1511, or Windows 11, the initialization of the TPM can't complete when your computer has network connection issues and both of the following conditions exist:
 
 -   An administrator has configured your computer to require that TPM recovery information be saved in Active Directory Domain Services (AD DS). This requirement can be configured through Group Policy.
 
--   A domain controller cannot be reached. This can occur on a computer that is currently disconnected from the network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter).
+-   A domain controller can't be reached. This can occur on a computer that is currently disconnected from the network, separated from the domain by a firewall, or experiencing a network component failure (such as an unplugged cable or a faulty network adapter).
 
-If these issues occur, an error message appears, and you cannot complete the initialization process. To avoid this issue, allow Windows to initialize the TPM while you are connected to the corporate network and you can contact a domain controller.
+If these issues occur, an error message appears, and you can't complete the initialization process. To avoid this issue, allow Windows to initialize the TPM while you're connected to the corporate network and you can contact a domain controller.
 
 ### Troubleshoot systems with multiple TPMs
 
 Some systems may have multiple TPMs and the active TPM may be toggled in UEFI. Windows does not support this behavior. If you switch TPMs, Windows might not properly detect or interact with the new TPM. If you plan to switch TPMs you should toggle to the new TPM, clear it, and reinstall Windows. For more information, see [Clear all the keys from the TPM](#clear-all-the-keys-from-the-tpm), later in this article.
 
-For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection is not changed.
+For example, toggling TPMs will cause BitLocker to enter recovery mode. We strongly recommend that, on systems with two TPMs, one TPM is selected to be used and the selection isn't changed.
 
 ## Clear all the keys from the TPM
 
-You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM is not cleared before a new operating system is installed, most TPM functionality will probably work correctly.
+You can use the Windows Defender Security Center app to clear the TPM as a troubleshooting step, or as a final preparation before a clean installation of a new operating system. Preparing for a clean installation in this way helps ensure that the new operating system can fully deploy any TPM-based functionality that it includes, such as attestation. However, even if the TPM isn't cleared before a new operating system is installed, most TPM functionality will probably work correctly.
 
 Clearing the TPM resets it to an unowned state. After you clear the TPM, the Windows operating system will automatically re-initialize it and take ownership again.
 
@@ -77,13 +78,13 @@ Clearing the TPM resets it to an unowned state. After you clear the TPM, the Win
 
 Clearing the TPM can result in data loss. To protect against such loss, review the following precautions:
 
--   Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM.
+-   Clearing the TPM causes you to lose all created keys associated with the TPM, and data protected by those keys, such as a virtual smart card or a sign-in PIN. Make sure that you have a backup and recovery method for any data that is protected or encrypted by the TPM.
 
--   Do not clear the TPM on a device you do not own, such as a work or school PC, without being instructed to do so by your IT administrator.
+-   Don't clear the TPM on a device you don't own, such as a work or school PC, without being instructed to do so by your IT administrator.
 
 -   If you want to temporarily suspend TPM operations and you have TPM 1.2 with Windows 10, version 1507 or 1511, or Windows 11, you can turn off the TPM. For more information, see [Turn off the TPM](#turn-off-the-tpm), later in this article.
 
--   Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Do not clear the TPM directly from UEFI.
+-   Always use functionality in the operating system (such as TPM.msc) to the clear the TPM. Don't clear the TPM directly from UEFI.
 
 -   Because your TPM security hardware is a physical part of your computer, before clearing the TPM, you might want to read the manuals or instructions that came with your computer, or search the manufacturer's website.
 
@@ -107,7 +108,7 @@ Membership in the local Administrators group, or equivalent, is the minimum requ
 
 ## <a href="" id="turn-on-or-turn-off"></a>Turn on or turn off the TPM (available only with TPM 1.2 with Windows 10, version 1507 and higher)
 
-Normally, the TPM is turned on as part of the TPM initialization process. You do not normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.
+Normally, the TPM is turned on as part of the TPM initialization process. You don't normally need to turn the TPM on or off. However, if necessary you can do so by using the TPM MMC.
 
 ### Turn on the TPM
 
@@ -121,7 +122,7 @@ If you want to use the TPM after you have turned it off, you can use the followi
 
 3.  Select **Shutdown** (or **Restart**), and then follow the UEFI screen prompts.
 
-    After the computer restarts, but before you sign in to Windows, you will be prompted to accept the reconfiguration of the TPM. This ensures that the user has physical access to the computer and that malicious software is not attempting to make changes to the TPM.
+    After the computer restarts, but before you sign in to Windows, you will be prompted to accept the reconfiguration of the TPM. This ensures that the user has physical access to the computer and that malicious software isn't attempting to make changes to the TPM.
 
 ### Turn off the TPM
 
@@ -137,9 +138,9 @@ If you want to stop using the services that are provided by the TPM, you can use
 
    -   If you saved your TPM owner password on a removable storage device, insert it, and then select **I have the owner password file**. In the **Select backup file with the TPM owner password** dialog box, select **Browse** to locate the .tpm file that is saved on your removable storage device, select **Open**, and then select **Turn TPM Off**.
 
-   -   If you do not have the removable storage device with your saved TPM owner password, select **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then select **Turn TPM Off**.
+   -   If you don't have the removable storage device with your saved TPM owner password, select **I want to enter the password**. In the **Type your TPM owner password** dialog box, type your password (including hyphens), and then select **Turn TPM Off**.
 
-   -   If you did not save your TPM owner password or no longer know it, select **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.
+   -   If you didn't save your TPM owner password or no longer know it, select **I do not have the TPM owner password**, and follow the instructions that are provided in the dialog box and subsequent UEFI screens to turn off the TPM without entering the password.
   
 ## Use the TPM cmdlets
 
diff --git a/windows/security/information-protection/tpm/manage-tpm-commands.md b/windows/security/information-protection/tpm/manage-tpm-commands.md
index fabbf667ac..4dae6be6e1 100644
--- a/windows/security/information-protection/tpm/manage-tpm-commands.md
+++ b/windows/security/information-protection/tpm/manage-tpm-commands.md
@@ -9,6 +9,7 @@ ms.collection:
   - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
+ms.technology: itpro-security
 ---
 
 # Manage TPM commands
diff --git a/windows/security/information-protection/tpm/manage-tpm-lockout.md b/windows/security/information-protection/tpm/manage-tpm-lockout.md
index ab7e5f71c9..90cfc7c9ac 100644
--- a/windows/security/information-protection/tpm/manage-tpm-lockout.md
+++ b/windows/security/information-protection/tpm/manage-tpm-lockout.md
@@ -9,6 +9,7 @@ manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
+ms.technology: itpro-security
 ---
 # Manage TPM lockout
 
diff --git a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
index 81449edff3..4abbc40f2d 100644
--- a/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
+++ b/windows/security/information-protection/tpm/switch-pcr-banks-on-tpm-2-0-devices.md
@@ -10,6 +10,7 @@ ms.collection:
   - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
+ms.technology: itpro-security
 ---
 
 # Understanding PCR banks on TPM 2.0 devices
diff --git a/windows/security/information-protection/tpm/tpm-fundamentals.md b/windows/security/information-protection/tpm/tpm-fundamentals.md
index 84966ce948..4b69fd9484 100644
--- a/windows/security/information-protection/tpm/tpm-fundamentals.md
+++ b/windows/security/information-protection/tpm/tpm-fundamentals.md
@@ -10,6 +10,7 @@ ms.collection:
   - M365-security-compliance
 ms.topic: conceptual
 ms.date: 12/27/2021
+ms.technology: itpro-security
 ---
 
 # TPM fundamentals
diff --git a/windows/security/information-protection/tpm/tpm-recommendations.md b/windows/security/information-protection/tpm/tpm-recommendations.md
index b7f90e30ad..4cdc7ef9f0 100644
--- a/windows/security/information-protection/tpm/tpm-recommendations.md
+++ b/windows/security/information-protection/tpm/tpm-recommendations.md
@@ -12,6 +12,7 @@ ms.collection:
   - highpri
 ms.topic: conceptual
 ms.date: 09/06/2021
+ms.technology: itpro-security
 ---
 
 # TPM recommendations
@@ -56,7 +57,7 @@ TPM 2.0 products and systems have important security advantages over TPM 1.2, in
 
   - For the list of algorithms that Windows supports in the platform cryptographic storage provider, see [CNG Cryptographic Algorithm Providers](/windows/win32/seccertenroll/cng-cryptographic-algorithm-providers).
 
-  - TPM 2.0 achieved ISO standardization ([ISO/IEC 11889:2015](https://blogs.microsoft.com/cybertrust/2015/06/29/governments-recognize-the-importance-of-tpm-2-0-through-iso-adoption/)).
+  - TPM 2.0 achieved ISO standardization ([ISO/IEC 11889:2015](https://www.microsoft.com/security/blog/2015/06/29/governments-recognize-the-importance-of-tpm-2-0-through-iso-adoption).
 
   - Use of TPM 2.0 may help eliminate the need for OEMs to make exception to standard configurations for certain countries and regions.
 
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-overview.md b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
index 8a21a83f1c..06be1d344b 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-overview.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-overview.md
@@ -12,6 +12,7 @@ ms.collection:
   - highpri
 ms.topic: conceptual
 adobe-target: true
+ms.technology: itpro-security
 ---
 
 # Trusted Platform Module Technology Overview
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
index d81a34cdbe..a9ccf2a714 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-services-group-policy-settings.md
@@ -10,6 +10,7 @@ ms.collection:
   - M365-security-compliance
 ms.topic: conceptual
 ms.date: 09/06/2021
+ms.technology: itpro-security
 ---
 
 # TPM Group Policy settings
diff --git a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
index dc338ea85c..59a276f5ee 100644
--- a/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
+++ b/windows/security/information-protection/tpm/trusted-platform-module-top-node.md
@@ -11,6 +11,7 @@ ms.collection:
   - highpri
 ms.topic: conceptual
 ms.date: 09/06/2021
+ms.technology: itpro-security
 ---
 
 # Trusted Platform Module
diff --git a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
index 16301e0592..687a9b8a7e 100644
--- a/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/app-behavior-with-wip.md
@@ -10,6 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
+ms.technology: itpro-security
 ---
 
 # Unenlightened and enlightened app behavior while using Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
index 19987b59ef..0949bc418e 100644
--- a/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
+++ b/windows/security/information-protection/windows-information-protection/collect-wip-audit-event-logs.md
@@ -10,6 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
+ms.technology: itpro-security
 ---
 
 # How to collect Windows Information Protection (WIP) audit event logs
diff --git a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
index 29c21fd58f..76c6da850e 100644
--- a/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
+++ b/windows/security/information-protection/windows-information-protection/create-and-verify-an-efs-dra-certificate.md
@@ -10,6 +10,7 @@ ms.reviewer: rafals
 ms.collection: M365-security-compliance
 ms.topic: how-to
 ms.date: 07/15/2022
+ms.technology: itpro-security
 ---
 
 # Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate
@@ -46,7 +47,7 @@ If you don't already have an EFS DRA certificate, you'll need to create and extr
     >[!Important]
     >Because the private keys in your DRA .pfx files can be used to decrypt any WIP file, you must protect them accordingly. We highly recommend storing these files offline, keeping copies on a smart card with strong protection for normal use and master copies in a secured physical location.
 
-4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Microsoft Endpoint Configuration Manager](create-wip-policy-using-configmgr.md).
+4. Add your EFS DRA certificate to your WIP policy using a deployment tool, such as [Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Microsoft Configuration Manager](create-wip-policy-using-configmgr.md).
 
 	> [!NOTE]
 	> This certificate can be used in Intune for policies both _with_ device enrollment (MDM) and _without_ device enrollment (MAM).
@@ -160,6 +161,6 @@ After signing in, the necessary WIP key info is automatically downloaded and emp
 
 - [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md)
 
-- [Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager](create-wip-policy-using-configmgr.md)
+- [Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](create-wip-policy-using-configmgr.md)
 
 - [Creating a Domain-Based Recovery Agent](/previous-versions/tn-archive/cc875821(v=technet.10)#EJAA)
diff --git a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
index 20e6d81a57..b7624b94f7 100644
--- a/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-vpn-and-wip-policy-using-intune-azure.md
@@ -10,9 +10,10 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
+ms.technology: itpro-security
 ---
 
-# Associate and deploy a VPN policy for Windows Information Protection (WIP) using Endpoint Manager
+# Associate and deploy a VPN policy for Windows Information Protection (WIP) using Microsoft Intune
 
 **Applies to:**
 
@@ -20,7 +21,7 @@ ms.reviewer:
 
 After you've created and deployed your Windows Information Protection (WIP) policy, you can use Microsoft Intune to associate and deploy your Virtual Private Network (VPN) policy, linking it to your WIP policy.
  
-## Associate your WIP policy to your VPN policy using Endpoint Manager
+## Associate your WIP policy to your VPN policy using Intune
 
 To associate your WIP policy with your organization's existing VPN policy, use the following steps:
 
@@ -53,11 +54,11 @@ To associate your WIP policy with your organization's existing VPN policy, use t
 
 After you’ve created your VPN policy, you'll need to deploy it to the same group you deployed your Windows Information Protection (WIP) policy.
 
-1.  On the **App policy** blade, click your newly-created policy, click **User groups** from the menu that appears, and then click **Add user group**.
+1.  On the **App policy** blade, select your newly-created policy, select **User groups** from the menu that appears, and then select **Add user group**.
 
     A list of user groups, made up of all of the security groups in your Azure Active Directory, appear in the **Add user group** blade.
 
-2. Choose the group you want your policy to apply to, and then click **Select** to deploy the policy.
+2. Choose the group you want your policy to apply to, and then select **Select** to deploy the policy.
 
     The policy is deployed to the selected users' devices.
 
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
index b423f124f8..f4c9cd0e4a 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr.md
@@ -1,6 +1,6 @@
 ---
 title: Create and deploy a WIP policy in Configuration Manager
-description: Use Microsoft Endpoint Configuration Manager to create and deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data.
+description: Use Microsoft Configuration Manager to create and deploy a Windows Information Protection (WIP) policy. Choose protected apps, WIP-protection level, and find enterprise data.
 ms.prod: windows-client
 ms.localizationpriority: medium
 author: aczechowski
@@ -10,6 +10,7 @@ ms.reviewer: rafals
 ms.collection: M365-security-compliance
 ms.topic: how-to
 ms.date: 07/15/2022
+ms.technology: itpro-security
 ---
 
 # Create and deploy a Windows Information Protection policy in Configuration Manager
@@ -22,7 +23,7 @@ _Applies to:_
 - Windows 10
 - Windows 11
 
-Microsoft Endpoint Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy. You can choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
+Microsoft Configuration Manager helps you create and deploy your Windows Information Protection (WIP) policy. You can choose your protected apps, your WIP-protection mode, and how to find enterprise data on the network.
 
 ## Add a WIP policy
 After you've installed and set up Configuration Manager for your organization, you must create a configuration item for WIP, which in turn becomes your WIP policy.
diff --git a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
index fec2d042a0..1294e3f168 100644
--- a/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/create-wip-policy-using-intune-azure.md
@@ -9,6 +9,7 @@ ms.reviewer: rafals
 ms.collection: M365-security-compliance
 ms.topic: how-to
 ms.date: 07/15/2022
+ms.technology: itpro-security
 ---
 
 # Create a Windows Information Protection policy in Microsoft Intune
@@ -53,7 +54,7 @@ Before you can create a WIP policy using Intune, you need to configure an MDM or
 
 ## Create a WIP policy
 
-1. Sign in to the [Microsoft Endpoint Manager](https://endpoint.microsoft.com/).
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
 2. Open Microsoft Intune and select **Apps** > **App protection policies** > **Create policy**.
 
diff --git a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
index 9a285c4817..6578e9bc6c 100644
--- a/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
+++ b/windows/security/information-protection/windows-information-protection/deploy-wip-policy-using-intune-azure.md
@@ -10,6 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/05/2019
 ms.reviewer: 
+ms.technology: itpro-security
 ---
 
 # Deploy your Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune
diff --git a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
index d17eea7d73..6cea050345 100644
--- a/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
+++ b/windows/security/information-protection/windows-information-protection/enlightened-microsoft-apps-and-wip.md
@@ -10,6 +10,7 @@ manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 05/02/2019
+ms.technology: itpro-security
 ---
 
 # List of enlightened Microsoft apps for use with Windows Information Protection (WIP)
@@ -83,7 +84,7 @@ Microsoft still has apps that are unenlightened, but which have been tested and
 > [!NOTE]
 > As of January 2019 it is no longer necessary to add Intune Company Portal as an exempt app since it is now included in the default list of protected apps.
 
-You can add any or all of the enlightened Microsoft apps to your allowed apps list. Included here is the **Publisher name**, **Product or File name**, and **App Type** info for both Microsoft Intune and Microsoft Endpoint Configuration Manager.
+You can add any or all of the enlightened Microsoft apps to your allowed apps list. Included here is the **Publisher name**, **Product or File name**, and **App Type** info for both Microsoft Intune and Microsoft Configuration Manager.
 
 
 |                     Product name                     |                                                                                                                                                                                                                        App info                                                                                                                                                                                                                        |
diff --git a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
index 3c84852f67..6f758d95da 100644
--- a/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
+++ b/windows/security/information-protection/windows-information-protection/guidance-and-best-practices-wip.md
@@ -10,6 +10,7 @@ manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
+ms.technology: itpro-security
 ---
 
 # General guidance and best practices for Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
index 317ddf9241..8356183a84 100644
--- a/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
+++ b/windows/security/information-protection/windows-information-protection/how-to-disable-wip.md
@@ -1,6 +1,6 @@
 ---
 title: How to disable Windows Information Protection (WIP)
-description: How to disable Windows Information Protection (WIP) in Microsoft Intune or Microsoft Endpoint Configuration Manager.
+description: How to disable Windows Information Protection (WIP) in Microsoft Intune or Microsoft Configuration Manager.
 ms.date: 07/21/2022
 ms.prod: windows-client
 ms.topic: how-to
@@ -9,6 +9,7 @@ author: lizgt2000
 ms.author: lizlong
 ms.reviewer: aaroncz
 manager: dougeby
+ms.technology: itpro-security
 ---
 
 # How to disable Windows Information Protection (WIP)
@@ -33,7 +34,7 @@ When you unassign an existing policy, it removes the intent to deploy WIP from t
 
 If you're currently deploying a WIP policy for enrolled or unenrolled devices, you switch the WIP policy to Off. When devices check in after this change, the devices will proceed to unprotect files previously protected by WIP.
 
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 1. Open Microsoft Intune and select **Apps** > **App protection policies**.
 1. Select the existing policy to turn off, and then select the **Properties**.
 1. Edit **Required settings**.
@@ -83,7 +84,7 @@ To disable WIP for your organization, first create a configuration item.
 The **Configure Windows Information Protection settings** page appears, where you'll configure your policy for your organization. The following sections provide details on the required settings on this page.
 
 > [!TIP]
-> For more information on filling out the required fields, see [Create and deploy a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager](/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr).
+> For more information on filling out the required fields, see [Create and deploy a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](/windows/security/information-protection/windows-information-protection/create-wip-policy-using-configmgr).
 
 #### Turn off WIP
 
diff --git a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
index 130cbea2c2..de06121632 100644
--- a/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/limitations-with-wip.md
@@ -10,6 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/05/2019
 ms.localizationpriority: medium
+ms.technology: itpro-security
 ---
 
 # Limitations while using Windows Information Protection (WIP)
@@ -116,7 +117,7 @@ This following list provides info about the most common problems you might encou
 
   <br/>
 
-  - **How it appears**: Windows Information Protection isn't turned on for employees in your organization. Error code 0x807c0008 will result if Windows Information Protection is deployed by using Microsoft Endpoint Configuration Manager.
+  - **How it appears**: Windows Information Protection isn't turned on for employees in your organization. Error code 0x807c0008 will result if Windows Information Protection is deployed by using Microsoft Configuration Manager.
   - **Workaround**: Don't set the **MakeFolderAvailableOfflineDisabled** option to **False** for any of the specified folders.  You can configure this parameter, as described [Disable Offline Files on individual redirected folders](/windows-server/storage/folder-redirection/disable-offline-files-on-folders).
 
     If you currently use redirected folders, we recommend that you migrate to a file synchronization solution that supports Windows Information Protection, such as Work Folders or OneDrive for Business. Additionally, if you apply redirected folders after Windows Information Protection is already in place, you might be unable to open your files offline.
diff --git a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
index 1bb878384d..9f086b7f07 100644
--- a/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/mandatory-settings-for-wip.md
@@ -10,6 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 05/25/2022
 ms.reviewer: 
+ms.technology: itpro-security
 ---
 
 # Mandatory tasks and settings required to turn on Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
index db39074157..076aac8eaf 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy-configmgr.md
@@ -1,6 +1,6 @@
 ---
-title: Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Manager (Windows 10)
-description: Microsoft Endpoint Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
+title: Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager (Windows 10)
+description: Microsoft Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
 ms.reviewer: 
 ms.prod: windows-client
 ms.localizationpriority: medium
@@ -10,19 +10,20 @@ manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
+ms.technology: itpro-security
 ---
 
-# Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager
+# Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager
 **Applies to:**
 
 - Windows 10, version 1607 and later
 
-Microsoft Endpoint Manager helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
+Microsoft Configuration Manager helps you create and deploy your enterprise data protection (WIP) policy. It lets you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
 
 ## In this section
 
-|Topic |Description |
+|Article |Description |
 |------|------------|
-|[Create and deploy a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager](create-wip-policy-using-configmgr.md) |Microsoft Endpoint Manager helps you create and deploy your WIP policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
-|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
+|[Create and deploy a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](create-wip-policy-using-configmgr.md) |Microsoft Configuration Manager helps you create and deploy your WIP policy. And, lets you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
+|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
 |[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). |
diff --git a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
index 0280f38aed..49798db25b 100644
--- a/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
+++ b/windows/security/information-protection/windows-information-protection/overview-create-wip-policy.md
@@ -1,6 +1,6 @@
 ---
 title: Create a Windows Information Protection (WIP) policy using Microsoft Intune (Windows 10)
-description: Microsoft Intune and Microsoft Endpoint Manager helps you create and deploy your enterprise data protection (WIP) policy.
+description: Microsoft Intune helps you create and deploy your enterprise data protection (WIP) policy.
 ms.reviewer: 
 ms.prod: windows-client
 ms.localizationpriority: medium
@@ -10,6 +10,7 @@ manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/11/2019
+ms.technology: itpro-security
 ---
 
 # Create a Windows Information Protection (WIP) policy using Microsoft Intune
@@ -17,12 +18,12 @@ ms.date: 03/11/2019
 
 - Windows 10, version 1607 and later
 
-Microsoft Intune helps you create and deploy your enterprise data protection (WIP) policy, including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
+Microsoft Intune helps you create and deploy your enterprise data protection (WIP) policy. It also lets you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network.
 
 ## In this section
 
-|Topic |Description |
+|Article |Description |
 |------|------------|
-|[Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md)|Details about how to use the Azure portal for Microsoft Intune to create and deploy your WIP policy with MDM (Mobile Device Management), including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
-|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using a Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
+|[Create a Windows Information Protection (WIP) policy using the Azure portal for Microsoft Intune](create-wip-policy-using-intune-azure.md)|Details about how to use Microsoft Intune to create and deploy your WIP policy with MDM (Mobile Device Management), including letting you choose your protected apps, your WIP-protection level, and how to find enterprise data on the network. |
+|[Create and verify an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate](create-and-verify-an-efs-dra-certificate.md) |Steps to create, verify, and perform a quick recovery using an Encrypting File System (EFS) Data Recovery Agent (DRA) certificate. |
 |[Determine the Enterprise Context of an app running in Windows Information Protection (WIP)](wip-app-enterprise-context.md) |Use the Task Manager to determine whether an app is considered work, personal or exempt by Windows Information Protection (WIP). |
diff --git a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
index e81c373cd4..9992aec7b6 100644
--- a/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
+++ b/windows/security/information-protection/windows-information-protection/protect-enterprise-data-using-wip.md
@@ -11,6 +11,7 @@ ms.collection:
   - M365-security-compliance
 ms.topic: overview
 ms.date: 07/15/2022
+ms.technology: itpro-security
 ---
 
 # Protect your enterprise data using Windows Information Protection (WIP)
@@ -25,10 +26,10 @@ _Applies to:_
 
 With the increase of employee-owned devices in the enterprise, there's also an increasing risk of accidental data leak through apps and services, like email, social media, and the public cloud, which are outside of the enterprise's control. For example, when an employee sends the latest engineering pictures from their personal email account, copies and pastes product info into a tweet, or saves an in-progress sales report to their public cloud storage.
 
-Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Finally, another data protection technology, Azure Rights Management also works alongside WIP to extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
+Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps to protect against this potential data leakage without otherwise interfering with the employee experience. WIP also helps to protect enterprise apps and data against accidental data leak on enterprise-owned devices and personal devices that employees bring to work without requiring changes to your environment or other apps. Azure Rights Management, another data protection technology, also works alongside WIP. It extend data protection for data that leaves the device, such as when email attachments are sent from an enterprise aware version of a rights management mail client.
 
 >[!IMPORTANT]
->While Windows Information Protection can stop accidental data leaks from honest employees, it is not intended to stop malicious insiders from removing enterprise data. For more details about the benefits WIP provides, see [Why use WIP?](#why-use-wip) later in this topic.
+>While Windows Information Protection can stop accidental data leaks from honest employees, it is not intended to stop malicious insiders from removing enterprise data. For more information about the benefits WIP provides, see [Why use WIP?](#why-use-wip) later in this topic.
 
 ## Video: Protect enterprise data from being accidentally copied to the wrong place
 
@@ -39,12 +40,12 @@ You'll need this software to run Windows Information Protection in your enterpri
 
 |Operating system | Management solution |
 |-----------------|---------------------|
-|Windows 10, version 1607 or later | Microsoft Intune<br><br>-OR-<br><br>Microsoft Endpoint Configuration Manager<br><br>-OR-<br><br>Your current company-wide 3rd party mobile device management (MDM) solution. For info about 3rd party MDM solutions, see the documentation that came with your product. If your 3rd party MDM does not have UI support for the policies, refer to the [EnterpriseDataProtection CSP](/windows/client-management/mdm/enterprisedataprotection-csp) documentation.|
+|Windows 10, version 1607 or later | Microsoft Intune<br><br>-OR-<br><br>Microsoft Configuration Manager<br><br>-OR-<br><br>Your current company-wide third party mobile device management (MDM) solution. For info about third party MDM solutions, see the documentation that came with your product. If your third party MDM doesn't have UI support for the policies, refer to the [EnterpriseDataProtection CSP](/windows/client-management/mdm/enterprisedataprotection-csp) documentation.|
 
 ## What is enterprise data control?
-Effective collaboration means that you need to share data with others in your enterprise. This sharing can be from one extreme where everyone has access to everything without any security, all the way to the other extreme where people can't share anything and it's all highly secured. Most enterprises fall somewhere in between the two extremes, where success is balanced between providing the necessary access with the potential for improper data disclosure.
+Effective collaboration means that you need to share data with others in your enterprise. This sharing can be from one extreme where everyone has access to everything without any security. Another extreme is when people can't share anything and it's all highly secured. Most enterprises fall somewhere in between the two extremes, where success is balanced between providing the necessary access with the potential for improper data disclosure.
 
-As an admin, you can address the question of who gets access to your data by using access controls, such as employee credentials. However, just because someone has the right to access your data doesn't guarantee that the data will remain within the secured locations of the enterprise. This means that while access controls are a great start, they're not enough.
+As an admin, you can address the question of who gets access to your data by using access controls, such as employee credentials. However, just because someone has the right to access your data doesn't guarantee that the data will remain within the secured locations of the enterprise. So, access controls are a great start, they're not enough.
 
 In the end, all of these security measures have one thing in common: employees will tolerate only so much inconvenience before looking for ways around the security restrictions. For example, if you don't allow employees to share files through a protected system, employees will turn to an outside app that more than likely lacks security controls.
 
@@ -54,9 +55,9 @@ To help address this security insufficiency, companies developed data loss preve
 
 - **A way to scan company data to see whether it matches any of your defined rules.** Currently, Microsoft Exchange Server and Exchange Online provide this service for email in transit, while Microsoft SharePoint and SharePoint Online provide this service for content stored in document libraries.
 
-- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft Purview data loss prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry).
+- **The ability to specify what happens when data matches a rule, including whether employees can bypass enforcement.** For example, in Microsoft SharePoint and SharePoint Online, the Microsoft Purview Data Loss Prevention system lets you warn your employees that shared data includes sensitive info, and to share it anyway (with an optional audit log entry).
 
-Unfortunately, data loss prevention systems have their own problems. For example, the less detailed the rule set, the more false positives are created, leading employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. But perhaps the biggest problem with data loss prevention systems is that it provides a jarring experience that interrupts the employees' natural workflow by stopping some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn't see and can't understand.
+Unfortunately, data loss prevention systems have their own problems. For example, the less detailed the rule set, the more false positives are created. This behavior can lead employees to believe that the rules slow down their work and need to be bypassed in order to remain productive, potentially leading to data being incorrectly blocked or improperly released. Another major problem is that data loss prevention systems must be widely implemented to be effective. For example, if your company uses a data loss prevention system for email, but not for file shares or document storage, you might find that your data leaks through the unprotected channels. Perhaps the biggest problem with data loss prevention systems is that it provides a jarring experience that interrupts the employees' natural workflow. It can stop some operations (such as sending a message with an attachment that the system tags as sensitive) while allowing others, often according to subtle rules that the employee doesn't see and can't understand.
 
 ### Using information rights management systems
 To help address the potential data loss prevention system problems, companies developed information rights management (also known as IRM) systems. Information rights management systems embed protection directly into documents, so that when an employee creates a document, he or she determines what kind of protection to apply. For example, an employee can choose to stop the document from being forwarded, printed, shared outside of the organization, and so on. 
@@ -64,7 +65,7 @@ To help address the potential data loss prevention system problems, companies de
 After the type of protection is set, the creating app encrypts the document so that only authorized people can open it, and even then, only in compatible apps. After an employee opens the document, the app becomes responsible for enforcing the specified protections. Because protection travels with the document, if an authorized person sends it to an unauthorized person, the unauthorized person won't be able to read or change it. However, for this to work effectively information rights management systems require you to deploy and set up both a server and client environment. And, because only compatible clients can work with protected documents, an employees' work might be unexpectedly interrupted if he or she attempts to use a non-compatible app.
 
 ### And what about when an employee leaves the company or unenrolls a device?
-Finally, there's the risk of data leaking from your company when an employee leaves or unenrolls a device. Previously, you would simply erase all of the corporate data from the device, along with any other personal data on the device.
+Finally, there's the risk of data leaking from your company when an employee leaves or unenrolls a device. Previously, you would erase all of the corporate data from the device, along with any other personal data on the device.
 
 ## Benefits of WIP
 Windows Information Protection provides:
@@ -76,7 +77,7 @@ Windows Information Protection provides:
 
 - Use of audit reports for tracking issues and remedial actions.
 
-- Integration with your existing management system (Microsoft Intune, Microsoft Endpoint Configuration Manager, or your current mobile device management (MDM) system) to configure, deploy, and manage Windows Information Protection for your company.
+- Integration with your existing management system (Microsoft Intune, Microsoft Configuration Manager, or your current mobile device management (MDM) system) to configure, deploy, and manage Windows Information Protection for your company.
 
 ## Why use WIP?
 Windows Information Protection is the mobile application management (MAM) mechanism on Windows 10. WIP gives you a new way to manage data policy enforcement for apps and documents on Windows 10 desktop operating systems, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an enterprise management solution, like Intune).
@@ -93,7 +94,7 @@ Windows Information Protection is the mobile application management (MAM) mechan
     
         You don't have to modify line-of-business apps that never touch personal data to list them as protected apps; just include them in the protected apps list.
 
-    -   **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Hiding overrides stops the action immediately. Allowing overrides lets the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without stopping anything that the employee could've overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your protected apps list. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).
+    -   **Deciding your level of data access.** WIP lets you block, allow overrides, or audit employees' data sharing actions. Hiding overrides stops the action immediately. Allowing overrides lets the employee know there's a risk, but lets him or her continue to share the data while recording and auditing the action. Silent just logs the action without stopping anything that the employee could have overridden while using that setting; collecting info that can help you to see patterns of inappropriate sharing so you can take educative action or find apps that should be added to your protected apps list. For info about how to collect your audit log files, see [How to collect Windows Information Protection (WIP) audit event logs](collect-wip-audit-event-logs.md).
 
 
     -   **Data encryption at rest.** Windows Information Protection helps protect enterprise data on local files and on removable media.
@@ -104,10 +105,10 @@ Windows Information Protection is the mobile application management (MAM) mechan
 
     -   **Helping prevent accidental data disclosure to removable media.** Windows Information Protection helps prevent enterprise data from leaking when it's copied or transferred to removable media. For example, if an employee puts enterprise data on a Universal Serial Bus (USB) drive that also has personal data, the enterprise data remains encrypted while the personal data doesn't.
 
--   **Remove access to enterprise data from enterprise-protected devices.** Windows Information Protection gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or in the case of a stolen device. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
+-   **Remove access to enterprise data from enterprise-protected devices.** Windows Information Protection gives admins the ability to revoke enterprise data from one or many MDM-enrolled devices, while leaving personal data alone. This is a benefit when an employee leaves your company, or if a device is stolen. After determining that the data access needs to be removed, you can use Microsoft Intune to unenroll the device so when it connects to the network, the user's encryption key for the device is revoked and the enterprise data becomes unreadable.
 
     >[!NOTE]
-    >For management of Surface devices it is recommended that you use the Current Branch of Microsoft Endpoint Configuration Manager.<br>Microsoft Endpoint Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
+    >For management of Surface devices it is recommended that you use the Current Branch of Microsoft Configuration Manager.<br>Configuration Manager also allows you to revoke enterprise data. However, it does it by performing a factory reset of the device.
 
 ## How WIP works
 Windows Information Protection helps address your everyday challenges in the enterprise. Including:
@@ -144,11 +145,11 @@ You can set your Windows Information Protection policy to use 1 of 4 protection
 |----|-----------|
 |Block |Windows Information Protection looks for inappropriate data sharing practices and stops the employee from completing the action. This can include sharing enterprise data to non-enterprise-protected apps in addition to sharing enterprise data between apps or attempting to share outside of your organization's network.|
 |Allow overrides |Windows Information Protection looks for inappropriate data sharing, warning employees if they do something deemed potentially unsafe. However, this management mode lets the employee override the policy and share the data, logging the action to your audit log.|
-|Silent |Windows Information Protection runs silently, logging inappropriate data sharing, without stopping anything that would've been prompted for employee interaction while in Allow overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.|
-|Off |Windows Information Protection is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Be aware that your previous decryption and policy info isn't automatically reapplied if you turn Windows Information Protection back on. |
+|Silent |Windows Information Protection runs silently, logging inappropriate data sharing, without stopping anything that would have been prompted for employee interaction while in Allow overrides mode. Unallowed actions, like apps inappropriately trying to access a network resource or WIP-protected data, are still stopped.|
+|Off |Windows Information Protection is turned off and doesn't help to protect or audit your data.<p>After you turn off WIP, an attempt is made to decrypt any WIP-tagged files on the locally attached drives. Your previous decryption and policy info isn't automatically reapplied if you turn Windows Information Protection back on. |
 
 ## Turn off WIP
-You can turn off all Windows Information Protection and restrictions, decrypting all devices managed by WIP and reverting to where you were pre-WIP, with no data loss. However, this isn't recommended. If you choose to turn WIP off, you can always turn it back on, but your decryption and policy info won't be automatically reapplied.
+You can turn off all Windows Information Protection and restrictions, decrypting all devices managed by WIP and reverting to where you were pre-WIP, with no data loss. However, this isn't recommended. If you choose to turn off WIP, you can always turn it back on, but your decryption and policy info won't be automatically reapplied.
 
 ## Next steps
 
diff --git a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
index cf10227eb8..fef7dcfa1e 100644
--- a/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/recommended-network-definitions-for-wip.md
@@ -10,6 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/25/2019
 ms.reviewer: 
+ms.technology: itpro-security
 ---
 
 # Recommended Enterprise Cloud Resources and Neutral Resources network settings with Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
index 9fa0815843..35d93c25c4 100644
--- a/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
+++ b/windows/security/information-protection/windows-information-protection/testing-scenarios-for-wip.md
@@ -10,6 +10,7 @@ manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 03/05/2019
+ms.technology: itpro-security
 ---
 
 # Testing scenarios for Windows Information Protection (WIP)
@@ -42,7 +43,7 @@ You can try any of the processes included in these scenarios, but you should foc
   > [!IMPORTANT]
   > Certain file types like `.exe` and `.dll`, along with certain file paths, such as `%windir%` and `%programfiles%` are excluded from automatic encryption.
 
-  For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Create a Windows Information Protection (WIP) policy using Microsoft Endpoint Configuration Manager](create-wip-policy-using-configmgr.md), based on your deployment system.
+  For more info about your Enterprise Identity and adding apps to your allowed apps list, see either [Create a Windows Information Protection (WIP) policy using Microsoft Intune](create-wip-policy-using-intune-azure.md) or [Create a Windows Information Protection (WIP) policy using Microsoft Configuration Manager](create-wip-policy-using-configmgr.md), based on your deployment system.
 
 - **Block enterprise data from non-enterprise apps**:
 
diff --git a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
index bff685e23b..5f413c3657 100644
--- a/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
+++ b/windows/security/information-protection/windows-information-protection/using-owa-with-wip.md
@@ -10,6 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
+ms.technology: itpro-security
 ---
 
 # Using Outlook on the web with Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
index 554b5b2662..37cf054aa4 100644
--- a/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
+++ b/windows/security/information-protection/windows-information-protection/wip-app-enterprise-context.md
@@ -10,6 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
 ms.reviewer: 
+ms.technology: itpro-security
 ---
 
 # Determine the Enterprise Context of an app running in Windows Information Protection (WIP)
diff --git a/windows/security/information-protection/windows-information-protection/wip-learning.md b/windows/security/information-protection/windows-information-protection/wip-learning.md
index f5d1914f60..8f15eb8d9c 100644
--- a/windows/security/information-protection/windows-information-protection/wip-learning.md
+++ b/windows/security/information-protection/windows-information-protection/wip-learning.md
@@ -10,6 +10,7 @@ manager: dougeby
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 02/26/2019
+ms.technology: itpro-security
 ---
 
 # Fine-tune Windows Information Protection (WIP) with WIP Learning
diff --git a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
index 1f29e4c03c..e8c3a7d588 100644
--- a/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
+++ b/windows/security/threat-protection/auditing/audit-authorization-policy-change.md
@@ -21,9 +21,9 @@ Audit Authorization Policy Change allows you to audit assignment and removal of
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 |-------------------|-----------------|-----------------|------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | IF             | No              | IF              | No               | IF – With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Endpoint Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | IF             | No              | IF              | No               | IF – With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Endpoint Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation       | IF             | No              | IF              | No               | IF – With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Endpoint Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | IF             | No              | IF              | No               | IF – With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Member Server     | IF             | No              | IF              | No               | IF – With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Workstation       | IF             | No              | IF              | No               | IF – With Success auditing for this subcategory, you can get information related to changes in user rights policies, or changes of resource attributes or Central Access Policy applied to file system objects.<br>However, if you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
 
 **Events List:**
 
diff --git a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
index df3e720b31..533703cb10 100644
--- a/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
+++ b/windows/security/threat-protection/auditing/audit-token-right-adjusted.md
@@ -18,9 +18,9 @@ For more information, see [Security Monitoring: A Possible New Way to Detect Pri
 
 | Computer Type     | General Success | General Failure | Stronger Success | Stronger Failure | Comments                                                                                                                                                                                                                                                                                                                                                                                                                                            |
 |-------------------|-----------------|-----------------|------------------|------------------|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| Domain Controller | IF              | No              | IF               | No               | IF – With Success auditing for this subcategory, you can get information related to changes to the privileges of a token.<br>However, if you are using an application or system service that dynamically adjusts token privileges, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Endpoint Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Member Server     | IF              | No              | IF               | No               | IF – With Success auditing for this subcategory, you can get information related to changes to the privileges of a token.<br>However, if you are using an application or system service that dynamically adjusts token privileges, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Endpoint Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
-| Workstation       | IF              | No              | IF               | No               | IF – With Success auditing for this subcategory, you can get information related to changes to the privileges of a token.<br>However, if you are using an application or system service that dynamically adjusts token privileges, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Endpoint Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Domain Controller | IF              | No              | IF               | No               | IF – With Success auditing for this subcategory, you can get information related to changes to the privileges of a token.<br>However, if you are using an application or system service that dynamically adjusts token privileges, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Member Server     | IF              | No              | IF               | No               | IF – With Success auditing for this subcategory, you can get information related to changes to the privileges of a token.<br>However, if you are using an application or system service that dynamically adjusts token privileges, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
+| Workstation       | IF              | No              | IF               | No               | IF – With Success auditing for this subcategory, you can get information related to changes to the privileges of a token.<br>However, if you are using an application or system service that dynamically adjusts token privileges, we do not recommend Success auditing because of the high volume of event “[4703](event-4703.md)(S): A user right was adjusted” that may be generated. As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from **svchost.exe**).<br>If one of your applications or services is generating a large number of 4703 events, you might find that your event-management software has filtering logic that can automatically discard the recurring events, which would make it easier to work with Success auditing for this category.<br>This subcategory doesn’t have Failure events, so there is no recommendation to enable Failure auditing for this subcategory. |
 
 **Events List:**
 
diff --git a/windows/security/threat-protection/auditing/event-4703.md b/windows/security/threat-protection/auditing/event-4703.md
index a4200af9ea..b4571317fc 100644
--- a/windows/security/threat-protection/auditing/event-4703.md
+++ b/windows/security/threat-protection/auditing/event-4703.md
@@ -23,7 +23,7 @@ ms.technology: itpro-security
 
 ***Event Description:***
 
-This event generates when [token privileges](/windows/win32/secauthz/enabling-and-disabling-privileges-in-c--) were enabled or disabled for a specific account’s token.  As of Windows 10, event 4703 is also logged by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Endpoint Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from svchost.exe). If you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, you might need to disable Success auditing for this subcategory (Audit Authorization Policy Change), or work with a very high volume of event 4703.
+This event generates when [token privileges](/windows/win32/secauthz/enabling-and-disabling-privileges-in-c--) were enabled or disabled for a specific account’s token.  As of Windows 10, event 4703 is also logged by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from svchost.exe). If you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, you might need to disable Success auditing for this subcategory (Audit Authorization Policy Change), or work with a very high volume of event 4703.
 
 > **Note**&nbsp;&nbsp;For recommendations, see [Security Monitoring Recommendations](#security-monitoring-recommendations) for this event.
 
@@ -182,7 +182,7 @@ Token privileges provide the ability to take certain system-level actions that y
 
 For 4703(S): A user right was adjusted.
 
-As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Endpoint Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from svchost.exe). If you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, you might need to disable Success auditing for this subcategory, [Audit Authorization Policy Change](audit-authorization-policy-change.md), or work with a very high volume of event 4703.
+As of Windows 10, event 4703 is generated by applications or services that dynamically adjust token privileges. An example of such an application is Microsoft Configuration Manager, which makes WMI queries at recurring intervals and quickly generates a large number of 4703 events (with the WMI activity listed as coming from svchost.exe). If you are using an application or system service that makes changes to system privileges through the AdjustPrivilegesToken API, you might need to disable Success auditing for this subcategory, [Audit Authorization Policy Change](audit-authorization-policy-change.md), or work with a very high volume of event 4703.
 
 Otherwise, see the recommendations in the following table.
 
diff --git a/windows/security/threat-protection/auditing/event-4774.md b/windows/security/threat-protection/auditing/event-4774.md
index 2301e2110f..4cf831e05b 100644
--- a/windows/security/threat-protection/auditing/event-4774.md
+++ b/windows/security/threat-protection/auditing/event-4774.md
@@ -8,7 +8,7 @@ ms.sitesec: library
 ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/07/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
 ms.technology: itpro-security
diff --git a/windows/security/threat-protection/auditing/event-5059.md b/windows/security/threat-protection/auditing/event-5059.md
index 6c069ab814..26cd95b0d4 100644
--- a/windows/security/threat-protection/auditing/event-5059.md
+++ b/windows/security/threat-protection/auditing/event-5059.md
@@ -2,7 +2,7 @@
 title: 5059(S, F) Key migration operation. (Windows 10)
 description: Describes security event 5059(S, F) Key migration operation. This event is generated when a cryptographic key is exported/imported using a Key Storage Provider.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5059(S, F): Key migration operation.
diff --git a/windows/security/threat-protection/auditing/event-5060.md b/windows/security/threat-protection/auditing/event-5060.md
index 00c3fc26b4..1a65f76633 100644
--- a/windows/security/threat-protection/auditing/event-5060.md
+++ b/windows/security/threat-protection/auditing/event-5060.md
@@ -2,7 +2,7 @@
 title: 5060(F) Verification operation failed. (Windows 10)
 description: Describes security event 5060(F) Verification operation failed. This event is generated when the CNG verification operation fails.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5060(F): Verification operation failed.
diff --git a/windows/security/threat-protection/auditing/event-5061.md b/windows/security/threat-protection/auditing/event-5061.md
index 2b6cc4b64c..d47254485f 100644
--- a/windows/security/threat-protection/auditing/event-5061.md
+++ b/windows/security/threat-protection/auditing/event-5061.md
@@ -2,7 +2,7 @@
 title: 5061(S, F) Cryptographic operation. (Windows 10)
 description: Describes security event 5061(S, F) Cryptographic operation. This event is generated when a cryptographic operation is performed using a Key Storage Provider.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5061(S, F): Cryptographic operation.
diff --git a/windows/security/threat-protection/auditing/event-5062.md b/windows/security/threat-protection/auditing/event-5062.md
index b038353b7d..08b0f7bce0 100644
--- a/windows/security/threat-protection/auditing/event-5062.md
+++ b/windows/security/threat-protection/auditing/event-5062.md
@@ -2,7 +2,7 @@
 title: 5062(S) A kernel-mode cryptographic self-test was performed. (Windows 10)
 description: Describes security event 5062(S) A kernel-mode cryptographic self-test was performed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5062(S): A kernel-mode cryptographic self-test was performed.
diff --git a/windows/security/threat-protection/auditing/event-5063.md b/windows/security/threat-protection/auditing/event-5063.md
index 52e68d3dbd..784019bc18 100644
--- a/windows/security/threat-protection/auditing/event-5063.md
+++ b/windows/security/threat-protection/auditing/event-5063.md
@@ -2,7 +2,7 @@
 title: 5063(S, F) A cryptographic provider operation was attempted. (Windows 10)
 description: Describes security event 5063(S, F) A cryptographic provider operation was attempted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5063(S, F): A cryptographic provider operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5064.md b/windows/security/threat-protection/auditing/event-5064.md
index 9dd6ca5e47..807d3ee45d 100644
--- a/windows/security/threat-protection/auditing/event-5064.md
+++ b/windows/security/threat-protection/auditing/event-5064.md
@@ -2,7 +2,7 @@
 title: 5064(S, F) A cryptographic context operation was attempted. (Windows 10)
 description: Describes security event 5064(S, F) A cryptographic context operation was attempted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5064(S, F): A cryptographic context operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5065.md b/windows/security/threat-protection/auditing/event-5065.md
index 46772ff759..3e978d64a3 100644
--- a/windows/security/threat-protection/auditing/event-5065.md
+++ b/windows/security/threat-protection/auditing/event-5065.md
@@ -2,7 +2,7 @@
 title: 5065(S, F) A cryptographic context modification was attempted. (Windows 10)
 description: Describes security event 5065(S, F) A cryptographic context modification was attempted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5065(S, F): A cryptographic context modification was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5066.md b/windows/security/threat-protection/auditing/event-5066.md
index 1a4dd7ae96..e834a9e584 100644
--- a/windows/security/threat-protection/auditing/event-5066.md
+++ b/windows/security/threat-protection/auditing/event-5066.md
@@ -2,7 +2,7 @@
 title: 5066(S, F) A cryptographic function operation was attempted. (Windows 10)
 description: Describes security event 5066(S, F) A cryptographic function operation was attempted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5066(S, F): A cryptographic function operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5067.md b/windows/security/threat-protection/auditing/event-5067.md
index 01b6ce22cb..5aa395a688 100644
--- a/windows/security/threat-protection/auditing/event-5067.md
+++ b/windows/security/threat-protection/auditing/event-5067.md
@@ -2,7 +2,7 @@
 title: 5067(S, F) A cryptographic function modification was attempted. (Windows 10)
 description: Describes security event 5067(S, F) A cryptographic function modification was attempted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5067(S, F): A cryptographic function modification was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5068.md b/windows/security/threat-protection/auditing/event-5068.md
index c365519a4c..814ea02d50 100644
--- a/windows/security/threat-protection/auditing/event-5068.md
+++ b/windows/security/threat-protection/auditing/event-5068.md
@@ -2,7 +2,7 @@
 title: 5068(S, F) A cryptographic function provider operation was attempted. (Windows 10)
 description: Describes security event 5068(S, F) A cryptographic function provider operation was attempted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5068(S, F): A cryptographic function provider operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5069.md b/windows/security/threat-protection/auditing/event-5069.md
index 68a9da47b3..b8d6466c09 100644
--- a/windows/security/threat-protection/auditing/event-5069.md
+++ b/windows/security/threat-protection/auditing/event-5069.md
@@ -2,7 +2,7 @@
 title: 5069(S, F) A cryptographic function property operation was attempted. (Windows 10)
 description: Describes security event 5069(S, F) A cryptographic function property operation was attempted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5069(S, F): A cryptographic function property operation was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5070.md b/windows/security/threat-protection/auditing/event-5070.md
index 85ccd666f0..1232c68bd4 100644
--- a/windows/security/threat-protection/auditing/event-5070.md
+++ b/windows/security/threat-protection/auditing/event-5070.md
@@ -2,7 +2,7 @@
 title: 5070(S, F) A cryptographic function property modification was attempted. (Windows 10)
 description: Describes security event 5070(S, F) A cryptographic function property modification was attempted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5070(S, F): A cryptographic function property modification was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5136.md b/windows/security/threat-protection/auditing/event-5136.md
index d58033c0a7..97f862f3a6 100644
--- a/windows/security/threat-protection/auditing/event-5136.md
+++ b/windows/security/threat-protection/auditing/event-5136.md
@@ -2,7 +2,7 @@
 title: 5136(S) A directory service object was modified. (Windows 10)
 description: Describes security event 5136(S) A directory service object was modified.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5136(S): A directory service object was modified.
diff --git a/windows/security/threat-protection/auditing/event-5137.md b/windows/security/threat-protection/auditing/event-5137.md
index a0d084c4f8..072f6dede2 100644
--- a/windows/security/threat-protection/auditing/event-5137.md
+++ b/windows/security/threat-protection/auditing/event-5137.md
@@ -2,7 +2,7 @@
 title: 5137(S) A directory service object was created. (Windows 10)
 description: Describes security event 5137(S) A directory service object was created.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5137(S): A directory service object was created.
diff --git a/windows/security/threat-protection/auditing/event-5138.md b/windows/security/threat-protection/auditing/event-5138.md
index abb03c8027..5fcb9a3381 100644
--- a/windows/security/threat-protection/auditing/event-5138.md
+++ b/windows/security/threat-protection/auditing/event-5138.md
@@ -2,7 +2,7 @@
 title: 5138(S) A directory service object was undeleted. (Windows 10)
 description: Describes security event 5138(S) A directory service object was undeleted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5138(S): A directory service object was undeleted.
diff --git a/windows/security/threat-protection/auditing/event-5139.md b/windows/security/threat-protection/auditing/event-5139.md
index ca0b1825f9..e89fd1eb91 100644
--- a/windows/security/threat-protection/auditing/event-5139.md
+++ b/windows/security/threat-protection/auditing/event-5139.md
@@ -2,7 +2,7 @@
 title: 5139(S) A directory service object was moved. (Windows 10)
 description: Describes security event 5139(S) A directory service object was moved.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5139(S): A directory service object was moved.
diff --git a/windows/security/threat-protection/auditing/event-5140.md b/windows/security/threat-protection/auditing/event-5140.md
index ea890e4738..5d72bf2c8c 100644
--- a/windows/security/threat-protection/auditing/event-5140.md
+++ b/windows/security/threat-protection/auditing/event-5140.md
@@ -2,7 +2,7 @@
 title: 5140(S, F) A network share object was accessed. (Windows 10)
 description: Describes security event 5140(S, F) A network share object was accessed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5140(S, F): A network share object was accessed.
diff --git a/windows/security/threat-protection/auditing/event-5141.md b/windows/security/threat-protection/auditing/event-5141.md
index fbc9435158..d7ba9c67d4 100644
--- a/windows/security/threat-protection/auditing/event-5141.md
+++ b/windows/security/threat-protection/auditing/event-5141.md
@@ -2,7 +2,7 @@
 title: 5141(S) A directory service object was deleted. (Windows 10)
 description: Describes security event 5141(S) A directory service object was deleted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5141(S): A directory service object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-5142.md b/windows/security/threat-protection/auditing/event-5142.md
index 74e31d363f..6930a066d4 100644
--- a/windows/security/threat-protection/auditing/event-5142.md
+++ b/windows/security/threat-protection/auditing/event-5142.md
@@ -2,7 +2,7 @@
 title: 5142(S) A network share object was added. (Windows 10)
 description: Describes security event 5142(S) A network share object was added. This event is generated when a network share object is added.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5142(S): A network share object was added.
diff --git a/windows/security/threat-protection/auditing/event-5143.md b/windows/security/threat-protection/auditing/event-5143.md
index e485322da4..ccfe6641b0 100644
--- a/windows/security/threat-protection/auditing/event-5143.md
+++ b/windows/security/threat-protection/auditing/event-5143.md
@@ -2,7 +2,7 @@
 title: 5143(S) A network share object was modified. (Windows 10)
 description: Describes security event 5143(S) A network share object was modified. This event is generated when a network share object is modified.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5143(S): A network share object was modified.
diff --git a/windows/security/threat-protection/auditing/event-5144.md b/windows/security/threat-protection/auditing/event-5144.md
index 50f697a96f..69aa754e48 100644
--- a/windows/security/threat-protection/auditing/event-5144.md
+++ b/windows/security/threat-protection/auditing/event-5144.md
@@ -2,7 +2,7 @@
 title: 5144(S) A network share object was deleted. (Windows 10)
 description: Describes security event 5144(S) A network share object was deleted. This event is generated when a network share object is deleted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5144(S): A network share object was deleted.
diff --git a/windows/security/threat-protection/auditing/event-5145.md b/windows/security/threat-protection/auditing/event-5145.md
index 782cdb4911..8f47f2b4d1 100644
--- a/windows/security/threat-protection/auditing/event-5145.md
+++ b/windows/security/threat-protection/auditing/event-5145.md
@@ -2,7 +2,7 @@
 title: 5145(S, F) A network share object was checked to see whether client can be granted desired access. (Windows 10)
 description: Describes security event 5145(S, F) A network share object was checked to see whether client can be granted desired access.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5145(S, F): A network share object was checked to see whether client can be granted desired access.
diff --git a/windows/security/threat-protection/auditing/event-5148.md b/windows/security/threat-protection/auditing/event-5148.md
index 109b4da544..bb9ab2267c 100644
--- a/windows/security/threat-protection/auditing/event-5148.md
+++ b/windows/security/threat-protection/auditing/event-5148.md
@@ -2,7 +2,7 @@
 title: 5148(F) The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded. (Windows 10)
 description: Details on Security event 5148(F), The Windows Filtering Platform has detected a DoS attack and entered a defensive mode.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5148(F): The Windows Filtering Platform has detected a DoS attack and entered a defensive mode; packets associated with this attack will be discarded.
diff --git a/windows/security/threat-protection/auditing/event-5149.md b/windows/security/threat-protection/auditing/event-5149.md
index b94279645b..0e4b73fcde 100644
--- a/windows/security/threat-protection/auditing/event-5149.md
+++ b/windows/security/threat-protection/auditing/event-5149.md
@@ -2,7 +2,7 @@
 title: 5149(F) The DoS attack has subsided and normal processing is being resumed. (Windows 10)
 description: Describes security event 5149(F) The DoS attack has subsided and normal processing is being resumed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5149(F): The DoS attack has subsided and normal processing is being resumed.
diff --git a/windows/security/threat-protection/auditing/event-5150.md b/windows/security/threat-protection/auditing/event-5150.md
index 23c35f76d7..f1310cde61 100644
--- a/windows/security/threat-protection/auditing/event-5150.md
+++ b/windows/security/threat-protection/auditing/event-5150.md
@@ -2,7 +2,7 @@
 title: 5150(-) The Windows Filtering Platform blocked a packet. (Windows 10)
 description: Describes security event 5150(-) The Windows Filtering Platform blocked a packet.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5150(-): The Windows Filtering Platform blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5151.md b/windows/security/threat-protection/auditing/event-5151.md
index 239d0556a2..bf55e6a6eb 100644
--- a/windows/security/threat-protection/auditing/event-5151.md
+++ b/windows/security/threat-protection/auditing/event-5151.md
@@ -2,7 +2,7 @@
 title: 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10)
 description: Describes security event 5151(-) A more restrictive Windows Filtering Platform filter has blocked a packet.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5151(-): A more restrictive Windows Filtering Platform filter has blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5152.md b/windows/security/threat-protection/auditing/event-5152.md
index 7fd8072d96..27438881cb 100644
--- a/windows/security/threat-protection/auditing/event-5152.md
+++ b/windows/security/threat-protection/auditing/event-5152.md
@@ -2,7 +2,7 @@
 title: 5152(F) The Windows Filtering Platform blocked a packet. (Windows 10)
 description: Describes security event 5152(F) The Windows Filtering Platform blocked a packet.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5152(F): The Windows Filtering Platform blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5153.md b/windows/security/threat-protection/auditing/event-5153.md
index 355b963812..f7a61cc8fe 100644
--- a/windows/security/threat-protection/auditing/event-5153.md
+++ b/windows/security/threat-protection/auditing/event-5153.md
@@ -2,7 +2,7 @@
 title: 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet. (Windows 10)
 description: Describes security event 5153(S) A more restrictive Windows Filtering Platform filter has blocked a packet.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5153(S): A more restrictive Windows Filtering Platform filter has blocked a packet.
diff --git a/windows/security/threat-protection/auditing/event-5154.md b/windows/security/threat-protection/auditing/event-5154.md
index 4ada326421..2002fbb907 100644
--- a/windows/security/threat-protection/auditing/event-5154.md
+++ b/windows/security/threat-protection/auditing/event-5154.md
@@ -2,7 +2,7 @@
 title: 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections. (Windows 10)
 description: Describes security event 5154(S) The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5154(S): The Windows Filtering Platform has permitted an application or service to listen on a port for incoming connections.
diff --git a/windows/security/threat-protection/auditing/event-5155.md b/windows/security/threat-protection/auditing/event-5155.md
index b24e159daf..94377b1098 100644
--- a/windows/security/threat-protection/auditing/event-5155.md
+++ b/windows/security/threat-protection/auditing/event-5155.md
@@ -2,7 +2,7 @@
 title: 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections. (Windows 10)
 description: Describes security event 5155(F) The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5155(F): The Windows Filtering Platform has blocked an application or service from listening on a port for incoming connections.
diff --git a/windows/security/threat-protection/auditing/event-5156.md b/windows/security/threat-protection/auditing/event-5156.md
index a22acae52c..fbe87f79bc 100644
--- a/windows/security/threat-protection/auditing/event-5156.md
+++ b/windows/security/threat-protection/auditing/event-5156.md
@@ -2,7 +2,7 @@
 title: 5156(S) The Windows Filtering Platform has permitted a connection. (Windows 10)
 description: Describes security event 5156(S) The Windows Filtering Platform has permitted a connection.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5156(S): The Windows Filtering Platform has permitted a connection.
diff --git a/windows/security/threat-protection/auditing/event-5157.md b/windows/security/threat-protection/auditing/event-5157.md
index c555d5aa36..6967921a48 100644
--- a/windows/security/threat-protection/auditing/event-5157.md
+++ b/windows/security/threat-protection/auditing/event-5157.md
@@ -2,7 +2,7 @@
 title: 5157(F) The Windows Filtering Platform has blocked a connection. (Windows 10)
 description: Describes security event 5157(F) The Windows Filtering Platform has blocked a connection.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5157(F): The Windows Filtering Platform has blocked a connection.
diff --git a/windows/security/threat-protection/auditing/event-5158.md b/windows/security/threat-protection/auditing/event-5158.md
index 1255e8d0bb..af16821b1f 100644
--- a/windows/security/threat-protection/auditing/event-5158.md
+++ b/windows/security/threat-protection/auditing/event-5158.md
@@ -2,7 +2,7 @@
 title: 5158(S) The Windows Filtering Platform has permitted a bind to a local port. (Windows 10)
 description: Describes security event 5158(S) The Windows Filtering Platform has permitted a bind to a local port.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5158(S): The Windows Filtering Platform has permitted a bind to a local port.
diff --git a/windows/security/threat-protection/auditing/event-5159.md b/windows/security/threat-protection/auditing/event-5159.md
index bbd1141c71..5ecd816d89 100644
--- a/windows/security/threat-protection/auditing/event-5159.md
+++ b/windows/security/threat-protection/auditing/event-5159.md
@@ -2,7 +2,7 @@
 title: 5159(F) The Windows Filtering Platform has blocked a bind to a local port. (Windows 10)
 description: Describes security event 5159(F) The Windows Filtering Platform has blocked a bind to a local port.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5159(F): The Windows Filtering Platform has blocked a bind to a local port.
diff --git a/windows/security/threat-protection/auditing/event-5168.md b/windows/security/threat-protection/auditing/event-5168.md
index 1b97127e7f..3b59d54629 100644
--- a/windows/security/threat-protection/auditing/event-5168.md
+++ b/windows/security/threat-protection/auditing/event-5168.md
@@ -2,7 +2,7 @@
 title: 5168(F) SPN check for SMB/SMB2 failed. (Windows 10)
 description: Describes security event 5168(F) SPN check for SMB/SMB2 failed. This event is generated when an SMB SPN check fails.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5168(F): SPN check for SMB/SMB2 failed.
diff --git a/windows/security/threat-protection/auditing/event-5376.md b/windows/security/threat-protection/auditing/event-5376.md
index eaa77a9e64..3145af538e 100644
--- a/windows/security/threat-protection/auditing/event-5376.md
+++ b/windows/security/threat-protection/auditing/event-5376.md
@@ -2,7 +2,7 @@
 title: 5376(S) Credential Manager credentials were backed up. (Windows 10)
 description: Describes security event 5376(S) Credential Manager credentials were backed up.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5376(S): Credential Manager credentials were backed up.
diff --git a/windows/security/threat-protection/auditing/event-5377.md b/windows/security/threat-protection/auditing/event-5377.md
index fd9c84db3a..a60bd13f29 100644
--- a/windows/security/threat-protection/auditing/event-5377.md
+++ b/windows/security/threat-protection/auditing/event-5377.md
@@ -2,7 +2,7 @@
 title: 5377(S) Credential Manager credentials were restored from a backup. (Windows 10)
 description: Describes security event 5377(S) Credential Manager credentials were restored from a backup.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5377(S): Credential Manager credentials were restored from a backup.
diff --git a/windows/security/threat-protection/auditing/event-5378.md b/windows/security/threat-protection/auditing/event-5378.md
index d25246b249..64f48471be 100644
--- a/windows/security/threat-protection/auditing/event-5378.md
+++ b/windows/security/threat-protection/auditing/event-5378.md
@@ -2,7 +2,7 @@
 title: 5378(F) The requested credentials delegation was disallowed by policy. (Windows 10)
 description: Describes security event 5378(F) The requested credentials delegation was disallowed by policy.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5378(F): The requested credentials delegation was disallowed by policy.
diff --git a/windows/security/threat-protection/auditing/event-5447.md b/windows/security/threat-protection/auditing/event-5447.md
index 801d206b0b..732d1ae81e 100644
--- a/windows/security/threat-protection/auditing/event-5447.md
+++ b/windows/security/threat-protection/auditing/event-5447.md
@@ -2,7 +2,7 @@
 title: 5447(S) A Windows Filtering Platform filter has been changed. (Windows 10)
 description: Describes security event 5447(S) A Windows Filtering Platform filter has been changed.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5447(S): A Windows Filtering Platform filter has been changed.
diff --git a/windows/security/threat-protection/auditing/event-5632.md b/windows/security/threat-protection/auditing/event-5632.md
index 26c41df186..b5af7f21a3 100644
--- a/windows/security/threat-protection/auditing/event-5632.md
+++ b/windows/security/threat-protection/auditing/event-5632.md
@@ -2,16 +2,16 @@
 title: 5632(S, F) A request was made to authenticate to a wireless network. (Windows 10)
 description: Describes security event 5632(S, F) A request was made to authenticate to a wireless network.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
 author: vinaypamnani-msft
 ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5632(S, F): A request was made to authenticate to a wireless network.
diff --git a/windows/security/threat-protection/auditing/event-5633.md b/windows/security/threat-protection/auditing/event-5633.md
index e0591f9a05..1583b0b945 100644
--- a/windows/security/threat-protection/auditing/event-5633.md
+++ b/windows/security/threat-protection/auditing/event-5633.md
@@ -2,7 +2,7 @@
 title: 5633(S, F) A request was made to authenticate to a wired network. (Windows 10)
 description: Describes security event 5633(S, F) A request was made to authenticate to a wired network.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5633(S, F): A request was made to authenticate to a wired network.
diff --git a/windows/security/threat-protection/auditing/event-5712.md b/windows/security/threat-protection/auditing/event-5712.md
index dbafd70da3..d0dc85fe45 100644
--- a/windows/security/threat-protection/auditing/event-5712.md
+++ b/windows/security/threat-protection/auditing/event-5712.md
@@ -2,7 +2,7 @@
 title: 5712(S) A Remote Procedure Call (RPC) was attempted. (Windows 10)
 description: Describes security event 5712(S) A Remote Procedure Call (RPC) was attempted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5712(S): A Remote Procedure Call (RPC) was attempted.
diff --git a/windows/security/threat-protection/auditing/event-5888.md b/windows/security/threat-protection/auditing/event-5888.md
index 0ac72b6488..5c45a9698a 100644
--- a/windows/security/threat-protection/auditing/event-5888.md
+++ b/windows/security/threat-protection/auditing/event-5888.md
@@ -2,7 +2,7 @@
 title: 5888(S) An object in the COM+ Catalog was modified. (Windows 10)
 description: Describes security event 5888(S) An object in the COM+ Catalog was modified.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5888(S): An object in the COM+ Catalog was modified.
diff --git a/windows/security/threat-protection/auditing/event-5889.md b/windows/security/threat-protection/auditing/event-5889.md
index 821162c968..3b60e803d9 100644
--- a/windows/security/threat-protection/auditing/event-5889.md
+++ b/windows/security/threat-protection/auditing/event-5889.md
@@ -2,7 +2,7 @@
 title: 5889(S) An object was deleted from the COM+ Catalog. (Windows 10)
 description: Describes security event 5889(S) An object was deleted from the COM+ Catalog.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5889(S): An object was deleted from the COM+ Catalog.
diff --git a/windows/security/threat-protection/auditing/event-5890.md b/windows/security/threat-protection/auditing/event-5890.md
index a59fadc788..09c79bee05 100644
--- a/windows/security/threat-protection/auditing/event-5890.md
+++ b/windows/security/threat-protection/auditing/event-5890.md
@@ -2,7 +2,7 @@
 title: 5890(S) An object was added to the COM+ Catalog. (Windows 10)
 description: Describes security event 5890(S) An object was added to the COM+ Catalog.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 5890(S): An object was added to the COM+ Catalog.
diff --git a/windows/security/threat-protection/auditing/event-6144.md b/windows/security/threat-protection/auditing/event-6144.md
index 959f1b969c..dfad64c1da 100644
--- a/windows/security/threat-protection/auditing/event-6144.md
+++ b/windows/security/threat-protection/auditing/event-6144.md
@@ -2,7 +2,7 @@
 title: 6144(S) Security policy in the group policy objects has been applied successfully. (Windows 10)
 description: Describes security event 6144(S) Security policy in the group policy objects has been applied successfully.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6144(S): Security policy in the group policy objects has been applied successfully.
diff --git a/windows/security/threat-protection/auditing/event-6145.md b/windows/security/threat-protection/auditing/event-6145.md
index 266a490fdd..60ed2e8ad8 100644
--- a/windows/security/threat-protection/auditing/event-6145.md
+++ b/windows/security/threat-protection/auditing/event-6145.md
@@ -2,7 +2,7 @@
 title: 6145(F) One or more errors occurred while processing security policy in the group policy objects. (Windows 10)
 description: Describes security event 6145(F) One or more errors occurred while processing security policy in the group policy objects.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/08/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6145(F): One or more errors occurred while processing security policy in the group policy objects.
diff --git a/windows/security/threat-protection/auditing/event-6281.md b/windows/security/threat-protection/auditing/event-6281.md
index d6701e243e..76f546a222 100644
--- a/windows/security/threat-protection/auditing/event-6281.md
+++ b/windows/security/threat-protection/auditing/event-6281.md
@@ -2,7 +2,7 @@
 title: 6281(F) Code Integrity determined that the page hashes of an image file aren't valid. (Windows 10)
 description: Describes security event 6281(F) Code Integrity determined that the page hashes of an image file aren't valid.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6281(F): Code Integrity determined that the page hashes of an image file aren't valid. The file could be improperly signed without page hashes or corrupt due to unauthorized modification. The invalid hashes could indicate a potential disk device error.
diff --git a/windows/security/threat-protection/auditing/event-6400.md b/windows/security/threat-protection/auditing/event-6400.md
index f3cc62235d..d8bcc6f1c7 100644
--- a/windows/security/threat-protection/auditing/event-6400.md
+++ b/windows/security/threat-protection/auditing/event-6400.md
@@ -2,7 +2,7 @@
 title: 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content. (Windows 10)
 description: Describes security event 6400(-) BranchCache Received an incorrectly formatted response while discovering availability of content.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6400(-): BranchCache: Received an incorrectly formatted response while discovering availability of content.
diff --git a/windows/security/threat-protection/auditing/event-6401.md b/windows/security/threat-protection/auditing/event-6401.md
index cdd2869db5..3e60d3515a 100644
--- a/windows/security/threat-protection/auditing/event-6401.md
+++ b/windows/security/threat-protection/auditing/event-6401.md
@@ -2,7 +2,7 @@
 title: 6401(-) BranchCache Received invalid data from a peer. Data discarded. (Windows 10)
 description: Describes security event 6401(-) BranchCache Received invalid data from a peer. Data discarded.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6401(-): BranchCache: Received invalid data from a peer. Data discarded.
diff --git a/windows/security/threat-protection/auditing/event-6402.md b/windows/security/threat-protection/auditing/event-6402.md
index 5c2a2775b2..3148f9b03e 100644
--- a/windows/security/threat-protection/auditing/event-6402.md
+++ b/windows/security/threat-protection/auditing/event-6402.md
@@ -2,7 +2,7 @@
 title: 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted. (Windows 10)
 description: Describes security event 6402(-) BranchCache The message to the hosted cache offering it data is incorrectly formatted.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6402(-): BranchCache: The message to the hosted cache offering it data is incorrectly formatted.
diff --git a/windows/security/threat-protection/auditing/event-6403.md b/windows/security/threat-protection/auditing/event-6403.md
index 3b5d284082..ad426fdacc 100644
--- a/windows/security/threat-protection/auditing/event-6403.md
+++ b/windows/security/threat-protection/auditing/event-6403.md
@@ -2,7 +2,7 @@
 title: 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client. (Windows 10)
 description: Describes security event 6403(-) BranchCache The hosted cache sent an incorrectly formatted response to the client.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6403(-): BranchCache: The hosted cache sent an incorrectly formatted response to the client.
diff --git a/windows/security/threat-protection/auditing/event-6404.md b/windows/security/threat-protection/auditing/event-6404.md
index ff6b32947a..e2fed0d583 100644
--- a/windows/security/threat-protection/auditing/event-6404.md
+++ b/windows/security/threat-protection/auditing/event-6404.md
@@ -2,7 +2,7 @@
 title: 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate. (Windows 10)
 description: Describes security event 6404(-) BranchCache Hosted cache could not be authenticated using the provisioned SSL certificate.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6404(-): BranchCache: Hosted cache could not be authenticated using the provisioned SSL certificate.
diff --git a/windows/security/threat-protection/auditing/event-6405.md b/windows/security/threat-protection/auditing/event-6405.md
index f83340addb..48746ad277 100644
--- a/windows/security/threat-protection/auditing/event-6405.md
+++ b/windows/security/threat-protection/auditing/event-6405.md
@@ -2,7 +2,7 @@
 title: 6405(-) BranchCache %2 instance(s) of event id %1 occurred. (Windows 10)
 description: Describes security event 6405(-) BranchCache %2 instance(s) of event id %1 occurred.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6405(-): BranchCache: %2 instance(s) of event id %1 occurred.
diff --git a/windows/security/threat-protection/auditing/event-6406.md b/windows/security/threat-protection/auditing/event-6406.md
index d6109b695e..42541a3842 100644
--- a/windows/security/threat-protection/auditing/event-6406.md
+++ b/windows/security/threat-protection/auditing/event-6406.md
@@ -2,7 +2,7 @@
 title: 6406(-) %1 registered to Windows Firewall to control filtering for the following %2. (Windows 10)
 description: Describes security event 6406(-) %1 registered to Windows Firewall to control filtering for the following %2.
 ms.pagetype: security
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.localizationpriority: none
@@ -11,7 +11,7 @@ ms.date: 09/09/2021
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # 6406(-): %1 registered to Windows Firewall to control filtering for the following: %2.
diff --git a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
index e0e4b5e90d..b13c6f8d8c 100644
--- a/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
+++ b/windows/security/threat-protection/block-untrusted-fonts-in-enterprise.md
@@ -3,12 +3,12 @@ title: Block untrusted fonts in an enterprise (Windows 10)
 description: To help protect your company from attacks that may originate from untrusted or attacker controlled font files, we've created the Blocking Untrusted Fonts feature.
 ms.reviewer: 
 manager: aaroncz
-ms.prod: m365-security
+ms.prod: windows-client
 author: dansimp
 ms.author: dansimp
 ms.date: 08/14/2017
 ms.localizationpriority: medium
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Block untrusted fonts in an enterprise
diff --git a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
index b12afae0ea..314595bed9 100644
--- a/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
+++ b/windows/security/threat-protection/device-guard/enable-virtualization-based-protection-of-code-integrity.md
@@ -43,7 +43,7 @@ To enable HVCI on Windows 10 and Windows 11 devices with supporting hardware thr
 - [Windows Security app](#windows-security-app)
 - [Microsoft Intune (or another MDM provider)](#enable-hvci-using-intune)
 - [Group Policy](#enable-hvci-using-group-policy)
-- [Microsoft Endpoint Configuration Manager](https://cloudblogs.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-configuration-manager/)
+- [Microsoft Configuration Manager](https://cloudblogs.microsoft.com/enterprisemobility/2015/10/30/managing-windows-10-device-guard-with-configuration-manager/)
 - [Registry](#use-registry-keys-to-enable-virtualization-based-protection-of-code-integrity)
 
 ### Windows Security app
diff --git a/windows/security/threat-protection/fips-140-validation.md b/windows/security/threat-protection/fips-140-validation.md
index 68986caf3c..c5729ba1e1 100644
--- a/windows/security/threat-protection/fips-140-validation.md
+++ b/windows/security/threat-protection/fips-140-validation.md
@@ -1,7 +1,8 @@
 ---
 title: Federal Information Processing Standard (FIPS) 140 Validation
 description: Learn how Microsoft products and cryptographic modules follow the U.S. Federal government standard FIPS 140.
-ms.prod: m365-security
+ms.prod: windows-client
+ms.date: 11/03/2022
 manager: aaroncz
 ms.author: paoloma
 author: paolomatarazzo
@@ -11,7 +12,7 @@ ms.collection:
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # FIPS 140-2 Validation
@@ -20,17 +21,17 @@ ms.technology: windows-sec
 
 The Federal Information Processing Standard (FIPS) Publication 140-2 is a U.S. government standard. FIPS is based on Section 5131 of the Information Technology Management Reform Act of 1996. It defines the minimum security requirements for cryptographic modules in IT products.
 
-The [Cryptographic Module Validation Program (CMVP)](https://csrc.nist.gov/Projects/cryptographic-module-validation-program) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.
+The [Cryptographic Module Validation Program (CMVP)][HTTP-1]) is a joint effort of the U.S. National Institute of Standards and Technology (NIST) and the Canadian Centre for Cyber Security (CCCS). It validates cryptographic modules against the Security Requirements for Cryptographic Modules (part of FIPS 140-2) and related FIPS cryptography standards. The FIPS 140-2 security requirements cover 11 areas related to the design and implementation of a cryptographic module. The NIST Information Technology Laboratory operates a related program that validates the FIPS approved cryptographic algorithms in the module.
 
-## Microsoft’s approach to FIPS 140-2 validation
+## Microsoft's approach to FIPS 140-2 validation
 
 Microsoft maintains an active commitment to meeting the requirements of the FIPS 140-2 standard, having validated cryptographic modules against it since it was first established in 2001.  Microsoft validates its cryptographic modules under the NIST CMVP, as described above.  Multiple Microsoft products, including Windows 10, Windows Server, and many cloud services, use these cryptographic modules.
 
 ## Using Windows in a FIPS 140-2 approved mode of operation
 
-Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode."  If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly.
+Windows 10 and Windows Server may be configured to run in a FIPS 140-2 approved mode of operation, commonly referred to as "FIPS mode."  If you turn on FIPS mode, the Cryptographic Primitives Library (bcryptprimitives.dll) and Kernel Mode Cryptographic Primitives Library (CNG.sys) modules will run self-tests before Windows runs cryptographic operations. These self-tests are run according to FIPS 140-2 Section 4.9. They ensure that the modules are functioning properly.
 
-The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library.
+The Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library are the only modules affected by FIPS mode. FIPS mode won't prevent Windows and its subsystems from using non-FIPS validated cryptographic algorithms. FIPS mode is merely advisory for applications or components other than the Cryptographic Primitives Library and the Kernel Mode Cryptographic Primitives Library.
 
 US government regulations continue to mandate FIPS mode for government devices running Windows. Other customers should decide for themselves if FIPS mode is right for them. There are many applications and protocols that use FIPS mode policy to determine which cryptographic functionality to run. Customers seeking to follow the FIPS 140-2 standard should research the configuration settings of their applications and protocols. This research will help ensure that they can be configured to use FIPS 140-2 validated cryptography.
 
@@ -42,7 +43,7 @@ Administrators must ensure that all cryptographic modules installed are FIPS 140
 
 ### Step 2: Ensure all security policies for all cryptographic modules are followed
 
-Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode.  The security policy may be found in each module’s published Security Policy Document (SPD).  The SPDs for each module may be found in the table of validated modules at the end of this article.  Select the module version number to view the published SPD for the module. 
+Each of the cryptographic modules has a defined security policy that must be met for the module to operate in its FIPS 140-2 approved mode.  The security policy may be found in each module's published Security Policy Document (SPD).  The SPDs for each module may be found in the table of validated modules at the end of this article.  Select the module version number to view the published SPD for the module. 
 
 ### Step 3: Enable the FIPS security policy
 
@@ -57,6 +58,1027 @@ In short, an application or service is running in FIPS mode if it:
 * Checks for the policy flag
 * Enforces security policies of validated modules
 
+
+
+## Microsoft FIPS 140-2 validated cryptographic modules
+
+The following tables identify the cryptographic modules used in an operating system, organized by release.
+
+### Modules used by Windows clients
+
+For more details, expand each operating system section.
+
+<br>
+<details>
+<summary><b>Windows 10, version 1809</b></summary>
+
+Validated Editions: Home, Pro, Enterprise, Education
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.17763][sp-3197]|[#3197][certificate-3197]|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.17763][sp-3196]|[#3196][certificate-3196]|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.17763][sp-3644]|[#3644][certificate-3644]|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.17763][sp-3615]|[#3615][certificate-3615]|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.17763][sp-3651]|[#3651][certificate-3651]|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.17763][sp-3092]|[#3092][certificate-3092]|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.17763][sp-3089]|[#3089][certificate-3089]|See Security Policy and Certificate page for algorithm information|
+|Virtual TPM|[10.0.17763][sp-3690]|[#3690][certificate-3690]|See Security Policy and Certificate page for algorithm information|
+
+</details>
+
+<details>
+<summary><b>Windows 10, version 1803</b></summary>
+
+Validated Editions: Home, Pro, Enterprise, Education
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.17134][sp-3197]|[#3197][certificate-3197]|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.17134][sp-3196]|[#3196][certificate-3196]|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.17134][sp-3195]|[#3195][certificate-3195]|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.17134][sp-3480]|[#3480][certificate-3480]|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.17134][sp-3096]|[#3096][certificate-3096]|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.17134][sp-3092]|[#3092][certificate-3092]|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.17134][sp-3089]|[#3089][certificate-3089]|See Security Policy and Certificate page for algorithm information|
+
+</details>
+
+<details>
+<summary><b>Windows 10, version 1709</b></summary>
+
+Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.16299][sp-3197]|[#3197][certificate-3197]|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.16299][sp-3196]|[#3196][certificate-3196]|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.16299][sp-3195]|[#3195][certificate-3195]|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.16299][sp-3194]|[#3194][certificate-3194]|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.16299][sp-3096]|[#3096][certificate-3096]|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.16299][sp-3092]|[#3092][certificate-3092]|See Security Policy and Certificate page for algorithm information|
+|Windows Resume|[10.0.16299][sp-3091]|[#3091][certificate-3091]|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.16299][sp-3089]|[#3089][certificate-3089]|See Security Policy and Certificate page for algorithm information|
+
+</details>
+
+<details>
+<summary><b>Windows 10, version 1703</b></summary>
+
+Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.15063][sp-3095]|[#3095][certificate-3095]|FIPS approved algorithms: AES (Cert. [#4624][aes-4624]); CKG (vendor affirmed); CVL (Certs<p>[#1278][component-1278] and [#1281][component-1281]); DRBG (Cert. [#1555][drbg-1555]); DSA (Cert. [#1223][dsa-1223]); ECDSA (Cert. [#1133][ecdsa-1133]); HMAC (Cert. [#3061][hmac-3061]); KAS (Cert. [#127][kas-127]); KBKDF (Cert. [#140][kdf-140]); KTS (AES Cert. [#4626][aes-4626]; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2521][rsa-2521] and [#2522][rsa-2522]); SHS (Cert. [#3790][shs-3790]); Triple-DES (Cert. [#2459][tdes-2459]<p>Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#1133][component-1133]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#2521][component-2521]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#1281][component-1281]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#1278][component-1278])|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.15063][sp-3094]|[#3094][certificate-3094]|[#3094][certificate-3094]<p>FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4626][aes-4626]); CKG (vendor affirmed); CVL (Certs. [#1278][component-1278] and [#1281][component-1281]); DRBG (Cert. [#1555][drbg-1555]); DSA (Cert. [#1223][dsa-1223]); ECDSA (Cert. [#1133][ecdsa-1133]); HMAC (Cert. [#3061][hmac-3061]); KAS (Cert. [#127][kas-127]); KBKDF (Cert. [#140][kdf-140]); KTS (AES Cert. [#4626][aes-4626]; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2521][rsa-2521] and [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]); Triple-DES (Cert. [#2459][tdes-2459]<p>Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)<p>[Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages ([Cert. [#3094]][certificate-3094])<p>[#1133][component-1133][); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.][certificate-3094][#2521][component-2521][); FIPS186-4 RSA; RSADP - RSADP Primitive [Cert.][certificate-3094]<p>[#1281][component-1281][Cert. #3094][certificate-3094]|
+|Boot Manager|[10.0.15063][sp-3089]|[#3089][certificate-3089]|FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4625][aes-4625]); CKG (vendor affirmed); HMAC (Cert. [#3061][hmac-3061]); PBKDF (vendor affirmed); RSA (Cert. [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]<p>Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)|
+|Windows OS Loader|[10.0.15063][sp-3090]|[#3090][certificate-3090]|FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4625][aes-4625]); RSA (Cert. [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]<p>[Other algorithms: NDRNG][certificate-3090]|
+|Windows Resume <sup>[1]</sup>|[10.0.15063][sp-3091]|[#3091][certificate-3091]|FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4625][aes-4625]); RSA (Cert. [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790])|
+|BitLocker® Dump Filter <sup>[2]</sup>|[10.0.15063][sp-3092]|[#3092][certificate-3092]|FIPS approved algorithms: AES (Certs. [#4624][aes-4624] and [#4625][aes-4625]); RSA (Cert. [#2522][rsa-2522]); SHS (Cert. [#3790][shs-3790])|
+|Code Integrity (ci.dll)|[10.0.15063][sp-3093]|[#3093][certificate-3093]|FIPS approved algorithms: AES (Cert. [#4624][aes-4624]); RSA (Certs. [#2522][rsa-2522] and [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. [#1282][component-1282])|
+|Secure Kernel Code Integrity (skci.dll)<sup>[3]</sup>|[10.0.15063][sp-3096]|[#3096][certificate-3096]|FIPS approved algorithms: AES (Cert. [#4624][aes-4624]); RSA (Certs. [#2522][rsa-2522] and [#2523][rsa-2523]); SHS (Cert. [#3790][shs-3790]<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. [#1282][component-1282])|
+
+
+<sup>\[1\]</sup> Applies only to Home, Pro, Enterprise, Education, and S.
+
+<sup>\[2\]</sup> Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub
+
+<sup>\[3\]</sup> Applies only to Pro, Enterprise, Education, and S
+
+</details>
+
+<details>
+<summary><b>Windows 10, version 1607</b></summary>
+
+Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.14393][sp-2937]|[#2937][certificate-2937]|FIPS approved algorithms: AES (Cert. [#4064][aes-4064]); DRBG (Cert. [#1217][drbg-1217]); DSA (Cert. [#1098][dsa-1098]); ECDSA (Cert. [#911][ecdsa-911]); HMAC (Cert. [#2651][hmac-2651]); KAS (Cert. [#92][kas-92]); KBKDF (Cert. [#101][kdf-101]); KTS (AES Cert. [#4062][aes-4062]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192][rsa-2192], [#2193, and #2195][rsa-2193]); SHS (Cert. [#3347][shs-3347]); Triple-DES (Cert. [#2227][tdes-2227])<p>Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#922][component-922]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888][component-888]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#887][component-887]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#886][component-886])|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.14393][sp-2936]|[#2936][certificate-2936]|FIPS approved algorithms: AES (Cert. [#4064][aes-4064]); DRBG (Cert. [#1217][drbg-1217]); DSA (Cert. [#1098][dsa-1098]); ECDSA (Cert. [#911][ecdsa-911]); HMAC (Cert. [#2651][hmac-2651]); KAS (Cert. [#92][kas-92]); KBKDF (Cert. [#101][kdf-101]); KTS (AES Cert. [#4062][aes-4062]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192][rsa-2192], [#2193, and #2195][rsa-2193]); SHS (Cert. [#3347][shs-3347]); Triple-DES (Cert. [#2227][tdes-2227])<p>Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#922][component-922]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888][component-888]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#887][component-887])|
+|Boot Manager|[10.0.14393][sp-2931]|[#2931][certificate-2931]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); HMAC (Cert. [#2651][hmac-2651]); PBKDF (vendor affirmed); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])<p>Other algorithms: MD5; PBKDF (non-compliant); VMK KDF|
+|BitLocker® Windows OS Loader (winload)|[10.0.14393][sp-2932]|[#2932][certificate-2932]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])<p>Other algorithms: NDRNG; MD5|
+|BitLocker® Windows Resume (winresume)<sup>[1]</sup>|[10.0.14393][sp-2933]|[#2933][certificate-2933]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])<p>Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)<sup>[2]</sup>|[10.0.14393][sp-2934]|[#2934][certificate-2934]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064])|
+|Code Integrity (ci.dll)|[10.0.14393][sp-2935]|[#2935][certificate-2935]|FIPS approved algorithms: RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])<p>Other algorithms: AES (non-compliant); MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888][component-888])|
+|Secure Kernel Code Integrity (skci.dll)<sup>[3]</sup>|[10.0.14393][sp-2938]|[#2938][certificate-2938]|FIPS approved algorithms: RSA (Certs. [#2193][rsa-2193]); SHS (Certs. [#3347][shs-3347])<p>Other algorithms: MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888][component-888])|
+
+<sup>\[1\]</sup> Applies only to Home, Pro, Enterprise, and Enterprise LTSB
+
+<sup>\[2\]</sup> Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile
+
+<sup>\[3\]</sup> Applies only to Pro, Enterprise, and Enterprise LTSB
+
+</details>
+
+<details>
+<summary><b>Windows 10, version 1511</b></summary>
+
+Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.10586][sp-2605]|[#2606][certificate-2606]|FIPS approved algorithms: AES (Certs. [#3629][aes-3629]); DRBG (Certs. [#955][drbg-955]); DSA (Certs. [#1024][dsa-1024]); ECDSA (Certs. [#760][ecdsa-760]); HMAC (Certs. [#2381][hmac-2381]); KAS (Certs. [#72][kas-72]; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#72][kdf-72]); KTS (AES Certs. [#3653][aes-3653]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1887][rsa-1887], [#1888, and #1889][rsa-1888]); SHS (Certs. [#3047][shs-3047]); Triple-DES (Certs. [#2024][tdes-2024])<p>Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#666][component-666]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665][component-665]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#663][component-663]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#664][component-664])|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.10586][sp-2605]|[#2605][certificate-2605]|FIPS approved algorithms: AES (Certs. [#3629][aes-3629]); DRBG (Certs. [#955][drbg-955]); DSA (Certs.  [#1024][dsa-1024]); ECDSA (Certs. [#760][ecdsa-760]); HMAC (Certs. [#2381][hmac-2381]); KAS (Certs. [#72][kas-72]; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#72][kdf-72]); KTS (AES Certs. [#3653][aes-3653]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1887][rsa-1887], [#1888, and #1889][rsa-1888]); SHS (Certs. [#3047][shs-3047]); Triple-DES (Certs. [#2024][tdes-2024])<p>Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#666][component-666]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665][component-665]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#663][component-663])|
+|Boot Manager <sup>[4]</sup>|[10.0.10586][sp-2700]|[#2700][certificate-2700]|FIPS approved algorithms: AES (Certs. [#3653][aes-3653]); HMAC (Cert. [#2381][hmac-2381]); PBKDF (vendor affirmed); RSA (Cert. [#1871][rsa-1871]); SHS (Certs. [#3047][shs-3047] and [#3048][shs-3048])<p>Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
+|BitLocker® Windows OS Loader (winload)<sup>[5]</sup>|[10.0.10586][sp-2701]|[#2701][certificate-2701]|FIPS approved algorithms: AES (Certs. [#3629][aes-3629] and [#3653][aes-3653]); RSA (Cert. [#1871][rsa-1871]); SHS (Cert. [#3048][shs-3048])<p>Other algorithms: MD5; NDRNG|
+|BitLocker® Windows Resume (winresume)<sup>[6]</sup>|[10.0.10586][sp-2702]|[#2702][certificate-2702]|FIPS approved algorithms: AES (Certs. [#3653][aes-3653]); RSA (Cert. [#1871][rsa-1871]); SHS (Cert. [#3048][shs-3048])<p>Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)<sup>[7]</sup>|[10.0.10586][sp-2703]|[#2703][certificate-2703]|FIPS approved algorithms: AES (Certs. [#3653][aes-3653])|
+|Code Integrity (ci.dll)|[10.0.10586][sp-2604]|[#2604][certificate-2604]|FIPS approved algorithms: RSA (Certs. [#1871][rsa-1871]); SHS (Certs. [#3048][shs-3048])<p>Other algorithms: AES (non-compliant); MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665][component-665])|
+|Secure Kernel Code Integrity (skci.dll)<sup>[8]</sup>|[10.0.10586][sp-2607]|[#2607][certificate-2607]|FIPS approved algorithms: RSA (Certs. [#1871][rsa-1871]); SHS (Certs. [#3048][shs-3048])<p>Other algorithms: MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665][component-665])|
+
+<sup>\[4\]</sup> Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
+
+<sup>\[5\]</sup> Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
+
+<sup>\[6\]</sup> Applies only to Home, Pro, and Enterprise
+
+<sup>\[7\]</sup> Applies only to Pro, Enterprise, Mobile, and Surface Hub
+
+<sup>\[8\]</sup> Applies only to Enterprise and Enterprise LTSB
+
+</details>
+
+<details>
+<summary><b>Windows 10, version 1507</b></summary>
+
+Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.10240][sp-2605]|#[2606][certificate-2606]|FIPS approved algorithms: AES (Certs. [#3497][aes-3497]); DRBG (Certs. [#868][drbg-868]); DSA (Certs. [#983][dsa-983]); ECDSA (Certs. [#706][ecdsa-706]); HMAC (Certs. [#2233][hmac-2233]); KAS (Certs. [#64][kas-64]; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#66][kdf-66]); KTS (AES Certs. [#3507][aes-3507]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1783][rsa-1783], [#1798][rsa-1798], and [#1802][rsa-1802]); SHS (Certs. [#2886][shs-2886]); Triple-DES (Certs. [#1969][tdes-1969])<p>Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572][component-572]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#576][component-576]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#575][component-575])|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.10240][sp-2605]|[#2605][certificate-2605]|FIPS approved algorithms: AES (Certs. [#3497][aes-3497]); DRBG (Certs. [#868][drbg-868]); DSA (Certs. [#983][dsa-983]); ECDSA (Certs. [#706][ecdsa-706]); HMAC (Certs. [#2233][hmac-2233]); KAS (Certs. [#64][kas-64]; key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#66][kdf-66]); KTS (AES Certs. [#3507][aes-3507]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1783][rsa-1783], [#1798][rsa-1798], and [#1802][rsa-1802]); SHS (Certs. [#2886][shs-2886]); Triple-DES (Certs. [#1969][tdes-1969])<p>Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572][component-572]); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#576][component-576])|
+|Boot Manager<sup>[9]</sup>|[10.0.10240][sp-2600]|[#2600][certificate-2600]|FIPS approved algorithms: AES (Cert. [#3497][aes-3497]); HMAC (Cert. [#2233][hmac-2233]); KTS (AES Cert. [#3498][aes-3498]); PBKDF (vendor affirmed); RSA (Cert. [#1784][rsa-1784]); SHS (Certs. [#2871][shs-2871] and [#2886][shs-2886])<p>Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
+|BitLocker® Windows OS Loader (winload)<sup>[10]</sup>|[10.0.10240][sp-2601]|[#2601][certificate-2601]|FIPS approved algorithms: AES (Certs. [#3497][aes-3497] and [#3498][aes-3498]); RSA (Cert. [#1784][rsa-1784]); SHS (Cert. [#2871][shs-2871])<p>Other algorithms: MD5; NDRNG|
+|BitLocker® Windows Resume (winresume)<sup>[11]</sup>|[10.0.10240][sp-2602]|[#2602][certificate-2602]|FIPS approved algorithms: AES (Certs. [#3497][aes-3497] and [#3498][aes-3498]); RSA (Cert. [#1784][rsa-1784]); SHS (Cert. [#2871][shs-2871])<p>Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)<sup>[12]</sup>|[10.0.10240][sp-2603]|[#2603][certificate-2603]|FIPS approved algorithms: AES (Certs. [#3497][aes-3497] and [#3498][aes-3498])|
+|Code Integrity (ci.dll)|[10.0.10240][sp-2604]|[#2604][certificate-2604]|FIPS approved algorithms: RSA (Certs. [#1784][rsa-1784]); SHS (Certs. [#2871][shs-2871])<p>Other algorithms: AES (non-compliant); MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572][component-572])|
+|Secure Kernel Code Integrity (skci.dll)<sup>[13]</sup>|[10.0.10240][sp-2607]|[#2607][certificate-2607]|FIPS approved algorithms: RSA (Certs. [#1784][rsa-1784]); SHS (Certs. [#2871][shs-2871])<p>Other algorithms: MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572][component-572])|
+
+
+<sup>\[9\]</sup> Applies only to Home, Pro, Enterprise, and Enterprise LTSB
+
+<sup>\[10\]</sup> Applies only to Home, Pro, Enterprise, and Enterprise LTSB
+
+<sup>\[11\]</sup> Applies only to Home, Pro, Enterprise, and Enterprise LTSB
+
+<sup>\[12\]</sup> Applies only to Pro, Enterprise, and Enterprise LTSB
+
+<sup>\[13\]</sup> Applies only to Enterprise and Enterprise LTSB
+
+</details>
+
+<details>
+<summary><b>Windows 8.1</b></summary>
+
+Validated Editions: RT, Pro, Enterprise, Phone, Embedded
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[6.3.9600 6.3.9600.17031][sp-2357]|[#2357][certificate-2357]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); DRBG (Certs. [#489][drbg-489]); DSA (Cert. [#855][dsa-855]); ECDSA (Cert. [#505][ecdsa-505]); HMAC (Cert. [#1773][hmac-1773]); KAS (Cert. [#47][kas-47]); KBKDF (Cert. [#30][kdf-30]); PBKDF (vendor affirmed); RSA (Certs. [#1487][rsa-1487], [#1493, and #1519][rsa-1493]); SHS (Cert. [#2373][shs-2373]); Triple-DES (Cert. [#1692][tdes-1692])<p>Other algorithms: AES (Cert. [#2832][aes-2832], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#288][component-288]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289][component-289]); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#323][component-323])|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.3.9600 6.3.9600.17042][sp-2356]|[#2356][certificate-2356]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); DRBG (Certs. [#489][drbg-489]); ECDSA (Cert. [#505][ecdsa-505]); HMAC (Cert. [#1773][hmac-1773]); KAS (Cert. [#47][kas-47]); KBKDF (Cert. [#30][kdf-30]); PBKDF (vendor affirmed); RSA (Certs. [#1487][rsa-1487], [#1493, and #1519][rsa-1493]); SHS (Cert. [# 2373][shs-2373]); Triple-DES (Cert. [#1692][tdes-1692])<p>Other algorithms: AES (Cert. [#2832][aes-2832], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#288][component-288]); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289][component-289])|
+|Boot Manager|[6.3.9600 6.3.9600.17031][sp-2351]|[#2351][certificate-2351]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); HMAC (Cert. [#1773][hmac-1773]); PBKDF (vendor affirmed); RSA (Cert. [#1494][rsa-1494]); SHS (Certs. [# 2373][shs-2373] and [#2396][shs-2396])<p>Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
+|BitLocker® Windows OS Loader (winload)|[6.3.9600 6.3.9600.17031][sp-2352]|[#2352][certificate-2352]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); RSA (Cert. [#1494][rsa-1494]); SHS (Cert. [#2396][shs-2396])<p>Other algorithms: MD5; NDRNG|
+|BitLocker® Windows Resume (winresume)<sup>[14]</sup>|[6.3.9600 6.3.9600.17031][sp-2353]|[#2353][certificate-2353]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); RSA (Cert. [#1494][rsa-1494]); SHS (Certs. [# 2373][shs-2373] and [#2396][shs-2396])<p>Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)|[6.3.9600 6.3.9600.17031][sp-2354]|[#2354][certificate-2354]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832])<p>Other algorithms: N/A|
+|Code Integrity (ci.dll)|[6.3.9600 6.3.9600.17031][sp-2355]|[#2355][certificate-2355]|FIPS approved algorithms: RSA (Cert. [#1494][rsa-1494]); SHS (Cert. [# 2373][shs-2373])<p>Other algorithms: MD5<p>Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289][component-289])|
+
+<sup>\[14\]</sup> Applies only to Pro, Enterprise, and Embedded 8.
+
+</details>
+
+<details>
+<summary><b>Windows 8</b></summary>
+
+Validated Editions: RT, Home, Pro, Enterprise, Phone
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)|[6.2.9200][sp-1892]|[#1892][sp-1892]|FIPS approved algorithms: AES (Certs. [#2197][aes-2197] and [#2216][aes-2216]); DRBG (Certs. [#258][drbg-258]); DSA (Cert. [#687][dsa-687]); ECDSA (Cert. [#341][ecdsa-341]); HMAC (Cert. [#1345][hmac-1345]); KAS (Cert. [#36][kas-36]); KBKDF (Cert. [#3][kdf-3]); PBKDF (vendor affirmed); RSA (Certs. [#1133][rsa-1133] and [#1134][rsa-1134]); SHS (Cert. [#1903][shs-1903]); Triple-DES (Cert. [#1387][tdes-1387])<p>Other algorithms: AES (Cert. [#2197][aes-2197], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.2.9200][sp-1891]|[#1891][certificate-1891]|FIPS approved algorithms: AES (Certs. [#2197][aes-2197] and [#2216][aes-2216]); DRBG (Certs. [#258][drbg-258] and [#259][drbg-259]); ECDSA (Cert. [#341][ecdsa-341]); HMAC (Cert. [#1345][hmac-1345]); KAS (Cert. [#36][kas-36]); KBKDF (Cert. [#3][kdf-3]); PBKDF (vendor affirmed); RNG (Cert. [#1110][rng-1110]); RSA (Certs. [#1133][rsa-1133] and [#1134][rsa-1134]); SHS (Cert. [#1903][shs-1903]); Triple-DES (Cert. [#1387][tdes-1387])<p>Other algorithms: AES (Cert. [#2197][aes-2197], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)|
+|Boot Manager|[6.2.9200][sp-1895]|[#1895][sp-1895]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); HMAC (Cert. #[1347][hmac-1347]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])<p>Other algorithms: MD5|
+|BitLocker® Windows OS Loader (WINLOAD)|[6.2.9200][sp-1896]|[#1896][sp-1896]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])<p>Other algorithms: AES (Cert. [#2197][aes-2197]; non-compliant); MD5; Non-Approved RNG|
+|BitLocker® Windows Resume (WINRESUME)<sup>[15]</sup>|[6.2.9200][sp-1898]|[#1898][sp-1898]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])<p>Other algorithms: MD5|
+|BitLocker® Dump Filter (DUMPFVE.SYS)|[6.2.9200][sp-1899]|[#1899][sp-1899]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198])<p>Other algorithms: N/A|
+|Code Integrity (CI.DLL)|[6.2.9200][sp-1897]|[#1897][sp-1897]|FIPS approved algorithms: RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])<p>Other algorithms: MD5|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.2.9200][sp-1893]|[#1893][sp-1893]|FIPS approved algorithms: DSA (Cert. [#686][dsa-686]); SHS (Cert. [#1902][shs-1902]); Triple-DES (Cert. [#1386][tdes-1386]); Triple-DES MAC (Triple-DES Cert. [#1386][tdes-1386], vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. [#1386][tdes-1386], key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.2.9200][sp-1894]|[#1894][sp-1894]|FIPS approved algorithms: AES (Cert. [#2196][aes-2196]); HMAC (Cert. #1346); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1902][shs-1902]); Triple-DES (Cert. [#1386][tdes-1386])<p>Other algorithms: AES (Cert. [#2196][aes-2196], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. [#1386][tdes-1386], key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+
+<sup>\[15\]</sup> Applies only to Home and Pro
+
+</details>
+
+<details>
+<summary><b>Windows 7</b></summary>
+
+Validated Editions: Windows 7, Windows 7 SP1
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)|[6.1.7600.16385][sp-1329]<p>[6.1.7601.17514][sp-1329]|[1329][certificate-1329]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1178][aes-1178]); AES GCM (Cert. [#1168][aes-1168], vendor-affirmed); AES GMAC (Cert. [#1168][aes-1168], vendor-affirmed); DRBG (Certs. [#23][drbg-23] and [#24][drbg-24]); DSA (Cert. [#386][dsa-386]); ECDSA (Cert. [#141][ecdsa-141]); HMAC (Cert. [#677][hmac-677]); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. [#649][rng-649]); RSA (Certs. [#559][rsa-559] and [#560][rsa-560]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846])<p>Other algorithms: AES (Cert. [#1168][aes-1168], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.1.7600.16385][sp-1328]<p>[6.1.7600.16915][sp-1328]<p>[6.1.7600.21092][sp-1328]<p>[6.1.7601.17514][sp-1328]<p>[6.1.7601.17725][sp-1328]<p>[6.1.7601.17919][sp-1328]<p>[6.1.7601.21861][sp-1328]<p>[6.1.7601.22076][sp-1328]|[1328][certificate-1328]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1178][aes-1178]); AES GCM (Cert. [#1168][aes-1168], vendor-affirmed); AES GMAC (Cert. [#1168][aes-1168], vendor-affirmed); DRBG (Certs. [#23][drbg-23] and [#24][drbg-24]); ECDSA (Cert. [#141][ecdsa-141]); HMAC (Cert. [#677][hmac-677]); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. [#649][rng-649]); RSA (Certs. [#559][rsa-559] and [#560][rsa-560]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846])<p>Other algorithms: AES (Cert. [#1168][aes-1168], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4|
+|Boot Manager|[6.1.7600.16385][sp-1319]<p>[6.1.7601.17514][sp-1319]|[1319][certificate-1319]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); HMAC (Cert. [#675][hmac-675]); RSA (Cert. [#557][rsa-557]); SHS (Cert. [#1081][shs-1081])<p>Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)<p>Other algorithms: MD5|
+|Winload OS Loader (winload.exe)|[6.1.7600.16385][sp-1326]<p>[6.1.7600.16757][sp-1326]<p>[6.1.7600.20897][sp-1326]<p>[6.1.7600.20916][sp-1326]<p>[6.1.7601.17514][sp-1326]<p>[6.1.7601.17556][sp-1326]<p>[6.1.7601.21655][sp-1326]<p>[6.1.7601.21675][sp-1326]|[1326][certificate-1326]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); RSA (Cert. [#557][rsa-557]); SHS (Cert. [#1081][shs-1081])<p>Other algorithms: MD5|
+|BitLocker™ Drive Encryption|[6.1.7600.16385][sp-1332]<p>[6.1.7600.16429][sp-1332]<p>[6.1.7600.16757][sp-1332]<p>[6.1.7600.20536][sp-1332]<p>[6.1.7600.20873][sp-1332]<p>[6.1.7600.20897][sp-1332]<p>[6.1.7600.20916][sp-1332]<p>[6.1.7601.17514][sp-1332]<p>[6.1.7601.17556][sp-1332]<p>[6.1.7601.21634][sp-1332]<p>[6.1.7601.21655][sp-1332]<p>[6.1.7601.21675][sp-1332]|[1332][certificate-1332]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); HMAC (Cert. [#675][hmac-675]); SHS (Cert. [#1081][shs-1081])<p>Other algorithms: Elephant Diffuser|
+|Code Integrity (CI.DLL)|[6.1.7600.16385][sp-1327]<p>[6.1.7600.17122][sp-1327]v[6.1.7600.21320][sp-1327]<p>[6.1.7601.17514][sp-1327]<p>[6.1.7601.17950][sp-1327]v[6.1.7601.22108][sp-1327]|[1327][certificate-1327]|FIPS approved algorithms: RSA (Cert. [#557][rsa-557]); SHS (Cert. [#1081][shs-1081])<p>Other algorithms: MD5|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.1.7600.16385][sp-1331]<p>(no change in SP1)|[1331][certificate-1331]|FIPS approved algorithms: DSA (Cert. [#385][dsa-385]); RNG (Cert. [#649][rng-649]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846]); Triple-DES MAC (Triple-DES Cert. [#846][tdes-846], vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4|
+|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.1.7600.16385][sp-1330]<p>(no change in SP1)|[1330][certificate-1330]|FIPS approved algorithms: AES (Cert. [#1168][aes-1168]); DRBG (Cert. [#23][drbg-23]); HMAC (Cert. [#673][hmac-673]); SHS (Cert. [#1081][shs-1081]); RSA (Certs. [#557][rsa-557] and [#559][rsa-559]); Triple-DES (Cert. [#846][tdes-846])<p>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+
+</details>
+
+<details>
+<summary><b>Windows Vista SP1</b></summary>
+
+Validated Editions: Ultimate Edition
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Boot Manager (bootmgr)|[6.0.6001.18000 and 6.0.6002.18005][sp-978]|[978][certificate-978]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#760][aes-760]); HMAC (Cert. [#415][hmac-415]); RSA (Cert. [#354][rsa-354]); SHS (Cert. [#753][shs-753])|
+|Winload OS Loader (winload.exe)|[6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596][sp-979]|[979][certificate-979]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#760][aes-760]); RSA (Cert. [#354][rsa-354]); SHS (Cert. [#753][shs-753])<p>Other algorithms: MD5|
+|Code Integrity (ci.dll)|[6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005][sp-980]|[980][certificate-980]|FIPS approved algorithms: RSA (Cert. [#354][rsa-354]); SHS (Cert. [#753][shs-753])<p>Other algorithms: MD5|
+|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869][sp-1000]|[1000][certificate-1000]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#756][aes-756]); ECDSA (Cert. [#82][ecdsa-82]); HMAC (Cert. [#412][hmac-412]); RNG (Cert. [#435][rng-435] and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. [#353][rsa-353] and [#357][rsa-357]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Cryptographic Primitives Library (bcrypt.dll)|[6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872][sp-1002]|[1001][certificate-1001]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#756][aes-756]); DSA (Cert. [#283][dsa-283]); ECDSA (Cert. [#82][ecdsa-82]); HMAC (Cert. [#412][hmac-412]); RNG (Cert. [#435][rng-435] and SP 800-90, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#357][rsa-357]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)|
+|Enhanced Cryptographic Provider (RSAENH)|[6.0.6001.22202 and 6.0.6002.18005][sp-1002]|[1002][certificate-1002]|FIPS approved algorithms: AES (Cert. [#739][aes-739]); HMAC (Cert. [#407][hmac-407]); RNG (SP 800-90, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#354][rsa-354]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])<p>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6001.18000 and 6.0.6002.18005][sp-1003]|[1003][certificate-1003]|FIPS approved algorithms: DSA (Cert. [#281][dsa-281]); RNG (Cert. [#435][rng-435]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656]); Triple-DES MAC (Triple-DES Cert. [#656][tdes-656], vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4|
+
+</details>
+
+<details>
+<summary><b>Windows Vista</b></summary>
+
+Validated Editions: Ultimate Edition
+
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Enhanced Cryptographic Provider (RSAENH) | [6.0.6000.16386][sp-893] | [893][certificate-893] | FIPS approved algorithms: AES (Cert. [#553][aes-553]); HMAC (Cert. [#297][hmac-297]); RNG (Cert. [#321][rng-321]); RSA (Certs. [#255][rsa-255] and [#258][rsa-258]); SHS (Cert. [#618][shs-618]); Triple-DES (Cert. [#549][tdes-549])<br/><br/>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6000.16386][sp-894]|[894][certificate-894]|FIPS approved algorithms: DSA (Cert. [#226][dsa-226]); RNG (Cert. [#321][rng-321]); SHS (Cert. [#618][shs-618]); Triple-DES (Cert. [#549][tdes-549]); Triple-DES MAC (Triple-DES Cert. [#549][tdes-549], vendor affirmed)<br/><br/>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4|
+|BitLocker™ Drive Encryption|[6.0.6000.16386][sp-947]|[947][certificate-947]|FIPS approved algorithms: AES (Cert. [#715][aes-715]); HMAC (Cert. [#386][hmac-386]); SHS (Cert. [#737][shs-737])<br/><br/>Other algorithms: Elephant Diffuser|
+|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067][sp-891]|[891][certificate-891]|FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)<br/><br/>Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5|
+
+</details>
+
+<details>
+<summary><b>Windows XP SP3</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.1.2600.5512][sp-997]|[997][certificate-997]|FIPS approved algorithms: HMAC (Cert. [#429][shs-429]); RNG (Cert. [#449][rng-449]); SHS (Cert. [#785][shs-785]); Triple-DES (Cert. [#677][tdes-677]); Triple-DES MAC (Triple-DES Cert. [#677][tdes-677], vendor affirmed)<p>Other algorithms: DES; MD5; HMAC MD5|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.1.2600.5507][sp-990]|[990][certificate-990]|FIPS approved algorithms: DSA (Cert. [#292][dsa-292]); RNG (Cert. [#448][rng-448]); SHS (Cert. [#784][shs-784]); Triple-DES (Cert. [#676][tdes-676]); Triple-DES MAC (Triple-DES Cert. [#676][tdes-676], vendor affirmed)<p>Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4|
+|Enhanced Cryptographic Provider (RSAENH)|[5.1.2600.5507][sp-989]|[989][certificate-989]|FIPS approved algorithms: AES (Cert. [#781][aes-781]); HMAC (Cert. [#428][shs-428]); RNG (Cert. [#447][rng-447]); RSA (Cert. [#371][rsa-371]); SHS (Cert. [#783][shs-783]); Triple-DES (Cert. [#675][tdes-675]); Triple-DES MAC (Triple-DES Cert. [#675][tdes-675], vendor affirmed)<p>Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)|
+
+</details>
+
+<details>
+<summary><b>Windows XP SP2</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|DSS/Diffie-Hellman Enhanced Cryptographic Provider|[5.1.2600.2133][sp-240]|[240][certificate-240]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); DSA/SHA-1 (Cert. [#29][dsa-29])<p>Other algorithms: DES (Cert. [#66][des-66]); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)|
+|Microsoft Enhanced Cryptographic Provider|[5.1.2600.2161][sp-238]|[238][certificate-238]|FIPS approved algorithms: Triple-DES (Cert. [#81][tdes-81]); AES (Cert. [#33][aes-33]); SHA-1 (Cert. [#83][shs-83]); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. [#83][shs-83], vendor affirmed)<p>Other algorithms: DES (Cert. [#156][des-156]); RC2; RC4; MD5|
+
+
+</details>
+
+<details>
+<summary><b>Windows XP SP1</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Microsoft Enhanced Cryptographic Provider|[5.1.2600.1029][sp-238]|[238][certificate-238]|FIPS approved algorithms: Triple-DES (Cert. [#81][tdes-81]); AES (Cert. [#33][aes-33]); SHA-1 (Cert. [#83][shs-83]); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. [#83][shs-83], vendor affirmed)<p>Other algorithms: DES (Cert. [#156][des-156]); RC2; RC4; MD5|
+
+</details>
+
+<details>
+<summary><b>Windows XP</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module|[5.1.2600.0][sp-241]|[241][certificate-241]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); DSA/SHA-1 (Cert. [#35][dsa-35]); HMAC-SHA-1 (Cert. [#35][shs-35], vendor affirmed)<p>Other algorithms: DES (Cert. [#89][des-89])|
+
+</details>
+
+<details>
+<summary><b>Windows 2000 SP3</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.0.2195.1569][sp-106]|[106][certificate-106]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); SHA-1 (Certs. [#35][shs-35])<p>Other algorithms: DES (Certs. [#89][des-89])|
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[(Base DSS: 5.0.2195.3665 [SP3])][sp-103]<p>[(Base: 5.0.2195.3839 [SP3])][sp-103]<p>[(DSS/DH Enh: 5.0.2195.3665 [SP3])][sp-103]<p>[(Enh: 5.0.2195.3839 [SP3]][sp-103]|[103][certificate-103]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); DSA/SHA-1 (Certs. [#28][dsa-28] and [#29][dsa-29]); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5|
+
+</details>
+
+<details>
+<summary><b>Windows 2000 SP2</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.0.2195.1569][sp-106]|[106][certificate-106]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); SHA-1 (Certs. [#35][shs-35])<p>Other algorithms: DES (Certs. [#89][des-89])|
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[(Base DSS:][sp-103]<p>[5.0.2195.2228 [SP2])][sp-103]<p>[(Base:][sp-103]<p>[5.0.2195.2228 [SP2])][sp-103]<p>[(DSS/DH Enh:][sp-103]<p>[5.0.2195.2228 [SP2])][sp-103]<p>[(Enh:][sp-103]<p>[5.0.2195.2228 [SP2])][sp-103]|[103][certificate-103]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); DSA/SHA-1 (Certs. [#28][dsa-28] and [#29][dsa-29]); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5|
+
+</details>
+
+<details>
+<summary><b>Windows 2000 SP1</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|([Base DSS: 5.0.2150.1391 [SP1])][sp-103]<p>[(Base: 5.0.2150.1391 [SP1])][sp-103]<p>[(DSS/DH Enh: 5.0.2150.1391 [SP1])][sp-103]<p>[(Enh: 5.0.2150.1391 [SP1])][sp-103]|[103][certificate-103]|FIPS approved algorithms: Triple-DES (Cert. [#16][tdes-16]); DSA/SHA-1 (Certs. [#28][dsa-28] and [#29][dsa-29]); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5|
+
+</details>
+
+<details>
+<summary><b>Windows 2000</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[5.0.2150.1][sp-76]|[76][certificate-76]|FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. [#28][dsa-28] and [29][dsa-29]); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#65][des-65], [66][des-66], [67][des-67] and [68][des-68]); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)|
+
+</details>
+
+<details>
+<summary><b>Windows 95 and Windows 98</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[5.0.1877.6 and 5.0.1877.7][sp-75]|[75][certificate-75]|FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. [#20][shs-20] and [21][shs-21]); DSA/SHA-1 (Certs. [#25][dsa-25] and [26][dsa-26]); RSA (vendor- affirmed)<p>Other algorithms: DES (Certs. [#61][des-61], [62][des-62], [63][des-63] and [64][des-64]); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)|
+
+</details>
+
+<details>
+<summary><b>Windows NT 4.0</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Base Cryptographic Provider|[5.0.1877.6 and 5.0.1877.7][sp-68]|[68][certificate-68]|FIPS approved algorithms: SHA-1 (Certs. [#20][shs-20] and [21][shs-21]); DSA/SHA- 1 (Certs. [#25][dsa-25] and [26][dsa-26]); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#61][des-61], [62][des-62], [63][des-63] and [64][des-64]); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)|
+
+</details>
+
+### Modules used by Windows Server
+
+For more details, expand each operating system section.
+
+<br>
+<details>
+<summary><b>Windows Server 2019, version 1809</b></summary>
+
+Validated Editions: Standard, Datacenter
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.17763][sp-3197]|[#3197][certificate-3197]|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.17763][sp-3196]|[#3196][certificate-3196]|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.17763][sp-3644]|[#3644][certificate-3644]|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.17763][sp-3615]|[#3615][certificate-3615]|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.17763][sp-3651]|[#3651][certificate-3651]|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.17763][sp-3092]|[#3092][certificate-3092]|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.17763][sp-3089]|[#3089][certificate-3089]|See Security Policy and Certificate page for algorithm information|
+|Virtual TPM|[10.0.17763][sp-3690]|[#3690][certificate-3690]|See Security Policy and Certificate page for algorithm information|
+
+</details>
+
+<details>
+<summary><b>Windows Server, version 1803</b></summary>
+
+Validated Editions: Standard, Datacenter
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.17134][sp-3197]|[#3197][certificate-3197]|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.17134][sp-3196]|[#3196][certificate-3196]|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.17134][sp-3195]|[#3195][certificate-3195]|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.17134][sp-3480]|[#3480][certificate-3480]|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.17134][sp-3096]|[#3096][certificate-3096]|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.17134][sp-3092]|[#3092][certificate-3092]|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.17134][sp-3089]|[#3089][certificate-3089]|See Security Policy and Certificate page for algorithm information|
+
+</details>
+
+<details>
+<summary><b>Windows Server, version 1709</b></summary>
+
+Validated Editions: Standard, Datacenter
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library|[10.0.16299][sp-3197]|[#3197][certificate-3197]|See Security Policy and Certificate page for algorithm information|
+|Kernel Mode Cryptographic Primitives Library|[10.0.16299][sp-3196]|[#3196][certificate-3196]|See Security Policy and Certificate page for algorithm information|
+|Code Integrity|[10.0.16299][sp-3195]|[#3195][certificate-3195]|See Security Policy and Certificate page for algorithm information|
+|Windows OS Loader|[10.0.16299][sp-3194]|[#3194][certificate-3194]|See Security Policy and Certificate page for algorithm information|
+|Secure Kernel Code Integrity|[10.0.16299][sp-3096]|[#3096][certificate-3096]|See Security Policy and Certificate page for algorithm information|
+|BitLocker Dump Filter|[10.0.16299][sp-3092]|[#3092][certificate-3092]|See Security Policy and Certificate page for algorithm information|
+|Windows Resume|[10.0.16299][sp-3091]|[#3091][certificate-3091]|See Security Policy and Certificate page for algorithm information|
+|Boot Manager|[10.0.16299][sp-3089]|[#3089][certificate-3089]|See Security Policy and Certificate page for algorithm information|
+
+</details>
+
+<details>
+<summary><b>Windows Server 2016</b></summary>
+
+Validated Editions: Standard, Datacenter, Storage Server
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.14393][sp-2937]|[2937][certificate-2937]|FIPS approved algorithms: AES (Cert. [#4064][aes-4064]); DRBG (Cert. [#1217][drbg-1217]); DSA (Cert. [#1098][dsa-1098]); ECDSA (Cert. [#911][ecdsa-911]); HMAC (Cert. [#2651][hmac-2651]); KAS (Cert. [#92][kas-92]); KBKDF (Cert. [#101][kdf-101]); KTS (AES Cert. [#4062][aes-4062]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192][rsa-2192], [#2193, and #2195][rsa-2193]); SHS (Cert. [#3347][shs-3347]); Triple-DES (Cert. [#2227][tdes-2227])<p>Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.14393][sp-2936]|[2936][certificate-2936]|FIPS approved algorithms: AES (Cert. [#4064][aes-4064]); DRBG (Cert. [#1217][drbg-1217]); DSA (Cert. [#1098][dsa-1098]); ECDSA (Cert. [#911][ecdsa-911]); HMAC (Cert. [#2651][hmac-2651]); KAS (Cert. [#92][kas-92]); KBKDF (Cert. [#101][kdf-101]); KTS (AES Cert. [#4062][aes-4062]; key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192][rsa-2192], [#2193, and #2195][rsa-2193]); SHS (Cert. [#3347][shs-3347]); Triple-DES (Cert. [#2227][tdes-2227])<p>Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)|
+|Boot Manager|[10.0.14393][sp-2931]|[2931][certificate-2931]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); HMAC (Cert. [#2651][hmac-2651]); PBKDF (vendor affirmed); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])<p>Other algorithms: MD5; PBKDF (non-compliant); VMK KDF|
+|BitLocker® Windows OS Loader (winload)|[10.0.14393][sp-2932]|[2932][certificate-2932]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])<p>Other algorithms: NDRNG; MD5|
+|BitLocker® Windows Resume (winresume)|[10.0.14393][sp-2933]|[2933][certificate-2934]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064]); RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])<p>Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)|[10.0.14393][sp-2934]|[2934][certificate-2934]|FIPS approved algorithms: AES (Certs. [#4061][aes-4061] and [#4064][aes-4064])|
+|Code Integrity (ci.dll)|[10.0.14393][sp-2935]|[2935][certificate-2935]|FIPS approved algorithms: RSA (Cert. [#2193][rsa-2193]); SHS (Cert. [#3347][shs-3347])<p>Other algorithms: AES (non-compliant); MD5|
+|Secure Kernel Code Integrity (skci.dll)|[10.0.14393][sp-2938]|[2938][certificate-2938]|FIPS approved algorithms: RSA (Certs. [#2193][rsa-2193]); SHS (Certs. [#3347][shs-3347])<p>Other algorithms: MD5|
+
+</details>
+
+<details>
+<summary><b>Windows Server 2012 R2</b></summary>
+
+Validated Editions: Server, Storage Server,
+
+**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2**
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[6.3.9600 6.3.9600.17031][sp-2357]|[2357][certificate-2357]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); DRBG (Certs. [#489][drbg-489]); DSA (Cert. [#855][dsa-855]); ECDSA (Cert. [#505][ecdsa-505]); HMAC (Cert. [#1773][hmac-1773]); KAS (Cert. [#47][kas-47]); KBKDF (Cert. [#30][kdf-30]); PBKDF (vendor affirmed); RSA (Certs. [#1487][rsa-1487], [#1493, and #1519][rsa-1493]); SHS (Cert. [#2373][shs-2373]); Triple-DES (Cert. [#1692][tdes-1692])<p>Other algorithms: AES (Cert. [#2832][aes-2832], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.3.9600 6.3.9600.17042][sp-2356]|[2356][certificate-2356]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); DRBG (Certs. [#489][drbg-489]); ECDSA (Cert. [#505][ecdsa-505]); HMAC (Cert. [#1773][hmac-1773]); KAS (Cert. [#47][kas-47]); KBKDF (Cert. [#30][kdf-30]); PBKDF (vendor affirmed); RSA (Certs. [#1487][rsa-1487], [#1493, and #1519][rsa-1493]); SHS (Cert. [# 2373][shs-2373]); Triple-DES (Cert. [#1692][tdes-1692])<p>Other algorithms: AES (Cert. [#2832][aes-2832], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)|
+|Boot Manager|[6.3.9600 6.3.9600.17031][sp-2351]|[2351][certificate-2351]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); HMAC (Cert. [#1773][hmac-1773]); PBKDF (vendor affirmed); RSA (Cert. [#1494][rsa-1494]); SHS (Certs. [# 2373][shs-2373] and [#2396][shs-2396])<p>Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
+|BitLocker® Windows OS Loader (winload)|[6.3.9600 6.3.9600.17031][sp-2352]|[2352][certificate-2352]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); RSA (Cert. [#1494][rsa-1494]); SHS (Cert. [#2396][shs-2396])<p>Other algorithms: MD5; NDRNG|
+|BitLocker® Windows Resume (winresume)<sup>[16]</sup>|[6.3.9600 6.3.9600.17031][sp-2353]|[2353][certificate-2353]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832]); RSA (Cert. [#1494][rsa-1494]); SHS (Certs. [# 2373][shs-2373] and [#2396][shs-2396])<p>Other algorithms: MD5|
+|BitLocker® Dump Filter (dumpfve.sys)<sup>[17]</sup>|[6.3.9600 6.3.9600.17031][sp-2354]|[2354][certificate-2354]|FIPS approved algorithms: AES (Cert. [#2832][aes-2832])<p>Other algorithms: N/A|
+|Code Integrity (ci.dll)|[6.3.9600 6.3.9600.17031][sp-2355]|[2355][certificate-2355]|FIPS approved algorithms: RSA (Cert. [#1494][rsa-1494]); SHS (Cert. [# 2373][shs-2373])<p>Other algorithms: MD5|
+
+<sup>\[16\]</sup> Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+
+<sup>\[17\]</sup> Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
+
+</details>
+
+<details>
+<summary><b>Windows Server 2012</b></summary>
+
+Validated Editions: Server, Storage Server
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)|[6.2.9200][sp-1892]|[1892]|FIPS approved algorithms: AES (Certs. [#2197][aes-2197] and [#2216][aes-2216]); DRBG (Certs. [#258][drbg-258]); DSA (Cert. [#687][dsa-687]); ECDSA (Cert. [#341][ecdsa-341]); HMAC (Cert. #[1345][hmac-1345]); KAS (Cert. [#36][kas-36]); KBKDF (Cert. [#3][kdf-3]); PBKDF (vendor affirmed); RSA (Certs. [#1133][rsa-1133] and [#1134][rsa-1134]); SHS (Cert. [#1903][shs-1903]); Triple-DES (Cert. [#1387][tdes-1387])<p>Other algorithms: AES (Cert. [#2197][aes-2197], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.2.9200][sp-1891]|[1891][certificate-1891]|FIPS approved algorithms: AES (Certs. [#2197][aes-2197] and [#2216][aes-2216]); DRBG (Certs. [#258][drbg-258] and [#259][drbg-259]); ECDSA (Cert. [#341][ecdsa-341]); HMAC (Cert. [#1345][hmac-1345]); KAS (Cert. [#36][kas-36]); KBKDF (Cert. [#3][kdf-3]); PBKDF (vendor affirmed); RNG (Cert. [#1110][rng-1110]); RSA (Certs. [#1133][rsa-1133] and [#1134][rsa-1134]); SHS (Cert. [#1903][shs-1903]); Triple-DES (Cert. [#1387][tdes-1387])<p>Other algorithms: AES (Cert. [#2197][aes-2197], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)|
+|Boot Manager|[6.2.9200][sp-1895]|[1895][sp-1895]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); HMAC (Cert. #[1347][hmac-1347]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])<p>Other algorithms: MD5|
+|BitLocker® Windows OS Loader (WINLOAD)|[6.2.9200][sp-1896]|[1896][sp-1896]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])<p>Other algorithms: AES (Cert. [#2197][aes-2197]; non-compliant); MD5; Non-Approved RNG|
+|BitLocker® Windows Resume (WINRESUME)|[6.2.9200][sp-1898]|[1898][sp-1898]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])<p>Other algorithms: MD5|
+|BitLocker® Dump Filter (DUMPFVE.SYS)|[6.2.9200][sp-1899]|[1899][sp-1899]|FIPS approved algorithms: AES (Certs. [#2196][aes-2196] and [#2198][aes-2198])<p>Other algorithms: N/A|
+|Code Integrity (CI.DLL)|[6.2.9200][sp-1897]|[1897][sp-1897]|FIPS approved algorithms: RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1903][shs-1903])<p>Other algorithms: MD5|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.2.9200][sp-1893]|[1893][sp-1893]|FIPS approved algorithms: DSA (Cert. [#686][dsa-686]); SHS (Cert. [#1902][shs-1902]); Triple-DES (Cert. [#1386][tdes-1386]); Triple-DES MAC (Triple-DES Cert. [#1386][tdes-1386], vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. [#1386][tdes-1386], key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.2.9200][sp-1894]|[1894][sp-1894]|FIPS approved algorithms: AES (Cert. [#2196][aes-2196]); HMAC (Cert. [#1346][hmac-1346]); RSA (Cert. [#1132][rsa-1132]); SHS (Cert. [#1902][shs-1902]); Triple-DES (Cert. [#1386][tdes-1386])<p>Other algorithms: AES (Cert. [#2196][aes-2196], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. [#1386][tdes-1386], key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+</details>
+
+<details>
+<summary><b>Windows Server 2008 R2</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Boot Manager (bootmgr)|[6.1.7600.16385 or 6.1.7601.17514][sp-1321]|[1321][certificate-1321]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); HMAC (Cert. [#675][hmac-675]); RSA (Cert. [#568][rsa-568]); SHS (Cert. [#1081][shs-1081])<p>Other algorithms: MD5|
+|Winload OS Loader (winload.exe)|[6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675][sp-1333]|[1333][certificate-1333]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); RSA (Cert. [#568][rsa-568]); SHS (Cert. [#1081][shs-1081])<p>Other algorithms: MD5|
+|Code Integrity (ci.dll)|[6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108][sp-1334]|[1334][certificate-1334]|FIPS approved algorithms: RSA (Cert. [#568][rsa-568]); SHS (Cert. [#1081][shs-1081])<p>Other algorithms: MD5|
+|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076][sp-1335]|[1335][certificate-1335]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); AES GCM (Cert. [#1168][aes-1168], vendor-affirmed); AES GMAC (Cert. [#1168][aes-1168], vendor-affirmed); DRBG (Certs. [#23][drbg-23] and [#27][drbg-27]); ECDSA (Cert. [#142][ecdsa-142]); HMAC (Cert. [#686][hmac-686]); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. [#649][rng-649]); RSA (Certs. [#559][rsa-559] and [#567][rsa-567]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846])<p>Other algorithms: AES (Cert. [#1168][aes-1168], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4|
+|Cryptographic Primitives Library (bcryptprimitives.dll)|[66.1.7600.16385 or 6.1.7601.17514][sp-1336]|[1336][certificate-1336]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); AES GCM (Cert. [#1168][aes-1168], vendor-affirmed); AES GMAC (Cert. [#1168][aes-1168], vendor-affirmed); DRBG (Certs. [#23][drbg-23] and [#27][drbg-27]); DSA (Cert. [#391][dsa-391]); ECDSA (Cert. [#142][ecdsa-142]); HMAC (Cert. [#686][hmac-686]); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. [#649][rng-649]); RSA (Certs. [#559][rsa-559] and [#567][rsa-567]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846])<p>Other algorithms: AES (Cert. [#1168][aes-1168], key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4|
+|Enhanced Cryptographic Provider (RSAENH)|[6.1.7600.16385][sp-1337]|[1337][certificate-1337]|FIPS approved algorithms: AES (Cert. [#1168][aes-1168]); DRBG (Cert. [#23][drbg-23]); HMAC (Cert. [#687][hmac-687]); SHS (Cert. [#1081][shs-1081]); RSA (Certs. [#559][rsa-559] and [#568][rsa-568]); Triple-DES (Cert. [#846][tdes-846])<p>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.1.7600.16385][sp-1338]|[1338][certificate-1338]|FIPS approved algorithms: DSA (Cert. [#390][dsa-390]); RNG (Cert. [#649][rng-649]); SHS (Cert. [#1081][shs-1081]); Triple-DES (Cert. [#846][tdes-846]); Triple-DES MAC (Triple-DES Cert. [#846][tdes-846], vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4|
+|BitLocker™ Drive Encryption|[6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675][sp-1339]|[1339][certificate-1339]|FIPS approved algorithms: AES (Certs. [#1168][aes-1168] and [#1177][aes-1177]); HMAC (Cert. [#675][hmac-675]); SHS (Cert. [#1081][shs-1081])<p>Other algorithms: Elephant Diffuser|
+
+</details>
+
+<details>
+<summary><b>Windows Server 2008</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Boot Manager (bootmgr)|[6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497][sp-1004]|[1004][certificate-1004]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#760][aes-760]); HMAC (Cert. [#415][hmac-415]); RSA (Cert. [#355][rsa-355]); SHS (Cert. [#753][shs-753])<p>Other algorithms: N/A|
+|Winload OS Loader (winload.exe)|[6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596][sp-1005]|[1005][certificate-1005]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#760][aes-760]); RSA (Cert. [#355][rsa-355]); SHS (Cert. [#753][shs-753])<p>Other algorithms: MD5|
+|Code Integrity (ci.dll)|[6.0.6001.18000 and 6.0.6002.18005][sp-1006]|[1006][certificate-1006]|FIPS approved algorithms: RSA (Cert. [#355][rsa-355]); SHS (Cert. [#753][shs-753])<p>Other algorithms: MD5|
+|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869][sp-1007]|[1007][certificate-1007]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#757][aes-757]); ECDSA (Cert. [#83][ecdsa-83]); HMAC (Cert. [#413][hmac-413]); RNG (Cert. [#435][rng-435] and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#358][rsa-358]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+|Cryptographic Primitives Library (bcrypt.dll)|[6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872][sp-1008]|[1008][certificate-1008]|FIPS approved algorithms: AES (Certs. [#739][aes-739] and [#757][aes-757]); DSA (Cert. [#284][dsa-284]); ECDSA (Cert. [#83][ecdsa-83]); HMAC (Cert. [#413][hmac-413]); RNG (Cert. [#435][rng-435] and SP800-90, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#358][rsa-358]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6001.18000 and 6.0.6002.18005][sp-1009]|[1009][certificate-1009]|FIPS approved algorithms: DSA (Cert. [#282][dsa-282]); RNG (Cert. [#435][rng-435]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656]); Triple-DES MAC (Triple-DES Cert. [#656][tdes-656], vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4|
+|Enhanced Cryptographic Provider (RSAENH)|[6.0.6001.22202 and 6.0.6002.18005][sp-1010]|[1010][certificate-1010]|FIPS approved algorithms: AES (Cert. [#739][aes-739]); HMAC (Cert. [#408][hmac-408]); RNG (SP 800-90, vendor affirmed); RSA (Certs. [#353][rsa-353] and [#355][rsa-355]); SHS (Cert. [#753][shs-753]); Triple-DES (Cert. [#656][tdes-656])<p>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+
+</details>
+
+<details>
+<summary><b>Windows Server 2003 SP2</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.3959][sp-875]|[875][certificate-875]|FIPS approved algorithms: DSA (Cert. [#221][dsa-221]); RNG (Cert. [#314][rng-314]); RSA (Cert. [#245][rsa-245]); SHS (Cert. [#611][shs-611]); Triple-DES (Cert. [#543][tdes-543])<p>Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4|
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.3959][sp-869]|[869][certificate-869]|FIPS approved algorithms: HMAC (Cert. [#287][hmac-287]); RNG (Cert. [#313][rng-313]); SHS (Cert. [#610][shs-610]); Triple-DES (Cert. [#542][tdes-542])<p>Other algorithms: DES; HMAC-MD5|
+|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.3959][sp-868]|[868][certificate-868]|FIPS approved algorithms: AES (Cert. [#548][aes-548]); HMAC (Cert. [#289][hmac-289]); RNG (Cert. [#316][rng-316]); RSA (Cert. [#245][rsa-245]); SHS (Cert. [#613][shs-613]); Triple-DES (Cert. [#544][tdes-544])<p>Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
+
+</details>
+
+<details>
+<summary><b>Windows Server 2003 SP1</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.1830 [SP1]][sp-405]|[405][certificate-405]|FIPS approved algorithms: Triple-DES (Certs. [#201][tdes-201][1] and [#370][tdes-370][1]); SHS (Certs. [#177][shs-177][1] and [#371][shs-371][2])<p>Other algorithms: DES (Cert. [#230][des-230][1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)<p>[1] x86<p>[2] SP1 x86, x64, IA64|
+|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.1830 [Service Pack 1])][sp-382]|[382][certificate-382]|FIPS approved algorithms: Triple-DES (Cert. [#192][tdes-192][1] and [#365][tdes-365][2]); AES (Certs. [#80][aes-80][1] and [#290][aes-290][2]); SHS (Cert. [#176][shs-176][1] and [#364][shs-364][2]); HMAC (Cert. [#176][shs-176], vendor affirmed[1] and [#99][hmac-99][2]); RSA (PKCS#1, vendor affirmed[1] and [#81][rsa-81][2])<p>Other algorithms: DES (Cert. [#226][des-226][1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5<p>[1] x86<p>[2] SP1 x86, x64, IA64|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.1830 [Service Pack 1]][sp-381]|[381][certificate-381]|FIPS approved algorithms: Triple-DES (Certs. [#199][tdes-199][1] and [#381][tdes-381][2]); SHA-1 (Certs. [#181][shs-181][1] and [#385][shs-385][2]); DSA (Certs. [#95][dsa-95][1] and [#146][dsa-146][2]); RSA (Cert. [#81][rsa-81])<p>Other algorithms: DES (Cert. [#229][des-229][1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40<p>[1] x86<p>[2] SP1 x86, x64, IA64|
+
+</details>
+
+<details>
+<summary><b>Windows Server 2003</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.0][sp-405]|[405][certificate-405]|FIPS approved algorithms: Triple-DES (Certs. [#201][tdes-201][1] and [#370][tdes-370][1]); SHS (Certs. [#177][shs-177][1] and [#371][shs-371][2])<p>Other algorithms: DES (Cert. [#230][des-230] [1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)<p>[1] x86<p>[2] SP1 x86, x64, IA64|
+|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.0][sp-382]|[382][certificate-382]|FIPS approved algorithms: Triple-DES (Cert. [#192][tdes-192][1] and [#365][tdes-365][2]); AES (Certs. [#80][aes-80][1] and [#290][aes-290][2]); SHS (Cert. [#176][shs-176][1] and [#364][shs-364][2]); HMAC (Cert. [#176][shs-176], vendor affirmed[1] and [#99][hmac-99][2]); RSA (PKCS#1, vendor affirmed[1] and [#81][rsa-81][2])<p>Other algorithms: DES (Cert. [#226][des-226][1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5<p>[1] x86<p>[2] SP1 x86, x64, IA64|
+|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.0][sp-381]|[381][certificate-381]|FIPS approved algorithms: Triple-DES (Certs. [#199][tdes-199][1] and [#381][tdes-381][2]); SHA-1 (Certs. [#181][shs-181][1] and [#385][shs-385][2]); DSA (Certs. [#95][dsa-95][1] and [#146][dsa-146][2]); RSA (Cert. [#81][rsa-81])<p>Other algorithms: DES (Cert. [#229][des-229][1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40<p>[1] x86<p>[2] SP1 x86, x64, IA64|
+
+</details>
+
+## Other Products
+
+For more details, expand each product section.
+
+<br>
+<details>
+<summary><b>Windows Embedded Compact 7 and Windows Embedded Compact 8</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Enhanced Cryptographic Provider|[7.00.2872 [1] and 8.00.6246 [2]][sp-2957]|[2957][certificate-2957]|FIPS approved algorithms: AES (Certs.[#4433][aes-4433]and[#4434][aes-4434]); CKG (vendor affirmed); DRBG (Certs.[#1432][drbg-1432]and[#1433][drbg-1433]); HMAC (Certs.[#2946][hmac-2946]and[#2945][hmac-2945]); RSA (Certs.[#2414][rsa-2414]and[#2415][rsa-2415]); SHS (Certs.[#3651][shs-3651]and[#3652][shs-3652]); Triple-DES (Certs.[#2383][tdes-2383]and[#2384][tdes-2384])<p>Allowed algorithms: HMAC-MD5, MD5, NDRNG|
+|Cryptographic Primitives Library (bcrypt.dll)|[7.00.2872 [1] and 8.00.6246 [2]][sp-2956]|[2956][certificate-2956]|FIPS approved algorithms: AES (Certs.[#4430][aes-4430]and[#4431][aes-4431]); CKG (vendor affirmed); CVL (Certs.[#1139][component-1139]and[#1140][component-1140]); DRBG (Certs.[#1429][drbg-1429]and[#1430][drbg-1430]); DSA (Certs.[#1187][dsa-1187]and[#1188][dsa-1188]); ECDSA (Certs.[#1072][ecdsa-1072]and[#1073][ecdsa-1073]); HMAC (Certs.[#2942][hmac-2942]and[#2943][hmac-2943]); KAS (Certs.[#114][kas-114]and[#115][kas-115]); RSA (Certs.[#2411][rsa-2411]and[#2412][rsa-2412]); SHS (Certs.[#3648][shs-3648]and[#3649][shs-3649]); Triple-DES (Certs.[#2381][tdes-2381]and[#2382][tdes-2382])<p>Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength|
+
+</details>
+
+<details>
+<summary><b>Windows CE 6.0 and Windows Embedded Compact 7</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Enhanced Cryptographic Provider|[6.00.1937 [1] and 7.00.1687 [2]][sp-825]|[825][certificate-825]|FIPS approved algorithms: AES (Certs. [#516][aes-516] [1] and [#2024][aes-2024] [2]); HMAC (Certs. [#267][shs-267] [1] and [#1227][hmac-1227] [2]); RNG (Certs. [#292][rng-292] [1] and [#1060][rng-1060] [2]); RSA (Cert. [#230][rsa-230] [1] and [#1052][rsa-1052] [2]); SHS (Certs. [#589][shs-589] [1] and #1774 [2]); Triple-DES (Certs. [#526][tdes-526] [1] and [#1308][tdes-1308] [2])<p>Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES|
+
+</details>
+
+<details>
+<summary><b>Outlook Cryptographic Provider</b></summary>
+
+|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
+|--- |--- |--- |--- |
+|Outlook Cryptographic Provider (EXCHCSP)|[SR-1A (3821)][sp-110]|[110][certificate-110]|FIPS approved algorithms: Triple-DES (Cert. [#18][tdes-18]); SHA-1 (Certs. [#32][shs-32]); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#91][des-91]); DES MAC; RC2; MD2; MD5|
+
+</details>
+
+## Cryprtographic algorithms
+
+The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.\
+For more details, expand each algorithm section.
+
+<br>
+<details>
+<summary><b>Advanced Encryption Standard (AES)</b></summary>
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|<p>AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-OFB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)|Microsoft Surface Hub Virtual TPM Implementations [#4904][aes-4904]<p>Version 10.0.15063.674|
+|<p>AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-OFB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#4903][aes-4903]<p>Version 10.0.16299|
+|<p>AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CCM:<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)<li>IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB8:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CMAC:<li>Generation:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>Verification:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-ECB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-GCM:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 96, 104, 112, 120, 128 (bits)<li>Plain Text Lengths: 0, 8, 1016, 1024 (bits)<li>Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)<li>96 bit IV supported<p>AES-XTS:<li>Key Size: 128:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full<li>Key Size: 256:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#4902][aes-4902]<p>Version 10.0.15063.674|
+|<p>AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CCM:<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)<li>IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB8:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CMAC:<li>Generation:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<li>Verification:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-ECB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-GCM:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 96, 104, 112, 120, 128 (bits)<li>Plain Text Lengths: 0, 8, 1016, 1024 (bits)<li>Additional authenticated data lengths: 0, 8, 1016, 1024 (bits),96 bit IV supported<p>AES-XTS:<li>Key Size: 128:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full<li>Key Size: 256:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#4901][aes-4901]<p>Version 10.0.15254|
+|AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CCM:<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)<li>IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB8:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CMAC:<li>Generation:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>Verification:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-ECB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-GCM:<li>Modes: Decrypt, Encrypt<li>IV Generation: External<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 96, 104, 112, 120, 128 (bits)<li>Plain Text Lengths: 0, 8, 1016, 1024 (bits)<li>Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)<li>96 bit IV supported<p>AES-XTS:<li>Key Size: 128:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full<li>Key Size: 256:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#4897][aes-4897]<p>Version 10.0.16299|
+|AES-KW:<li>Modes: Decrypt, Encrypt<li>CIPHK transformation direction: Forward<li>Key Lengths: 128, 192, 256 (bits)<li>Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)<p>AES [validation number 4902][aes-4902]|Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations [#4900][aes-4900]<p>Version 10.0.15063.674|
+|AES-KW:<li>Modes: Decrypt, Encrypt<li>CIPHK transformation direction: Forward<li>Key Lengths: 128, 192, 256 (bits)<li>Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)<p>AES [validation number 4901][aes-4901]|Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations [#4899][aes-4899]<p>Version 10.0.15254|
+|AES-KW:<li>Modes: Decrypt, Encrypt<li>CIPHK transformation direction: Forward<li>Key Lengths: 128, 192, 256 (bits)<li>Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)<p>AES [validation number 4897][aes-4897]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations [#4898][aes-4898]<p>Version 10.0.16299|
+|AES-CCM:<li>Key Lengths: 256 (bits)<li>Tag Lengths: 128 (bits)<li>IV Lengths: 96 (bits)<li>Plain<li>Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES [validation number 4902][aes-4902]|Microsoft Surface Hub BitLocker(R) Cryptographic Implementations [#4896][aes-4896]<p>Version 10.0.15063.674|
+|AES-CCM:<li>Key Lengths: 256 (bits)<li>Tag Lengths: 128 (bits)<li>IV Lengths: 96 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES [validation number 4901][aes-4901]|Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations [#4895][aes-4895]<p>Version 10.0.15254|
+|AES-CCM:<li>Key Lengths: 256 (bits)<li>Tag Lengths: 128 (bits)<li>IV Lengths: 96 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES [validation number 4897][aes-4897]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations [#4894][aes-4894]<p>Version 10.0.16299|
+|**CBC** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256);<p>**OFB** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#4627][aes-4627]<p>Version 10.0.15063|
+|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)<p>AES [validation number 4624][aes-4624]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations [#4626][aes-4626]<p>Version 10.0.15063|
+|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 4624][aes-4624]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations [#4625][aes-4625]<p>Version 10.0.15063|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)<p>**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC** (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)<p>**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)<p>IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported<p>GMAC supported<p>**XTS**((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#4624][aes-4624]<p>Version 10.0.15063|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#4434][aes-4434]<p>Version 7.00.2872|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#4433][aes-4433]<p>Version 8.00.6246|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#4431][aes-4431]<p>Version 7.00.2872|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#4430][aes-4430]<p>Version 8.00.6246|
+|**CBC** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256);<p>**OFB** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#4074][aes-4074]<p>Version 10.0.14393|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)<p>**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC (Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)<p>**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)<p>**IV Generated:**  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported<p>GMAC supported<p>**XTS((KS: XTS_128**((e/d)(f)) **KS: XTS_256**((e/d)(f))|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#4064][aes-4064]<p>Version 10.0.14393|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#4063][aes-4063]<p>Version 10.0.14393|
+|**KW**  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)<p>AES [validation number 4064][aes-4064]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#4062][aes-4062]<p>Version 10.0.14393|
+|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 4064][aes-4064]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations [#4061][aes-4061]<p>Version 10.0.14393|
+|**KW**  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)<p>AES [validation number 3629][aes-3629]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" Cryptography Next Generation (CNG) Implementations [#3652][aes-3652]<p>Version 10.0.10586|
+|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 3629][aes-3629]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" BitLocker® Cryptographic Implementations [#3653][aes-3653]<p>Version 10.0.10586|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" RSA32 Algorithm Implementations [#3630][aes-3630]<p>Version 10.0.10586|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)<p>**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC (Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)<p>**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)v**IV Generated:**  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported<p>GMAC supported<p>**XTS((KS: XTS_128**((e/d) (f)) **KS: XTS_256**((e/d) (f))|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" SymCrypt Cryptographic Implementations [#3629][aes-3629]<p>Version 10.0.10586|
+|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)<p>AES [validation number 3497][aes-3497]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#3507][aes-3507]<p>Version 10.0.10240|
+|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 3497][aes-3497]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations [#3498][aes-3498]<p>Version 10.0.10240|
+|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)<p>**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC(Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)<p>**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)<p>**IV Generated:**  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96 bit IV supported<p>GMAC supported<p>**XTS((KS: XTS_128**((e/d)(f)) **KS: XTS_256**((e/d)(f))|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#3497][aes-3497]<p>Version 10.0.10240|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#3476][aes-3476]<p>Version 10.0.10240|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#2853][aes-2853]<p>Version 6.3.9600|
+|**CCM (KS: 256)** (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 2832][aes-2832]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations [#2848][aes-2848]<p>Version 6.3.9600|
+|**CCM (KS: 128, 192, 256)** (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC (Generation/Verification) (KS: 128**; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)<p>**GCM (KS: AES_128**(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>**(KS: AES_256**(e/d) Tag Length(s): 128 120 112 104 96)<p>**IV Generated:**  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96 bit IV supported;<p>**OtherIVLen_Supported<p>GMAC supported**|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #[2832][aes-2832]<p>Version 6.3.9600|
+|**CCM (KS: 128, 192, 256**) **(Assoc. Data Len Range**: 0-0, 2^16) **(Payload Length Range**: 0 - 32 (**Nonce Length(s)**: 7 8 9 10 11 12 13 **(Tag Length(s)**: 4 6 8 10 12 14 16)<p>AES [validation number 2197][aes-2197]<p>**CMAC** (Generation/Verification) **(KS: 128;** Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16) **(KS: 192**; Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16) **(KS: 256**; Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16)<p>AES [validation number 2197][aes-2197]<p>**GCM(KS: AES_128**(e/d) Tag Length(s): 128 120 112 104 96) **(KS: AES_192**(e/d) Tag Length(s): 128 120 112 104 96)<p>**(KS: AES_256**(e/d) Tag Length(s): 128 120 112 104 96)<p>**IV Generated:** (Externally); **PT Lengths Tested:** (0, 128, 1024, 8, 1016); **Additional authenticated data lengths tested:** (0, 128, 1024, 8, 1016); **IV Lengths Tested:** (8, 1024); **96 bit IV supported<p>GMAC supported**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#2216][aes-2216]|
+|**CCM (KS: 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 0 - 32 (**Nonce Length(s)**: 12 **(Tag Length(s)**: 16)<p>AES [validation number 2196][aes-2196]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations [#2198][aes-2198]|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#2197][aes-2197]|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#2196][aes-2196]|
+|**CCM (KS: 128, 192, 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 0 - 32 **(Nonce Length(s):** 7 8 9 10 11 12 13 **(Tag Length(s): **4 6 8 10 12 14 16**)**<p>AES [validation number 1168][aes-1168]|Windows Server 2008 R2 and SP1 CNG algorithms [#1187][aes-1187]<p>Windows 7 Ultimate and SP1 CNG algorithms [#1178][aes-1178]|
+|**CCM (KS: 128, 256) (Assoc. Data Len Range: **0 - 8**) (Payload Length Range:** 4 - 32 **(Nonce Length(s):** 7 8 12 13 **(Tag Length(s): **4 6 8 14 16**)**<p>AES [validation number 1168][aes-1168]|Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations [#1177][aes-1177]|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1168][aes-1168]|
+|**GCM**<p>**GMAC**|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1168][aes-1168], vendor-affirmed|
+|**CCM (KS: 128, 256) (Assoc. Data Len Range: **0 - 8**) (Payload Length Range:** 4 - 32 **(Nonce Length(s):** 7 8 12 13 **(Tag Length(s): **4 6 8 14 16**)**|Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations [#760][aes-760]|
+|**CCM (KS: 128, 192, 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 1 - 32 **(Nonce Length(s):** 7 8 9 10 11 12 13 **(Tag Length(s):** 4 6 8 10 12 14 16**)**|Windows Server 2008 CNG algorithms [#757][aes-757]<p>Windows Vista Ultimate SP1 CNG algorithms [#756][aes-756]|
+|**CBC** (e/d; 128, 256);<p>**CCM** (**KS: 128, 256**) (**Assoc. Data Len Range**: 0 - 8) (**Payload Length Range**: 4 - 32 (**Nonce Length(s)**: 7 8 12 13 (**Tag Length(s)**: 4 6 8 14 16)|Windows Vista Ultimate BitLocker Drive Encryption [#715][aes-715]<p>Windows Vista Ultimate BitLocker Drive Encryption [#424][aes-424]|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#739][aes-739]<p>Windows Vista Symmetric Algorithm Implementation [#553][aes-553]|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#2023][aes-2023]|
+|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#2024][aes-2024]<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#818][aes-818]<p>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#781][aes-781]<p>Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#548][aes-548]<p>Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#516][aes-516]<p>Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) [#507][aes-507]<p>Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#290][aes-290]<p>Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) [#224][aes-224]<p>Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#80][aes-80]<p>Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) [#33][aes-33]|
+
+</details>
+
+<details>
+<summary><b>Component</b></summary>
+
+|**Publication / Component Validated / Description**|**Implementation and Certificate #**|
+|--- |--- |
+|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1540][component-1540]<p>Version 6.3.9600|
+|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Microsoft Surface Hub Virtual TPM Implementations [#1519][component-1519]<p>Version 10.0.15063.674|
+|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1518][component-1518]<p>Version 10.0.16299|
+|RSADP:<p>Modulus Size: 2048 (bits)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1517][component-1517]<p>Version 10.0.15063.674|
+|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1516][component-1516]<p>Version 10.0.15063.674|
+|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1732][drbg-1732]|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1515][component-1515]<p>Version 10.0.15063.674|
+|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1732][drbg-1732]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1514][component-1514]<p>Version 10.0.15063.674|
+|RSADP:<p>Modulus Size: 2048 (bits)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1513][component-1513]<p>Version 10.0.15063.674|
+|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1512][component-1512]<p>Version 10.0.15063.674|
+|<p>IKEv1:<li>Methods: Digital Signature, Pre-shared Key, Public Key Encryption<li>Pre-shared Key Length: 64-2048<p>Diffie-Hellman shared secrets:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4011][shs-4011], HMAC [#3269][hmac-3269]<p>IKEv2:<li>Derived Keying Material length: 192-1792<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4011][shs-4011], HMAC [#3269][hmac-3269]<p>TLS:<li>Supports TLS 1.0/1.1<li>Supports TLS 1.2:<p>SHA Functions: SHA-256, SHA-384<p>Prerequisite: SHS [#4011][shs-4011], HMAC [#3269][hmac-3269]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1511][component-1511]<p>Version 10.0.15063.674|
+|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1510][component-1510]<p>Version 10.0.15254|
+|RSADP:<p>Modulus Size: 2048 (bits)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1509][component-1509]<p>Version 10.0.15254|
+|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1508][component-1508]<p>Version 10.0.15254|
+|<p>IKEv1:<li>Methods: Digital Signature, Pre-shared Key, Public Key Encryption<li>Pre-shared Key Length: 64-2048<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4010][shs-4010], HMAC [#3268][hmac-3268]<p>IKEv2:<li>Derived Keying Material length: 192-1792<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4010][shs-4010], HMAC [#3268][hmac-3268]<p>TLS:<li>Supports TLS 1.0/1.1<li>Supports TLS 1.2:<p>SHA Functions: SHA-256, SHA-384<p>Prerequisite: SHS [#4010][shs-4010], HMAC [#3268][hmac-3268]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1507][component-1507]<p>Version 10.0.15254|
+|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1506][component-1506]<p>Version 10.0.15254|
+|RSADP:<p>Modulus Size: 2048 (bits)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1505][component-1505]<p>Version 10.0.15254|
+|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1504][component-1504]<p>Version 10.0.15254|
+|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1503][component-1503]<p>Version 10.0.16299|
+|RSADP:<p>Modulus Size: 2048 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1502][component-1502]<p>Version 10.0.16299|
+|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1501][component-1501]<p>Version 10.0.16299|
+|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1499][component-1499]<p>Version 10.0.16299|
+|RSADP:<p>Modulus Size: 2048 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1498][component-1498]<p>Version 10.0.16299|
+|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  [#1497][component-1497]<p>Version 10.0.16299|
+|<p>IKEv1:<li>Methods: Digital Signature, Pre-shared Key, Public Key Encryption<li>Pre-shared Key Length: 64-2048<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4009][shs-4009], HMAC [#3267][hmac-3267]<p>IKEv2:<li>Derived Keying Material length: 192-1792<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4009][shs-4009], HMAC [#3267][hmac-3267]<p>TLS:<li>Supports TLS 1.0/1.1<li>Supports TLS 1.2:<p>SHA Functions: SHA-256, SHA-384<p>Prerequisite: SHS [#4009][shs-4009], HMAC [#3267][hmac-3267]|Windows 10 Home, Pro, Enterprise, Education,Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  [#1496][component-1496]<p>Version 10.0.16299|
+|FIPS186-4 ECDSA<p>Signature Generation of hash sized messages<p>ECDSA SigGen Component: CURVES(P-256 P-384 P-521)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1284][component-1284]<p>Version 10.0. 15063<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1279][component-1279]<p>Version 10.0. 15063<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#922][component-922]<p>Version 10.0.14393<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#894][component-894]<p>Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations [#666][component-666]<p>Version 10.0.10586<p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#288][component-288]<p>Version 6.3.9600|
+|FIPS186-4 RSA; PKCS#1 v2.1<p>RSASP1 Signature Primitive<p>RSASP1: (Mod2048: PKCS1.5 PKCSPSS)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1285][component-1285]<p>Version 10.0.15063<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1282][component-1282]<p>Version 10.0.15063<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1280][component-1280]<p>Version 10.0.15063<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#893][component-893]<p>Version 10.0.14393<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#888][component-888]<p>Version 10.0.14393<p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations [#665][component-665]<p>Version 10.0.10586<p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#572][component-572]<p>Version  10.0.10240<p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations [#289][component-289]<p>Version 6.3.9600|
+|FIPS186-4 RSA; RSADP<p>RSADP Primitive<p>RSADP: (Mod2048)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1283][component-1283]<p>Version 10.0.15063<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1281][component-1281]<p>Version 10.0.15063<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#895][component-895]<p>Version 10.0.14393<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#887][component-887]<p>Version 10.0.14393<p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" Cryptography Next Generation (CNG) Implementations [#663][component-663]<p>Version 10.0.10586<p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#576][component-576]<p>Version  10.0.10240|
+|SP800-135<p>Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  [#1496][component-1496]<p>Version 10.0.16299<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1278][component-1278]<p>Version 10.0.15063<p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1140][component-1140]<p>Version 7.00.2872<p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1139][component-1139]<p>Version 8.00.6246<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp [#886][component-886]<p>Version 10.0.14393<p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" BCryptPrimitives and NCryptSSLp [#664][component-664]<p>Version 10.0.10586<p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp [#575][component-575]<p>Version  10.0.10240<p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp [#323][component-323]<p>Version 6.3.9600|
+
+</details>
+
+<details>
+<summary><b>Deterministic Random Bit Generator (DRBG)</b></summary>
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function not used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4904][aes-4904]|Microsoft Surface Hub Virtual TPM Implementations [#1734][drbg-1734]<p>Version 10.0.15063.674|
+|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function not used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4903][aes-4903]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1733][drbg-1733]<p>Version 10.0.16299|
+|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4902][aes-4902]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1732][drbg-1732]<p>Version 10.0.15063.674|
+|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4901][aes-4901]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1731][drbg-1731]<p>Version 10.0.15254|
+|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4897][aes-4897]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1730][drbg-1730]<p>Version 10.0.16299|
+|**CTR_DRBG:** [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256)<p>(AES [validation number 4627][aes-4627])]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1556][drbg-1556]<p>Version 10.0.15063|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256 (AES [validation number 4624][aes-4624])]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1555][drbg-1555]<p>Version 10.0.15063|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4434][aes-4434])]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#1433][drbg-1433]<p>Version 7.00.2872|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4433][aes-4433])]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#1432][drbg-1432]<p>Version 8.00.6246|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4431][aes-4431])]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1430][drbg-1430]<p>Version 7.00.2872|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4430][aes-4430])]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1429][drbg-1429]<p>Version 8.00.6246|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4074][aes-4074])]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#1222][drbg-1222]<p>Version 10.0.14393|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 4064][aes-4064])]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#1217][drbg-1217]<p>Version 10.0.14393|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 3629][aes-3629])]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#955][drbg-955]<p>Version 10.0.10586|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 3497][aes-3497])]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#868][drbg-868]<p>Version 10.0.10240|
+|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 2832][aes-2832])]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#489][drbg-489]<p>Version 6.3.9600|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 2197][aes-2197])]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#258][drbg-258]|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 2023][aes-2023])]|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#193][drbg-193]|
+|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 1168][aes-1168])]|Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library [#23][drbg-23]|
+|**DRBG** (SP 800-90)|Windows Vista Ultimate SP1, vendor-affirmed|
+
+</details>
+
+<details>
+<summary><b>Digital Signature Algorithm (DSA)</b></summary>
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|DSA:<li>186-4:<p>PQGGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>PQGVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>KeyPair:<li>L = 2048, N = 256<li>L = 3072, N = 256<p>Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1303][dsa-1303]<p>Version 10.0.15063.674|
+|DSA:<li>186-4:<p>PQGGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>PQGVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>KeyPair:<li>L = 2048, N = 256<li>L = 3072, N = 256<p>Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1302][dsa-1302]<p>Version 10.0.15254|
+|DSA:<li>186-4:<p>PQGGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>PQGVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>KeyPair:<li>L = 2048, N = 256<li>L = 3072, N = 256<p>Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1301][dsa-1301]<p>Version 10.0.16299|
+|**FIPS186-4:**<br>**PQG(gen)** PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<br>**KeyPairGen**:   [(2048,256); (3072,256)]<p>**SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)** PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number 3790][shs-3790]<p>DRBG: [validation number  1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1223][dsa-1223]<p>Version 10.0.15063|
+|**FIPS186-4:<br>PQG(ver)PARMS TESTED:**   [(1024,160) SHA(1)]<p>**SIG(ver)PARMS TESTED:**   [(1024,160) SHA(1)]<p>SHS: [validation number  3649][shs-3649]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1188][dsa-1188]<p>Version 7.00.2872|
+|**FIPS186-4:<br>PQG(ver)PARMS TESTED:**   [(1024,160) SHA(1)]<p>**SIG(ver)PARMS TESTED:**   [(1024,160) SHA(1)]<p>SHS: [validation number 3648][shs-3648]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1187][dsa-1187]<p>Version 8.00.6246|
+|**FIPS186-4:<br>PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<br>KeyPairGen:    [(2048,256); (3072,256)]<p>**SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number  3347][shs-3347]<p>DRBG: [validation number  1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#1098][dsa-1098]<p>Version 10.0.14393|
+|**FIPS186-4:<br>PQG(gen)** PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<br>KeyPairGen:    [(2048,256); (3072,256)] **SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number  3047][shs-3047]<p>DRBG: [validation number  955][drbg-955]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations [#1024][dsa-1024]<p>Version 10.0.10586|
+|**FIPS186-4:<br>PQG(gen)** PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<br>KeyPairGen: [(2048,256); (3072,256)]<p>**SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number  2886][shs-2886]<p>DRBG: [validation number  868][drbg-868]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#983][dsa-983]<p>Version 10.0.10240|
+|**FIPS186-4:<br>PQG(gen)** PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver**)PARMS TESTED:   [(2048,256), SHA(256); (3072,256) SHA(256)]<br>KeyPairGen:    [(2048,256); (3072,256)]<p>**SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number  2373][shs-2373]<p>DRBG: [validation number  489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#855][dsa-855]<p>Version 6.3.9600|
+|**FIPS186-2**:<p>**PQG(ver)** MOD(1024);<p>**SIG(ver)** MOD(1024);<p>SHS: [#1903][shs-1903]<P>DRBG: [#258][drbg-258]<p>**FIPS186-4: PQG(gen)PARMS TESTED**: [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(gen)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [#1903][shs-1903]<p>DRBG: [#258][drbg-258]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#687][dsa-687]|
+|**FIPS186-2:<br>PQG(ver)** MOD(1024);<p>**SIG(ver)** MOD(1024);<p>SHS: [#1902][shs-1902]<p>DRBG: [#258][drbg-258]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) [#686][dsa-686]|
+|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  1773][shs-1773]<p>DRBG: [validation number  193][drbg-193]|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#645][dsa-645]|
+|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  1081][shs-1081]<p>DRBG: [validation number  23][drbg-23]|Windows Server 2008 R2 and SP1 CNG algorithms [#391][dsa-391]<p>Windows 7 Ultimate and SP1 CNG algorithms [#386][dsa-386]|
+|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  1081][shs-1081]<p>RNG: [validation number  649][rng-649]|Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) [#390][dsa-390]<p>Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) [#385][dsa-385]|
+|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  753][shs-753]|Windows Server 2008 CNG algorithms [#284][dsa-284]<p>Windows Vista Ultimate SP1 CNG algorithms [#283][dsa-283]|
+|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  753][shs-753]<p>RNG: [validation number  435][rng-435]|Windows Server 2008 Enhanced DSS (DSSENH) [#282][dsa-282]<p>Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) [#281][dsa-281]|
+|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  618][shs-618]<p>RNG: [validation number  321][rng-321]|Windows Vista CNG algorithms [#227][dsa-227]<p>Windows Vista Enhanced DSS (DSSENH) [#226][dsa-226]|
+|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  784][shs-784]<p>RNG: [validation number  448][rng-448]|Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#292][dsa-292]|
+|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  783][shs-783]<p>RNG: [validation number  447][rng-447]|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#291][dsa-291]|
+|**FIPS186-2:<br>PQG(gen)** MOD(1024);<p>**PQG(ver)** MOD(1024);<p>**KEYGEN(Y)** MOD(1024);<p>**SIG(gen)** MOD(1024);<P>**SIG(ver)** MOD(1024);<p>SHS: [validation number  611][shs-611]<p>RNG: [validation number  314][rng-314]|Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#221][dsa-221]|
+|**FIPS186-2:<br>PQG(gen)** MOD(1024);<p>**PQG(ver)** MOD(1024);<p>**KEYGEN(Y)** MOD(1024);<p>**SIG(gen)** MOD(1024);v**SIG(ver)** MOD(1024);vSHS: [validation number  385][shs-385]|Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#146][dsa-146]|
+|**FIPS186-2:<br>PQG(ver)** MOD(1024);<p>**KEYGEN(Y)** MOD(1024);v**SIG(gen)** MOD(1024);<p>**SIG(ver)** MOD(1024);<p>SHS: [validation number  181][shs-181]|Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#95][dsa-95]|
+|**FIPS186-2:<br>PQG(gen)** MOD(1024);<p>**PQG(ver)** MOD(1024);<p>**KEYGEN(Y)** MOD(1024);<p>**SIG(gen)** MOD(1024); SHS: SHA-1 (BYTE)<p>**SIG(ver)** MOD(1024); SHS: SHA-1 (BYTE)|Windows 2000 DSSENH.DLL [#29][dsa-29]<p>Windows 2000 DSSBASE.DLL [#28][dsa-28]<p>Windows NT 4 SP6 DSSENH.DLL [#26][dsa-26]<p>Windows NT 4 SP6 DSSBASE.DLL [#25][dsa-25]|
+|**FIPS186-2: PRIME;<br>FIPS186-2:**<p>**KEYGEN(Y):**SHS: SHA-1 (BYTE)<p>**SIG(gen):SIG(ver)** MOD(1024);<p>SHS: SHA-1 (BYTE)|Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider [#17][dsa-17]|
+
+</details>
+
+<details>
+<summary><b>Elliptic Curve Digital Signature Algorithm (ECDSA)</b></summary>
+
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|<p>ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#2373][shs-2373], DRBG [#489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1263][ecdsa-1263]<p>Version 6.3.9600|
+|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384<li>Generation Methods: Testing Candidates<p>Prerequisite: SHS [#4011][shs-4011], DRBG [#1734][drbg-1734]|Microsoft Surface Hub Virtual TPM Implementations [#1253][ecdsa-1253]<p>Version 10.0.15063.674|
+|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384<li>Generation Methods: Testing Candidates<p>Prerequisite: SHS [#4009][shs-4009], DRBG [#1733][drbg-1733]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1252][ecdsa-1252]<p>Version 10.0.16299|
+|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1251][ecdsa-1251]<p>Version 10.0.15063.674|
+|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1250][ecdsa-1250]<p>Version 10.0.15063.674|
+|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1249][ecdsa-1249]<p>Version 10.0.15254|
+|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1248][ecdsa-1248]<p>Version 10.0.15254|
+|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1247][ecdsa-1247]<p>Version 10.0.16299|
+|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1246][ecdsa-1246]<p>Version 10.0.16299|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 TestingCandidates)<p>SHS: [validation number 3790][shs-3790]<p>DRBG: [validation number  1555][drbg-1555]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1136][ecdsa-1136]<p>Version 10.0.15063|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number 3790][shs-3790]<p>DRBG: [validation number  1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1135][ecdsa-1135]<p>Version 10.0.15063|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number 3790][shs-3790]<p>DRBG: [validation number  1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1133][ecdsa-1133]<p>Version 10.0.15063|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))<p>**SHS:**[validation number  3649][shs-3649]<p>**DRBG:**[validation number  1430][drbg-1430]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1073][ecdsa-1073]<p>Version 7.00.2872|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))<p>**SHS:**[validation number 3648][shs-3648]<p>**DRBG:**[validation number  1429][drbg-1429]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1072][ecdsa-1072]<p>Version 8.00.6246|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 TestingCandidates)v**PKV: CURVES**(P-256 P-384)<p>**SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.v**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))<p>SHS: [validation number  3347][shs-3347]<p>DRBG: [validation number  1222][drbg-1222]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#920][ecdsa-920]<p>Version 10.0.14393|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))vSHS: [validation number  3347][shs-3347]<p>DRBG: [validation number  1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#911][ecdsa-911]<p>Version 10.0.14393|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number  3047][shs-3047]<p>DRBG: [validation number  955][drbg-955]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" MsBignum Cryptographic Implementations [#760][ecdsa-760]<p>Version 10.0.10586|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer**: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number  2886][shs-2886]<p>DRBG: [validation number  868][drbg-868]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#706][ecdsa-706]<p>Version 10.0.10240|
+|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number 2373][shs-2373]<p>DRBG: [validation number  489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#505][ecdsa-505]<p>Version 6.3.9600|
+|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [#1903][shs-1903]<p>**DRBG**: [#258][drbg-258]<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [#1903][shs-1903]<p>**DRBG**: [#258][drbg-258]<p>**FIPS186-4: <br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>**SHS**: [#1903][shs-1903]<p>**DRBG**: [#258][drbg-258].|Windows 8,<p>Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#341][ecdsa-341]|
+|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 1773][shs-1773]<p>**DRBG**: [validation number  193][drbg-193]<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 1773][shs-1773]<p>**DRBG**: [validation number  193][drbg-193]<p>**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>**SHS**: [validation number 1773][shs-1773]<p>**DRBG**: [validation number  193][drbg-193].|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#295][ecdsa-295]|
+|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 1081][shs-1081]<p>**DRBG**: [validation number  23][drbg-23]<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 1081][shs-1081]<p>**DRBG**: [validation number  23][drbg-23].|Windows Server 2008 R2 and SP1 CNG algorithms [#142][ecdsa-142]<p>Windows 7 Ultimate and SP1 CNG algorithms [#141][ecdsa-141]|
+|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 753][shs-753]<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 753][shs-753].|Windows Server 2008 CNG algorithms [#83][ecdsa-83]<p>Windows Vista Ultimate SP1 CNG algorithms [#82][ecdsa-82]|
+|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 618][shs-618]<p>**RNG**: [validation number  321][shs-618]<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 618][shs-618]<p>**RNG**: [validation number  321][rng-321].|Windows Vista CNG algorithms [#60][ecdsa-60]|
+
+</details>
+
+<details>
+<summary><b>Keyed-Hash Message Authentication Code (HMAC)</b></summary>
+
+|**Modes / States / <li>Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|<p>HMAC-SHA-1:<li><li>Key Sizes &lt; Block Size<li><li>Key Sizes &gt; Block Size<li><li>Key Sizes = Block Size<p><p>HMAC-SHA2-256:<li><li>Key Sizes &lt; Block Size<li><li>Key Sizes &gt; Block Size<li><li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4011][shs-4011]|Microsoft Surface Hub Virtual TPM Implementations [#3271][hmac-3271]<p>Version 10.0.15063.674|
+|<p>HMAC-SHA-1:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-256:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4009][shs-4009]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#3270][hmac-3270]<p>Version 10.0.16299|
+|<p>HMAC-SHA-1:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-256:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-512:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4011][shs-4011]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#3269][hmac-3269]<p>Version 10.0.15063.674|
+|<p>HMAC-SHA-1:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-256:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-512:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4010][shs-4010]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#3268][hmac-3268]<p>Version 10.0.15254|
+|<p>HMAC-SHA-1:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-256:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-512:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4009][shs-4009]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#3267][hmac-3267]<p>Version 10.0.16299|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#3062][hmac-3062]<p>Version 10.0.15063|
+|<p> **HMAC-SHA1(Key Sizes Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#3061][hmac-3061]<p>Version 10.0.15063|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3652][shs-3652]<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3652][shs-3652]<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3652][shs-3652]<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3652][shs-3652]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2946][hmac-2946]<p>Version 7.00.2872|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3651][shs-3651]<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3651][shs-3651]<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3651][shs-3651]<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3651][shs-3651]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2945][hmac-2945]<p>Version 8.00.6246|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number  3649][shs-3649]<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number  3649][shs-3649]<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number  3649][shs-3649]<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number  3649][shs-3649]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2943][hmac-2943]<p>Version 7.00.2872|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3648][shs-3648]<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3648][shs-3648]<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3648][shs-3648]<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3648][shs-3648]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2942][hmac-2942]<p>Version 8.00.6246|
+|<p> **HMAC-SHA1** (Key Sizes Ranges Tested:  KSBS)<p>SHS [validation number  3347][shs-3347]<p> **HMAC-SHA256** (Key Size Ranges Tested:  KSBS) SHS [validation number  3347][shs-3347]<p> **HMAC-SHA384** (Key Size Ranges Tested:  KSBS) SHS [validation number  3347][shs-3347]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#2661][hmac-2661]<p>Version 10.0.14393|
+|<p> **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) SHS [validation number  3347][shs-3347]<p> **HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number  3347][shs-3347]<p> **HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number  3347][shs-3347]<p> **HMAC-SHA512** (Key Size Ranges Tested: KSBS) SHS [validation number  3347][shs-3347]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#2651][hmac-2651]<p>Version 10.0.14393|
+|<p> **HMAC-SHA1** (Key Sizes Ranges Tested:  KSBS)<br>SHS [validation number  3047][shs-3047]<p> **HMAC-SHA256** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number  3047][shs-3047]<p> **HMAC-SHA384** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number  3047][shs-3047]<p> **HMAC-SHA512** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number  3047][shs-3047]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" SymCrypt Cryptographic Implementations [#2381][hmac-2381]<p>Version 10.0.10586|
+|<p> **HMAC-SHA1** (Key Sizes Ranges Tested:  KSBS)<br>SHS[validation number  2886][shs-2886]<p> **HMAC-SHA256** (Key Size Ranges Tested:  KSBS)<br>SHS[validation number  2886][shs-2886]<p> **HMAC-SHA384** (Key Size Ranges Tested:  KSBS)<br>[ SHSvalidation number  2886][shs-2886]<p> **HMAC-SHA512** (Key Size Ranges Tested:  KSBS)<br>SHS[validation number  2886][shs-2886]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#2233][hmac-2233]<p>Version 10.0.10240|
+|<p> **HMAC-SHA1** (Key Sizes Ranges Tested:  KSBS)<br>SHS [validation number 2373][shs-2373]<p> **HMAC-SHA256** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number 2373][shs-2373]<p> **HMAC-SHA384** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number 2373][shs-2373]<p> **HMAC-SHA512** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number 2373][shs-2373]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#1773][hmac-1773]<p>Version 6.3.9600|
+|<p> **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) SHS [validation number 2764][shs-2764]<p> **HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number 2764][shs-2764]<p> **HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number 2764][shs-2764]<p> **HMAC-SHA512** (Key Size Ranges Tested: KSBS) SHS [validation number 2764][shs-2764]|Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) [#2122][hmac-2122]<p>Version 5.2.29344|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[#1902][shs-1902]<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[#1902][shs-1902]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #[1347][hmac-1347]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS**[#1902][shs-1902]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS**[#1902][shs-1902]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS**[#1902][shs-1902]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS**[#1902][shs-1902]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #[1346][hmac-1346]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)**<br>**SHS**[#1903][shs-1903]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS)**<br>**SHS**[#1903][shs-1903]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS)**<br>**SHS**[#1903][shs-1903]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS)**<br>**SHS**[#1903][shs-1903]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #[1345][hmac-1345]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1773][shs-1773]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773][shs-1773]<br>**Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773][shs-1773]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773][shs-1773]|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll), [#1364][hmac-1364]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1774][shs-1774]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774][shs-1774]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774][shs-1774]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774][shs-1774]|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1227][hmac-1227]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1081][shs-1081]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081][shs-1081]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081][shs-1081]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081][shs-1081]|Windows Server 2008 R2 and SP1 CNG algorithms [#686][hmac-686]<p>Windows 7 and SP1 CNG algorithms [#677][hmac-677]<p>Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) [#687][hmac-687]<p>Windows 7 Enhanced Cryptographic Provider (RSAENH) [#673][hmac-673]|
+|<p> **HMAC-SHA1(Key Sizes Ranges Tested: KS**[validation number 1081][shs-1081]<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 1081][shs-1081]|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations [#675][hmac-675]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 816][shs-816]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 816][shs-816]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 816][shs-816]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 816][shs-816]|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#452][hmac-452]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 753][shs-753]<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 753][shs-753]|Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations [#415][hmac-415]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 753][shs-753]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS)** SHS [validation number 753][shs-753]|Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) [#408][hmac-408]<p>Windows Vista Enhanced Cryptographic Provider (RSAENH) [#407][hmac-407]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHS** [validation number 618][shs-618]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]|Windows Vista Enhanced Cryptographic Provider (RSAENH) [#297][hmac-297]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 785][shs-785]|Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#429][hmac-429]<p>Windows XP, vendor-affirmed|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 783][shs-783]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 783][shs-783]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 783][shs-783]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 783][shs-783]|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#428][hmac-428]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 613][shs-613]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 613][shs-613]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 613][shs-613]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 613][shs-613]|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#289][hmac-289]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 610][shs-610]|Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#287][hmac-287]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 753][shs-753]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 753][shs-753]|Windows Server 2008 CNG algorithms [#413][hmac-413]<p>Windows Vista Ultimate SP1 CNG algorithms [#412][hmac-412]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 737][shs-737]<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 737][shs-737]|Windows Vista Ultimate BitLocker Drive Encryption [#386][hmac-386]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 618][shs-618]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 618][shs-618]|Windows Vista CNG algorithms [#298][hmac-298]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 589][shs-589]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHS** [validation number 589][shs-589]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 589][shs-589]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 589][shs-589]|Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#267][hmac-267]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 578][shs-578]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 578][shs-578]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 578][shs-578]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 578][shs-578]|Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) [#260][hmac-260]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 495][shs-495]<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 495][shs-495]|Windows Vista BitLocker Drive Encryption [#199][hmac-199]|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 364][shs-364]|Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#99][hmac-99]<p>Windows XP, vendor-affirmed|
+|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 305][shs-305]<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 305][shs-305]<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 305][shs-305]<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 305][shs-305]|Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#31][hmac-31]|
+
+</details>
+
+<details>
+<summary><b>Key Agreement Scheme (KAS)</b></summary>
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|KAS ECC: <br>Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration<p>Schemes:<br><p>Full Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<br>Prerequisite: SHS [#4011][shs-4011], ECDSA [#1253][ecdsa-1253], DRBG [#1734][drbg-1734]|Microsoft Surface Hub Virtual TPM Implementations [#150][kas-150]<p>Version 10.0.15063.674|
+|KAS ECC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration<p>Schemes:<br><p>Full Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<br>Prerequisite: SHS [#4009][shs-4009], ECDSA [#1252][ecdsa-1252], DRBG [#1733][drbg-1733]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#149][kas-149]<p>Version 10.0.16299|
+|KAS ECC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration<p>Schemes:<p>Ephemeral Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>One-Pass DH:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>Static Unified:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<p><li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<br>Prerequisite: SHS [#4011][shs-4011], ECDSA [#1250][ecdsa-1250], DRBG [#1732][drbg-1732]<p>KAS FFC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation<p>Schemes:<p>dhEphem:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<p>dhOneFlow:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC<li>SHA: SHA-256<li>MAC: HMAC<p>dhStatic:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<br>Prerequisite: SHS [#4011][shs-4011], DSA [#1303][dsa-1303], DRBG [#1732][drbg-1732]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#148][kas-148]<p>Version 10.0.15063.674|
+|KAS ECC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration<p>Schemes:<p>Ephemeral Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMA<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>One-Pass DH:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>Static Unified:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<br>Prerequisite: SHS [#4010][shs-4010], ECDSA [#1249][ecdsa-1249], DRBG [#1731][drbg-1731]<p>KAS FFC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation<p>Schemes:<p>dhEphem:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<p>dhOneFlow:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC<li>SHA: SHA-256<li>MAC: HMAC<p>dhStatic:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<br>Prerequisite: SHS [#4010][shs-4010], DSA [#1302][dsa-1302], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#147][kas-147]<p>Version 10.0.15254|
+|KAS ECC:<p><br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration<p>Schemes:<p>Ephemeral Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>One-Pass DH:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>Static Unified:<p><li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<br>Prerequisite: SHS [#4009][shs-4009], ECDSA [#1246][ecdsa-1246], DRBG [#1730][drbg-1730]<p>KAS FFC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation<p>Schemes:<p>dhEphem:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<p>dhOneFlow:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<p>dhStatic:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<br>Prerequisite: SHS [#4009][shs-4009], DSA [#1301][dsa-1301], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#146][kas-146]<p>Version 10.0.16299|
+|**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration) **SCHEMES** [**FullUnified** (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC)]<P>SHS [validation number 3790][shs-3790]<P>DSA [validation number 1135][dsa-1135]<p>DRBG [validation number 1556][drbg-1556]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#128][kas-128]<p>Version 10.0.15063|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)<p>**SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]<p>[**dhOneFlow** (**FB:** SHA256) (**FC:** SHA256)]<p>[**dhStatic** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FB:** SHA256 HMAC) (**FC:** SHA256   HMAC)]<P>SHS [validation number 3790][shs-3790]<P>DSA [validation number 1223][dsa-1223]<p>DRBG [validation number 1555][drbg-1555]**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) **SCHEMES** [**EphemeralUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[**OnePassDH** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<p>[**StaticUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number 3790][shs-3790]<P>ECDSA [validation number 1133][ecdsa-1133]DRBG [validation number 1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#127][kas-127]<p>Version 10.0.15063|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)<p>**SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]<p>[**dhOneFlow** (KARole(s): Initiator / Responder) (**FB:** SHA256) (**FC:** SHA256)] [**dhStatic** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FB:** SHA256 HMAC) (**FC:** SHA256   HMAC)]<P>SHS [validation number  3649][shs-3649]<P>DSA [validation number 1188][dsa-1188]<p>DRBG [validation number 1430][drbg-1430]<p>**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration)<p>**SCHEMES** [**EphemeralUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[**OnePassDH** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<p>[**StaticUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#115][kas-115]<p>Version 7.00.2872|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)<p>**SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]<p>[**dhHybridOneFlow** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FB:**SHA256 HMAC) (**FC:** SHA256   HMAC)]<p>[**dhStatic** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FB:**SHA256 HMAC) (**FC:** SHA256   HMAC)]<P>SHS [validation number 3648][shs-3648]<P>DSA [validation number 1187][dsa-1187]<p>DRBG [validation number 1429][drbg-1429]<p>**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration)<p>**SCHEMES** [**EphemeralUnified** (**No_KC**) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[**OnePassDH** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<p>[**StaticUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number 3648][shs-3648]<P>ECDSA [validation number 1072][ecdsa-1072]<p>DRBG [validation number 1429][drbg-1429]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#114][kas-114]<p>Version 8.00.6246|
+|**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration)<p>**SCHEMES  [FullUnified  (No_KC**  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt;) (**EC:**  P-256   SHA256   HMAC) (**ED:**  P-384   SHA384   HMAC)]<P>SHS [validation number  3347][shs-3347] ECDSA [validation number 920][ecdsa-920] DRBG [validation number 1222][drbg-1222]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#93][kas-93]<p>Version 10.0.14393|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)<p>**SCHEMES**  [dhEphem  (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]<p>[dhOneFlow (KARole(s): Initiator / Responder) (**FB:**  SHA256) (**FC:**  SHA256)] [**dhStatic (No_KC**  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]<P>SHS [validation number  3347][shs-3347] DSA [validation number 1098][dsa-1098] DRBG [validation number 1217][drbg-1217]<p>**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) **SCHEMES**  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<p>[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number  3347][shs-3347] DSA [validation number 1098][dsa-1098] ECDSA [validation number 911][ecdsa-911] DRBG [validation number 1217][drbg-1217] HMAC [validation number 2651][hmac-2651]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#92][kas-92]<p>Version 10.0.14393|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]<p>[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]<P>SHS [validation number  3047][shs-3047] DSA [validation number 1024][dsa-1024] DRBG [validation number 955][drbg-955]<p>**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<p>[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number  3047][shs-3047] ECDSA [validation number 760][ecdsa-760] DRBG [validation number 955][drbg-955]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations [#72][dsa-72]<p>Version 10.0.10586|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]<p>[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]<P>SHS [validation number  2886][shs-2886] DSA [validation number 983][dsa-983] DRBG [validation number 868][drbg-868]<p>**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<p>[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number  2886][shs-2886] ECDSA [validation number 706][ecdsa-706] DRBG [validation number 868][drbg-868]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#64][kas-64]<p>Version 10.0.10240|
+|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]<p>[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]<P>SHS [validation number 2373][shs-2373] DSA [validation number 855][dsa-855] DRBG [validation number 489][drbg-489]<p>**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<p>[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number 2373][shs-2373] ECDSA [validation number 505][ecdsa-505] DRBG [validation number 489][drbg-489]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#47][kas-47]<p>Version 6.3.9600|
+|**FFC**: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [**dhEphem** (KARole(s): Initiator / Responder)<p>(**FA**: SHA256) (**FB**: SHA256) (**FC**: SHA256)]<p>[**dhOneFlow** (KARole(s): Initiator / Responder) (**FA**: SHA256) (**FB**: SHA256) (**FC**: SHA256)]<p>[**dhStatic** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FA**: SHA256 HMAC) (**FB**: SHA256 HMAC) (**FC**: SHA256 HMAC)]<P>SHS [#1903][shs-1903] DSA [validation number 687][dsa-687] DRBG [#258][drbg-258]<p>**ECC**: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) **SCHEMES**<p>[**EphemeralUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (**ED**: P-384 SHA384 HMAC) (**EE**: P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[**OnePassDH(No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC**: P-256 SHA256) (**ED**: P-384 SHA384) (**EE**: P-521 (SHA512, HMAC_SHA512)))]<p>[**StaticUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC**: P-256 SHA256 HMAC) (**ED**: P-384 SHA384 HMAC) (**EE**: P-521 HMAC (SHA512, HMAC_SHA512))]<P>SHS [#1903][shs-1903] <P>ECDSA [validation number 341][ecdsa-341] DRBG [#258][drbg-258]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#36][kas-36]|
+|**KAS (SP 800-56A)**<li>Key Agreement: Key establishment methodology provides 80 bits to 256 bits of encryption strength|Windows 7 and SP1, vendor-affirmed<p>Windows Server 2008 R2 and SP1, vendor-affirmed|
+
+</details>
+
+<details>
+<summary><b>SP 800-108 Key-Based Key Derivation Functions (KBKDF)</b></summary>
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|Counter:<p>MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384<p>MAC prerequisite: HMAC [#3271][hmac-3271]<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: DRBG [#1734][drbg-1734], KAS [#150][kas-150]|Microsoft Surface Hub Virtual TPM Implementations [#161][kdf-161]<p>Version 10.0.15063.674|
+|Counter:<p>MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384<p>MAC prerequisite: HMAC [#3270][hmac-3270]<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: DRBG [#1733][drbg-1733], KAS [#149][kas-149]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#160][kdf-160]<p>Version 10.0.16299|
+|Counter:<p>MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512<p>MAC prerequisite: AES [#4902][aes-4902], HMAC [#3269][hmac-3269]<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: KAS [#148][kas-148]|Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations [#159][kdf-159]<p>Version 10.0.15063.674|
+|Counter:<p>MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512<p>MAC prerequisite: AES [#4901][aes-4901], HMAC [#3268][hmac-3268]<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: KAS [#147][kas-147]|Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations [#158][kdf-158]<p>Version 10.0.15254|
+|Counter:<p>MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512<p>MAC prerequisite: AES [#4897][aes-4897], HMAC [#3267][hmac-3267]<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: KAS [#146][kas-146]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations [#157][kdf-157]<p>Version 10.0.16299|
+|**CTR_Mode:** (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256][HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 128][kas-128]<p>DRBG [validation number 1556][drbg-1556]<p>MAC [validation number 3062][hmac-3062]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#141][kdf-141]<p>Version 10.0.15063|
+|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 127][kas-127]<p>AES [validation number 4624][aes-4624]<p>DRBG [validation number 1555][drbg-1555]<p>MAC [validation number 3061][hmac-3061]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations [#140][kdf-140]<p>Version 10.0.15063|
+|**CTR_Mode:**  (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 93][kas-93] DRBG [validation number 1222][drbg-1222] MAC [validation number 2661][hmac-2661]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#102][kdf-102]<p>Version 10.0.14393|
+|**CTR_Mode:**  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 92][kas-92] AES [validation number 4064][aes-4064] DRBG [validation number 1217][drbg-1217] MAC [validation number 2651][hmac-2651]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#101][kdf-101]<p>Version 10.0.14393|
+|**CTR_Mode:**  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 72][kas-72] AES [validation number 3629][aes-3629] DRBG [validation number 955][drbg-955] MAC [validation number 2381][hmac-2381]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" Cryptography Next Generation (CNG) Implementations [#72][kdf-72]<p>Version 10.0.10586|
+|**CTR_Mode:**  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 64][kas-64] AES [validation number 3497][aes-3497] RBG [validation number 868][drbg-868] MAC [validation number 2233][hmac-2233]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#66][kdf-66]<p>Version 10.0.10240|
+|**CTR_Mode:**  (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>DRBG [validation number 489][drbg-489] MAC [validation number 1773][hmac-1773]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#30][kdf-30]<p>Version 6.3.9600|
+|**CTR_Mode**: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>DRBG [#258][drbg-258] HMAC [validation number 1345][hmac-1345]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#3][kdf-3]|
+
+</details>
+
+<details>
+<summary><b>Random Number Generator (RNG)</b></summary>
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|**FIPS 186-2 General Purpose**<br>**[(x-Original); (SHA-1)]**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #[1110][rng-1110]|
+|**FIPS 186-2<br>[(x-Original); (SHA-1)]**|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1060][rng-1060]<p>Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#292][rng-292]<p>Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#286][rng-286]<p>Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#66][rng-66]|
+|**FIPS 186-2<br>[(x-Change Notice); (SHA-1)]**; **FIPS 186-2 General Purpose<br>[(x-Change Notice); (SHA-1)]**|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library [#649][rng-649]<p>Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation [#435][rng-435]<p>Windows Vista RNG implementation [#321][rng-321]|
+|**FIPS 186-2 General Purpose<br>[(x-Change Notice); (SHA-1)]**|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#470][rng-470]<p>Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#449][rng-449]<p>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#447][rng-447]<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#316][rng-316]<p>Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#313][rng-313]|
+|**FIPS 186-2<br>[(x-Change Notice); (SHA-1)]**|Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#448][rng-448]<p>Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#314][rng-314]|
+
+</details>
+
+<details>
+<summary><b>RSA</b></summary>
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|RSA:<p>186-4:<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: SHA-1, <li>SHA-256, <li>SHA-384<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: SHA-1, <li>SHA-256, <li>SHA-384<p>Mod 2048 SHA: SHA-1, <li>SHA-256, <li>SHA-384<br><p>Signature Verification PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<p>Prerequisite: SHS [#4011][shs-4011], DRBG [#1734][drbg-1734]|Microsoft Surface Hub Virtual TPM Implementations [#2677][rsa-2677]<p>Version 10.0.15063.674|
+|RSA:<p>186-4:<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 240 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384<br><p>Signature Verification PSS:<p>Mod 1024<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<p>Prerequisite: SHS [#4009][shs-4009], DRBG [#1733][drbg-1733]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (<p>Version 1709); Virtual TPM Implementations [#2676][rsa-2676]<p>Version 10.0.16299|
+|RSA:<p>186-4:<p>Key Generation:<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256<li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub RSA32 Algorithm Implementations [#2675][rsa-2675]<p>Version 10.0.15063.674|
+|RSA:<p>186-4:<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384,<li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations [#2674][rsa-2674]<p>Version 10.0.16299|
+|RSA:<p>186-4:<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations [#2673][rsa-2673]<p>Version 10.0.15254|
+|RSA:<p>186-4:<p>Key Generation:<li>Public Key Exponent: Fixed (10001)<li>Provable Primes with Conditions:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.3<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS<p>Mod 1024<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub MsBignum Cryptographic Implementations [#2672][rsa-2672]<p>Version 10.0.15063.674|
+|RSA:<p>186-4:<p>Key Generation:<p>Probable Random Primes:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C 2<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4011][shs-4011], DRBG [#1732][drbg-1732]|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#2671][rsa-2671]<p>Version 10.0.15063.674|
+|RSA:<p>186-4:<p>Key Generation:<p>Probable Random Primes:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.2<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits)<p>Mod 2048<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#2670][rsa-2670]<p>Version 10.0.15254|
+|RSA:<p>186-4:<p>Key Generation:<p>Public Key Exponent: Fixed (10001)<p>Provable Primes with Conditions:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.3<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits)<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4010][shs-4010], DRBG [#1731][drbg-1731]|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#2669][rsa-2669]<p>Version 10.0.15254|
+|<p>186-4:<p>Key Generation:<p>Public Key Exponent: Fixed (10001)<p>Provable Primes with Conditions:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.3<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1,<li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits)<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#2668][rsa-2668]<p><p>Version 10.0.16299|
+|<p>186-4:<p>Key Generation<p>Probable Random Primes:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.2<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-51<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits)<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4009][shs-4009], DRBG [#1730][drbg-1730]|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#2667][rsa-2667]<p>Version 10.0.16299|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))<p>SHA [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#2524][rsa-2524]<p>Version 10.0.15063|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations [#2523][rsa-2523]<p>Version 10.0.15063|
+|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001);<p>**PGM(ProbPrimeCondition):** 2048, 3072 **PPTT:**(C.3)**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))**SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64<p>SHA [validation number 3790][shs-3790]<p>DRBG: [validation number  1555][drbg-1555]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#2522][rsa-2522]<p>Version 10.0.15063|
+|<p>**FIPS186-4:<p>186-4KEY(gen):**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number 3790][shs-3790]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#2521][rsa-2521]<p>Version 10.0.15063|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3652][shs-3652]**<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS: <li>SHA-256[validation number 3652][shs-3652], <li>SHA-384[validation number 3652][shs-3652], <li>SHA-512[validation number 3652][shs-3652], SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3652][shs-3652], <li>SHA-256[validation number 3652][shs-3652], <li>SHA-384[validation number 3652][shs-3652], <li>SHA-512[validation number 3652][shs-3652]<p>**FIPS186-4:<br>ALG[ANSIX9.31]** Sig(Gen): (2048 SHA(1)) (3072 SHA(1))**SIG(gen) with SHA-1 affirmed for use with protocols only.**SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3652][shs-3652]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2415][rsa-2415]<p>Version 7.00.2872|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3651][shs-3651]**<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS: <li>SHA-256[validation number 3651][shs-3651], <li>SHA-384[validation number 3651][shs-3651], <li>SHA-512[validation number 3651][shs-3651]SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3651][shs-3651], <li>SHA-256[validation number 3651][shs-3651], <li>SHA-384[validation number 3651][shs-3651], <li>SHA-512[validation number 3651][shs-3651]<p>**FIPS186-4:<br>ALG[ANSIX9.31]** Sig(Gen): (2048 SHA(1)) (3072 SHA(1))**SIG(gen) with SHA-1 affirmed for use with protocols only.** SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3651][shs-3651]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2414][rsa-2414]<p>Version 8.00.6246|
+|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS: <li>SHA-256[validation number  3649][shs-3649], <li>SHA-384[validation number  3649][shs-3649], <li>SHA-512[validation number  3649][shs-3649]SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number  3649][shs-3649], <li>SHA-256[validation number  3649][shs-3649], <li>SHA-384[validation number  3649][shs-3649], <li>SHA-512[validation number  3649][shs-3649]<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001);<p>**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)<br>**ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number  3649][shs-3649]<p>DRBG: [validation number  1430][drbg-1430]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2412][rsa-2412]<p>Version 7.00.2872|
+|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS: <li>SHA-256[validation number 3648][shs-3648], <li>SHA-384[validation number 3648][shs-3648], <li>SHA-512[validation number 3648][shs-3648], SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3648][shs-3648], <li>SHA-256[validation number 3648][shs-3648], <li>SHA-384[validation number 3648][shs-3648], <li>SHA-512[validation number 3648][shs-3648]<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001);<p>**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3648][shs-3648]<p>DRBG: [validation number  1429][drbg-1429]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2411][rsa-2411]<p>Version 8.00.6246|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))<p>SHA [validation number  3347][shs-3347]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#2206][rsa-2206]<p>Version 10.0.14393|
+|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001<p>**PGM(ProbPrimeCondition):** 2048, 3072 PPTT:(C.3)<p>SHA [validation number  3347][shs-3347] DRBG: [validation number  1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation [#2195][rsa-2195]<p>Version 10.0.14393|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3346][shs-3346]|soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#2194][rsa-2194]<p>Version 10.0.14393|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))<p>**SIG(Ver)** (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number  3347][shs-3347] DRBG: [validation number  1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#2193][rsa-2193]<p>Version 10.0.14393|
+|<p>**FIPS186-4:<br>[RSASSA-PSS]: Sig(Gen):** (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))<p>**Sig(Ver):** (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number  3347][shs-3347] DRBG: [validation number  1217][drbg-1217]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#2192][rsa-2192]<p>Version 10.0.14393|
+|<p>**FIPS186-4:<p>186-4KEY(gen)**:  FIPS186-4_Fixed_e (10001);<p>**PGM(ProbPrimeCondition**): 2048, 3072 PPTT:(C.3)<p>SHA [validation number  3047][shs-3047] DRBG: [validation number  955][drbg-955]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84" and Surface Hub 55" RSA Key Generation Implementation [#1889][rsa-1889]<p>Version 10.0.10586|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3048][shs-3048]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations [#1871][rsa-1871]<p>Version 10.0.10586|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))<p>**SIG(Ver)** (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number  3047][shs-3047]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations [#1888][rsa-1888]<p>Version 10.0.10586|
+|<p>**FIPS186-4:<br>[RSASSA-PSS]: Sig(Gen)**: (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>**Sig(Ver):** (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number  3047][shs-3047]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations [#1887][rsa-1887]<p>Version 10.0.10586|
+|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001);PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)<p>SHA [validation number  2886][shs-2886] DRBG: [validation number  868][drbg-868]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation [#1798][rsa-1798]<p>Version 10.0.10240|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 2871][shs-2871]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#1784][rsa-1784]<p>Version 10.0.10240|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 2871][shs-2871]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#1783][rsa-1783]<p>Version 10.0.10240|
+|<p>**FIPS186-4:<br>[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number  2886][shs-2886]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#1802][rsa-1802]<p>Version 10.0.10240|
+|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e;<p>**PGM(ProbPrimeCondition):** 2048, 3072 PPTT:(C.3)<p>SHA [validation number 2373][shs-2373] DRBG: [validation number  489][drbg-489]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation [#1487][rsa-1487]<p>Version 6.3.9600|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 2373][shs-2373]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#1494][rsa-1494]<p>Version 6.3.9600|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 2373][shs-2373]|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1493][rsa-1493]<p>Version 6.3.9600|
+|<p>**FIPS186-4:<br>[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number 2373][shs-2373]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#1519][rsa-1519]<p>Version 6.3.9600|
+|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256)), SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512)), SHA [#1903][shs-1903].|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#1134][rsa-1134]|
+|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value<p>**PGM(ProbPrimeCondition):** 2048, 3072 **PPTT:**(C.3)<p>SHA [#1903][shs-1903] DRBG: [#258][drbg-258]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation [#1133][rsa-1133]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [#258][drbg-258]<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[#1902][shs-1902], <li>SHA-384[#1902][shs-1902], <li>SHA-512[#1902][shs-1902],, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[#1902][shs-1902], <li>SHA-256[#1902][shs-1902], SHA-[#1902][shs-1902], <li>SHA-512[#1902][shs-1902],.|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) [#1132][rsa-1132]|
+|<p>**FIPS186-2:ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1774][shs-1774]<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1774][shs-1774], <li>SHA-384[validation number 1774][shs-1774], <li>SHA-512[validation number 1774][shs-1774],SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1774][shs-1774], <li>SHA-256[validation number 1774][shs-1774], <li>SHA-384[validation number 1774][shs-1774], <li>SHA-512[validation number 1774][shs-1774],.|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1052][rsa-1052]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [validation number  193][drbg-193]<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1773][shs-1773], <li>SHA-384[validation number 1773][shs-1773], <li>SHA-512[validation number 1773][shs-1773],SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1773][shs-1773], <li>SHA-256[validation number 1773][shs-1773], <li>SHA-384[validation number 1773][shs-1773], <li>SHA-512[validation number 1773][shs-1773],.|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1051][rsa-1051]|
+|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1081][shs-1081], <li>SHA-384[validation number 1081][shs-1081], <li>SHA-512[validation number 1081][shs-1081],SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1081][shs-1081], <li>SHA-256[validation number 1081][shs-1081], <li>SHA-384[validation number 1081][shs-1081], <li>SHA-512[validation number 1081][shs-1081],.|Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) [#568][rsa-568]|
+|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1081][shs-1081], <li>SHA-384[validation number 1081][shs-1081], <li>SHA-512[validation number 1081][shs-1081], SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1081][shs-1081], <li>SHA-256[validation number 1081][shs-1081], <li>SHA-384[validation number 1081][shs-1081], <li>SHA-512[validation number 1081][shs-1081],<br>**ALG[RSASSA-PSS]:** SIG(gen); 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1081][shs-1081], <li>SHA-384[validation number 1081][shs-1081], <li>SHA-512[validation number 1081][shs-1081], SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1081][shs-1081], <li>SHA-256[validation number 1081][shs-1081], <li>SHA-384[validation number 1081][shs-1081], <li>SHA-512[validation number 1081][shs-1081].|Windows Server 2008 R2 and SP1 CNG algorithms [#567][rsa-567]<p>Windows 7 and SP1 CNG algorithms [#560][rsa-560]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [validation number  23][drbg-23].|Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation [#559][rsa-559]|
+|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:<li>SHA-256[validation number 1081][shs-1081], <li>SHA-384[validation number 1081][shs-1081], <li>SHA-512[validation number 1081][shs-1081], SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1081][shs-1081], <li>SHA-256[validation number 1081][shs-1081], <li>SHA-384[validation number 1081][shs-1081], <li>SHA-512[validation number 1081][shs-1081],.|Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) [#557][rsa-557]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 816][shs-816], <li>SHA-384[validation number 816][shs-816], <li>SHA-512[validation number 816][shs-816],SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 816][shs-816], <li>SHA-256[validation number 816][shs-816], <li>SHA-384[validation number 816][shs-816], <li>SHA-512[validation number 816][shs-816],.|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#395][rsa-395]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 783][shs-783]**<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 783][shs-783], <li>SHA-384[validation number 783][shs-783], <li>SHA-512[validation number 783][shs-783],.|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#371][rsa-371]|
+|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 753][shs-753], <li>SHA-384[validation number 753][shs-753], <li>SHA-512[validation number 753][shs-753], SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753][shs-753], <li>SHA-256[validation number 753][shs-753], <li>SHA-384[validation number 753][shs-753], <li>SHA-512[validation number 753][shs-753],<br>**ALG[RSASSA-PSS]:** SIG(gen); 2048, 3072, 4096, SHS: <li>SHA-256[validation number 753][shs-753], <li>SHA-384[validation number 753][shs-753], <li>SHA-512[validation number 753][shs-753], SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753][shs-753], <li>SHA-256[validation number 753][shs-753], <li>SHA-384[validation number 753][shs-753], <li>SHA-512[validation number 753][shs-753].|Windows Server 2008 CNG algorithms [#358][rsa-358]<p>Windows Vista SP1 CNG algorithms [#357][rsa-357]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753][shs-753]<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 753][shs-753], <li>SHA-384[validation number 753][shs-753], <li>SHA-512[validation number 753][shs-753], SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753][shs-753], <li>SHA-256[validation number 753][shs-753], <li>SHA-384[validation number 753][shs-753], <li>SHA-512[validation number 753][shs-753].|Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) [#355][rsa-355]<p>Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) [#354][rsa-354]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537.|Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation [#353][rsa-353]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: [validation number  321][rng-321].|Windows Vista RSA key generation implementation [#258][rsa-258]|
+|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 618][shs-618], <li>SHA-384[validation number 618][shs-618], <li>SHA-512[validation number 618][shs-618],SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 618][shs-618], <li>SHA-256[validation number 618][shs-618], <li>SHA-384[validation number 618][shs-618], <li>SHA-512[validation number 618][shs-618],<br>**ALG[RSASSA-PSS]:** SIG(gen); 2048, 3072, 4096, SHS: <li>SHA-256[validation number 618][shs-618], <li>SHA-384[validation number 618][shs-618], <li>SHA-512[validation number 618][shs-618], SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 618][shs-618], <li>SHA-256[validation number 618][shs-618], <li>SHA-384[validation number 618][shs-618], <li>SHA-512[validation number 618][shs-618].|Windows Vista CNG algorithms [#257][rsa-257]|
+|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 618][shs-618], <li>SHA-384[validation number 618][shs-618], <li>SHA-512[validation number 618][shs-618],, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 618][shs-618], <li>SHA-256[validation number 618][shs-618], <li>SHA-384[validation number 618][shs-618], <li>SHA-512[validation number 618][shs-618],.|Windows Vista Enhanced Cryptographic Provider (RSAENH) [#255][rsa-255]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 613][shs-613]<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 613][shs-613], <li>SHA-384[validation number 613][shs-613], <li>SHA-512[validation number 613][shs-613], SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 613][shs-613], <li>SHA-256[validation number 613][shs-613], <li>SHA-384[validation number 613][shs-613], <li>SHA-512[validation number 613][shs-613],.|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#245][rsa-245]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 589][shs-589]<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 589][shs-589], <li>SHA-384[validation number 589][shs-589], <li>SHA-512[validation number 589][shs-589],, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 589][shs-589], <li>SHA-256[validation number 589][shs-589], <li>SHA-384[validation number 589][shs-589], <li>SHA-512[validation number 589][shs-589],.|Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#230][rsa-230]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 578][shs-578]<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 578][shs-578], <li>SHA-384[validation number 578][shs-578], <li>SHA-512[validation number 578][shs-578],, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 578][shs-578], <li>SHA-256[validation number 578][shs-578], <li>SHA-384[validation number 578][shs-578], <li>SHA-512[validation number 578][shs-578],.|Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) [#222][rsa-222]|
+|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:**<p>SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 364][shs-364].|Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#81][rsa-81]|
+|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 305][shs-305]<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 305][shs-305], <li>SHA-384[validation number 305][shs-305], <li>SHA-512[validation number 305][shs-305],, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 305][shs-305], <li>SHA-256[validation number 305][shs-305], <li>SHA-384[validation number 305][shs-305], <li>SHA-512[validation number 305][shs-305],.|Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#52][rsa-52]|
+|<p>**FIPS186-2:**: <li>PKCS#1 v1.5, Signature generation, and verification<li>Mod sizes: 1024, 1536, 2048, 3072, 4096<li>SHS: SHA-1/256/384/512|Windows XP, vendor-affirmed<p>Windows 2000, vendor-affirmed|
+
+</details>
+
+<details>
+<summary><b>Secure Hash Standard (SHS)</b></summary>
+
+|Modes / States / Key Sizes|Algorithm Implementation and Certificate #|
+|--- |--- |
+|<p>SHA-1:<br>Supports Empty Message<p>SHA-256:<br>Supports Empty Message<p>SHA-384:<br>Supports Empty Message<p>SHA-512:<br>Supports Empty Message|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#4011][shs-4011]<p>Version 10.0.15063.674|
+|<p>SHA-1:<br>Supports Empty Message<p>SHA-256:<br>Supports Empty Message<p>SHA-384:<br>Supports Empty Message<p>SHA-512:<br>Supports Empty Message|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#4010][shs-4010]<p>Version 10.0.15254|
+|<p>SHA-1:<br>Supports Empty Message<p>SHA-256:<br>Supports Empty Message<p>SHA-384:<br>Supports Empty Message<p>SHA-512:<br>Supports Empty Message|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#4009][shs-4009]<p>Version 10.0.16299|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only)<li>**SHA-512**  (BYTE-only)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#3790][shs-3790]<p>Version 10.0.15063|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only)<li>**SHA-512**  (BYTE-only)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#3652][shs-3652]<p>Version 7.00.2872|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only<li>**SHA-512**  (BYTE-only)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#3651][shs-3651]<p>Version 8.00.6246|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only)<li>**SHA-512**  (BYTE-only)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#3649][shs-3649]<p>Version 7.00.2872|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only)<li>**SHA-512**  (BYTE-only)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#3648][shs-3648]<p>Version 8.00.6246|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#3347][shs-3347]<p>Version 10.0.14393|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#3346][shs-3346]<p>Version 10.0.14393|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations [#3048][shs-3048]<p>Version 10.0.10586|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#3047][shs-3047]<p>Version 10.0.10586|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#2886][shs-2886]<p>Version 10.0.10240|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#2871][shs-2871]<p>Version 10.0.10240|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#2396][shs-2396]<p>Version 6.3.9600|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#2373][shs-2373]<p>Version 6.3.9600|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)<p>Implementation does not support zero-length (null) messages.|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#1903][shs-1903]<p>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#1902][shs-1902]|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1774][shs-1774]<p>Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#1773][shs-1773]|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1081][shs-1081]<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#816][shs-816]|
+|<li>**SHA-1** (BYTE-only)|Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#785][shs-785]<p>Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#784][shs-784]|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#783][shs-783]|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#753][shs-753]<p>Windows Vista Symmetric Algorithm Implementation [#618][shs-618]|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)|Windows Vista BitLocker Drive Encryption [#737][shs-737]<p>Windows Vista Beta 2 BitLocker Drive Encryption [#495][shs-495]|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#613][shs-613]<p>Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#364][shs-364]|
+|<li>**SHA-1** (BYTE-only)|Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#611][shs-611]<p>Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#610][shs-610]<p>Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#385][shs-385]<p>Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) [#371][shs-371]<p>Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#181][shs-181]<p>Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) [#177][shs-177]<p>Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#176][shs-176]|
+|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#589][shs-589]<p>Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#578][shs-578]<p>Windows CE 5.00 and Windows CE 5.01 Enhanced<p>Cryptographic Provider (RSAENH) [#305][shs-305]|
+|<li>**SHA-1** (BYTE-only)|Windows XP Microsoft Enhanced Cryptographic Provider [#83][shs-83]<p>Crypto Driver for Windows 2000 (fips.sys) [#35][shs-35]<p>Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) [#32][shs-32]<p>Windows 2000 RSAENH.DLL [#24][shs-24]<p>Windows 2000 RSABASE.DLL [#23][shs-23]<p>Windows NT 4 SP6 RSAENH.DLL [#21][shs-21]<p>Windows NT 4 SP6 RSABASE.DLL [#20][shs-20]|
+
+</details>
+
+<details>
+<summary><b>SP 800-132 Password-Based Key Derivation Function (PBKDF)</b></summary>
+
+| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
+| --- | --- |
+| PBKDF (vendor affirmed) |  Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2937][certificate-2937]<br/>(Software Version: 10.0.14393)<br/><br/>Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2936][certificate-2936]<br/>(Software Version: 10.0.14393)<br/><br/>Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2935][certificate-2935]<br/>(Software Version: 10.0.14393) |
+| PBKDF (vendor affirmed) | Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2936][certificate-2936]<br/>(Software Version: 10.0.14393)<br/><br/>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed |
+
+</details>
+
+<details>
+<summary><b>Triple DES</b></summary>
+
+|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
+|--- |--- |
+|<p>TDES-CBC:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB64:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB8:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-ECB:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#2558][tdes-2558]<p>Version 10.0.15063.674|
+|<p>TDES-CBC:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB64:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB8:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-ECB:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#2557][tdes-2557]<p>Version 10.0.15254|
+|<p>TDES-CBC:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB64:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB8:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-ECB:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#2556][tdes-2556]<p>Version 10.0.16299|
+|**TECB**(KO 1 e/d); **TCBC**(KO 1 e/d); **TCFB8**(KO 1 e/d); **TCFB64**(KO 1 e/d)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#2459][tdes-2459]<p>Version 10.0.15063|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2384][tdes-2384]<p>Version 8.00.6246|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2383][tdes-2383]<p>Version 8.00.6246|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**CTR** (int only)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2382][tdes-2382]<p>Version 7.00.2872|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2381][tdes-2381]<p>Version 8.00.6246|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#2227][tdes-2227]<p>Version 10.0.14393|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#2024][tdes-2024]<p>Version 10.0.10586|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#1969][tdes-1969]<p>Version 10.0.10240|
+|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#1692][tdes-1692]<p>Version 6.3.9600|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2);**TCFB64**(e/d; KO 1, 2)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#1387][tdes-1387]|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#1386][tdes-1386]|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#846][tdes-846]|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#656][tdes-656]|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows Vista Symmetric Algorithm Implementation [#549][tdes-549]|
+|**Triple DES MAC**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 [#1386][tdes-1386], vendor-affirmedWindows 7 and SP1 and Windows Server 2008 R2 and SP1 [#846][tdes-846], vendor-affirmed|
+|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2)|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1308][tdes-1308]Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#1307][tdes-1307]<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#691][tdes-691]<p>Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#677][tdes-677]<p>Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#676][tdes-676]<p>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#675][tdes-675]<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#544][tdes-544]<p>Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#543][tdes-543]<p>Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#542][tdes-542]Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#526][tdes-526]<p>Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#517][tdes-517]<p>Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#381][tdes-381]<p>Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) [#370][tdes-370]<p>Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#365][tdes-365]Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#315][tdes-315]<p>Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) [#201][tdes-201]<p>Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#199][tdes-199]<p>Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#192][tdes-192]Windows XP Microsoft Enhanced Cryptographic Provider [#81][tdes-81]<p>Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) [#18][tdes-18]Crypto Driver for Windows 2000 (fips.sys) [#16][tdes-16]|
+
+</details>
+
+## Contact
+
+fips@microsoft.com
+
+## References
+
+* [FIPS 140-2, Security Requirements for Cryptographic Modules](https://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf))
+* [Cryptographic Module Validation Program (CMVP) FAQ](https://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)
+* [SP 800-57 - Recommendation for Key Management - Part 1: General (Revised)](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final)
+* [SP 800-131A - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](https://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)
+
+---
+
 ## Frequently asked questions
 
 ### How long does it take to certify a cryptographic module?
@@ -91,874 +1113,670 @@ Suite B is a set of cryptographic algorithms defined by the U.S. National Securi
 
 SMB3 can be FIPS 140 compliant, if Windows is configured to operate in FIPS 140 mode on both client and server.  In FIPS mode, SMB3 relies on the underlying Windows FIPS 140 validated cryptographic modules for cryptographic operations.
 
-## Microsoft FIPS 140-2 validated cryptographic modules
-
-The following tables identify the cryptographic modules used in an operating system, organized by release.
-
-## Modules used by Windows
-
-##### Windows 10 Fall 2018 Update (Version 1809)
-
-Validated Editions: Home, Pro, Enterprise, Education
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
-|Kernel Mode Cryptographic Primitives Library|[10.0.17763](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
-|Code Integrity|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3644.pdf)|[#3644](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3644)|See Security Policy and Certificate page for algorithm information|
-|Windows OS Loader|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3615.pdf)|[#3615](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3615)|See Security Policy and Certificate page for algorithm information|
-|Secure Kernel Code Integrity|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3651.pdf)|[#3651](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3651)|See Security Policy and Certificate page for algorithm information|
-|BitLocker Dump Filter|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
-|Boot Manager|[10.0.17763](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
-|Virtual TPM|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3690.pdf)|[#3690](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3690)|See Security Policy and Certificate page for algorithm information|
-
-##### Windows 10 Spring 2018 Update (Version 1803)
-
-Validated Editions: Home, Pro, Enterprise, Education
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
-|Kernel Mode Cryptographic Primitives Library|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
-|Code Integrity|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3195.pdf)|[#3195](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3195)|See Security Policy and Certificate page for algorithm information|
-|Windows OS Loader|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3480.pdf)|[#3480](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3480)|See Security Policy and Certificate page for algorithm information|
-|Secure Kernel Code Integrity|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|See Security Policy and Certificate page for algorithm information|
-|BitLocker Dump Filter|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
-|Boot Manager|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
-
-##### Windows 10 Fall Creators Update (Version 1709)
-
-Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
-|Kernel Mode Cryptographic Primitives Library|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
-|Code Integrity|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3195.pdf)|[#3195](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3195)|See Security Policy and Certificate page for algorithm information|
-|Windows OS Loader|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3194.pdf)|[#3194](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3194)|See Security Policy and Certificate page for algorithm information|
-|Secure Kernel Code Integrity|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|See Security Policy and Certificate page for algorithm information|
-|BitLocker Dump Filter|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
-|Windows Resume|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3091.pdf)|[#3091](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3091)|See Security Policy and Certificate page for algorithm information|
-|Boot Manager|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
-
-##### Windows 10 Creators Update (Version 1703)
-
-Validated Editions: Home, Pro, Enterprise, Education, S, Surface Hub, Mobile
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3095.pdf)|[#3095](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3095)|FIPS approved algorithms: AES (Cert. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)); CKG (vendor affirmed); CVL (Certs<p>[#1278](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278) and [#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281)); DRBG (Cert. [#1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)); DSA (Cert. [#1223](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223)); ECDSA (Cert. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133)); HMAC (Cert. [#3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061)); KAS (Cert. [#127](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#127)); KBKDF (Cert. [#140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#140)); KTS (AES Cert. [#4626](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4626); key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2521) and [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)); Triple-DES (Cert. [#2459](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2459)<p>Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1133)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#2521)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#1278](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278))|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3094.pdf)|[#3094](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094)|[#3094](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094)<p>FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4626](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4626)); CKG (vendor affirmed); CVL (Certs. [#1278](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278) and [#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281)); DRBG (Cert. [#1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)); DSA (Cert. [#1223](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223)); ECDSA (Cert. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133)); HMAC (Cert. [#3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061)); KAS (Cert. [#127](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#127)); KBKDF (Cert. [#140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#140)); KTS (AES Cert. [#4626](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4626); key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2521) and [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)); Triple-DES (Cert. [#2459](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2459)<p>Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)<p>[Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert.](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094<p>[#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1133)[); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert.](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094)[#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#2521)[); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert.](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094<p>[#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281)[)](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094)|
-|Boot Manager|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625)); CKG (vendor affirmed); HMAC (Cert. [#3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061)); PBKDF (vendor affirmed); RSA (Cert. [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>Other algorithms: PBKDF (vendor affirmed); VMK KDF (vendor affirmed)|
-|Windows OS Loader|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3090.pdf)|[#3090](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3090)|FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625)); RSA (Cert. [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>[Other algorithms: NDRNG](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3090)|
-|Windows Resume <sup>[1]</sup>|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3091.pdf)|[#3091](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3091)|FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625)); RSA (Cert. [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790))|
-|BitLocker® Dump Filter <sup>[2]</sup>|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|FIPS approved algorithms: AES (Certs. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624) and [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625)); RSA (Cert. [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790))|
-|Code Integrity (ci.dll)|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3093.pdf)|[#3093](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3093)|FIPS approved algorithms: AES (Cert. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)); RSA (Certs. [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522) and [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. [#1282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1282))|
-|Secure Kernel Code Integrity (skci.dll)<sup>[3]</sup>|[10.0.15063](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|FIPS approved algorithms: AES (Cert. [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)); RSA (Certs. [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522) and [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)); SHS (Cert. [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v1.5 - RSASP1 Signature Primitive (Cert. [#1282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1282))|
-
-
-<sup>\[1\]</sup> Applies only to Home, Pro, Enterprise, Education, and S.
-
-<sup>\[2\]</sup> Applies only to Pro, Enterprise, Education, S, Mobile, and Surface Hub
-
-<sup>\[3\]</sup> Applies only to Pro, Enterprise, Education, and S
-
-##### Windows 10 Anniversary Update (Version 1607)
-
-Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2937.pdf)|[#2937](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2937)|FIPS approved algorithms: AES (Cert. [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); DRBG (Cert. [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)); DSA (Cert. [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098)); ECDSA (Cert. [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); KAS (Cert. [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92)); KBKDF (Cert. [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101)); KTS (AES Cert. [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192), [#2193, and #2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)); Triple-DES (Cert. [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227))<p>Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#922](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#922)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#887)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#886))|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2936.pdf)|[#2936](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936)|FIPS approved algorithms: AES (Cert. [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); DRBG (Cert. [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)); DSA (Cert. [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098)); ECDSA (Cert. [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); KAS (Cert. [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92)); KBKDF (Cert. [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101)); KTS (AES Cert. [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192), [#2193, and #2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)); Triple-DES (Cert. [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227))<p>Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#922](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#922)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#887))|
-|Boot Manager|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2931.pdf)|[#2931](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2931)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); PBKDF (vendor affirmed); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: MD5; PBKDF (non-compliant); VMK KDF|
-|BitLocker® Windows OS Loader (winload)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2932.pdf)|[#2932](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2932)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: NDRNG; MD5|
-|BitLocker® Windows Resume (winresume)<sup>[1]</sup>|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2933.pdf)|[#2933](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2933)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: MD5|
-|BitLocker® Dump Filter (dumpfve.sys)<sup>[2]</sup>|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2934.pdf)|[#2934](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2934)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064))|
-|Code Integrity (ci.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2935.pdf)|[#2935](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2935)|FIPS approved algorithms: RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: AES (non-compliant); MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888))|
-|Secure Kernel Code Integrity (skci.dll)<sup>[3]</sup>|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2938.pdf)|[#2938](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2938)|FIPS approved algorithms: RSA (Certs. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Certs. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888))|
-
-<sup>\[1\]</sup> Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-
-<sup>\[2\]</sup> Applies only to Pro, Enterprise, Enterprise LTSB, and Mobile
-
-<sup>\[3\]</sup> Applies only to Pro, Enterprise, and Enterprise LTSB
-
-##### Windows 10 November 2015 Update (Version 1511)
-
-Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, Surface Hub
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf)|[#2606](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2606)|FIPS approved algorithms: AES (Certs. [#3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629)); DRBG (Certs. [#955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)); DSA (Certs. [#1024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024)); ECDSA (Certs. [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760)); HMAC (Certs. [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)); KAS (Certs. [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#72); key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#72)); KTS (AES Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1887), [#1888, and #1889](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1888)); SHS (Certs. [#3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)); Triple-DES (Certs. [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2024))<p>Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#666](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#666)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#663](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#663)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#664](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#664))|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf)|[#2605](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2605)|FIPS approved algorithms: AES (Certs. [#3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629)); DRBG (Certs. [#955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)); DSA (Certs.  [#1024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024)); ECDSA (Certs. [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760)); HMAC (Certs. [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)); KAS (Certs. [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#72); key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#72)); KTS (AES Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1887), [#1888, and #1889](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1888)); SHS (Certs. [#3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)); Triple-DES (Certs. [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2024))<p>Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#666](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#666)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#663](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#663))|
-|Boot Manager <sup>[4]</sup>|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2700.pdf)|[#2700](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2700)|FIPS approved algorithms: AES (Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653)); HMAC (Cert. [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)); PBKDF (vendor affirmed); RSA (Cert. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Certs. [#3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) and [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048))<p>Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
-|BitLocker® Windows OS Loader (winload)<sup>[5]</sup>|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2701.pdf)|[#2701](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2701)|FIPS approved algorithms: AES (Certs. [#3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629) and [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653)); RSA (Cert. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Cert. [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048))<p>Other algorithms: MD5; NDRNG|
-|BitLocker® Windows Resume (winresume)<sup>[6]</sup>|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2702.pdf)|[#2702](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2702)|FIPS approved algorithms: AES (Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653)); RSA (Cert. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Cert. [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048))<p>Other algorithms: MD5|
-|BitLocker® Dump Filter (dumpfve.sys)<sup>[7]</sup>|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2703.pdf)|[#2703](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2703)|FIPS approved algorithms: AES (Certs. [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653))|
-|Code Integrity (ci.dll)|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2604.pdf)|[#2604](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2604)|FIPS approved algorithms: RSA (Certs. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Certs. [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048))<p>Other algorithms: AES (non-compliant); MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665))|
-|Secure Kernel Code Integrity (skci.dll)<sup>[8]</sup>|[10.0.10586](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2607.pdf)|[#2607](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2607)|FIPS approved algorithms: RSA (Certs. [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)); SHS (Certs. [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048))<p>Other algorithms: MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665))|
-
-<sup>\[4\]</sup> Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
-
-<sup>\[5\]</sup> Applies only to Home, Pro, Enterprise, Mobile, and Surface Hub
-
-<sup>\[6\]</sup> Applies only to Home, Pro, and Enterprise
-
-<sup>\[7\]</sup> Applies only to Pro, Enterprise, Mobile, and Surface Hub
-
-<sup>\[8\]</sup> Applies only to Enterprise and Enterprise LTSB
-
-##### Windows 10 (Version 1507)
-
-Validated Editions: Home, Pro, Enterprise, Enterprise LTSB, Mobile, and Surface Hub
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf)|#[2606](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2606)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)); DRBG (Certs. [#868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)); DSA (Certs. [#983](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983)); ECDSA (Certs. [#706](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706)); HMAC (Certs. [#2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)); KAS (Certs. [#64](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64); key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#66](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#66)); KTS (AES Certs. [#3507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3507); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1783), [#1798](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1798), and [#1802](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1802)); SHS (Certs. [#2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)); Triple-DES (Certs. [#1969](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1969))<p>Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#576](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#576)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#575](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#575))|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2605.pdf)|[#2605](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2605)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)); DRBG (Certs. [#868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)); DSA (Certs. [#983](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983)); ECDSA (Certs. [#706](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706)); HMAC (Certs. [#2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)); KAS (Certs. [#64](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64); key agreement; key establishment methodology provides between 112 bits and 256 bits of encryption strength); KBKDF (Certs. [#66](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#66)); KTS (AES Certs. [#3507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3507); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#1783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1783), [#1798](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1798), and [#1802](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1802)); SHS (Certs. [#2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)); Triple-DES (Certs. [#1969](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1969))<p>Other algorithms: DES; HMAC-MD5; Legacy CAPI KDF; MD2; MD4; MD5; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572)); FIPS186-4 RSA; RSADP - RSADP Primitive (Cert. [#576](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#576))|
-|Boot Manager<sup>[9]</sup>|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2600.pdf)|[#2600](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2600)|FIPS approved algorithms: AES (Cert. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)); HMAC (Cert. [#2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)); KTS (AES Cert. [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498)); PBKDF (vendor affirmed); RSA (Cert. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Certs. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871) and [#2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886))<p>Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
-|BitLocker® Windows OS Loader (winload)<sup>[10]</sup>|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2601.pdf)|[#2601](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2601)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497) and [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498)); RSA (Cert. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Cert. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871))<p>Other algorithms: MD5; NDRNG|
-|BitLocker® Windows Resume (winresume)<sup>[11]</sup>|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2602.pdf)|[#2602](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2602)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497) and [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498)); RSA (Cert. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Cert. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871))<p>Other algorithms: MD5|
-|BitLocker® Dump Filter (dumpfve.sys)<sup>[12]</sup>|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2603.pdf)|[#2603](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2603)|FIPS approved algorithms: AES (Certs. [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497) and [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498))|
-|Code Integrity (ci.dll)|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2604.pdf)|[#2604](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2604)|FIPS approved algorithms: RSA (Certs. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Certs. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871))<p>Other algorithms: AES (non-compliant); MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572))|
-|Secure Kernel Code Integrity (skci.dll)<sup>[13]</sup>|[10.0.10240](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2607.pdf)|[#2607](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2607)|FIPS approved algorithms: RSA (Certs. [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)); SHS (Certs. [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871))<p>Other algorithms: MD5<p>Validated Component Implementations: FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572))|
-
-
-<sup>\[9\]</sup> Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-
-<sup>\[10\]</sup> Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-
-<sup>\[11\]</sup> Applies only to Home, Pro, Enterprise, and Enterprise LTSB
-
-<sup>\[12\]</sup> Applies only to Pro, Enterprise, and Enterprise LTSB
-
-<sup>\[13\]</sup> Applies only to Enterprise and Enterprise LTSB
-
-##### Windows 8.1
-
-Validated Editions: RT, Pro, Enterprise, Phone, Embedded
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2357.pdf)|[#2357](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2357)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); DRBG (Certs. [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)); DSA (Cert. [#855](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855)); ECDSA (Cert. [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); KAS (Cert. [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47)); KBKDF (Cert. [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30)); PBKDF (vendor affirmed); RSA (Certs. [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487), [#1493, and #1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493)); SHS (Cert. [#2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)); Triple-DES (Cert. [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692))<p>Other algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)#2832, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#288](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#288)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#289)); SP800-135 - Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS (Cert. [#323](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#323))|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.3.9600 6.3.9600.17042](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2356.pdf)|[#2356](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2356)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); DRBG (Certs. [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)); ECDSA (Cert. [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); KAS (Cert. [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47)); KBKDF (Cert. [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30)); PBKDF (vendor affirmed); RSA (Certs. [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487), [#1493, and #1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493)); SHS (Cert. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)); Triple-DES (Cert. [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692))<p>Other algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)<p>Validated Component Implementations: FIPS186-4 ECDSA - Signature Generation of hash sized messages (Cert. [#288](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#288)); FIPS186-4 RSA; PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#289))|
-|Boot Manager|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2351.pdf)|[#2351](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2351)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); PBKDF (vendor affirmed); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Certs. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) and [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396))<p>Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
-|BitLocker® Windows OS Loader (winload)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2352.pdf)|[#2352](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2352)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Cert. [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396))<p>Other algorithms: MD5; NDRNG|
-|BitLocker® Windows Resume (winresume)<sup>[14]</sup>|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2353.pdf)|[#2353](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2353)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Certs. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) and [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396))<p>Other algorithms: MD5|
-|BitLocker® Dump Filter (dumpfve.sys)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2354.pdf)|[#2354](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2354)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832))<p>Other algorithms: N/A|
-|Code Integrity (ci.dll)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2355.pdf)|[#2355](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2355)|FIPS approved algorithms: RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Cert. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373))<p>Other algorithms: MD5<p>Validated Component Implementations: PKCS#1 v2.1 - RSASP1 Signature Primitive (Cert. [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#289))|
-
-<sup>\[14\]</sup> Applies only to Pro, Enterprise, and Embedded 8.
-
-##### Windows 8
-
-Validated Editions: RT, Home, Pro, Enterprise, Phone
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1892.pdf)|[#1892](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1892)|FIPS approved algorithms: AES (Certs. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) and [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)); DRBG (Certs. [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)); DSA (Cert. [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687)); ECDSA (Cert. [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)); HMAC (Cert. [#1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)); KAS (Cert. [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)); KBKDF (Cert. [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)); PBKDF (vendor affirmed); RSA (Certs. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133) and [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)); Triple-DES (Cert. [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387))<p>Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258); DSA (Cert.); ECDSA (Cert.); HMAC (Cert.); KAS (Cert); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1891.pdf)|[#1891](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1891)|FIPS approved algorithms: AES (Certs. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) and [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)); DRBG (Certs. [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) and [#259](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#259)); ECDSA (Cert. [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)); HMAC (Cert. [#1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)); KAS (Cert. [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)); KBKDF (Cert. [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)); PBKDF (vendor affirmed); RNG (Cert. [#1110](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#1110)); RSA (Certs. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133) and [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)); Triple-DES (Cert. [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387))<p>Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#258 and); ECDSA (Cert.); HMAC (Cert.); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RNG (Cert.); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)|
-|Boot Manager|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1895.pdf)|[#1895](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1895)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); HMAC (Cert. #[1347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1347)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903))<p>Other algorithms: MD5|
-|BitLocker® Windows OS Loader (WINLOAD)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1896.pdf)|[#1896](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1896)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903))<p>Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197); non-compliant); MD5; Non-Approved RNG|
-|BitLocker® Windows Resume (WINRESUME)<sup>[15]</sup>|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1898.pdf)|[#1898](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1898)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903))<p>Other algorithms: MD5|
-|BitLocker® Dump Filter (DUMPFVE.SYS)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1899.pdf)|[#1899](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1899)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198))<p>Other algorithms: N/A|
-|Code Integrity (CI.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1897.pdf)|[#1897](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1897)|FIPS approved algorithms: RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903))<p>Other algorithms: MD5|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1893.pdf)|[#1893](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1893)|FIPS approved algorithms: DSA (Cert. [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#686)); SHS (Cert. [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386)); Triple-DES MAC (Triple-DES Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#1902); Triple-DES (Cert.); Triple-DES MAC (Triple-DES Certificate, vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Certificate, key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1894.pdf)|[#1894](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1894)|FIPS approved algorithms: AES (Cert. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196)); HMAC (Cert. #1346); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386))<p>Other algorithms: AES (Cert. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-
-<sup>\[15\]</sup> Applies only to Home and Pro
-
-**Windows 7**
-
-Validated Editions: Windows 7, Windows 7 SP1
-
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1329.pdf)<p>[6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1329.pdf)|[1329](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1329)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1178](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1178)); AES GCM (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); AES GMAC (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); DRBG (Certs. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) and [#24](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#24)); DSA (Cert. [#386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#386)); ECDSA (Cert. [#141](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#141)); HMAC (Cert. [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#677)); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#560](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#560)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846))<p>Other algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4#559 and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf)<p>[6.1.7600.16915](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf)<p>[6.1.7600.21092](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf)<p>[6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf)<p>[6.1.7601.17725](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf)<p>[6.1.7601.17919](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf)<p>[6.1.7601.21861](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf)<p>[6.1.7601.22076](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1328.pdf)|[1328](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1328)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1178](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1178)); AES GCM (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); AES GMAC (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); DRBG (Certs. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) and [#24](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#24)); ECDSA (Cert. [#141](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#141)); HMAC (Cert. [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#677)); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides 80 bits to 256 bits of encryption strength); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#560](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#560)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846))<p>Other algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4|
-|Boot Manager|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1319.pdf)<p>[6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1319.pdf)|[1319](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1319)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); HMAC (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)); RSA (Cert. [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081))<p>Other algorithms: MD5#1168 and); HMAC (Cert.); RSA (Cert.); SHS (Cert.)<p>Other algorithms: MD5|
-|Winload OS Loader (winload.exe)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf)<p>[6.1.7600.16757](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf)<p>[6.1.7600.20897](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf)<p>[6.1.7600.20916](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf)<p>[6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf)<p>[6.1.7601.17556](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf)<p>[6.1.7601.21655](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf)<p>[6.1.7601.21675](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1326.pdf)|[1326](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1326)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); RSA (Cert. [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081))<p>Other algorithms: MD5|
-|BitLocker™ Drive Encryption|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7600.16429](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7600.16757](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7600.20536](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7600.20873](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7600.20897](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7600.20916](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7601.17556](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7601.21634](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7601.21655](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)<p>[6.1.7601.21675](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1332.pdf)|[1332](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1332)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); HMAC (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081))<p>Other algorithms: Elephant Diffuser|
-|Code Integrity (CI.DLL)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf)<p>[6.1.7600.17122](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf)v[6.1.7600.21320](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf)<p>[6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf)<p>[6.1.7601.17950](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf)v[6.1.7601.22108](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1327.pdf)|[1327](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1327)|FIPS approved algorithms: RSA (Cert. [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081))<p>Other algorithms: MD5|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1331.pdf)<p>(no change in SP1)|[1331](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1331)|FIPS approved algorithms: DSA (Cert. [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#385)); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)); Triple-DES MAC (Triple-DES Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846), vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4|
-|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1330.pdf)<p>(no change in SP1)|[1330](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1330)|FIPS approved algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)); DRBG (Cert. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)); HMAC (Cert. [#673](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#673)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); RSA (Certs. [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557) and [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846))<p>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-
-##### Windows Vista SP1
-
-Validated Editions: Ultimate Edition
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Boot Manager (bootmgr)|[6.0.6001.18000 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp978.pdf)|[978](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/978)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)); HMAC (Cert. [#415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#415)); RSA (Cert. [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753))|
-|Winload OS Loader (winload.exe)|[6.0.6001.18000, 6.0.6001.18027, 6.0.6001.18606, 6.0.6001.22125, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411 and 6.0.6002.22596](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp979.pdf)|[979](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/979)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)); RSA (Cert. [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753))<p>Other algorithms: MD5|
-|Code Integrity (ci.dll)|[6.0.6001.18000, 6.0.6001.18023, 6.0.6001.22120, and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp980.pdf)|[980](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/980)|FIPS approved algorithms: RSA (Cert. [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753))<p>Other algorithms: MD5|
-|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742, and 6.0.6002.22869](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1000.pdf)|[1000](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1000)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#756](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#756)); ECDSA (Cert. [#82](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#82)); HMAC (Cert. [#412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#412)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435) and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#357](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#357)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656))#739 and); ECDSA (Cert.); HMAC (Cert.); RNG (Cert.  and SP 800-90 AES-CTR, vendor-affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-|Cryptographic Primitives Library (bcrypt.dll)|[6.0.6001.22202, 6.0.6002.18005, and 6.0.6002.22872](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1002.pdf)|[1001](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1001)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#756](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#756)); DSA (Cert. [#283](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#283)); ECDSA (Cert. [#82](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#82)); HMAC (Cert. [#412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#412)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435) and SP 800-90, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#357](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#357)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656))<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)|
-|Enhanced Cryptographic Provider (RSAENH)|[6.0.6001.22202 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1002.pdf)|[1002](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1002)|FIPS approved algorithms: AES (Cert. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739)); HMAC (Cert. [#407](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#407)); RNG (SP 800-90, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656))<p>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6001.18000 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1003.pdf)|[1003](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1003)|FIPS approved algorithms: DSA (Cert. [#281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#281)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)); Triple-DES MAC (Triple-DES Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656), vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4|
-
-##### Windows Vista
-
-Validated Editions: Ultimate Edition
-
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Enhanced Cryptographic Provider (RSAENH) | [6.0.6000.16386](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp893.pdf) | [893](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/893) | FIPS approved algorithms: AES (Cert. [#553](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#553)); HMAC (Cert. [#297](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#297)); RNG (Cert. [#321](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#321)); RSA (Certs. [#255](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#255) and [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#258)); SHS (Cert. [#618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)); Triple-DES (Cert. [#549](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#549))<br/><br/>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6000.16386](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp894.pdf)|[894](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/894)|FIPS approved algorithms: DSA (Cert. [#226](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#226)); RNG (Cert. [#321](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#321)); SHS (Cert. [#618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)); Triple-DES (Cert. [#549](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#549)); Triple-DES MAC (Triple-DES Cert. [#549](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#549), vendor affirmed)<br/><br/>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4|
-|BitLocker™ Drive Encryption|[6.0.6000.16386](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp947.pdf)|[947](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/947)|FIPS approved algorithms: AES (Cert. [#715](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#715)); HMAC (Cert. [#386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#386)); SHS (Cert. [#737](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737))<br/><br/>Other algorithms: Elephant Diffuser|
-|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6000.16386, 6.0.6000.16870 and 6.0.6000.21067](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp891.pdf)|[891](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/891)|FIPS approved algorithms: AES (Cert. #553); ECDSA (Cert. #60); HMAC (Cert. #298); RNG (Cert. #321); RSA (Certs. #257 and #258); SHS (Cert. #618); Triple-DES (Cert. #549)<br/><br/>Other algorithms: DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides 128 bits to 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; HMAC MD5|
-
-##### Windows XP SP3
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.1.2600.5512](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp997.pdf)|[997](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/997)|FIPS approved algorithms: HMAC (Cert. [#429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#429)); RNG (Cert. [#449](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#449)); SHS (Cert. [#785](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#785)); Triple-DES (Cert. [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#677)); Triple-DES MAC (Triple-DES Cert. [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#677), vendor affirmed)<p>Other algorithms: DES; MD5; HMAC MD5|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.1.2600.5507](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp990.pdf)|[990](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/990)|FIPS approved algorithms: DSA (Cert. [#292](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#292)); RNG (Cert. [#448](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#448)); SHS (Cert. [#784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#784)); Triple-DES (Cert. [#676](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#676)); Triple-DES MAC (Triple-DES Cert. [#676](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#676), vendor affirmed)<p>Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits); MD5; RC2; RC4|
-|Enhanced Cryptographic Provider (RSAENH)|[5.1.2600.5507](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp989.pdf)|[989](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/989)|FIPS approved algorithms: AES (Cert. [#781](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#781)); HMAC (Cert. [#428](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#428)); RNG (Cert. [#447](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#447)); RSA (Cert. [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#371)); SHS (Cert. [#783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)); Triple-DES (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#675)); Triple-DES MAC (Triple-DES Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#675), vendor affirmed)<p>Other algorithms: DES; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits)|
-
-##### Windows XP SP2
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|DSS/Diffie-Hellman Enhanced Cryptographic Provider|[5.1.2600.2133](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp240.pdf)|[240](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/240)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Cert. [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29))<p>Other algorithms: DES (Cert. [#66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66)); RC2; RC4; MD5; DES40; Diffie-Hellman (key agreement)|
-|Microsoft Enhanced Cryptographic Provider|[5.1.2600.2161](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp238.pdf)|[238](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/238)|FIPS approved algorithms: Triple-DES (Cert. [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#81)); AES (Cert. [#33](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#33)); SHA-1 (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83)); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83), vendor affirmed)<p>Other algorithms: DES (Cert. [#156](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#156)); RC2; RC4; MD5|
-
-
-##### Windows XP SP1
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Microsoft Enhanced Cryptographic Provider|[5.1.2600.1029](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp238.pdf)|[238](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/238)|FIPS approved algorithms: Triple-DES (Cert. [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#81)); AES (Cert. [#33](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#33)); SHA-1 (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83)); RSA (PKCS#1, vendor affirmed); HMAC-SHA-1 (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83), vendor affirmed)<p>Other algorithms: DES (Cert. [#156](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#156)); RC2; RC4; MD5|
-
-##### Windows XP
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Kernel Mode Cryptographic Module|[5.1.2600.0](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp241.pdf)|[241](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/241)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Cert. [#35](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#35)); HMAC-SHA-1 (Cert. [#35](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#35), vendor affirmed)<p>Other algorithms: DES (Cert. [#89](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#89))|
-
-##### Windows 2000 SP3
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.0.2195.1569](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp106.pdf)|[106](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/106)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); SHA-1 (Certs. [#35](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#35))<p>Other algorithms: DES (Certs. [#89](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#89))|
-|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[(Base DSS: 5.0.2195.3665 [SP3])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[(Base: 5.0.2195.3839 [SP3])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[(DSS/DH Enh: 5.0.2195.3665 [SP3])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[(Enh: 5.0.2195.3839 [SP3]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)|[103](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/103)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Certs. [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28) and [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29)); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#65](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#65), [66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66), [67](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#67) and [68](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#68)); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5|
-
-##### Windows 2000 SP2
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.0.2195.1569](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp106.pdf)|[106](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/106)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); SHA-1 (Certs. [#35](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#35))<p>Other algorithms: DES (Certs. [#89](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#89))|
-|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[(Base DSS:](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[5.0.2195.2228 [SP2])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[(Base:](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[5.0.2195.2228 [SP2])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[(DSS/DH Enh:](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[5.0.2195.2228 [SP2])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[(Enh:](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[5.0.2195.2228 [SP2])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)|[103](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/103)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Certs. [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28) and [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29)); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#65](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#65), [66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66), [67](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#67) and [68](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#68)); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5|
-
-##### Windows 2000 SP1
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|([Base DSS: 5.0.2150.1391 [SP1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[(Base: 5.0.2150.1391 [SP1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[(DSS/DH Enh: 5.0.2150.1391 [SP1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)<p>[(Enh: 5.0.2150.1391 [SP1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp103.pdf)|[103](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/103)|FIPS approved algorithms: Triple-DES (Cert. [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)); DSA/SHA-1 (Certs. [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28) and [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29)); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#65](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#65), [66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66), [67](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#67) and [68](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#68)); Diffie-Hellman (key agreement); RC2; RC4; MD2; MD4; MD5|
-
-##### Windows 2000
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[5.0.2150.1](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp76.pdf)|[76](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/76)|FIPS approved algorithms: Triple-DES (vendor affirmed); DSA/SHA-1 (Certs. [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28) and [29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29)); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#65](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#65), [66](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#66), [67](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#67) and [68](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#68)); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)|
-
-##### Windows 95 and Windows 98
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Base DSS Cryptographic Provider, Base Cryptographic Provider, DSS/Diffie-Hellman Enhanced Cryptographic Provider, and Enhanced Cryptographic Provider|[5.0.1877.6 and 5.0.1877.7](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp75.pdf)|[75](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/75)|FIPS approved algorithms: Triple-DES (vendor affirmed); SHA-1 (Certs. [#20](https://social.msdn.microsoft.com/forums/en-us/f93c9ee5-89b9-41a4-96c4-6eb9346625b9/msrai-msra-parsing-remote-assistance-packets-in-network-monitor?forum=os_windowsprotocolshttps://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#20) and [21](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#21)); DSA/SHA-1 (Certs. [#25](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#25) and [26](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#26)); RSA (vendor- affirmed)<p>Other algorithms: DES (Certs. [#61](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#61), [62](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#62), [63](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#63) and [64](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#64)); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)|
-
-
-##### Windows NT 4.0
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Base Cryptographic Provider|[5.0.1877.6 and 5.0.1877.7](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp68.pdf)|[68](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/68)|FIPS approved algorithms: SHA-1 (Certs. [#20](https://social.msdn.microsoft.com/forums/en-us/f93c9ee5-89b9-41a4-96c4-6eb9346625b9/msrai-msra-parsing-remote-assistance-packets-in-network-monitor?forum=os_windowsprotocolshttps://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#20) and [21](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#21)); DSA/SHA- 1 (Certs. [#25](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#25) and [26](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#26)); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#61](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#61), [62](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#62), [63](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#63) and [64](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#64)); Triple-DES (allowed for US and Canadian Government use); RC2; RC4; MD2; MD4; MD5; Diffie-Hellman (key agreement)|
-
-## Modules used by Windows Server
-
-##### Windows Server 2019 (Version 1809)
-
-Validated Editions: Standard, Datacenter
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
-|Kernel Mode Cryptographic Primitives Library|[10.0.17763](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
-|Code Integrity|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3644.pdf)|[#3644](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3644)|See Security Policy and Certificate page for algorithm information|
-|Windows OS Loader|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3615.pdf)|[#3615](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3615)|See Security Policy and Certificate page for algorithm information|
-|Secure Kernel Code Integrity|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3651.pdf)|[#3651](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3651)|See Security Policy and Certificate page for algorithm information|
-|BitLocker Dump Filter|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
-|Boot Manager|[10.0.17763](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
-|Virtual TPM|[10.0.17763](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3690.pdf)|[#3690](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3690)|See Security Policy and Certificate page for algorithm information|
-
-##### Windows Server (Version 1803)
-
-Validated Editions: Standard, Datacenter
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
-|Kernel Mode Cryptographic Primitives Library|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
-|Code Integrity|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3195.pdf)|[#3195](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3195)|See Security Policy and Certificate page for algorithm information|
-|Windows OS Loader|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3480.pdf)|[#3480](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3480)|See Security Policy and Certificate page for algorithm information|
-|Secure Kernel Code Integrity|[10.0.17134](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|See Security Policy and Certificate page for algorithm information|
-|BitLocker Dump Filter|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
-|Boot Manager|[10.0.17134](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
-
-##### Windows Server (Version 1709)
-
-Validated Editions: Standard, Datacenter
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf)|[#3197](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197)|See Security Policy and Certificate page for algorithm information|
-|Kernel Mode Cryptographic Primitives Library|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf)|[#3196](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196)|See Security Policy and Certificate page for algorithm information|
-|Code Integrity|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3195.pdf)|[#3195](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3195)|See Security Policy and Certificate page for algorithm information|
-|Windows OS Loader|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3194.pdf)|[#3194](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3194)|See Security Policy and Certificate page for algorithm information|
-|Secure Kernel Code Integrity|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf)|[#3096](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096)|See Security Policy and Certificate page for algorithm information|
-|BitLocker Dump Filter|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf)|[#3092](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092)|See Security Policy and Certificate page for algorithm information|
-|Windows Resume|[10.0.16299](https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3091.pdf)|[#3091](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3091)|See Security Policy and Certificate page for algorithm information|
-|Boot Manager|[10.0.16299](https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf)|[#3089](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089)|See Security Policy and Certificate page for algorithm information|
-
-##### Windows Server 2016
-
-Validated Editions: Standard, Datacenter, Storage Server
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2937.pdf)|[2937](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2937)|FIPS approved algorithms: AES (Cert. [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); DRBG (Cert. [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)); DSA (Cert. [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098)); ECDSA (Cert. [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); KAS (Cert. [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92)); KBKDF (Cert. [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101)); KTS (AES Cert. [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192), [#2193, and #2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)); Triple-DES (Cert. [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227))<p>Other algorithms: HMAC-MD5; MD5; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2936.pdf)|[2936](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936)|FIPS approved algorithms: AES (Cert. [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); DRBG (Cert. [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)); DSA (Cert. [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098)); ECDSA (Cert. [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); KAS (Cert. [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92)); KBKDF (Cert. [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101)); KTS (AES Cert. [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062); key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); PBKDF (vendor affirmed); RSA (Certs. [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192), [#2193, and #2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)); Triple-DES (Cert. [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227))<p>Other algorithms: HMAC-MD5; MD5; NDRNG; DES; Legacy CAPI KDF; MD2; MD4; RC2; RC4; RSA (encrypt/decrypt)|
-|Boot Manager|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2931.pdf)|[2931](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2931)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); HMAC (Cert. [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)); PBKDF (vendor affirmed); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: MD5; PBKDF (non-compliant); VMK KDF|
-|BitLocker® Windows OS Loader (winload)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2932.pdf)|[2932](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2932)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: NDRNG; MD5|
-|BitLocker® Windows Resume (winresume)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2933.pdf)|[2933](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2934)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)); RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: MD5|
-|BitLocker® Dump Filter (dumpfve.sys)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2934.pdf)|[2934](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2934)|FIPS approved algorithms: AES (Certs. [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061) and [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064))|
-|Code Integrity (ci.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2935.pdf)|[2935](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2935)|FIPS approved algorithms: RSA (Cert. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Cert. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: AES (non-compliant); MD5|
-|Secure Kernel Code Integrity (skci.dll)|[10.0.14393](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2938.pdf)|[2938](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2938)|FIPS approved algorithms: RSA (Certs. [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)); SHS (Certs. [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347))<p>Other algorithms: MD5|
-
-##### Windows Server 2012 R2
-
-Validated Editions: Server, Storage Server,
-
-**StorSimple 8000 Series, Azure StorSimple Virtual Array Windows Server 2012 R2**
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2357.pdf)|[2357](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2357)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); DRBG (Certs. [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)); DSA (Cert. [#855](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855)); ECDSA (Cert. [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); KAS (Cert. [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47)); KBKDF (Cert. [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30)); PBKDF (vendor affirmed); RSA (Certs. [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487), [#1493, and #1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493)); SHS (Cert. [#2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)); Triple-DES (Cert. [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692))<p>Other algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.3.9600 6.3.9600.17042](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2356.pdf)|[2356](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2356)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); DRBG (Certs. [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)); ECDSA (Cert. [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); KAS (Cert. [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47)); KBKDF (Cert. [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30)); PBKDF (vendor affirmed); RSA (Certs. [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487), [#1493, and #1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493)); SHS (Cert. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)); Triple-DES (Cert. [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692))<p>Other algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); AES-GCM encryption (non-compliant); DES; HMAC MD5; Legacy CAPI KDF; MD2; MD4; MD5; NDRNG; RC2; RC4; RSA (encrypt/decrypt)|
-|Boot Manager|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2351.pdf)|[2351](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2351)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); HMAC (Cert. [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)); PBKDF (vendor affirmed); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Certs. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) and [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396))<p>Other algorithms: MD5; KDF (non-compliant); PBKDF (non-compliant)|
-|BitLocker® Windows OS Loader (winload)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2352.pdf)|[2352](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2352)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Cert. [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396))<p>Other algorithms: MD5; NDRNG|
-|BitLocker® Windows Resume (winresume)<sup>[16]</sup>|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2353.pdf)|[2353](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2353)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)); RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Certs. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) and [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396))<p>Other algorithms: MD5|
-|BitLocker® Dump Filter (dumpfve.sys)<sup>[17]</sup>|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2354.pdf)|[2354](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2354)|FIPS approved algorithms: AES (Cert. [#2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832))<p>Other algorithms: N/A|
-|Code Integrity (ci.dll)|[6.3.9600 6.3.9600.17031](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2355.pdf)|[2355](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2355)|FIPS approved algorithms: RSA (Cert. [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)); SHS (Cert. [# 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373))<p>Other algorithms: MD5|
-
-<sup>\[16\]</sup> Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
-
-<sup>\[17\]</sup> Doesn't apply to **Azure StorSimple Virtual Array Windows Server 2012 R2**
-
-**Windows Server 2012**
-
-Validated Editions: Server, Storage Server
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Cryptographic Primitives Library (BCRYPTPRIMITIVES.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1892.pdf)|[1892](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1892)|FIPS approved algorithms: AES (Certs. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) and [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)); DRBG (Certs. [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)); DSA (Cert. [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687)); ECDSA (Cert. [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)); HMAC (Cert. #[1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)); KAS (Cert. [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)); KBKDF (Cert. [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)); PBKDF (vendor affirmed); RSA (Certs. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133) and [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)); Triple-DES (Cert. [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387))<p>Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#687); ECDSA (Cert.); HMAC (Cert. #); KAS (Cert.); KBKDF (Cert.); PBKDF (vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1891.pdf)|[1891](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1891)|FIPS approved algorithms: AES (Certs. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197) and [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)); DRBG (Certs. [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) and [#259](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#259)); ECDSA (Cert. [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)); HMAC (Cert. [#1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)); KAS (Cert. [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)); KBKDF (Cert. [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)); PBKDF (vendor affirmed); RNG (Cert. [#1110](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#1110)); RSA (Certs. [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133) and [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)); Triple-DES (Cert. [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387))<p>Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)#1110); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (Certificate, key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Legacy CAPI KDF; MD2; MD4; MD5; HMAC MD5; RC2; RC4; RSA (encrypt/decrypt)|
-|Boot Manager|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1895.pdf)|[1895](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1895)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); HMAC (Cert. #[1347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1347)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903))<p>Other algorithms: MD5|
-|BitLocker® Windows OS Loader (WINLOAD)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1896.pdf)|[1896](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1896)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903))<p>Other algorithms: AES (Cert. [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197); non-compliant); MD5; Non-Approved RNG|
-|BitLocker® Windows Resume (WINRESUME)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1898.pdf)|[1898](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1898)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903))<p>Other algorithms: MD5|
-|BitLocker® Dump Filter (DUMPFVE.SYS)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1899.pdf)|[1899](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1899)|FIPS approved algorithms: AES (Certs. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196) and [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198))<p>Other algorithms: N/A|
-|Code Integrity (CI.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1897.pdf)|[1897](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1897)|FIPS approved algorithms: RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903))<p>Other algorithms: MD5|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1893.pdf)|[1893](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1893)|FIPS approved algorithms: DSA (Cert. [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#686)); SHS (Cert. [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386)); Triple-DES MAC (Triple-DES Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4; Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-|Enhanced Cryptographic Provider (RSAENH.DLL)|[6.2.9200](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1894.pdf)|[1894](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/1401val2013.htm#1894)|FIPS approved algorithms: AES (Cert. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196)); HMAC (Cert. [#1346](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1346)); RSA (Cert. [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)); SHS (Cert. [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386))<p>Other algorithms: AES (Cert. [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); Triple-DES (Cert. [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), key wrapping; key establishment methodology provides 112 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-
-##### Windows Server 2008 R2
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Boot Manager (bootmgr)|[6.1.7600.16385 or 6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1321.pdf)|[1321](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1321)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); HMAC (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)); RSA (Cert. [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081))<p>Other algorithms: MD5|
-|Winload OS Loader (winload.exe)|[6.1.7600.16385, 6.1.7600.16757, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21655 and 6.1.7601.21675](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1333.pdf)|[1333](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1333)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); RSA (Cert. [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081))<p>Other algorithms: MD5|
-|Code Integrity (ci.dll)|[6.1.7600.16385, 6.1.7600.17122, 6.1.7600.21320, 6.1.7601.17514, 6.1.7601.17950 and 6.1.7601.22108](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1334.pdf)|[1334](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1334)|FIPS approved algorithms: RSA (Cert. [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081))<p>Other algorithms: MD5|
-|Kernel Mode Cryptographic Primitives Library (cng.sys)|[6.1.7600.16385, 6.1.7600.16915, 6.1.7600.21092, 6.1.7601.17514, 6.1.7601.17919, 6.1.7601.17725, 6.1.7601.21861 and 6.1.7601.22076](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1335.pdf)|[1335](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1335)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); AES GCM (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); AES GMAC (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); DRBG (Certs. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) and [#27](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#27)); ECDSA (Cert. [#142](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#142)); HMAC (Cert. [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#686)); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#567](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#567)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846))<p>Other algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4|
-|Cryptographic Primitives Library (bcryptprimitives.dll)|[66.1.7600.16385 or 6.1.7601.17514](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1336.pdf)|[1336](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1336)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); AES GCM (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); AES GMAC (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed); DRBG (Certs. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23) and [#27](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#27)); DSA (Cert. [#391](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#391)); ECDSA (Cert. [#142](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#142)); HMAC (Cert. [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#686)); KAS (SP 800-56A, vendor affirmed, key agreement; key establishment methodology provides between 80 bits and 256 bits of encryption strength); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#567](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#567)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846))<p>Other algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), key wrapping; key establishment methodology provides between 128 bits and 256 bits of encryption strength); DES; HMAC MD5; MD2; MD4; MD5; RC2; RC4|
-|Enhanced Cryptographic Provider (RSAENH)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1337.pdf)|[1337](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1337)|FIPS approved algorithms: AES (Cert. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)); DRBG (Cert. [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)); HMAC (Cert. [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#687)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); RSA (Certs. [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559) and [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846))<p>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.1.7600.16385](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1338.pdf)|[1338](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1338)|FIPS approved algorithms: DSA (Cert. [#390](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#390)); RNG (Cert. [#649](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#649)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)); Triple-DES (Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)); Triple-DES MAC (Triple-DES Cert. [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846), vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman; MD5; RC2; RC2 MAC; RC4|
-|BitLocker™ Drive Encryption|[6.1.7600.16385, 6.1.7600.16429, 6.1.7600.16757, 6.1.7600.20536, 6.1.7600.20873, 6.1.7600.20897, 6.1.7600.20916, 6.1.7601.17514, 6.1.7601.17556, 6.1.7601.21634, 6.1.7601.21655 or 6.1.7601.21675](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1339.pdf)|[1339](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1339)|FIPS approved algorithms: AES (Certs. [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168) and [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)); HMAC (Cert. [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)); SHS (Cert. [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081))<p>Other algorithms: Elephant Diffuser|
-
-##### Windows Server 2008
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Boot Manager (bootmgr)|[6.0.6001.18000, 6.0.6002.18005 and 6.0.6002.22497](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1004.pdf)|[1004](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1004)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)); HMAC (Cert. [#415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#415)); RSA (Cert. [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753))<p>Other algorithms: N/A|
-|Winload OS Loader (winload.exe)|[6.0.6001.18000, 6.0.6001.18606, 6.0.6001.22861, 6.0.6002.18005, 6.0.6002.18411, 6.0.6002.22497 and 6.0.6002.22596](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1005.pdf)|[1005](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1005)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)); RSA (Cert. [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753))<p>Other algorithms: MD5|
-|Code Integrity (ci.dll)|[6.0.6001.18000 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1006.pdf)|[1006](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1006)|FIPS approved algorithms: RSA (Cert. [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753))<p>Other algorithms: MD5|
-|Kernel Mode Security Support Provider Interface (ksecdd.sys)|[6.0.6001.18709, 6.0.6001.18272, 6.0.6001.18796, 6.0.6001.22202, 6.0.6001.22450, 6.0.6001.22987, 6.0.6001.23069, 6.0.6002.18005, 6.0.6002.18051, 6.0.6002.18541, 6.0.6002.18643, 6.0.6002.22152, 6.0.6002.22742 and 6.0.6002.22869](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1007.pdf)|[1007](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1007)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#757](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#757)); ECDSA (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#83)); HMAC (Cert. [#413](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#413)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435) and SP800-90 AES-CTR, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#358](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#358)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656))<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)#83); HMAC (Cert.); RNG (Cert.  and SP800-90 AES-CTR, vendor affirmed); RSA (Certs.  and); SHS (Cert.); Triple-DES (Cert.)<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; HMAC MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping: key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-|Cryptographic Primitives Library (bcrypt.dll)|[6.0.6001.22202, 6.0.6002.18005 and 6.0.6002.22872](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1008.pdf)|[1008](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1008)|FIPS approved algorithms: AES (Certs. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739) and [#757](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#757)); DSA (Cert. [#284](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#284)); ECDSA (Cert. [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#83)); HMAC (Cert. [#413](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#413)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435) and SP800-90, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#358](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#358)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656))<p>Other algorithms: AES (GCM and GMAC; non-compliant); DES; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); EC Diffie-Hellman (key agreement; key establishment methodology provides between 128 bits and 256 bits of encryption strength); MD2; MD4; MD5; RC2; RC4; RNG (SP 800-90 Dual-EC; non-compliant); RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant provides less than 112 bits of encryption strength)|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[6.0.6001.18000 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1009.pdf)|[1009](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1009)|FIPS approved algorithms: DSA (Cert. [#282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#282)); RNG (Cert. [#435](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#435)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)); Triple-DES MAC (Triple-DES Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656), vendor affirmed)<p>Other algorithms: DES; DES MAC; DES40; DES40 MAC; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC2 MAC; RC4|
-|Enhanced Cryptographic Provider (RSAENH)|[6.0.6001.22202 and 6.0.6002.18005](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp1010.pdf)|[1010](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1010)|FIPS approved algorithms: AES (Cert. [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739)); HMAC (Cert. [#408](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#408)); RNG (SP 800-90, vendor affirmed); RSA (Certs. [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353) and [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355)); SHS (Cert. [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)); Triple-DES (Cert. [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656))<p>Other algorithms: DES; MD2; MD4; MD5; RC2; RC4; RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-
-##### Windows Server 2003 SP2
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.3959](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp875.pdf)|[875](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/875)|FIPS approved algorithms: DSA (Cert. [#221](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#221)); RNG (Cert. [#314](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#314)); RSA (Cert. [#245](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#245)); SHS (Cert. [#611](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#611)); Triple-DES (Cert. [#543](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#543))<p>Other algorithms: DES; DES40; Diffie-Hellman (key agreement; key establishment methodology provides between 112 bits and 150 bits of encryption strength; non-compliant less than 112 bits of encryption strength); MD5; RC2; RC4|
-|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.3959](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp869.pdf)|[869](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/869)|FIPS approved algorithms: HMAC (Cert. [#287](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#287)); RNG (Cert. [#313](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#313)); SHS (Cert. [#610](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#610)); Triple-DES (Cert. [#542](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#542))<p>Other algorithms: DES; HMAC-MD5|
-|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.3959](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp868.pdf)|[868](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/868)|FIPS approved algorithms: AES (Cert. [#548](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#548)); HMAC (Cert. [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#289)); RNG (Cert. [#316](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#316)); RSA (Cert. [#245](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#245)); SHS (Cert. [#613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)); Triple-DES (Cert. [#544](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#544))<p>Other algorithms: DES; RC2; RC4; MD2; MD4; MD5; RSA (key wrapping; key establishment methodology provides between 112 bits and 256 bits of encryption strength; non-compliant less than 112 bits of encryption strength)|
-
-##### Windows Server 2003 SP1
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.1830 [SP1]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp405.pdf)|[405](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/405)|FIPS approved algorithms: Triple-DES (Certs. [#201](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#201)[1] and [#370](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#370)[1]); SHS (Certs. [#177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#177)[1] and [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#371)[2])<p>Other algorithms: DES (Cert. [#230](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#230)[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)<p>[1] x86<p>[2] SP1 x86, x64, IA64|
-|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.1830 [Service Pack 1])](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp382.pdf)|[382](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/382)|FIPS approved algorithms: Triple-DES (Cert. [#192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#192)[1] and [#365](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#365)[2]); AES (Certs. [#80](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#80)[1] and [#290](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#290)[2]); SHS (Cert. [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176)[1] and [#364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364)[2]); HMAC (Cert. [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176), vendor affirmed[1] and [#99](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#99)[2]); RSA (PKCS#1, vendor affirmed[1] and [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81)[2])<p>Other algorithms: DES (Cert. [#226](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#226)[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5<p>[1] x86<p>[2] SP1 x86, x64, IA64|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.1830 [Service Pack 1]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp381.pdf)|[381](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/381)|FIPS approved algorithms: Triple-DES (Certs. [#199](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#199)[1] and [#381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#381)[2]); SHA-1 (Certs. [#181](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#181)[1] and [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385)[2]); DSA (Certs. [#95](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#95)[1] and [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#146)[2]); RSA (Cert. [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81))<p>Other algorithms: DES (Cert. [#229](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#229)[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40<p>[1] x86<p>[2] SP1 x86, x64, IA64|
-
-##### Windows Server 2003
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Kernel Mode Cryptographic Module (FIPS.SYS)|[5.2.3790.0](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp405.pdf)|[405](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/405)|FIPS approved algorithms: Triple-DES (Certs. [#201](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#201)[1] and [#370](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#370)[1]); SHS (Certs. [#177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#177)[1] and [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#371)[2])<p>Other algorithms: DES (Cert. [#230](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#230)[1]); HMAC-MD5; HMAC-SHA-1 (non-compliant)<p>[1] x86<p>[2] SP1 x86, x64, IA64|
-|Enhanced Cryptographic Provider (RSAENH)|[5.2.3790.0](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp382.pdf)|[382](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/382)|FIPS approved algorithms: Triple-DES (Cert. [#192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#192)[1] and [#365](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#365)[2]); AES (Certs. [#80](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#80)[1] and [#290](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#290)[2]); SHS (Cert. [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176)[1] and [#364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364)[2]); HMAC (Cert. [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176), vendor affirmed[1] and [#99](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#99)[2]); RSA (PKCS#1, vendor affirmed[1] and [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81)[2])<p>Other algorithms: DES (Cert. [#226](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#226)[1]); SHA-256[1]; SHA-384[1]; SHA-512[1]; RC2; RC4; MD2; MD4; MD5<p>[1] x86<p>[2] SP1 x86, x64, IA64|
-|Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH)|[5.2.3790.0](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp381.pdf)|[381](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/381)|FIPS approved algorithms: Triple-DES (Certs. [#199](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#199)[1] and [#381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#381)[2]); SHA-1 (Certs. [#181](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#181)[1] and [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385)[2]); DSA (Certs. [#95](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#95)[1] and [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#146)[2]); RSA (Cert. [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81))<p>Other algorithms: DES (Cert. [#229](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#229)[1]); Diffie-Hellman (key agreement); RC2; RC4; MD5; DES 40<p>[1] x86<p>[2] SP1 x86, x64, IA64|
-
-#### Other Products
-
-##### Windows Embedded Compact 7 and Windows Embedded Compact 8
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Enhanced Cryptographic Provider|[7.00.2872 [1] and 8.00.6246 [2]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2957.pdf)|[2957](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2957)|FIPS approved algorithms: AES (Certs.[#4433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4433)and[#4434](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4434)); CKG (vendor affirmed); DRBG (Certs.[#1432](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1432)and[#1433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1433)); HMAC (Certs.[#2946](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2946)and[#2945](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2945)); RSA (Certs.[#2414](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2414)and[#2415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2415)); SHS (Certs.[#3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)and[#3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)); Triple-DES (Certs.[#2383](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2383)and[#2384](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2384))<p>Allowed algorithms: HMAC-MD5, MD5, NDRNG|
-|Cryptographic Primitives Library (bcrypt.dll)|[7.00.2872 [1] and 8.00.6246 [2]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp2956.pdf)|[2956](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2956)|FIPS approved algorithms: AES (Certs.[#4430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4430)and[#4431](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4431)); CKG (vendor affirmed); CVL (Certs.[#1139](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1139)and[#1140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1140)); DRBG (Certs.[#1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)and[#1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430)); DSA (Certs.[#1187](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1187)and[#1188](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1188)); ECDSA (Certs.[#1072](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1072)and[#1073](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1073)); HMAC (Certs.[#2942](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2942)and[#2943](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2943)); KAS (Certs.[#114](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#114)and[#115](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#115)); RSA (Certs.[#2411](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2411)and[#2412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2412)); SHS (Certs.[#3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)and[#3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)); Triple-DES (Certs.[#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2381)and[#2382](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2382))<p>Allowed algorithms: MD5, NDRNG, RSA (key wrapping; key establishment methodology provides between 112 bits and 150 bits of encryption strength|
-
-##### Windows CE 6.0 and Windows Embedded Compact 7
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Enhanced Cryptographic Provider|[6.00.1937 [1] and 7.00.1687 [2]](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp825.pdf)|[825](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/825)|FIPS approved algorithms: AES (Certs. [#516](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#516) [1] and [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2024) [2]); HMAC (Certs. [#267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#267) [1] and [#1227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1227) [2]); RNG (Certs. [#292](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#292) [1] and [#1060](http://csrc.nist.gov/groups/stm/cavp/documents/rng/rnghistoricalval.html#1060) [2]); RSA (Cert. [#230](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#230) [1] and [#1052](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1052) [2]); SHS (Certs. [#589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589) [1] and #1774 [2]); Triple-DES (Certs. [#526](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#526) [1] and [#1308](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1308) [2])<p>Other algorithms: MD5; HMAC-MD5; RC2; RC4; DES|
-
-##### Outlook Cryptographic Provider
-
-|Cryptographic Module|Version (link to Security Policy)|FIPS Certificate #|Algorithms|
-|--- |--- |--- |--- |
-|Outlook Cryptographic Provider (EXCHCSP)|[SR-1A (3821)](http://csrc.nist.gov/groups/stm/cmvp/documents/140-1/140sp/140sp110.pdf)|[110](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/110)|FIPS approved algorithms: Triple-DES (Cert. [#18](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#18)); SHA-1 (Certs. [#32](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#32)); RSA (vendor affirmed)<p>Other algorithms: DES (Certs. [#91](http://csrc.nist.gov/groups/stm/cavp/documents/des/desval.html#91)); DES MAC; RC2; MD2; MD5|
-
-### Cryptographic Algorithms
-
-The following tables are organized by cryptographic algorithms with their modes, states, and key sizes. For each algorithm implementation (operating system / platform), there is a link to the Cryptographic Algorithm Validation Program (CAVP) issued certificate.
-
-### Advanced Encryption Standard (AES)
-
-|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|<p>AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-OFB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)|Microsoft Surface Hub Virtual TPM Implementations [#4904](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4904)<p>Version 10.0.15063.674|
-|<p>AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-OFB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#4903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4903)<p>Version 10.0.16299|
-|<p>AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CCM:<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)<li>IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB8:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CMAC:<li>Generation:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>Verification:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-ECB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-GCM:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 96, 104, 112, 120, 128 (bits)<li>Plain Text Lengths: 0, 8, 1016, 1024 (bits)<li>Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)<li>96 bit IV supported<p>AES-XTS:<li>Key Size: 128:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full<li>Key Size: 256:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#4902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4902)<p>Version 10.0.15063.674|
-|<p>AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CCM:<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)<li>IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB8:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CMAC:<li>Generation:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<li>Verification:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-ECB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-GCM:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 96, 104, 112, 120, 128 (bits)<li>Plain Text Lengths: 0, 8, 1016, 1024 (bits)<li>Additional authenticated data lengths: 0, 8, 1016, 1024 (bits),96 bit IV supported<p>AES-XTS:<li>Key Size: 128:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full<li>Key Size: 256:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#4901](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4901)<p>Version 10.0.15254|
-|AES-CBC:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CCM:<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 32, 48, 64, 80, 96, 112, 128 (bits)<li>IV Lengths: 56, 64, 72, 80, 88, 96, 104 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES-CFB128:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CFB8:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-CMAC:<li>Generation:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>Verification:<p>AES-128:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-192:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-256:<li>Block Sizes: Full, Partial<li>Message Length: 0-65536<li>Tag Length: 16-16<p>AES-CTR:<p>Counter Source: Internal<li>Key Lengths: 128, 192, 256 (bits)<p>AES-ECB:<li>Modes: Decrypt, Encrypt<li>Key Lengths: 128, 192, 256 (bits)<p>AES-GCM:<li>Modes: Decrypt, Encrypt<li>IV Generation: External<li>Key Lengths: 128, 192, 256 (bits)<li>Tag Lengths: 96, 104, 112, 120, 128 (bits)<li>Plain Text Lengths: 0, 8, 1016, 1024 (bits)<li>Additional authenticated data lengths: 0, 8, 1016, 1024 (bits)<li>96 bit IV supported<p>AES-XTS:<li>Key Size: 128:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full<li>Key Size: 256:<li>Modes: Decrypt, Encrypt<li>Block Sizes: Full|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#4897](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897)<p>Version 10.0.16299|
-|AES-KW:<li>Modes: Decrypt, Encrypt<li>CIPHK transformation direction: Forward<li>Key Lengths: 128, 192, 256 (bits)<li>Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)<p>AES [validation number 4902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4902)|Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations [#4900](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4900)<p>Version 10.0.15063.674|
-|AES-KW:<li>Modes: Decrypt, Encrypt<li>CIPHK transformation direction: Forward<li>Key Lengths: 128, 192, 256 (bits)<li>Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)<p>AES [validation number 4901](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4901)|Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations [#4899](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4899)<p>Version 10.0.15254|
-|AES-KW:<li>Modes: Decrypt, Encrypt<li>CIPHK transformation direction: Forward<li>Key Lengths: 128, 192, 256 (bits)<li>Plain Text Lengths: 128, 192, 256, 320, 2048 (bits)<p>AES [validation number 4897](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations [#4898](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4898)<p>Version 10.0.16299|
-|AES-CCM:<li>Key Lengths: 256 (bits)<li>Tag Lengths: 128 (bits)<li>IV Lengths: 96 (bits)<li>Plain<li>Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES [validation number 4902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4902)|Microsoft Surface Hub BitLocker(R) Cryptographic Implementations [#4896](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4896)<p>Version 10.0.15063.674|
-|AES-CCM:<li>Key Lengths: 256 (bits)<li>Tag Lengths: 128 (bits)<li>IV Lengths: 96 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES [validation number 4901](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4901)|Windows 10 Mobile (version 1709) BitLocker(R) Cryptographic Implementations [#4895](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4895)<p>Version 10.0.15254|
-|AES-CCM:<li>Key Lengths: 256 (bits)<li>Tag Lengths: 128 (bits)<li>IV Lengths: 96 (bits)<li>Plain Text Length: 0-32<li>Additional authenticated data length: 0-65536<p>AES [validation number 4897](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); BitLocker(R) Cryptographic Implementations [#4894](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4894)<p>Version 10.0.16299|
-|**CBC** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256);<p>**OFB** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#4627](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4627)<p>Version 10.0.15063|
-|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)<p>AES [validation number 4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations [#4626](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4626)<p>Version 10.0.15063|
-|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile BitLocker(R) Cryptographic Implementations [#4625](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4625)<p>Version 10.0.15063|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)<p>**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC** (Generation/Verification) (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 16 Max: 16)<p>**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)<p>IV Generated: (External); PT Lengths Tested: (0, 1024, 8, 1016); Additional authenticated data lengths tested: (0, 1024, 8, 1016); 96 bit IV supported<p>GMAC supported<p>**XTS**((KS: XTS_128((e/d)(f)) KS: XTS_256((e/d)(f))|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)<p>Version 10.0.15063|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#4434](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4434)<p>Version 7.00.2872|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#4433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4433)<p>Version 8.00.6246|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#4431](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4431)<p>Version 7.00.2872|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#4430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4430)<p>Version 8.00.6246|
-|**CBC** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256);<p>**OFB** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#4074](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074)<p>Version 10.0.14393|
-|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)<p>**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC (Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)<p>**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)<p>**IV Generated:**  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported<p>GMAC supported<p>**XTS((KS: XTS_128**((e/d)(f)) **KS: XTS_256**((e/d)(f))|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)<p>Version 10.0.14393|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#4063](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4063)<p>Version 10.0.14393|
-|**KW**  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 192, 256, 320, 2048)<p>AES [validation number 4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#4062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4062)<p>Version 10.0.14393|
-|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BitLocker® Cryptographic Implementations [#4061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4061)<p>Version 10.0.14393|
-|**KW**  (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)<p>AES [validation number 3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations [#3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3652)<p>Version 10.0.10586|
-|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BitLocker® Cryptographic Implementations [#3653](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3653)<p>Version 10.0.10586|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA32 Algorithm Implementations [#3630](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3630)<p>Version 10.0.10586|
-|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)<p>**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC (Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)<p>**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)v**IV Generated:**  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested: (0, 0); 96 bit IV supported<p>GMAC supported<p>**XTS((KS: XTS_128**((e/d) (f)) **KS: XTS_256**((e/d) (f))|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations [#3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629)<p>Version 10.0.10586|
-|**KW** (AE, AD, AES-128, AES-192, AES-256, FWD, 128, 256, 192, 320, 2048)<p>AES [validation number 3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#3507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3507)<p>Version 10.0.10240|
-|**CCM** (KS: 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BitLocker® Cryptographic Implementations [#3498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3498)<p>Version 10.0.10240|
-|**ECB** (e/d; 128, 192, 256); **CBC** (e/d; 128, 192, 256); **CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256); **CTR** (int only; 128, 192, 256)<p>**CCM** (KS: 128, 192, 256) (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC(Generation/Verification)** (KS: 128; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)<p>**GCM** (KS: AES_128(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>(KS: AES_256(e/d) Tag Length(s): 128 120 112 104 96)<p>**IV Generated:**  (Externally); PT Lengths Tested:  (0, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 1024, 8, 1016); IV Lengths Tested:  (0, 0); 96 bit IV supported<p>GMAC supported<p>**XTS((KS: XTS_128**((e/d)(f)) **KS: XTS_256**((e/d)(f))|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497)<p>Version 10.0.10240|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#3476](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3476)<p>Version 10.0.10240|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#2853](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2853)<p>Version 6.3.9600|
-|**CCM (KS: 256)** (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 32 (Nonce Length(s): 12 (Tag Length(s): 16)<p>AES [validation number 2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BitLocker Cryptographic Implementations [#2848](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2848)<p>Version 6.3.9600|
-|**CCM (KS: 128, 192, 256)** (Assoc. Data Len Range: 0-0, 2^16) (Payload Length Range: 0 - 0 (Nonce Length(s): 7 8 9 10 11 12 13 (Tag Length(s): 4 6 8 10 12 14 16)<p>**CMAC (Generation/Verification) (KS: 128**; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 192; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16) (KS: 256; Block Size(s): Full/Partial; Msg Len(s) Min: 0 Max: 2^16; Tag Len(s) Min: 0 Max: 16)<p>**GCM (KS: AES_128**(e/d) Tag Length(s): 128 120 112 104 96) (KS: AES_192(e/d) Tag Length(s): 128 120 112 104 96)<p>**(KS: AES_256**(e/d) Tag Length(s): 128 120 112 104 96)<p>**IV Generated:**  (Externally); PT Lengths Tested:  (0, 128, 1024, 8, 1016); Additional authenticated data lengths tested:  (0, 128, 1024, 8, 1016); IV Lengths Tested:  (8, 1024); 96 bit IV supported;<p>**OtherIVLen_Supported<p>GMAC supported**|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations #[2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832)<p>Version 6.3.9600|
-|**CCM (KS: 128, 192, 256**) **(Assoc. Data Len Range**: 0-0, 2^16) **(Payload Length Range**: 0 - 32 (**Nonce Length(s)**: 7 8 9 10 11 12 13 **(Tag Length(s)**: 4 6 8 10 12 14 16)<p>AES [validation number 2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197)<p>**CMAC** (Generation/Verification) **(KS: 128;** Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16) **(KS: 192**; Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16) **(KS: 256**; Block Size(s); **Msg Len(s)** Min: 0 Max: 2^16; **Tag Len(s)** Min: 16 Max: 16)<p>AES [validation number 2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197)<p>**GCM(KS: AES_128**(e/d) Tag Length(s): 128 120 112 104 96) **(KS: AES_192**(e/d) Tag Length(s): 128 120 112 104 96)<p>**(KS: AES_256**(e/d) Tag Length(s): 128 120 112 104 96)<p>**IV Generated:** (Externally); **PT Lengths Tested:** (0, 128, 1024, 8, 1016); **Additional authenticated data lengths tested:** (0, 128, 1024, 8, 1016); **IV Lengths Tested:** (8, 1024); **96 bit IV supported<p>GMAC supported**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#2216](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2216)|
-|**CCM (KS: 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 0 - 32 (**Nonce Length(s)**: 12 **(Tag Length(s)**: 16)<p>AES [validation number 2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations [#2198](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2198)|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);<p>**CFB128** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197)|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#2196](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2196)|
-|**CCM (KS: 128, 192, 256) (Assoc. Data Len Range: **0 – 0, 2^16**) (Payload Length Range:** 0 - 32 **(Nonce Length(s):** 7 8 9 10 11 12 13 **(Tag Length(s): **4 6 8 10 12 14 16**)**<p>AES [validation number 1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)|Windows Server 2008 R2 and SP1 CNG algorithms [#1187](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1187)<p>Windows 7 Ultimate and SP1 CNG algorithms [#1178](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1178)|
-|**CCM (KS: 128, 256) (Assoc. Data Len Range: **0 - 8**) (Payload Length Range:** 4 - 32 **(Nonce Length(s):** 7 8 12 13 **(Tag Length(s): **4 6 8 14 16**)**<p>AES [validation number 1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)|Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations [#1177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1177)|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168)|
-|**GCM**<p>**GMAC**|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168), vendor-affirmed|
-|**CCM (KS: 128, 256) (Assoc. Data Len Range: **0 - 8**) (Payload Length Range:** 4 - 32 **(Nonce Length(s):** 7 8 12 13 **(Tag Length(s): **4 6 8 14 16**)**|Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#760)|
-|**CCM (KS: 128, 192, 256) (Assoc. Data Len Range: **0 - 0, 2^16**) (Payload Length Range:** 1 - 32 **(Nonce Length(s):** 7 8 9 10 11 12 13 **(Tag Length(s):** 4 6 8 10 12 14 16**)**|Windows Server 2008 CNG algorithms [#757](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#757)<p>Windows Vista Ultimate SP1 CNG algorithms [#756](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#756)|
-|**CBC** (e/d; 128, 256);<p>**CCM** (**KS: 128, 256**) (**Assoc. Data Len Range**: 0 - 8) (**Payload Length Range**: 4 - 32 (**Nonce Length(s)**: 7 8 12 13 (**Tag Length(s)**: 4 6 8 14 16)|Windows Vista Ultimate BitLocker Drive Encryption [#715](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#715)<p>Windows Vista Ultimate BitLocker Drive Encryption [#424](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#424)|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CFB8** (e/d; 128, 192, 256);|Windows Vista Ultimate SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#739](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#739)<p>Windows Vista Symmetric Algorithm Implementation [#553](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#553)|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);<p>**CTR** (int only; 128, 192, 256)|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#2023](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2023)|
-|**ECB** (e/d; 128, 192, 256);<p>**CBC** (e/d; 128, 192, 256);|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2024)<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#818](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#818)<p>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#781](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#781)<p>Windows 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#548](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#548)<p>Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#516](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#516)<p>Windows CE and Windows Mobile 6, 6.1, and 6.5 Enhanced Cryptographic Provider (RSAENH) [#507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#507)<p>Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#290](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#290)<p>Windows CE 5.0 and 5.1 Enhanced Cryptographic Provider (RSAENH) [#224](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#224)<p>Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#80](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#80)<p>Windows XP, SP1, and SP2 Enhanced Cryptographic Provider (RSAENH) [#33](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#33)|
-
-### Deterministic Random Bit Generator (DRBG)
-
-|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function not used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4904](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4904)|Microsoft Surface Hub Virtual TPM Implementations [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734)<p>Version 10.0.15063.674|
-|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function not used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4903)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733)<p>Version 10.0.16299|
-|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4902)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)<p>Version 10.0.15063.674|
-|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4901](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4901)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)<p>Version 10.0.15254|
-|<p>Counter:<li>Modes: AES-256<li>Derivation Function States: Derivation Function used<li>Prediction Resistance Modes: Not Enabled<p>Prerequisite: AES [#4897](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)<p>Version 10.0.16299|
-|**CTR_DRBG:** [Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256)<p>(AES [validation number 4627](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4627))]|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1556](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1556)<p>Version 10.0.15063|
-|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256 (AES [validation number 4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624))]|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)<p>Version 10.0.15063|
-|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4434](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4434))]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#1433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1433)<p>Version 7.00.2872|
-|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4433](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4433))]|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#1432](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1432)<p>Version 8.00.6246|
-|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4431](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4431))]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430)<p>Version 7.00.2872|
-|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4430))]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)<p>Version 8.00.6246|
-|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 4074](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4074))]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#1222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222)<p>Version 10.0.14393|
-|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064))]|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)<p>Version 10.0.14393|
-|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629))]|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)<p>Version 10.0.10586|
-|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497))]|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)<p>Version 10.0.10240|
-|**CTR_DRBG:**[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 2832](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2832))]|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)<p>Version 6.3.9600|
-|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_Use_df: (AES-256) (AES [validation number 2197](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2197))]|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)|
-|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 2023](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#2023))]|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193)|
-|**CTR_DRBG**:[Prediction Resistance Tested: Not Enabled; BlockCipher_No_df: (AES-256) (AES [validation number 1168](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#1168))]|Windows 7 Ultimate and SP1 and Windows Server 2008 R2 and SP1 RNG Library [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)|
-|**DRBG** (SP 800–90)|Windows Vista Ultimate SP1, vendor-affirmed|
-
-#### Digital Signature Algorithm (DSA)
-
-
-|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|DSA:<li>186-4:<p>PQGGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>PQGVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>KeyPair:<li>L = 2048, N = 256<li>L = 3072, N = 256<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1303](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1303)<p>Version 10.0.15063.674|
-|DSA:<li>186-4:<p>PQGGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>PQGVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>KeyPair:<li>L = 2048, N = 256<li>L = 3072, N = 256<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1302](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1302)<p>Version 10.0.15254|
-|DSA:<li>186-4:<p>PQGGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>PQGVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigGen:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>SigVer:<li>L = 2048, N = 256 SHA: SHA-256<li>L = 3072, N = 256 SHA: SHA-256<p>KeyPair:<li>L = 2048, N = 256<li>L = 3072, N = 256<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1301](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1301)<p>Version 10.0.16299|
-|**FIPS186-4:**<br>**PQG(gen)** PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<br>**KeyPairGen**:   [(2048,256); (3072,256)]<p>**SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)** PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>DRBG: [validation number  1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1223](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223)<p>Version 10.0.15063|
-|**FIPS186-4:<br>PQG(ver)PARMS TESTED:**   [(1024,160) SHA(1)]<p>**SIG(ver)PARMS TESTED:**   [(1024,160) SHA(1)]<p>SHS: [validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1188](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1188)<p>Version 7.00.2872|
-|**FIPS186-4:<br>PQG(ver)PARMS TESTED:**   [(1024,160) SHA(1)]<p>**SIG(ver)PARMS TESTED:**   [(1024,160) SHA(1)]<p>SHS: [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1187](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1187)<p>Version 8.00.6246|
-|**FIPS186-4:<br>PQG(gen)** PARMS TESTED: [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<br>KeyPairGen:    [(2048,256); (3072,256)]<p>**SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)<p>DRBG: [validation number  1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098)<p>Version 10.0.14393|
-|**FIPS186-4:<br>PQG(gen)** PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<br>KeyPairGen:    [(2048,256); (3072,256)] **SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)<p>DRBG: [validation number  955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations [#1024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024)<p>Version 10.0.10586|
-|**FIPS186-4:<br>PQG(gen)** PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<br>KeyPairGen: [(2048,256); (3072,256)]<p>**SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)] **SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)<p>DRBG: [validation number  868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#983](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983)<p>Version 10.0.10240|
-|**FIPS186-4:<br>PQG(gen)** PARMS TESTED:   [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver**)PARMS TESTED:   [(2048,256), SHA(256); (3072,256) SHA(256)]<br>KeyPairGen:    [(2048,256); (3072,256)]<p>**SIG(gen)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)**PARMS TESTED:   [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [validation number  2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)<p>DRBG: [validation number  489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#855](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855)<p>Version 6.3.9600|
-|**FIPS186-2**:<p>**PQG(ver)** MOD(1024);<p>**SIG(ver)** MOD(1024);<p>SHS: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<P>DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)<p>**FIPS186-4: PQG(gen)PARMS TESTED**: [(2048,256)SHA(256); (3072,256) SHA(256)]<p>**PQG(ver)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(gen)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)]<p>**SIG(ver)PARMS TESTED**: [(2048,256) SHA(256); (3072,256) SHA(256)]<p>SHS: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<p>DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 687](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#687).|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687)|
-|**FIPS186-2:<br>PQG(ver)** MOD(1024);<p>**SIG(ver)** MOD(1024);<p>SHS: [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)<p>DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 686](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#686).|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 DSS and Diffie-Hellman Enhanced Cryptographic Provider (DSSENH) [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#686)|
-|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)<p>DRBG: [validation number  193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 645](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#645).|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#645](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#645)|
-|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p>DRBG: [validation number  23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 391](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#391). See [Historical DSA List validation number 386](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#386).|Windows Server 2008 R2 and SP1 CNG algorithms [#391](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#391)<p>Windows 7 Ultimate and SP1 CNG algorithms [#386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#386)|
-|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p>RNG: [validation number  649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#649)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 390](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#390). See [Historical DSA List validation number 385](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#385).|Windows Server 2008 R2 and SP1 Enhanced DSS (DSSENH) [#390](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#390)<p>Windows 7 Ultimate and SP1 Enhanced DSS (DSSENH) [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#385)|
-|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 284](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#284). See [Historical DSA List validation number 283](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#283).|Windows Server 2008 CNG algorithms [#284](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#284)<p>Windows Vista Ultimate SP1 CNG algorithms [#283](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#283)|
-|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p>RNG: [validation number  435](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#435)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 282](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#282). See [Historical DSA List validation number 281](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#281).|Windows Server 2008 Enhanced DSS (DSSENH) [#282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#282)<p>Windows Vista Ultimate SP1 Enhanced DSS (DSSENH) [#281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#281)|
-|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p>RNG: [validation number  321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 227](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#227). See [Historical DSA List validation number 226](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#226).|Windows Vista CNG algorithms [#227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#227)<p>Windows Vista Enhanced DSS (DSSENH) [#226](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#226)|
-|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#784)<p>RNG: [validation number  448](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#448)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 292](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#292).|Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#292](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#292)|
-|**FIPS186-2:<br>SIG(ver)** MOD(1024);<p>SHS: [validation number  783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)<p>RNG: [validation number  447](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#447)vSome of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical DSA List validation number 291](http://csrc.nist.gov/groups/stm/cavp/documents/dss/dsahistoricalval.htm#291).|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#291](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#291)|
-|**FIPS186-2:<br>PQG(gen)** MOD(1024);<p>**PQG(ver)** MOD(1024);<p>**KEYGEN(Y)** MOD(1024);<p>**SIG(gen)** MOD(1024);<P>**SIG(ver)** MOD(1024);<p>SHS: [validation number  611](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#611)<p>RNG: [validation number  314](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#314)|Windows 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#221](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#221)|
-|**FIPS186-2:<br>PQG(gen)** MOD(1024);<p>**PQG(ver)** MOD(1024);<p>**KEYGEN(Y)** MOD(1024);<p>**SIG(gen)** MOD(1024);v**SIG(ver)** MOD(1024);vSHS: [validation number  385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385)|Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#146)|
-|**FIPS186-2:<br>PQG(ver)** MOD(1024);<p>**KEYGEN(Y)** MOD(1024);v**SIG(gen)** MOD(1024);<p>**SIG(ver)** MOD(1024);<p>SHS: [validation number  181](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#181)|Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#95](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#95)|
-|**FIPS186-2:<br>PQG(gen)** MOD(1024);<p>**PQG(ver)** MOD(1024);<p>**KEYGEN(Y)** MOD(1024);<p>**SIG(gen)** MOD(1024); SHS: SHA-1 (BYTE)<p>**SIG(ver)** MOD(1024); SHS: SHA-1 (BYTE)|Windows 2000 DSSENH.DLL [#29](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#29)<p>Windows 2000 DSSBASE.DLL [#28](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#28)<p>Windows NT 4 SP6 DSSENH.DLL [#26](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#26)<p>Windows NT 4 SP6 DSSBASE.DLL [#25](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#25)|
-|**FIPS186-2: PRIME;<br>FIPS186-2:**<p>**KEYGEN(Y):**SHS: SHA-1 (BYTE)<p>**SIG(gen):SIG(ver)** MOD(1024);<p>SHS: SHA-1 (BYTE)|Windows NT 4.0 SP4 Microsoft Enhanced DSS and Diffie-Hellman Cryptographic Provider [#17](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#17)|
-
-
-#### Elliptic Curve Digital Signature Algorithm (ECDSA)
-
-
-|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|<p>ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373), DRBG [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1263](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1263)<p>Version 6.3.9600|
-|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384<li>Generation Methods: Testing Candidates<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734)|Microsoft Surface Hub Virtual TPM Implementations [#1253](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1253)<p>Version 10.0.15063.674|
-|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384<li>Generation Methods: Testing Candidates<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1252](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1252)<p>Version 10.0.16299|
-|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1251](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1251)<p>Version 10.0.15063.674|
-|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1250](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1250)<p>Version 10.0.15063.674|
-|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1249](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1249)<p>Version 10.0.15254|
-|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1248](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1248)<p>Version 10.0.15254|
-|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1247](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1247)<p>Version 10.0.16299|
-|ECDSA:186-4:<p>Key Pair Generation:<li>Curves: P-256, P-384, P-521<li>Generation Methods: Extra Random Bits<p>Public Key Validation:<li>Curves: P-256, P-384, P-521<p>Signature Generation:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Signature Verification:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1246](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1246)<p>Version 10.0.16299|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 TestingCandidates)<p>SHS: [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>DRBG: [validation number  1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1136](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1136)<p>Version 10.0.15063|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>DRBG: [validation number  1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1135](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1135)<p>Version 10.0.15063|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>DRBG: [validation number  1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133)<p>Version 10.0.15063|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))<p>**SHS:**[validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)<p>**DRBG:**[validation number  1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1073](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1073)<p>Version 7.00.2872|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512) SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 384) P-521: (SHA-1, 512))<p>**SHS:**[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)<p>**DRBG:**[validation number  1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1072](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1072)<p>Version 8.00.6246|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 TestingCandidates)v**PKV: CURVES**(P-256 P-384)<p>**SigGen: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384) SIG(gen) with SHA-1 affirmed for use with protocols only.v**SigVer: CURVES**(P-256: (SHA-1, 256) P-384: (SHA-1, 256, 384))<p>SHS: [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)<p>DRBG: [validation number  1222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#920](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#920)<p>Version 10.0.14393|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**PKV: CURVES**(P-256 P-384 P-521)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))vSHS: [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)<p>DRBG: [validation number  1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911)<p>Version 10.0.14393|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)<p>DRBG: [validation number  955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations [#760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760)<p>Version 10.0.10586|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer**: CURVES(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)<p>DRBG: [validation number  868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#706](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706)<p>Version 10.0.10240|
-|**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>SHS: [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)<p>DRBG: [validation number  489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505)<p>Version 6.3.9600|
-|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<p>**DRBG**: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<p>**DRBG**: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)<p>**FIPS186-4: <br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>**SHS**: [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<p>**DRBG**: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 341](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#341).|Windows 8,<p>Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341)|
-|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)<p>**DRBG**: [validation number  193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193)<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)<p>**DRBG**: [validation number  193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193)<p>**FIPS186-4:<br>PKG: CURVES**(P-256 P-384 P-521 ExtraRandomBits)<p>**SigGen: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512)<p>**SigVer: CURVES**(P-256: (SHA-256) P-384: (SHA-384) P-521: (SHA-512))<p>**SHS**: [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)<p>**DRBG**: [validation number  193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 295](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#295).|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#295](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#295)|
-|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p>**DRBG**: [validation number  23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p>**DRBG**: [validation number  23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 142](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#142). See [Historical ECDSA List validation number 141](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#141).|Windows Server 2008 R2 and SP1 CNG algorithms [#142](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#142)<p>Windows 7 Ultimate and SP1 CNG algorithms [#141](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#141)|
-|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 83](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#83). See [Historical ECDSA List validation number 82](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#82).|Windows Server 2008 CNG algorithms [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#83)<p>Windows Vista Ultimate SP1 CNG algorithms [#82](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#82)|
-|**FIPS186-2:<br>PKG: CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p>**RNG**: [validation number  321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p>**SIG(ver): CURVES**(P-256 P-384 P-521)<p>**SHS**: [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p>**RNG**: [validation number  321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical ECDSA List validation number 60](http://csrc.nist.gov/groups/stm/cavp/documents/dss/ecdsahistoricalval.html#60).|Windows Vista CNG algorithms [#60](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#60)|
-
-#### Keyed-Hash Message Authentication Code (HMAC)
-
-
-|**Modes / States / <li>Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|<p>HMAC-SHA-1:<li><li>Key Sizes &lt; Block Size<li><li>Key Sizes &gt; Block Size<li><li>Key Sizes = Block Size<p><p>HMAC-SHA2-256:<li><li>Key Sizes &lt; Block Size<li><li>Key Sizes &gt; Block Size<li><li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011)|Microsoft Surface Hub Virtual TPM Implementations [#3271](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/<p>HMAC#3271)<p>Version 10.0.15063.674|
-|<p>HMAC-SHA-1:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-256:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#3270](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/<p>HMAC#3270)<p>Version 10.0.16299|
-|<p>HMAC-SHA-1:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-256:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-512:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/<p>HMAC#3269)<p>Version 10.0.15063.674|
-|<p>HMAC-SHA-1:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-256:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-512:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/<p>HMAC#3268)<p>Version 10.0.15254|
-|<p>HMAC-SHA-1:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-256:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-384:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>HMAC-SHA2-512:<li>Key Sizes &lt; Block Size<li>Key Sizes &gt; Block Size<li>Key Sizes = Block Size<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/<p>HMAC#3267)<p>Version 10.0.16299|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#3062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3062)<p>Version 10.0.15063|
-|<p> **HMAC-SHA1(Key Sizes Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061)<p>Version 10.0.15063|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2946](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2946)<p>Version 7.00.2872|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2945](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2945)<p>Version 8.00.6246|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2943](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2943)<p>Version 7.00.2872|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested:** KSBS) SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)<p> **HMAC-SHA256 (Key Size Ranges Tested:** KSBS) SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)<p> **HMAC-SHA384 (Key Size Ranges Tested:** KSBS) SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)<p> **HMAC-SHA512 (Key Size Ranges Tested:** KSBS) SHS[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2942](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2942)<p>Version 8.00.6246|
-|<p> **HMAC-SHA1** (Key Sizes Ranges Tested:  KSBS)<p>SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)<p> **HMAC-SHA256** (Key Size Ranges Tested:  KSBS) SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)<p> **HMAC-SHA384** (Key Size Ranges Tested:  KSBS) SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#2661](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2661)<p>Version 10.0.14393|
-|<p> **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)<p> **HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)<p> **HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)<p> **HMAC-SHA512** (Key Size Ranges Tested: KSBS) SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)<p>Version 10.0.14393|
-|<p> **HMAC-SHA1** (Key Sizes Ranges Tested:  KSBS)<br>SHS [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)<p> **HMAC-SHA256** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)<p> **HMAC-SHA384** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)<p> **HMAC-SHA512** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” SymCrypt Cryptographic Implementations [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)<p>Version 10.0.10586|
-|<p> **HMAC-SHA1** (Key Sizes Ranges Tested:  KSBS)<br>SHS[validation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)<p> **HMAC-SHA256** (Key Size Ranges Tested:  KSBS)<br>SHS[validation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)<p> **HMAC-SHA384** (Key Size Ranges Tested:  KSBS)<br>[ SHSvalidation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)<p> **HMAC-SHA512** (Key Size Ranges Tested:  KSBS)<br>SHS[validation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)<p>Version 10.0.10240|
-|<p> **HMAC-SHA1** (Key Sizes Ranges Tested:  KSBS)<br>SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)<p> **HMAC-SHA256** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)<p> **HMAC-SHA384** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)<p> **HMAC-SHA512** (Key Size Ranges Tested:  KSBS)<br>SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)<p>Version 6.3.9600|
-|<p> **HMAC-SHA1** (Key Sizes Ranges Tested: KSBS) SHS [validation number 2764](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764)<p> **HMAC-SHA256** (Key Size Ranges Tested: KSBS) SHS [validation number 2764](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764)<p> **HMAC-SHA384** (Key Size Ranges Tested: KSBS) SHS [validation number 2764](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764)<p> **HMAC-SHA512** (Key Size Ranges Tested: KSBS) SHS [validation number 2764](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2764)|Windows CE and Windows Mobile, and Windows Embedded Handheld Enhanced Cryptographic Provider (RSAENH) [#2122](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2122)<p>Version 5.2.29344|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 BitLocker® Cryptographic Implementations #[1347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1347)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS**[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) #[1346](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1346)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)**<br>**SHS**[#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS)**<br>**SHS**[#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS)**<br>**SHS**[#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS)**<br>**SHS**[#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) #[1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)<br>**Tinker HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)|Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll), [#1364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1364)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774)|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1227)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)|Windows Server 2008 R2 and SP1 CNG algorithms [#686](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#686)<p>Windows 7 and SP1 CNG algorithms [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#677)<p>Windows Server 2008 R2 Enhanced Cryptographic Provider (RSAENH) [#687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#687)<p>Windows 7 Enhanced Cryptographic Provider (RSAENH) [#673](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#673)|
-|<p> **HMAC-SHA1(Key Sizes Ranges Tested: KS**[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 BitLocker Algorithm Implementations [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#675)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816)|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#452](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#452)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)|Windows Vista Ultimate SP1 and Windows Server 2008 BitLocker Algorithm Implementations [#415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#415)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS)** SHS [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)|Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) [#408](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#408)<p>Windows Vista Enhanced Cryptographic Provider (RSAENH) [#407](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#407)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS)SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)|Windows Vista Enhanced Cryptographic Provider (RSAENH) [#297](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#297)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 785](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#785)|Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#429)<p>Windows XP, vendor-affirmed|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#428](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#428)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#289)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 610](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#610)|Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#287](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#287)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)|Windows Server 2008 CNG algorithms [#413](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#413)<p>Windows Vista Ultimate SP1 CNG algorithms [#412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#412)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 737](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737)<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 737](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737)|Windows Vista Ultimate BitLocker Drive Encryption [#386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#386)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm#618)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)|Windows Vista CNG algorithms [#298](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#298)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS)SHS** [validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589)|Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#267)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578)|Windows CE and Windows Mobile 6.0 and Windows Mobil 6.5 Enhanced Cryptographic Provider (RSAENH) [#260](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#260)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KS**[validation number 495](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495)<p> **HMAC-SHA256 (Key Size Ranges Tested: KS**[validation number 495](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495)|Windows Vista BitLocker Drive Encryption [#199](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#199)|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364)|Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#99](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#99)<p>Windows XP, vendor-affirmed|
-|<p> **HMAC-SHA1 (Key Sizes Ranges Tested: KSBS) SHS** [validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305)<p> **HMAC-SHA256 (Key Size Ranges Tested: KSBS) SHS** [validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305)<p> **HMAC-SHA384 (Key Size Ranges Tested: KSBS) SHS** [validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305)<p> **HMAC-SHA512 (Key Size Ranges Tested: KSBS) SHS** [validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305)|Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#31](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#31)|
-
-
-
-#### Key Agreement Scheme (KAS)
-
-
-|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|KAS ECC: <br>Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration<p>Schemes:<br><p>Full Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<br>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), ECDSA [#1253](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1253), DRBG [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734)|Microsoft Surface Hub Virtual TPM Implementations [#150](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#150)<p>Version 10.0.15063.674|
-|KAS ECC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Full Public Key Validation, Key Pair Generation, Public Key Regeneration<p>Schemes:<br><p>Full Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<br>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), ECDSA [#1252](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1252), DRBG [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#149](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#149)<p>Version 10.0.16299|
-|KAS ECC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration<p>Schemes:<p>Ephemeral Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>One-Pass DH:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>Static Unified:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<p><li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<br>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), ECDSA [#1250](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1250), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)<p>KAS FFC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation<p>Schemes:<p>dhEphem:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<p>dhOneFlow:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC<li>SHA: SHA-256<li>MAC: HMAC<p>dhStatic:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<br>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DSA [#1303](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1303), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#148](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#148)<p>Version 10.0.15063.674|
-|KAS ECC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration<p>Schemes:<p>Ephemeral Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMA<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>One-Pass DH:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>Static Unified:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<br>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), ECDSA [#1249](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1249), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)<p>KAS FFC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation<p>Schemes:<p>dhEphem:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<p>dhOneFlow:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC<li>SHA: SHA-256<li>MAC: HMAC<p>dhStatic:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<br>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DSA [#1302](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1302), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#147](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#147)<p>Version 10.0.15254|
-|KAS ECC:<p><br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation, Public Key Regeneration<p>Schemes:<p>Ephemeral Unified:<li>Key Agreement Roles: Initiator, Responder<li>KDFs: Concatenation<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>One-Pass DH:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<p>Static Unified:<p><li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>EC:<li>Curve: P-256<li>SHA: SHA-256<li>MAC: HMAC<p>ED:<li>Curve: P-384<li>SHA: SHA-384<li>MAC: HMAC<p>EE:<li>Curve: P-521<li>SHA: SHA-512<li>MAC: HMAC<br>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), ECDSA [#1246](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1246), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)<p>KAS FFC:<br>Functions: Domain Parameter Generation, Domain Parameter Validation, Key Pair Generation, Partial Public Key Validation<p>Schemes:<p>dhEphem:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<p>dhOneFlow:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<p>dhStatic:<li>Key Agreement Roles: Initiator, Responder<li>Parameter Sets:<p>FB:<li>SHA: SHA-256<li>MAC: HMAC<p>FC:<li>SHA: SHA-256<li>MAC: HMAC<br>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DSA [#1301](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1301), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#146)<p>Version 10.0.16299|
-|**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration) **SCHEMES** [**FullUnified** (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC)]<P>SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<P>DSA [validation number 1135](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1135)<p>DRBG [validation number 1556](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1556)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#128](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#128)<p>Version 10.0.15063|
-|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)<p>**SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]<p>[**dhOneFlow** (**FB:** SHA256) (**FC:** SHA256)]<p>[**dhStatic** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FB:** SHA256 HMAC) (**FC:** SHA256   HMAC)]<P>SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<P>DSA [validation number 1223](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1223)<p>DRBG [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) **SCHEMES** [**EphemeralUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[**OnePassDH** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<p>[**StaticUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<P>ECDSA [validation number 1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1133)DRBG [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#127](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#127)<p>Version 10.0.15063|
-|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)<p>**SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]<p>[**dhOneFlow** (KARole(s): Initiator / Responder) (**FB:** SHA256) (**FC:** SHA256)] [**dhStatic** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FB:** SHA256 HMAC) (**FC:** SHA256   HMAC)]<P>SHS [validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)<P>DSA [validation number 1188](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1188)<p>DRBG [validation number 1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430)<p>**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration)<p>**SCHEMES** [**EphemeralUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[**OnePassDH** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<p>[**StaticUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#115](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#115)<p>Version 7.00.2872|
-|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)<p>**SCHEMES** [**dhEphem** (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]<p>[**dhHybridOneFlow** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FB:**SHA256 HMAC) (**FC:** SHA256   HMAC)]<p>[**dhStatic** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FB:**SHA256 HMAC) (**FC:** SHA256   HMAC)]<P>SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)<P>DSA [validation number 1187](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1187)<p>DRBG [validation number 1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)<p>**ECC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration)<p>**SCHEMES** [**EphemeralUnified** (**No_KC**) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[**OnePassDH** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<p>[**StaticUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC:** P-256   SHA256   HMAC) (**ED:** P-384   SHA384   HMAC) (**EE:** P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)<P>ECDSA [validation number 1072](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#1072)<p>DRBG [validation number 1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#114](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#114)<p>Version 8.00.6246|
-|**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Full Validation   Key Regeneration)<p>**SCHEMES  [FullUnified  (No_KC**  &lt; KARole(s): Initiator / Responder &gt; &lt; KDF: CONCAT &gt;) (**EC:**  P-256   SHA256   HMAC) (**ED:**  P-384   SHA384   HMAC)]<P>SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) ECDSA [validation number 920](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#920) DRBG [validation number 1222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#93](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#93)<p>Version 10.0.14393|
-|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation)<p>**SCHEMES**  [dhEphem  (KARole(s): Initiator / Responder)(**FB:** SHA256) (**FC:** SHA256)]<p>[dhOneFlow (KARole(s): Initiator / Responder) (**FB:**  SHA256) (**FC:**  SHA256)] [**dhStatic (No_KC**  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]<P>SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DSA [validation number 1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098) DRBG [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)<p>**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) **SCHEMES**  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<p>[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DSA [validation number 1098](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1098) ECDSA [validation number 911](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#911) DRBG [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217) HMAC [validation number 2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92)<p>Version 10.0.14393|
-|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]<p>[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]<P>SHS [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) DSA [validation number 1024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#1024) DRBG [validation number 955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)<p>**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<p>[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) ECDSA [validation number 760](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#760) DRBG [validation number 955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#72)<p>Version 10.0.10586|
-|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]<p>[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]<P>SHS [validation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886) DSA [validation number 983](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#983) DRBG [validation number 868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)<p>**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<p>[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886) ECDSA [validation number 706](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#706) DRBG [validation number 868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#64](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64)<p>Version 10.0.10240|
-|**FFC:** (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation) SCHEMES  [dhEphem  (KARole(s): Initiator / Responder)(FB: SHA256) (FC: SHA256)]<p>[dhOneFlow (KARole(s): Initiator / Responder) (FB:  SHA256) (FC:  SHA256)] [dhStatic (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (FB:  SHA256 HMAC) (FC:  SHA256   HMAC)]<P>SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) DSA [validation number 855](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#855) DRBG [validation number 489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)<p>**ECC:**  (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG   DPV   KPG   Partial Validation   Key Regeneration) SCHEMES  [EphemeralUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[OnePassDH  (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<p>[StaticUnified (No_KC  &lt; KARole(s): Initiator / Responder &gt;) (EC:  P-256   SHA256   HMAC) (ED:  P-384   SHA384   HMAC) (EE:  P-521   HMAC (SHA512, HMAC_SHA512))]<P>SHS [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) ECDSA [validation number 505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#505) DRBG [validation number 489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#47](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#47)<p>Version 6.3.9600|
-|**FFC**: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation) SCHEMES [**dhEphem** (KARole(s): Initiator / Responder)<p>(**FA**: SHA256) (**FB**: SHA256) (**FC**: SHA256)]<p>[**dhOneFlow** (KARole(s): Initiator / Responder) (**FA**: SHA256) (**FB**: SHA256) (**FC**: SHA256)]<p>[**dhStatic** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**FA**: SHA256 HMAC) (**FB**: SHA256 HMAC) (**FC**: SHA256 HMAC)]<P>SHS [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) DSA [validation number 687](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/dsa#687) DRBG [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)<p>**ECC**: (FUNCTIONS INCLUDED IN IMPLEMENTATION: DPG DPV KPG Partial Validation Key Regeneration) **SCHEMES**<p>[**EphemeralUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (EC: P-256 SHA256 HMAC) (**ED**: P-384 SHA384 HMAC) (**EE**: P-521 HMAC (SHA512, HMAC_SHA512)))]<p>[**OnePassDH(No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC**: P-256 SHA256) (**ED**: P-384 SHA384) (**EE**: P-521 (SHA512, HMAC_SHA512)))]<p>[**StaticUnified** (**No_KC** &lt; KARole(s): Initiator / Responder&gt;) (**EC**: P-256 SHA256 HMAC) (**ED**: P-384 SHA384 HMAC) (**EE**: P-521 HMAC (SHA512, HMAC_SHA512))]<P>SHS [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) <P>ECDSA [validation number 341](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/ecdsa#341) DRBG [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#36](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#36)|
-|**KAS (SP 800–56A)**<li>Key Agreement: Key establishment methodology provides 80 bits to 256 bits of encryption strength|Windows 7 and SP1, vendor-affirmed<p>Windows Server 2008 R2 and SP1, vendor-affirmed|
-
-SP 800-108 Key-Based Key Derivation Functions (KBKDF)
-
-
-|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|Counter:<p>MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384<p>MAC prerequisite: HMAC [#3271](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3271)<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: DRBG [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734), KAS [#150](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#150)|Microsoft Surface Hub Virtual TPM Implementations [#161](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#161)<p>Version 10.0.15063.674|
-|Counter:<p>MACs: HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384<p>MAC prerequisite: HMAC [#3270](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3270)<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: DRBG [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733), KAS [#149](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#149)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#160](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#160)<p>Version 10.0.16299|
-|Counter:<p>MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512<p>MAC prerequisite: AES [#4902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4902), HMAC [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3269)<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: KAS [#148](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#148)|Microsoft Surface Hub Cryptography Next Generation (CNG) Implementations [#159](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#159)<p>Version 10.0.15063.674|
-|Counter:<p>MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512<p>MAC prerequisite: AES [#4901](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4901), HMAC [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3268)<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: KAS [#147](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#147)|Windows 10 Mobile (version 1709) Cryptography Next Generation (CNG) Implementations [#158](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#158)<p>Version 10.0.15254|
-|Counter:<p>MACs: CMAC-AES-128, CMAC-AES-192, CMAC-AES-256, HMAC-SHA-1, HMAC-SHA-256, HMAC-SHA-384, HMAC-SHA-512<p>MAC prerequisite: AES [#4897](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4897), HMAC [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267)<p><li>Counter Location: Before Fixed Data<li>R Length: 32 (bits)<li>SPs used to generate K: SP 800-56A, SP 800-90A<p>K prerequisite: KAS [#146](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#146)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Cryptography Next Generation (CNG) Implementations [#157](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#157)<p>Version 10.0.16299|
-|**CTR_Mode:** (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256][HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 128](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#128)<p>DRBG [validation number 1556](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1556)<p>MAC [validation number 3062](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3062)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#141](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#141)<p>Version 10.0.15063|
-|**CTR_Mode:** (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 127](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#127)<p>AES [validation number 4624](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4624)<p>DRBG [validation number 1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)<p>MAC [validation number 3061](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3061)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile Cryptography Next Generation (CNG) Implementations [#140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#140)<p>Version 10.0.15063|
-|**CTR_Mode:**  (Llength(Min20 Max64) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA384]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 93](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#93) DRBG [validation number 1222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1222) MAC [validation number 2661](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2661)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#102](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#102)<p>Version 10.0.14393|
-|**CTR_Mode:**  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 92](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#92) AES [validation number 4064](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#4064) DRBG [validation number 1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217) MAC [validation number 2651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2651)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#101](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#101)<p>Version 10.0.14393|
-|**CTR_Mode:**  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#72) AES [validation number 3629](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3629) DRBG [validation number 955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955) MAC [validation number 2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2381)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations [#72](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#72)<p>Version 10.0.10586|
-|**CTR_Mode:**  (Llength(Min20 Max64) MACSupported([CMACAES128] [CMACAES192] [CMACAES256] [HMACSHA1] [HMACSHA256] [HMACSHA384] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>KAS [validation number 64](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kas#64) AES [validation number 3497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/aes#3497) RBG [validation number 868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868) MAC [validation number 2233](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#2233)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#66](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#66)<p>Version 10.0.10240|
-|**CTR_Mode:**  (Llength(Min0 Max0) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>DRBG [validation number 489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489) MAC [validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1773)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#30](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/kdf#30)<p>Version 6.3.9600|
-|**CTR_Mode**: (Llength(Min0 Max4) MACSupported([HMACSHA1] [HMACSHA256] [HMACSHA512]) LocationCounter([BeforeFixedData]) rlength([32]))<p>DRBG [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258) HMAC [validation number 1345](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#1345)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#3](http://csrc.nist.gov/groups/stm/cavp/documents/kbkdf800-108/kbkdfval.htm#3)|
-
-Random Number Generator (RNG)
-
-|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|**FIPS 186-2 General Purpose**<br>**[(x-Original); (SHA-1)]**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations #[1110](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#1110)|
-|**FIPS 186-2<br>[(x-Original); (SHA-1)]**|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1060](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#1060)<p>Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#292](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#292)<p>Windows CE and Windows Mobile 6.0 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#286](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#286)<p>Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#66](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#66)|
-|**FIPS 186-2<br>[(x-Change Notice); (SHA-1)]**; **FIPS 186-2 General Purpose<br>[(x-Change Notice); (SHA-1)]**|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 RNG Library [#649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#649)<p>Windows Vista Ultimate SP1 and Windows Server 2008 RNG Implementation [#435](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#435)<p>Windows Vista RNG implementation [#321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321)|
-|**FIPS 186-2 General Purpose<br>[(x-Change Notice); (SHA-1)]**|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#470](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#470)<p>Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#449](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#449)<p>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#447](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#447)<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#316](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#316)<p>Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#313](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#313)|
-|**FIPS 186-2<br>[(x-Change Notice); (SHA-1)]**|Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#448](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#448)<p>Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#314](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#314)|
-
-#### RSA
-
-|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|RSA:<p>186-4:<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: SHA-1, <li>SHA-256, <li>SHA-384<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: SHA-1, <li>SHA-256, <li>SHA-384<p>Mod 2048 SHA: SHA-1, <li>SHA-256, <li>SHA-384<br><p>Signature Verification PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1734](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1734)|Microsoft Surface Hub Virtual TPM Implementations [#2677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2677)<p>Version 10.0.15063.674|
-|RSA:<p>186-4:<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 240 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384<br><p>Signature Verification PSS:<p>Mod 1024<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1733](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1733)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (<p>Version 1709); Virtual TPM Implementations [#2676](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2676)<p>Version 10.0.16299|
-|RSA:<p>186-4:<p>Key Generation:<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256<li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub RSA32 Algorithm Implementations [#2675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2675)<p>Version 10.0.15063.674|
-|RSA:<p>186-4:<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384,<li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); RSA32 Algorithm Implementations [#2674](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2674)<p>Version 10.0.16299|
-|RSA:<p>186-4:<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) RSA32 Algorithm Implementations [#2673](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2673)<p>Version 10.0.15254|
-|RSA:<p>186-4:<p>Key Generation:<li>Public Key Exponent: Fixed (10001)<li>Provable Primes with Conditions:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.3<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS<p>Mod 1024<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#2672](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2672)<p>Version 10.0.15063.674|
-|RSA:<p>186-4:<p>Key Generation:<p>Probable Random Primes:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C 2<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#2671](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2671)<p>Version 10.0.15063.674|
-|RSA:<p>186-4:<p>Key Generation:<p>Probable Random Primes:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.2<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits)<p>Mod 2048<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#2670](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2670)<p>Version 10.0.15254|
-|RSA:<p>186-4:<p>Key Generation:<p>Public Key Exponent: Fixed (10001)<p>Provable Primes with Conditions:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.3<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits)<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#2669](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2669)<p>Version 10.0.15254|
-|<p>186-4:<p>Key Generation:<p>Public Key Exponent: Fixed (10001)<p>Provable Primes with Conditions:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.3<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1,<li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits)<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#2668](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2668)<p><p>Version 10.0.16299|
-|<p>186-4:<p>Key Generation<p>Probable Random Primes:<p>Mod lengths: 2048, 3072 (bits)<p>Primality Tests: C.2<br><p>Signature Generation PKCS1.5:<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-51<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Generation PSS:<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<br><p>Signature Verification PKCS1.5:<p>Mod 1024 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 2048 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<p>Mod 3072 SHA: <li>SHA-1, <li>SHA-256, <li>SHA-384, <li>SHA-512<br><p>Signature Verification PSS:<p>Mod 1024:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 496 (bits)<p>Mod 2048:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Mod 3072:<li>SHA-1: Salt Length: 160 (bits)<li>SHA-256: Salt Length: 256 (bits)<li>SHA-384: Salt Length: 384 (bits)<li>SHA-512: Salt Length: 512 (bits)<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#2667](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2667)<p>Version 10.0.16299|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))<p>SHA [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#2524](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2524)<p>Version 10.0.15063|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile RSA32 Algorithm Implementations [#2523](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2523)<p>Version 10.0.15063|
-|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001);<p>**PGM(ProbPrimeCondition):** 2048, 3072 **PPTT:**(C.3)**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))**SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64<p>SHA [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>DRBG: [validation number  1555](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1555)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#2522](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2522)<p>Version 10.0.15063|
-|<p>**FIPS186-4:<p>186-4KEY(gen):**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number 3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#2521](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2521)<p>Version 10.0.15063|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)**<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS: <li>SHA-256[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652), <li>SHA-384[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652), <li>SHA-512[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652), SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652), <li>SHA-256[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652), <li>SHA-384[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652), <li>SHA-512[validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)<p>**FIPS186-4:<br>ALG[ANSIX9.31]** Sig(Gen): (2048 SHA(1)) (3072 SHA(1))**SIG(gen) with SHA-1 affirmed for use with protocols only.**SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2415](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2415)<p>Version 7.00.2872|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)**<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS: <li>SHA-256[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651), <li>SHA-384[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651), <li>SHA-512[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651), <li>SHA-256[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651), <li>SHA-384[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651), <li>SHA-512[validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)<p>**FIPS186-4:<br>ALG[ANSIX9.31]** Sig(Gen): (2048 SHA(1)) (3072 SHA(1))**SIG(gen) with SHA-1 affirmed for use with protocols only.** SIG(ver): (1024 SHA(1)) (2048 SHA(1)) (3072 SHA(1))**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2414](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2414)<p>Version 8.00.6246|
-|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS: <li>SHA-256[validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649), <li>SHA-384[validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649), <li>SHA-512[validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649), <li>SHA-256[validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649), <li>SHA-384[validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649), <li>SHA-512[validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001);<p>**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)<br>**ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number  3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)<p>DRBG: [validation number  1430](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1430)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2412](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2412)<p>Version 7.00.2872|
-|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 4096, SHS: <li>SHA-256[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648), <li>SHA-384[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648), <li>SHA-512[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648), SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648), <li>SHA-256[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648), <li>SHA-384[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648), <li>SHA-512[validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001);<p>**PGM(ProbRandom:** (2048, 3072) **PPTT:**(C.2)**<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512)) **SIG(gen) with SHA-1 affirmed for use with protocols only.<p>**SIG(ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)<p>DRBG: [validation number  1429](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1429)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2411](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2411)<p>Version 8.00.6246|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(1, 256, 384)) SIG(gen) with SHA-1 affirmed for use with protocols only.SIG(Ver) (1024 SHA(1, 256, 384)) (2048 SHA(1, 256, 384))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) SIG(gen) with SHA-1 affirmed for use with protocols only.Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48)))<p>SHA [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#2206](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2206)<p>Version 10.0.14393|
-|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001<p>**PGM(ProbPrimeCondition):** 2048, 3072 PPTT:(C.3)<p>SHA [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DRBG: [validation number  1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA Key Generation Implementation [#2195](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2195)<p>Version 10.0.14393|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3346](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3346)|soft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#2194](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2194)<p>Version 10.0.14393|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))<p>**SIG(Ver)** (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DRBG: [validation number  1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#2193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2193)<p>Version 10.0.14393|
-|<p>**FIPS186-4:<br>[RSASSA-PSS]: Sig(Gen):** (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))<p>**Sig(Ver):** (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number  3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347) DRBG: [validation number  1217](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1217)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#2192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#2192)<p>Version 10.0.14393|
-|<p>**FIPS186-4:<p>186-4KEY(gen)**:  FIPS186-4_Fixed_e (10001);<p>**PGM(ProbPrimeCondition**): 2048, 3072 PPTT:(C.3)<p>SHA [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047) DRBG: [validation number  955](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#955)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” RSA Key Generation Implementation [#1889](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1889)<p>Version 10.0.10586|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations [#1871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1871)<p>Version 10.0.10586|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512))<p>**SIG(Ver)** (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub MsBignum Cryptographic Implementations [#1888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1888)<p>Version 10.0.10586|
-|<p>**FIPS186-4:<br>[RSASSA-PSS]: Sig(Gen)**: (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>**Sig(Ver):** (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number  3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub Cryptography Next Generation (CNG) Implementations [#1887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1887)<p>Version 10.0.10586|
-|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e (10001);PGM(ProbPrimeCondition): 2048, 3072 PPTT:(C.3)<p>SHA [validation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886) DRBG: [validation number  868](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#868)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA Key Generation Implementation [#1798](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1798)<p>Version 10.0.10240|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#1784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1784)<p>Version 10.0.10240|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#1783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1783)<p>Version 10.0.10240|
-|<p>**FIPS186-4:<br>[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number  2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#1802](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1802)<p>Version 10.0.10240|
-|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e;<p>**PGM(ProbPrimeCondition):** 2048, 3072 PPTT:(C.3)<p>SHA [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373) DRBG: [validation number  489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 RSA Key Generation Implementation [#1487](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1487)<p>Version 6.3.9600|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#1494](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1494)<p>Version 6.3.9600|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), SIG(Ver) (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512))<p>SHA [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1493](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1493)<p>Version 6.3.9600|
-|<p>**FIPS186-4:<br>[RSASSA-PSS]:** Sig(Gen): (2048 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))), Sig(Ver): (1024 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(62))) (2048 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64))) (3072 SHA(1 SaltLen(20), 256 SaltLen(32), 384 SaltLen(48), 512 SaltLen(64)))<p>SHA [validation number 2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 Cryptography Next Generation Cryptographic Implementations [#1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1519)<p>Version 6.3.9600|
-|<p>**FIPS186-4:<br>ALG[RSASSA-PKCS1_V1_5]** SIG(gen) (2048 SHA(256, 384, 512-256)) (3072 SHA(256, 384, 512-256)), SIG(Ver) (1024 SHA(1, 256, 384, 512-256)) (2048 SHA(1, 256, 384, 512-256)) (3072 SHA(1, 256, 384, 512-256))<p>**[RSASSA-PSS]:**  Sig(Gen): (2048 SHA(256, 384, 512)) (3072 SHA(256, 384, 512)), Sig(Ver): (1024 SHA(1, 256, 384, 512)) (2048 SHA(1, 256, 384, 512)) (3072 SHA(1, 256, 384, 512, 512)), SHA [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 1134](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1134).|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG) Implementations [#1134](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1134)|
-|<p>**FIPS186-4:<p>186-4KEY(gen):** FIPS186-4_Fixed_e, FIPS186-4_Fixed_e_Value<p>**PGM(ProbPrimeCondition):** 2048, 3072 **PPTT:**(C.3)<p>SHA [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903) DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 RSA Key Generation Implementation [#1133](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1133)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#258)<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902), <li>SHA-384[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902), <li>SHA-512[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902),, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902), <li>SHA-256[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902), SHA-[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902), <li>SHA-512[#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 1132](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1132).|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Enhanced Cryptographic Provider (RSAENH) [#1132](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1132)|
-|<p>**FIPS186-2:ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774)<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774), <li>SHA-384[validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774), <li>SHA-512[validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774),SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774), <li>SHA-256[validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774), <li>SHA-384[validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774), <li>SHA-512[validation number 1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 1052](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1052).|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1052](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1052)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [validation number  193](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#193)<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773), <li>SHA-384[validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773), <li>SHA-512[validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773),SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773), <li>SHA-256[validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773), <li>SHA-384[validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773), <li>SHA-512[validation number 1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 1051](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#1051).|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1051](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#1051)|
-|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-384[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-512[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081),SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-256[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-384[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-512[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 568](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#568).|Windows Server 2008 R2 and SP1 Enhanced Cryptographic Provider (RSAENH) [#568](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#568)|
-|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-384[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-512[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-256[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-384[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-512[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081),<br>**ALG[RSASSA-PSS]:** SIG(gen); 2048, 3072, 4096, SHS: <li>SHA-256[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-384[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-512[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-256[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-384[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-512[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 567](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#567). See [Historical RSA List validation number 560](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#560).|Windows Server 2008 R2 and SP1 CNG algorithms [#567](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#567)<p>Windows 7 and SP1 CNG algorithms [#560](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#560)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 DRBG: [validation number  23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#23)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 559](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#559).|Windows 7 and SP1 and Server 2008 R2 and SP1 RSA Key Generation Implementation [#559](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#559)|
-|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS:<li>SHA-256[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-384[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-512[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-256[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-384[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081), <li>SHA-512[validation number 1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 557](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#557).|Windows 7 and SP1 Enhanced Cryptographic Provider (RSAENH) [#557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#557)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816), <li>SHA-384[validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816), <li>SHA-512[validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816),SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816), <li>SHA-256[validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816), <li>SHA-384[validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816), <li>SHA-512[validation number 816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 395](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#395).|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#395](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#395)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)**<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783), <li>SHA-384[validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783), <li>SHA-512[validation number 783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 371](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#371).|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#371)|
-|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-384[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-512[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-256[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-384[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-512[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753),<br>**ALG[RSASSA-PSS]:** SIG(gen); 2048, 3072, 4096, SHS: <li>SHA-256[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-384[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-512[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-256[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-384[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-512[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 358](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#358). See [Historical RSA List validation number 357](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#357).|Windows Server 2008 CNG algorithms [#358](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#358)<p>Windows Vista SP1 CNG algorithms [#357](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#357)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-384[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-512[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-256[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-384[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753), <li>SHA-512[validation number 753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 355](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#355). See [Historical RSA List validation number 354](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#354).|Windows Server 2008 Enhanced Cryptographic Provider (RSAENH) [#355](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#355)<p>Windows Vista SP1 Enhanced Cryptographic Provider (RSAENH) [#354](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#354)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 353](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#353).|Windows Vista SP1 and Windows Server 2008 RSA Key Generation Implementation [#353](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#353)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** Key(gen)(MOD: 2048, 3072, 4096 PubKey Values: 65537 RNG: [validation number  321](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rng#321)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 258](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#258).|Windows Vista RSA key generation implementation [#258](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#258)|
-|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-384[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-512[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618),SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-256[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-384[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-512[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618),<br>**ALG[RSASSA-PSS]:** SIG(gen); 2048, 3072, 4096, SHS: <li>SHA-256[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-384[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-512[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-256[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-384[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-512[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 257](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#257).|Windows Vista CNG algorithms [#257](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#257)|
-|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-384[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-512[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618),, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-256[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-384[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618), <li>SHA-512[validation number 618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 255](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#255).|Windows Vista Enhanced Cryptographic Provider (RSAENH) [#255](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#255)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613), <li>SHA-384[validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613), <li>SHA-512[validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613), SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613), <li>SHA-256[validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613), <li>SHA-384[validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613), <li>SHA-512[validation number 613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 245](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#245).|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#245](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#245)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589)<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589), <li>SHA-384[validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589), <li>SHA-512[validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589),, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589), <li>SHA-256[validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589), <li>SHA-384[validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589), <li>SHA-512[validation number 589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 230](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#230).|Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#230](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#230)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578)<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578), <li>SHA-384[validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578), <li>SHA-512[validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578),, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578), <li>SHA-256[validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578), <li>SHA-384[validation number 578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578), <li>SHA-512[validation number 578](http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm#578),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 222](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#222).|Windows CE and Windows Mobile 6 and Windows Mobile 6.1 Enhanced Cryptographic Provider (RSAENH) [#222](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#222)|
-|<p>**FIPS186-2:<br>ALG[RSASSA-PKCS1_V1_5]:**<p>SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364)<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 81](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#81).|Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#81)|
-|<p>**FIPS186-2:<br>ALG[ANSIX9.31]:** SIG(ver); 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 305](http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htm#305)<br>**ALG[RSASSA-PKCS1_V1_5]:** SIG(gen) 2048, 3072, 4096, SHS: <li>SHA-256[validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305), <li>SHA-384[validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305), <li>SHA-512[validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305),, SIG(ver): 1024, 1536, 2048, 3072, 4096, SHS: SHA-1[validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305), <li>SHA-256[validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305), <li>SHA-384[validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305), <li>SHA-512[validation number 305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305),<p>Some of the previously validated components for this validation have been removed because they're now non-compliant per the SP800-131A transition. See [Historical RSA List validation number 52](http://csrc.nist.gov/groups/stm/cavp/documents/dss/rsahistoricalval.html#52).|Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#52](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/rsa#52)|
-|<p>**FIPS186-2:**: <li>PKCS#1 v1.5, Signature generation, and verification<li>Mod sizes: 1024, 1536, 2048, 3072, 4096<li>SHS: SHA–1/256/384/512|Windows XP, vendor-affirmed<p>Windows 2000, vendor-affirmed|
-
-#### Secure Hash Standard (SHS)
-
-|Modes / States / Key Sizes|Algorithm Implementation and Certificate #|
-|--- |--- |
-|<p>SHA-1:<br>Supports Empty Message<p>SHA-256:<br>Supports Empty Message<p>SHA-384:<br>Supports Empty Message<p>SHA-512:<br>Supports Empty Message|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011)<p>Version 10.0.15063.674|
-|<p>SHA-1:<br>Supports Empty Message<p>SHA-256:<br>Supports Empty Message<p>SHA-384:<br>Supports Empty Message<p>SHA-512:<br>Supports Empty Message|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010)<p>Version 10.0.15254|
-|<p>SHA-1:<br>Supports Empty Message<p>SHA-256:<br>Supports Empty Message<p>SHA-384:<br>Supports Empty Message<p>SHA-512:<br>Supports Empty Message|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009)<p>Version 10.0.16299|
-|<li>**SHA-1**      (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only)<li>**SHA-512**  (BYTE-only)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#3790](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3790)<p>Version 10.0.15063|
-|<li>**SHA-1**      (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only)<li>**SHA-512**  (BYTE-only)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#3652](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3652)<p>Version 7.00.2872|
-|<li>**SHA-1**      (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only<li>**SHA-512**  (BYTE-only)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#3651](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3651)<p>Version 8.00.6246|
-|<li>**SHA-1**      (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only)<li>**SHA-512**  (BYTE-only)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#3649](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3649)<p>Version 7.00.2872|
-|<li>**SHA-1**      (BYTE-only)<li>**SHA-256**  (BYTE-only)<li>**SHA-384**  (BYTE-only)<li>**SHA-512**  (BYTE-only)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#3648](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3648)<p>Version 8.00.6246|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#3347](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3347)<p>Version 10.0.14393|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update RSA32 Algorithm Implementations [#3346](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3346)<p>Version 10.0.14393|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub RSA32 Algorithm Implementations [#3048](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3048)<p>Version 10.0.10586|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#3047](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#3047)<p>Version 10.0.10586|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#2886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2886)<p>Version 10.0.10240|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 RSA32 Algorithm Implementations [#2871](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2871)<p>Version 10.0.10240|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry RSA32 Algorithm Implementations [#2396](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2396)<p>Version 6.3.9600|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#2373](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#2373)<p>Version 6.3.9600|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)<p>Implementation does not support zero-length (null) messages.|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#1903](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1903)<p>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#1902](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1902)|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1774](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1774)<p>Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#1773](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1773)|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#1081](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#1081)<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#816](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#816.)|
-|<li>**SHA-1** (BYTE-only)|Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#785](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#785)<p>Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#784](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#784)|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#783](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#783)|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#753](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#753)<p>Windows Vista Symmetric Algorithm Implementation [#618](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#618)|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)|Windows Vista BitLocker Drive Encryption [#737](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#737)<p>Windows Vista Beta 2 BitLocker Drive Encryption [#495](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#495)|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#613](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#613)<p>Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#364](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#364)|
-|<li>**SHA-1** (BYTE-only)|Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#611](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#611)<p>Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#610](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#610)<p>Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#385](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#385)<p>Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) [#371](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#371)<p>Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#181](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#181)<p>Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) [#177](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#177)<p>Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#176](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#176)|
-|<li>**SHA-1** (BYTE-only)<li>**SHA-256** (BYTE-only)<li>**SHA-384** (BYTE-only)<li>**SHA-512** (BYTE-only)|Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#589](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#589)<p>Windows CE and Windows Mobile 6 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#578](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#578)<p>Windows CE 5.00 and Windows CE 5.01 Enhanced<p>Cryptographic Provider (RSAENH) [#305](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#305)|
-|<li>**SHA-1** (BYTE-only)|Windows XP Microsoft Enhanced Cryptographic Provider [#83](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#83)<p>Crypto Driver for Windows 2000 (fips.sys) [#35](http://csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.htmlhttp:/csrc.nist.gov/groups/stm/cavp/documents/shs/shaval.html#35)<p>Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) [#32](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#32)<p>Windows 2000 RSAENH.DLL [#24](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#24)<p>Windows 2000 RSABASE.DLL [#23](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#23)<p>Windows NT 4 SP6 RSAENH.DLL [#21](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#21)<p>Windows NT 4 SP6 RSABASE.DLL [#20](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#20)|
-
-
-#### Triple DES
-
-
-|**Modes / States / Key Sizes**|**Algorithm Implementation and Certificate #**|
-|--- |--- |
-|<p>TDES-CBC:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB64:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB8:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-ECB:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#2558](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2558)<p>Version 10.0.15063.674|
-|<p>TDES-CBC:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB64:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB8:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-ECB:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#2557](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2557)<p>Version 10.0.15254|
-|<p>TDES-CBC:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB64:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-CFB8:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1<p>TDES-ECB:<li>Modes: Decrypt, Encrypt<li>Keying Option: 1|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#2556](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2556)<p>Version 10.0.16299|
-|**TECB**(KO 1 e/d); **TCBC**(KO 1 e/d); **TCFB8**(KO 1 e/d); **TCFB64**(KO 1 e/d)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#2459](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2459)<p>Version 10.0.15063|
-|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2384](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2384)<p>Version 8.00.6246|
-|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Enhanced Cryptographic Provider (RSAENH) [#2383](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2383)<p>Version 8.00.6246|
-|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**CTR** (int only)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2382](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2382)<p>Version 7.00.2872|
-|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d)|Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#2381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2381)<p>Version 8.00.6246|
-|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update SymCrypt Cryptographic Implementations [#2227](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2227)<p>Version 10.0.14393|
-|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub and Surface Hub SymCrypt Cryptographic Implementations [#2024](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#2024)<p>Version 10.0.10586|
-|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 SymCrypt Cryptographic Implementations [#1969](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1969)<p>Version 10.0.10240|
-|**TECB**(KO 1 e/d);**TCBC**(KO 1 e/d);**TCFB8**(KO 1 e/d);**TCFB64**(KO 1 e/d)|Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 SymCrypt Cryptographic Implementations [#1692](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1692)<p>Version 6.3.9600|
-|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2);**TCFB64**(e/d; KO 1, 2)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Next Generation Symmetric Cryptographic Algorithms Implementations (SYMCRYPT) [#1387](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1387)|
-|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Symmetric Algorithm Implementations (RSA32) [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386)|
-|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows 7 and SP1 and Windows Server 2008 R2 and SP1 Symmetric Algorithm Implementation [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846)|
-|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows Vista SP1 and Windows Server 2008 Symmetric Algorithm Implementation [#656](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#656)|
-|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2);**TCFB8**(e/d; KO 1, 2)|Windows Vista Symmetric Algorithm Implementation [#549](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#549)|
-|**Triple DES MAC**|Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 [#1386](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1386), vendor-affirmedWindows 7 and SP1 and Windows Server 2008 R2 and SP1 [#846](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#846), vendor-affirmed|
-|**TECB**(e/d; KO 1, 2);**TCBC**(e/d; KO 1, 2)|Windows Embedded Compact 7 Enhanced Cryptographic Provider (RSAENH) [#1308](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1308)Windows Embedded Compact 7 Cryptographic Primitives Library (bcrypt.dll) [#1307](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#1307)<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#691](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#691)<p>Windows XP Professional SP3 Kernel Mode Cryptographic Module (fips.sys) [#677](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#677)<p>Windows XP Professional SP3 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#676](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#676)<p>Windows XP Professional SP3 Enhanced Cryptographic Provider (RSAENH) [#675](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#675)<p>Windows Server 2003 SP2 Enhanced Cryptographic Provider (RSAENH) [#544](http://csrc.nist.gov/groups/stm/cavp/documents/des/tripledesval.html#544)<p>Windows Server 2003 SP2 Enhanced DSS and Diffie-Hellman Cryptographic Provider [#543](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#543)<p>Windows Server 2003 SP2 Kernel Mode Cryptographic Module (fips.sys) [#542](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#542)Windows CE 6.0 and Windows CE 6.0 R2 and Windows Mobile Enhanced Cryptographic Provider (RSAENH) [#526](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#526)<p>Windows CE and Windows Mobile 6 and Windows Mobile 6.1 and Windows Mobile 6.5 Enhanced Cryptographic Provider (RSAENH) [#517](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#517)<p>Windows Server 2003 SP1 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#381](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#381)<p>Windows Server 2003 SP1 Kernel Mode Cryptographic Module (fips.sys) [#370](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#370)<p>Windows Server 2003 SP1 Enhanced Cryptographic Provider (RSAENH) [#365](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#365)Windows CE 5.00 and Windows CE 5.01 Enhanced Cryptographic Provider (RSAENH) [#315](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#315)<p>Windows Server 2003 Kernel Mode Cryptographic Module (fips.sys) [#201](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#201)<p>Windows Server 2003 Enhanced DSS and Diffie-Hellman Cryptographic Provider (DSSENH) [#199](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#199)<p>Windows Server 2003 Enhanced Cryptographic Provider (RSAENH) [#192](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#192)Windows XP Microsoft Enhanced Cryptographic Provider [#81](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#81)<p>Windows 2000 Microsoft Outlook Cryptographic Provider (EXCHCSP.DLL) SR-1A (3821) [#18](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#18)Crypto Driver for Windows 2000 (fips.sys) [#16](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/tdes#16)|
-
-#### SP 800-132 Password-Based Key Derivation Function (PBKDF)
-
-| Modes / States / Key Sizes | Algorithm Implementation and Certificate # |
-| --- | --- |
-| PBKDF (vendor affirmed) |  Kernel Mode Cryptographic Primitives Library (cng.sys) Cryptographic Primitives Library (bcryptprimitives.dll and ncryptsslp.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2937](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2937)<br/>(Software Version: 10.0.14393)<br/><br/>Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2936](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936)<br/>(Software Version: 10.0.14393)<br/><br/>Code Integrity (ci.dll) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2935](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2935)<br/>(Software Version: 10.0.14393) |
-| PBKDF (vendor affirmed) | Kernel Mode Cryptographic Primitives Library (cng.sys) in Microsoft Windows 10, Windows 10 Pro, Windows 10 Enterprise, Windows 10 Enterprise LTSB, Windows 10 Mobile, Windows Server 2016 Standard, Windows Server 2016 Datacenter, Windows Storage Server 2016 [#2936](https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936)<br/>(Software Version: 10.0.14393)<br/><br/>Windows 8, Windows RT, Windows Server 2012, Surface Windows RT, Surface Windows 8 Pro, and Windows Phone 8 Cryptography Next Generation (CNG), vendor-affirmed |
-
-#### Component Validation List
-
-
-|**Publication / Component Validated / Description**|**Implementation and Certificate #**|
-|--- |--- |
-|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#489](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#489)|Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#1540](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1540)<p>Version 6.3.9600|
-|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Microsoft Surface Hub Virtual TPM Implementations [#1519](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1519)<p>Version 10.0.15063.674|
-|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); Virtual TPM Implementations [#1518](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1518)<p>Version 10.0.16299|
-|RSADP:<p>Modulus Size: 2048 (bits)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1517](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1517)<p>Version 10.0.15063.674|
-|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1516](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1516)<p>Version 10.0.15063.674|
-|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub MsBignum Cryptographic Implementations [#1515](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1515)<p>Version 10.0.15063.674|
-|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1732](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1732)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1514](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1514)<p>Version 10.0.15063.674|
-|RSADP:<p>Modulus Size: 2048 (bits)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1513](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1513)<p>Version 10.0.15063.674|
-|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1512](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1512)<p>Version 10.0.15063.674|
-|<p>IKEv1:<li>Methods: Digital Signature, Pre-shared Key, Public Key Encryption<li>Pre-shared Key Length: 64-2048<p>Diffie-Hellman shared secrets:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), HMAC [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3269)<p>IKEv2:<li>Derived Keying Material length: 192-1792<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), HMAC [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3269)<p>TLS:<li>Supports TLS 1.0/1.1<li>Supports TLS 1.2:<p>SHA Functions: SHA-256, SHA-384<p>Prerequisite: SHS [#4011](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4011), HMAC [#3269](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3269)|Microsoft Surface Hub SymCrypt Cryptographic Implementations [#1511](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1511)<p>Version 10.0.15063.674|
-|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1510](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1510)<p>Version 10.0.15254|
-|RSADP:<p>Modulus Size: 2048 (bits)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1509](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1509)<p>Version 10.0.15254|
-|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1508](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1508)<p>Version 10.0.15254|
-|<p>IKEv1:<li>Methods: Digital Signature, Pre-shared Key, Public Key Encryption<li>Pre-shared Key Length: 64-2048<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), HMAC [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3268)<p>IKEv2:<li>Derived Keying Material length: 192-1792<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), HMAC [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3268)<p>TLS:<li>Supports TLS 1.0/1.1<li>Supports TLS 1.2:<p>SHA Functions: SHA-256, SHA-384<p>Prerequisite: SHS [#4010](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4010), HMAC [#3268](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3268)|Windows 10 Mobile (version 1709) SymCrypt Cryptographic Implementations [#1507](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1507)<p>Version 10.0.15254|
-|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1731](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1731)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1506](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1506)<p>Version 10.0.15254|
-|RSADP:<p>Modulus Size: 2048 (bits)|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1505](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1505)<p>Version 10.0.15254|
-|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Mobile (version 1709) MsBignum Cryptographic Implementations [#1504](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1504)<p>Version 10.0.15254|
-|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1503](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1503)<p>Version 10.0.16299|
-|RSADP:<p>Modulus Size: 2048 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1502](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1502)<p>Version 10.0.16299|
-|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); MsBignum Cryptographic Implementations [#1501](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1501)<p>Version 10.0.16299|
-|<p>ECDSA SigGen:<li>P-256 SHA: SHA-256<li>P-384 SHA: SHA-384<li>P-521 SHA: SHA-512<p>Prerequisite: DRBG [#1730](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/drbg#1730)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1499](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1499)<p>Version 10.0.16299|
-|RSADP:<p>Modulus Size: 2048 (bits)|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations [#1498](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1498)<p>Version 10.0.16299|
-|<p>RSASP1:<p>Modulus Size: 2048 (bits)<br>Padding Algorithms: PKCS 1.5|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  [#1497](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1497)<p>Version 10.0.16299|
-|<p>IKEv1:<li>Methods: Digital Signature, Pre-shared Key, Public Key Encryption<li>Pre-shared Key Length: 64-2048<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), HMAC [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267)<p>IKEv2:<li>Derived Keying Material length: 192-1792<p>Diffie-Hellman shared secret:<li>Length: 2048 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 256 (bits)<li>SHA Functions: SHA-256<p>Diffie-Hellman shared secret:<li>Length: 384 (bits)<li>SHA Functions: SHA-384<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), HMAC [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267)<p>TLS:<li>Supports TLS 1.0/1.1<li>Supports TLS 1.2:<p>SHA Functions: SHA-256, SHA-384<p>Prerequisite: SHS [#4009](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/shs#4009), HMAC [#3267](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/hmac#3267)|Windows 10 Home, Pro, Enterprise, Education,Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  [#1496](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1496)<p>Version 10.0.16299|
-|FIPS186-4 ECDSA<p>Signature Generation of hash sized messages<p>ECDSA SigGen Component: CURVES(P-256 P-384 P-521)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1284](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1284)<p>Version 10.0. 15063<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1279](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1279)<p>Version 10.0. 15063<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#922](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#922)<p>Version 10.0.14393<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#894](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#894)<p>Version 10.0.14393icrosoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations [#666](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#666)<p>Version 10.0.10586<p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 MsBignum Cryptographic Implementations [#288](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#288)<p>Version 6.3.9600|
-|FIPS186-4 RSA; PKCS#1 v2.1<p>RSASP1 Signature Primitive<p>RSASP1: (Mod2048: PKCS1.5 PKCSPSS)|Windows 10 Creators Update (version 1703) Pro, Enterprise, Education Virtual TPM Implementations [#1285](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1285)<p>Version 10.0.15063<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1282](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1282)<p>Version 10.0.15063<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1280](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1280)<p>Version 10.0.15063<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#893](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#893)<p>Version 10.0.14393<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update MsBignum Cryptographic Implementations [#888](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#888)<p>Version 10.0.14393<p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” MsBignum Cryptographic Implementations [#665](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#665)<p>Version 10.0.10586<p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 MsBignum Cryptographic Implementations [#572](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#572)<p>Version  10.0.10240<p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry MsBignum Cryptographic Implementations [#289](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#289)<p>Version 6.3.9600|
-|FIPS186-4 RSA; RSADP<p>RSADP Primitive<p>RSADP: (Mod2048)|Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile MsBignum Cryptographic Implementations [#1283](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1283)<p>Version 10.0.15063<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1281](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1281)<p>Version 10.0.15063<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, and Surface Pro 3 w/ Windows 10 Anniversary Update Virtual TPM Implementations [#895](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#895)<p>Version 10.0.14393<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update Cryptography Next Generation (CNG) Implementations [#887](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#887)<p>Version 10.0.14393<p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” Cryptography Next Generation (CNG) Implementations [#663](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#663)<p>Version 10.0.10586<p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 Cryptography Next Generation (CNG) Implementations [#576](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#576)<p>Version  10.0.10240|
-|SP800-135<p>Section 4.1.1, IKEv1 Section 4.1.2, IKEv2 Section 4.2, TLS|Windows 10 Home, Pro, Enterprise, Education, Windows 10 S Fall Creators Update; Windows Server, Windows Server Datacenter (version 1709); SymCrypt Cryptographic Implementations  [#1496](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1496)<p>Version 10.0.16299<p>Windows 10 Creators Update (version 1703) Home, Pro, Enterprise, Education, Windows 10 S, Windows 10 Mobile SymCrypt Cryptographic Implementations [#1278](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1278)<p>Version 10.0.15063<p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1140](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1140)<p>Version 7.00.2872<p>Windows Embedded Compact Cryptographic Primitives Library (bcrypt.dll) [#1139](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#1139)<p>Version 8.00.6246<p>Microsoft Windows 10 Anniversary Update, Windows Server 2016, Windows Storage Server 2016; Microsoft Surface Book, Surface Pro 4, Surface Pro 3 and Surface 3 w/ Windows 10 Anniversary Update; Microsoft Lumia 950 and Lumia 650 w/ Windows 10 Mobile Anniversary Update BcryptPrimitives and NCryptSSLp [#886](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#886)<p>Version 10.0.14393<p>Microsoft Windows 10 November 2015 Update; Microsoft Surface Book, Surface Pro 4, Surface Pro 3, Surface 3, Surface Pro 2, and Surface Pro w/ Windows 10 November 2015 Update; Windows 10 Mobile for Microsoft Lumia 950 and Microsoft Lumia 635; Windows 10 for Microsoft Surface Hub 84” and Surface Hub 55” BCryptPrimitives and NCryptSSLp [#664](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#664)<p>Version 10.0.10586<p>Microsoft Windows 10, Microsoft Surface Pro 3 with Windows 10, Microsoft Surface 3 with Windows 10, Microsoft Surface Pro 2 with Windows 10, Microsoft Surface Pro with Windows 10 BCryptPrimitives and NCryptSSLp [#575](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#575)<p>Version  10.0.10240<p>Microsoft Windows 8.1, Microsoft Windows Server 2012 R2, Microsoft Windows Storage Server 2012 R2, Microsoft Windows RT 8.1, Microsoft Surface with Windows RT 8.1, Microsoft Surface Pro with Windows 8.1, Microsoft Surface 2, Microsoft Surface Pro 2, Microsoft Surface Pro 3, Microsoft Windows Phone 8.1, Microsoft Windows Embedded 8.1 Industry, and Microsoft StorSimple 8100 BCryptPrimitives and NCryptSSLp [#323](https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/validation/validation-list/component#323)<p>Version 6.3.9600|
-
-## Contact
-
-fips@microsoft.com
-
-## References
-
-* [FIPS 140-2, Security Requirements for Cryptographic Modules](http://csrc.nist.gov/publications/fips/fips140-2/fips1402.pdf))
-* [Cryptographic Module Validation Program (CMVP) FAQ](http://csrc.nist.gov/groups/stm/cmvp/documents/cmvpfaq.pdf)
-* [SP 800-57 - Recommendation for Key Management – Part 1: General (Revised)](https://csrc.nist.gov/publications/detail/sp/800-57-part-1/rev-5/final)
-* [SP 800-131A - Transitions: Recommendation for Transitioning the Use of Cryptographic Algorithms and Key Lengths](http://csrc.nist.gov/publications/nistpubs/800-131a/sp800-131a.pdf)
+---
+
+<!-- Links -->
+
+[HTTP-1]: https://csrc.nist.gov/Projects/cryptographic-module-validation-program
+
+
+[aes-33]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=33
+[aes-80]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=80
+[aes-224]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=224
+[aes-290]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=290
+[aes-424]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=424
+[aes-507]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=507
+[aes-516]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=516
+[aes-548]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=548
+[aes-553]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=553
+[aes-715]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=715
+[aes-739]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=739
+[aes-756]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=756
+[aes-757]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=757
+[aes-760]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=760
+[aes-781]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=781
+[aes-818]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=818
+[aes-1168]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=1168
+[aes-1177]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=1177
+[aes-1178]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=1178
+[aes-1187]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=1187
+[aes-2023]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=2023
+[aes-2024]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=2024
+[aes-2196]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=2196
+[aes-2197]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=2197
+[aes-2198]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=2198
+[aes-2216]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=2216
+[aes-2832]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=2832
+[aes-2848]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=2848
+[aes-2853]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=2853
+[aes-3476]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=3476
+[aes-3497]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=3497
+[aes-3498]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=3498
+[aes-3507]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=3507
+[aes-3629]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=3629
+[aes-3630]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=3630
+[aes-3652]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=3652
+[aes-3653]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=3653
+[aes-4061]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4061
+[aes-4062]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4062
+[aes-4063]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4063
+[aes-4064]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4064
+[aes-4074]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4074
+[aes-4430]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4430
+[aes-4431]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4431
+[aes-4433]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4433
+[aes-4434]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4434
+[aes-4624]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4624
+[aes-4625]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4625
+[aes-4626]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4626
+[aes-4627]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4627
+[aes-4894]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4894
+[aes-4895]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4895
+[aes-4896]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4896
+[aes-4897]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4897
+[aes-4898]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4898
+[aes-4899]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4899
+[aes-4900]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4900
+[aes-4901]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4901
+[aes-4902]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4902
+[aes-4903]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4903
+[aes-4904]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=aes&number=4904
+
+[component-288]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=288
+[component-289]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=289
+[component-323]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=323
+[component-572]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=572
+[component-575]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=575
+[component-576]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=576
+[component-663]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=663
+[component-664]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=664
+[component-665]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=665
+[component-666]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=666
+[component-886]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=886
+[component-887]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=887
+[component-888]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=888
+[component-893]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=893
+[component-894]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=894
+[component-895]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=895
+[component-922]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=922
+[component-1133]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1133
+[component-1139]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1139
+[component-1140]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1140
+[component-1278]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1278
+[component-1279]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1279
+[component-1280]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1280
+[component-1281]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1281
+[component-1282]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1282
+[component-1283]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1283
+[component-1284]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1284
+[component-1285]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1285
+[component-1496]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1496
+[component-1497]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1497
+[component-1498]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1498
+[component-1499]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1499
+[component-1501]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1501
+[component-1502]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1502
+[component-1503]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1503
+[component-1504]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1504
+[component-1505]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1505
+[component-1506]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1506
+[component-1507]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1507
+[component-1508]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1508
+[component-1509]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1509
+[component-1510]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1510
+[component-1511]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1511
+[component-1512]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1512
+[component-1513]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1513
+[component-1514]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1514
+[component-1515]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1515
+[component-1516]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1516
+[component-1517]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1517
+[component-1518]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1518
+[component-1519]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1519
+[component-1540]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=1540
+[component-2521]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=component&number=2521
+
+[des-91]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=des&number=91
+[des-156]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=des&number=156
+[des-230]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=des&number=230
+
+[drbg-23]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=23
+[drbg-24]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=24
+[drbg-27]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=27
+[drbg-193]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=193
+[drbg-258]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=258
+[drbg-259]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=259
+[drbg-489]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=489
+[drbg-868]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=868
+[drbg-955]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=955
+[drbg-1217]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1217
+[drbg-1222]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1222
+[drbg-1429]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1429
+[drbg-1430]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1430
+[drbg-1432]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1432
+[drbg-1433]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1433
+[drbg-1555]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1555
+[drbg-1556]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1556
+[drbg-1730]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1730
+[drbg-1731]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1731
+[drbg-1732]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1732
+[drbg-1733]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1733
+[drbg-1734]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=drbg&number=1734
+
+[dsa-17]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=17
+[dsa-25]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=25
+[dsa-26]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=26
+[dsa-28]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=28
+[dsa-29]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=29
+[dsa-35]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=35
+[dsa-72]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=72
+[dsa-95]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=95
+[dsa-146]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=146
+[dsa-221]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=221
+[dsa-226]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=226
+[dsa-227]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=227
+[dsa-281]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=281
+[dsa-282]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=282
+[dsa-283]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=283
+[dsa-284]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=284
+[dsa-291]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=291
+[dsa-292]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=292
+[dsa-385]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=385
+[dsa-386]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=386
+[dsa-390]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=390
+[dsa-391]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=391
+[dsa-645]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=645
+[dsa-686]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=686
+[dsa-687]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=687
+[dsa-855]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=855
+[dsa-983]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=983
+[dsa-1024]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=1024
+[dsa-1098]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=1098
+[dsa-1135]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=1135
+[dsa-1187]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=1187
+[dsa-1188]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=1188
+[dsa-1223]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=1223
+[dsa-1301]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=1301
+[dsa-1302]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=1302
+[dsa-1303]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=dsa&number=1303
+
+[ecdsa-60]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=60
+[ecdsa-82]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=82
+[ecdsa-83]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=83
+[ecdsa-141]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=141
+[ecdsa-142]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=142
+[ecdsa-295]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=295
+[ecdsa-341]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=341
+[ecdsa-505]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=505
+[ecdsa-706]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=706
+[ecdsa-760]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=760
+[ecdsa-911]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=911
+[ecdsa-920]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=920
+[ecdsa-1072]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1072
+[ecdsa-1073]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1073
+[ecdsa-1133]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1133
+[ecdsa-1135]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1135
+[ecdsa-1136]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1136
+[ecdsa-1246]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1246
+[ecdsa-1247]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1247
+[ecdsa-1248]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1248
+[ecdsa-1249]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1249
+[ecdsa-1250]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1250
+[ecdsa-1251]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1251
+[ecdsa-1252]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1252
+[ecdsa-1253]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1253
+[ecdsa-1263]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=ecdsa&number=1263
+
+[hmac-31]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=31
+[hmac-99]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=99
+[hmac-199]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=199
+[hmac-260]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=260
+[hmac-267]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=267
+[hmac-287]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=287
+[hmac-289]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=289
+[hmac-297]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=297
+[hmac-298]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=298
+[hmac-386]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=386
+[hmac-407]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=407
+[hmac-408]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=408
+[hmac-412]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=412
+[hmac-413]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=413
+[hmac-415]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=415
+[hmac-428]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=428
+[hmac-429]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=429
+[hmac-452]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=452
+[hmac-673]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=673
+[hmac-675]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=675
+[hmac-677]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=677
+[hmac-686]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=686
+[hmac-687]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=687
+[hmac-1227]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=1227
+[hmac-1345]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=1345
+[hmac-1346]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=1346
+[hmac-1347]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=1347
+[hmac-1364]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=1364
+[hmac-1773]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=1773
+[hmac-2122]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=2122
+[hmac-2233]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=2233
+[hmac-2381]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=2381
+[hmac-2651]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=2651
+[hmac-2661]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=2661
+[hmac-2942]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=2942
+[hmac-2943]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=2943
+[hmac-2945]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=2945
+[hmac-2946]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=2946
+[hmac-3061]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=3061
+[hmac-3062]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=3062
+[hmac-3267]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=3267
+[hmac-3268]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=3268
+[hmac-3269]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=3269
+[hmac-3270]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=3270
+[hmac-3271]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=hmac&number=3271
+
+[kas-36]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=36
+[kas-47]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=47
+[kas-64]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=64
+[kas-72]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=72
+[kas-92]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=92
+[kas-93]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=93
+[kas-114]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=114
+[kas-115]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=115
+[kas-127]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=127
+[kas-128]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=128
+[kas-146]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=146
+[kas-147]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=147
+[kas-148]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=148
+[kas-149]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=149
+[kas-150]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kas&number=150
+
+[kdf-3]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=3
+[kdf-30]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=30
+[kdf-66]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=66
+[kdf-72]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=72
+[kdf-101]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=101
+[kdf-102]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=102
+[kdf-140]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=140
+[kdf-141]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=141
+[kdf-157]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=157
+[kdf-158]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=158
+[kdf-159]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=159
+[kdf-160]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=160
+[kdf-161]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=kdf&number=161
+
+[rng-66]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=66
+[rng-286]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=286
+[rng-292]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=292
+[rng-313]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=313
+[rng-314]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=314
+[rng-316]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=316
+[rng-321]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=321
+[rng-435]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=435
+[rng-447]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=447
+[rng-448]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=448
+[rng-449]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=449
+[rng-470]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=470
+[rng-649]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=649
+[rng-1060]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=1060
+[rng-1110]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rng&number=1110
+
+[rsa-52]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=52
+[rsa-81]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=81
+[rsa-222]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=222
+[rsa-230]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=230
+[rsa-245]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=245
+[rsa-255]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=255
+[rsa-257]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=257
+[rsa-258]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=258
+[rsa-353]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=353
+[rsa-354]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=354
+[rsa-355]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=355
+[rsa-357]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=357
+[rsa-358]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=358
+[rsa-371]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=371
+[rsa-395]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=395
+[rsa-557]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=557
+[rsa-559]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=559
+[rsa-560]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=560
+[rsa-567]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=567
+[rsa-568]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=568
+[rsa-1051]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1051
+[rsa-1052]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1052
+[rsa-1132]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1132
+[rsa-1133]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1133
+[rsa-1134]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1134
+[rsa-1487]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1487
+[rsa-1493]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1493
+[rsa-1494]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1494
+[rsa-1519]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1519
+[rsa-1783]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1783
+[rsa-1784]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1784
+[rsa-1798]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1798
+[rsa-1802]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1802
+[rsa-1871]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1871
+[rsa-1887]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1887
+[rsa-1888]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1888
+[rsa-1889]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=1889
+[rsa-2192]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2192
+[rsa-2193]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2193
+[rsa-2194]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2194
+[rsa-2195]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2195
+[rsa-2206]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2206
+[rsa-2411]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2411
+[rsa-2412]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2412
+[rsa-2414]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2414
+[rsa-2415]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2415
+[rsa-2521]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2521
+[rsa-2522]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2522
+[rsa-2523]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2523
+[rsa-2524]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2524
+[rsa-2667]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2667
+[rsa-2668]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2668
+[rsa-2669]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2669
+[rsa-2670]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2670
+[rsa-2671]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2671
+[rsa-2672]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2672
+[rsa-2673]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2673
+[rsa-2674]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2674
+[rsa-2675]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2675
+[rsa-2676]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2676
+[rsa-2677]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=rsa&number=2677
+
+[shs-20]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=20
+[shs-21]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=21
+[shs-23]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=23
+[shs-24]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=24
+[shs-32]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=32
+[shs-35]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=35
+[shs-83]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=83
+[shs-176]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=176
+[shs-177]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=177
+[shs-181]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=181
+[shs-267]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=267
+[shs-305]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=305
+[shs-364]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=364
+[shs-371]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=371
+[shs-385]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=385
+[shs-428]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=428
+[shs-429]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=429
+[shs-495]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=495
+[shs-578]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=578
+[shs-589]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=589
+[shs-610]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=610
+[shs-611]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=611
+[shs-613]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=613
+[shs-618]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=618
+[shs-737]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=737
+[shs-753]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=753
+[shs-783]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=783
+[shs-784]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=784
+[shs-785]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=785
+[shs-816]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=816
+[shs-1081]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=1081
+[shs-1773]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=1773
+[shs-1774]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=1774
+[shs-1902]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=1902
+[shs-1903]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=1903
+[shs-2373]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=2373
+[shs-2396]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=2396
+[shs-2764]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=2764
+[shs-2871]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=2871
+[shs-2886]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=2886
+[shs-3047]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=3047
+[shs-3048]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=3048
+[shs-3346]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=3346
+[shs-3347]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=3347
+[shs-3648]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=3648
+[shs-3649]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=3649
+[shs-3651]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=3651
+[shs-3652]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=3652
+[shs-3790]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=3790
+[shs-4009]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=4009
+[shs-4010]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=4010
+[shs-4011]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=shs&number=4011
+
+[tdes-16]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=16
+[tdes-18]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=18
+[tdes-81]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=81
+[tdes-192]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=192
+[tdes-199]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=199
+[tdes-201]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=201
+[tdes-315]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=315
+[tdes-365]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=365
+[tdes-370]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=370
+[tdes-381]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=381
+[tdes-517]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=517
+[tdes-526]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=526
+[tdes-542]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=542
+[tdes-543]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=543
+[tdes-544]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=544
+[tdes-549]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=549
+[tdes-656]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=656
+[tdes-675]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=675
+[tdes-676]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=676
+[tdes-677]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=677
+[tdes-691]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=691
+[tdes-846]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=846
+[tdes-1307]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=1307
+[tdes-1308]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=1308
+[tdes-1386]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=1386
+[tdes-1387]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=1387
+[tdes-1692]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=1692
+[tdes-1969]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=1969
+[tdes-2024]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2024
+[tdes-2227]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2227
+[tdes-2381]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2381
+[tdes-2382]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2382
+[tdes-2383]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2383
+[tdes-2384]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2384
+[tdes-2459]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2459
+[tdes-2556]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2556
+[tdes-2557]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2557
+[tdes-2558]: https://csrc.nist.gov/projects/cryptographic-algorithm-validation-program/details?source=tdes&number=2558
+
+[certificate-68]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/68
+[certificate-75]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/75
+[certificate-76]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/76
+[certificate-103]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/103
+[certificate-106]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/106
+[certificate-110]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/110
+[certificate-238]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/238
+[certificate-240]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/240
+[certificate-241]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/241
+[certificate-381]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/381
+[certificate-382]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/382
+[certificate-405]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/405
+[certificate-825]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/825
+[certificate-868]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/868
+[certificate-869]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/869
+[certificate-875]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/875
+[certificate-891]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/891
+[certificate-893]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/893
+[certificate-894]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/894
+[certificate-947]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/947
+[certificate-978]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/978
+[certificate-979]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/979
+[certificate-980]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/980
+[certificate-989]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/989
+[certificate-990]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/990
+[certificate-997]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/997
+[certificate-1000]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1000
+[certificate-1001]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1001
+[certificate-1002]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1002
+[certificate-1003]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1003
+[certificate-1004]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1004
+[certificate-1005]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1005
+[certificate-1006]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1006
+[certificate-1007]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1007
+[certificate-1008]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1008
+[certificate-1009]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1009
+[certificate-1010]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1010
+[certificate-1319]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1319
+[certificate-1321]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1321
+[certificate-1326]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1326
+[certificate-1327]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1327
+[certificate-1328]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1328
+[certificate-1329]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1329
+[certificate-1330]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1330
+[certificate-1331]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1331
+[certificate-1332]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1332
+[certificate-1333]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1333
+[certificate-1334]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1334
+[certificate-1335]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1335
+[certificate-1336]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1336
+[certificate-1337]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1337
+[certificate-1338]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1338
+[certificate-1339]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1339
+[certificate-1891]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/1891
+[certificate-2351]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2351
+[certificate-2352]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2352
+[certificate-2353]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2353
+[certificate-2354]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2354
+[certificate-2355]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2355
+[certificate-2356]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2356
+[certificate-2357]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2357
+[certificate-2600]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2600
+[certificate-2601]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2601
+[certificate-2602]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2602
+[certificate-2603]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2603
+[certificate-2604]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2604
+[certificate-2605]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2605
+[certificate-2606]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2606
+[certificate-2607]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2607
+[certificate-2700]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2700
+[certificate-2701]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2701
+[certificate-2702]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2702
+[certificate-2703]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2703
+[certificate-2931]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2931
+[certificate-2932]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2932
+[certificate-2933]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2933
+[certificate-2934]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2934
+[certificate-2935]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2935
+[certificate-2936]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2936
+[certificate-2937]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2937
+[certificate-2938]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2938
+[certificate-2956]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2956
+[certificate-2957]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/2957
+[certificate-3089]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3089
+[certificate-3090]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3090
+[certificate-3091]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3091
+[certificate-3092]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3092
+[certificate-3093]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3093
+[certificate-3094]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3094
+[certificate-3095]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3095
+[certificate-3096]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3096
+[certificate-3194]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3194
+[certificate-3195]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3195
+[certificate-3196]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3196
+[certificate-3197]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3197
+[certificate-3480]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3480
+[certificate-3615]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3615
+[certificate-3644]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3644
+[certificate-3651]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3651
+[certificate-3690]: https://csrc.nist.gov/projects/cryptographic-module-validation-program/certificate/3690
+
+[sp-68]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp68.pdf
+[sp-75]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp75.pdf
+[sp-76]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp76.pdf
+[sp-103]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp103.pdf
+[sp-106]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp106.pdf
+[sp-110]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp110.pdf
+[sp-238]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp238.pdf
+[sp-240]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp240.pdf
+[sp-241]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp241.pdf
+[sp-381]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp381.pdf
+[sp-382]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp382.pdf
+[sp-405]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp405.pdf
+[sp-825]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp825.pdf
+[sp-868]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp868.pdf
+[sp-869]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp869.pdf
+[sp-875]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp875.pdf
+[sp-891]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp891.pdf
+[sp-893]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp893.pdf
+[sp-894]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp894.pdf
+[sp-947]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp947.pdf
+[sp-978]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp978.pdf
+[sp-979]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp979.pdf
+[sp-980]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp980.pdf
+[sp-989]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp989.pdf
+[sp-990]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp990.pdf
+[sp-997]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp997.pdf
+[sp-1000]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1000.pdf
+[sp-1002]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1002.pdf
+[sp-1003]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1003.pdf
+[sp-1004]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1004.pdf
+[sp-1005]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1005.pdf
+[sp-1006]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1006.pdf
+[sp-1007]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1007.pdf
+[sp-1008]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1008.pdf
+[sp-1009]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1009.pdf
+[sp-1010]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1010.pdf
+[sp-1319]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1319.pdf
+[sp-1321]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1321.pdf
+[sp-1326]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1326.pdf
+[sp-1327]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1327.pdf
+[sp-1328]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1328.pdf
+[sp-1329]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1329.pdf
+[sp-1330]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1330.pdf
+[sp-1331]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1331.pdf
+[sp-1332]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1332.pdf
+[sp-1333]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1333.pdf
+[sp-1334]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1334.pdf
+[sp-1335]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1335.pdf
+[sp-1336]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1336.pdf
+[sp-1337]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1337.pdf
+[sp-1338]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1338.pdf
+[sp-1339]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1339.pdf
+[sp-1891]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1891.pdf
+[sp-1892]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1892.pdf
+[sp-1893]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1893.pdf
+[sp-1894]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1894.pdf
+[sp-1895]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1895.pdf
+[sp-1896]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1896.pdf
+[sp-1897]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1897.pdf
+[sp-1898]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1898.pdf
+[sp-1899]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp1899.pdf
+[sp-2351]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2351.pdf
+[sp-2352]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2352.pdf
+[sp-2353]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2353.pdf
+[sp-2354]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2354.pdf
+[sp-2355]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2355.pdf
+[sp-2356]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2356.pdf
+[sp-2357]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2357.pdf
+[sp-2600]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2600.pdf
+[sp-2601]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2601.pdf
+[sp-2602]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2602.pdf
+[sp-2603]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2603.pdf
+[sp-2604]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2604.pdf
+[sp-2605]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2605.pdf
+[sp-2607]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2607.pdf
+[sp-2700]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2700.pdf
+[sp-2701]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2701.pdf
+[sp-2702]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2702.pdf
+[sp-2703]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2703.pdf
+[sp-2931]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2931.pdf
+[sp-2932]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2932.pdf
+[sp-2933]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2933.pdf
+[sp-2934]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2934.pdf
+[sp-2935]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2935.pdf
+[sp-2936]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2936.pdf
+[sp-2937]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2937.pdf
+[sp-2938]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2938.pdf
+[sp-2956]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2956.pdf
+[sp-2957]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp2957.pdf
+[sp-3089]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3089.pdf
+[sp-3090]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3090.pdf
+[sp-3091]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3091.pdf
+[sp-3092]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3092.pdf
+[sp-3093]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3093.pdf
+[sp-3094]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3094.pdf
+[sp-3095]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3095.pdf
+[sp-3096]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3096.pdf
+[sp-3194]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3194.pdf
+[sp-3195]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3195.pdf
+[sp-3196]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3196.pdf
+[sp-3197]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3197.pdf
+[sp-3480]: https://csrc.nist.gov/csrc/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3480.pdf
+[sp-3615]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3615.pdf
+[sp-3644]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3644.pdf
+[sp-3651]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3651.pdf
+[sp-3690]: https://csrc.nist.gov/CSRC/media/projects/cryptographic-module-validation-program/documents/security-policies/140sp3690.pdf
\ No newline at end of file
diff --git a/windows/security/threat-protection/get-support-for-security-baselines.md b/windows/security/threat-protection/get-support-for-security-baselines.md
index 60f033276b..f3481ad39c 100644
--- a/windows/security/threat-protection/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/get-support-for-security-baselines.md
@@ -1,7 +1,7 @@
 ---
 title: Get support
 description: Frequently asked questions about how to get support for Windows baselines and the Security Compliance Toolkit (SCT).
-ms.prod: m365-security
+ms.prod: windows-client
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dulcemontemayor
@@ -10,7 +10,7 @@ ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 06/25/2018
 ms.reviewer: 
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Get Support for Windows baselines
@@ -40,7 +40,7 @@ The toolkit supports formats created by the Windows GPO backup feature (`.pol`,
 
 Not yet. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration. We're currently developing a tool to provide customers with these features.
 
-### Does SCT support the creation of Microsoft Endpoint Configuration Manager DCM packs?
+### Does SCT support the creation of Microsoft Configuration Manager DCM packs?
 
 No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616). A tool that supports conversion of GPO backups to DSC format is the [BaselineManagement module](https://github.com/Microsoft/BaselineManagement).
 
diff --git a/windows/security/threat-protection/index.md b/windows/security/threat-protection/index.md
index 52a5ae4951..92d1fa392e 100644
--- a/windows/security/threat-protection/index.md
+++ b/windows/security/threat-protection/index.md
@@ -2,14 +2,14 @@
 title: Windows threat protection
 description: Describes the security capabilities in Windows client focused on threat protection
 search.product: eADQiWindows 10XVcnh
-ms.prod: m365-security
+ms.prod: windows-client
 ms.author: dansimp
 author: dansimp
 ms.localizationpriority: medium
 manager: aaroncz
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Windows threat protection
diff --git a/windows/security/threat-protection/mbsa-removal-and-guidance.md b/windows/security/threat-protection/mbsa-removal-and-guidance.md
index 92da921c12..bfb7dc677b 100644
--- a/windows/security/threat-protection/mbsa-removal-and-guidance.md
+++ b/windows/security/threat-protection/mbsa-removal-and-guidance.md
@@ -1,13 +1,13 @@
 ---
 title: Guide to removing Microsoft Baseline Security Analyzer (MBSA)
 description: This article documents the removal of Microsoft Baseline Security Analyzer (MBSA) and provides alternative solutions.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.localizationpriority: medium
 ms.author: dansimp
 author: dansimp
 ms.reviewer: 
 manager: aaroncz
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
  
 # What is Microsoft Baseline Security Analyzer and its uses?
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
index 7a727f59dd..b4fb01a3c6 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/install-md-app-guard.md
@@ -94,7 +94,7 @@ Application Guard functionality is turned off by default. However, you can quick
 
 :::image type="content" source="images/MDAG-EndpointMgr-newprofile.jpg" alt-text="Enroll devices in Intune.":::
 
-1. Go to [https://endpoint.microsoft.com](https://endpoint.microsoft.com) and sign in.
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
 
 1. Choose **Devices** > **Configuration profiles** > **+ Create profile**, and do the following: <br/>
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
index fa0962d09f..1ba47ee970 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/md-app-guard-overview.md
@@ -1,6 +1,6 @@
 ---
 title: Microsoft Defender Application Guard (Windows 10 or Windows 11)
-description: Learn about Microsoft Defender Application Guard and how it helps to combat malicious content and malware out on the Internet.
+description: Learn about Microsoft Defender Application Guard and how it helps combat malicious content and malware out on the Internet.
 ms.prod: windows-client
 ms.mktglfcycl: manage
 ms.sitesec: library
@@ -39,13 +39,13 @@ For Microsoft Office, Application Guard helps prevents untrusted Word, PowerPoin
 
 Application Guard has been created to target several types of devices:
 
-- **Enterprise desktops**. These desktops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network.
+- **Enterprise desktops**. These desktops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wired, corporate network.
 
-- **Enterprise mobile laptops**. These laptops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Endpoint Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network.
+- **Enterprise mobile laptops**. These laptops are domain-joined and managed by your organization. Configuration management is primarily done through Microsoft Configuration Manager or Microsoft Intune. Employees typically have Standard User privileges and use a high-bandwidth, wireless, corporate network.
 
-- **Bring your own device (BYOD) mobile laptops**. These personally-owned laptops are not domain-joined, but are managed by your organization through tools, such as Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home.
+- **Bring your own device (BYOD) mobile laptops**. These personally owned laptops aren't domain-joined, but are managed by your organization through tools, such as Microsoft Intune. The employee is typically an admin on the device and uses a high-bandwidth wireless corporate network while at work and a comparable personal network while at home.
 
-- **Personal devices**. These personally-owned desktops or mobile laptops are not domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside.
+- **Personal devices**. These personally owned desktops or mobile laptops aren't domain-joined or managed by an organization. The user is an admin on the device and uses a high-bandwidth wireless personal network while at home or a comparable public network while outside.
 
 ## Related articles
 
diff --git a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
index e7ea108193..85f176411e 100644
--- a/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
+++ b/windows/security/threat-protection/microsoft-defender-application-guard/reqs-md-app-guard.md
@@ -47,4 +47,4 @@ Your environment must have the following hardware to run Microsoft Defender Appl
 |--------|-----------|
 | Operating system | Windows 10 Enterprise edition, version 1809 or later <br/> Windows 10 Professional edition, version 1809 or later <br/> Windows 10 Professional for Workstations edition, version 1809 or later <br/> Windows 10 Professional Education edition, version 1809 or later <br/> Windows 10 Education edition, version 1809 or later <br/> Windows 11 Education, Enterprise, and Professional editions |
 | Browser | Microsoft Edge |
-| Management system <br> (only for managed devices)| [Microsoft Intune](/intune/) <p> **OR** <p> [Microsoft Endpoint Configuration Manager](/configmgr/) <p> **OR** <p> [Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11)) <p> **OR** <p>Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Mirosoft MDM solutions, see the documentation that came with your product. |
+| Management system <br> (only for managed devices)| [Microsoft Intune](/intune/) <p> **OR** <p> [Microsoft Configuration Manager](/configmgr/) <p> **OR** <p> [Group Policy](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc753298(v=ws.11)) <p> **OR** <p>Your current, company-wide, non-Microsoft mobile device management (MDM) solution. For info about non-Mirosoft MDM solutions, see the documentation that came with your product. |
diff --git a/windows/security/threat-protection/msft-security-dev-lifecycle.md b/windows/security/threat-protection/msft-security-dev-lifecycle.md
index c15e7110b2..cf9752c6f3 100644
--- a/windows/security/threat-protection/msft-security-dev-lifecycle.md
+++ b/windows/security/threat-protection/msft-security-dev-lifecycle.md
@@ -1,7 +1,7 @@
 ---
 title: Microsoft Security Development Lifecycle
 description: Download the Microsoft Security Development Lifecycle white paper that covers a security assurance process focused on software development.
-ms.prod: m365-security
+ms.prod: windows-client
 author: dansimp
 ms.author: dansimp
 manager: aaroncz
@@ -9,7 +9,7 @@ ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
 ms.reviewer: 
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Microsoft Security Development Lifecycle
diff --git a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
index 83dcf3036f..fa6de91b70 100644
--- a/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
+++ b/windows/security/threat-protection/override-mitigation-options-for-app-related-security-policies.md
@@ -3,10 +3,10 @@ manager: aaroncz
 ms.author: dansimp
 title: Override Process Mitigation Options (Windows 10)
 description: How to use Group Policy to override individual Process Mitigation Options settings and to help enforce specific app-related security policies.
-ms.prod: m365-security
+ms.prod: windows-client
 author: dulcemontemayor
 ms.localizationpriority: medium
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 
diff --git a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
index 551bdb2981..9540d55eb9 100644
--- a/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
+++ b/windows/security/threat-protection/overview-of-threat-mitigations-in-windows-10.md
@@ -1,13 +1,13 @@
 ---
 title: Mitigate threats by using Windows 10 security features (Windows 10)
 description: An overview of software and firmware threats faced in the current security landscape, and the mitigations that Windows 10 offers in response to these threats.
-ms.prod: m365-security
+ms.prod: windows-client
 ms.localizationpriority: medium
 author: dansimp
 ms.reviewer: 
 manager: aaroncz
 ms.author: dansimp
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Mitigate threats by using Windows 10 security features
diff --git a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
index dff954f4db..ae2b7dcea6 100644
--- a/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
+++ b/windows/security/threat-protection/protect-high-value-assets-by-controlling-the-health-of-windows-10-based-devices.md
@@ -1,14 +1,14 @@
 ---
 title: Control the health of Windows 10-based devices (Windows 10)
 description: This article details an end-to-end solution that helps you protect high-value assets by enforcing, controlling, and reporting the health of Windows 10-based devices.
-ms.reviewer:
+ms.reviewer: 
 manager: aaroncz
 ms.author: dansimp
-ms.prod: m365-security
+ms.prod: windows-client
 author: dulcemontemayor
 ms.date: 10/13/2017
 ms.localizationpriority: medium
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Control the health of Windows 10-based devices
@@ -280,7 +280,7 @@ SAWs are computers that are built to help significantly reduce the risk of compr
 
 To protect high-value assets, SAWs are used to make secure connections to those assets.
 
-Similarly, on corporate fully managed workstations, where applications are installed by using a distribution tool like Microsoft Endpoint Configuration Manager, Intune, or any third-party device management, then Device Guard is applicable. In that type of scenario, the organization has a good idea of the software that an average user is running.
+Similarly, on corporate fully managed workstations, where applications are installed by using a distribution tool like Microsoft Configuration Manager, Intune, or any third-party device management, then Device Guard is applicable. In that type of scenario, the organization has a good idea of the software that an average user is running.
 
 It could be challenging to use Device Guard on corporate, lightly managed workstations where the user is typically allowed to install software on their own. When an organization offers great flexibility, it’s difficult to run Device Guard in enforcement mode. Nevertheless, Device Guard can be run in Audit mode, and in that case, the event log will contain a record of any binaries that violated the Device Guard policy. When Device Guard is used in Audit mode, organizations can get rich data about drivers and applications that users install and run.
 
diff --git a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
index 3a7c9ae6b2..14a19ec3af 100644
--- a/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
+++ b/windows/security/threat-protection/security-policy-settings/minimum-password-length.md
@@ -38,7 +38,7 @@ The **Minimum password length** policy setting determines the least number of ch
 
 ### Best practices
 
-Set Minimum password length to at least a value of 14. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it's long enough to provide adequate security and still short enough for users to easily remember. A minimum password length greater than 14 isn't supported at this time. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md).
+Set minimum password length to at least a value of 8. If the number of characters is set to 0, no password is required. In most environments, an eight-character password is recommended because it's long enough to provide adequate security and still short enough for users to easily remember. A minimum password length greater than 14 isn't supported at this time. This value will help provide adequate defense against a brute force attack. Adding complexity requirements will help reduce the possibility of a dictionary attack. For more info, see [Password must meet complexity requirements](password-must-meet-complexity-requirements.md).
 
 Permitting short passwords reduces security because short passwords can be easily broken with tools that do dictionary or brute force attacks against the passwords. Requiring long passwords can result in mistyped passwords that might cause account lockouts and might increase the volume of Help Desk calls.
 
diff --git a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
index 9f76b3d698..fe332e87f3 100644
--- a/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
+++ b/windows/security/threat-protection/security-policy-settings/profile-system-performance.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: ffabc3c5-9206-4105-94ea-84f597a54b2e
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Profile system performance
diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
index a1e2ab6949..379cef16af 100644
--- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
+++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-automatic-administrative-logon.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, policy management, and security c
 ms.assetid: be2498fc-48f4-43f3-ad09-74664e45e596
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Recovery console: Allow automatic administrative logon
diff --git a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
index 8e34bd2995..6b402af2db 100644
--- a/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
+++ b/windows/security/threat-protection/security-policy-settings/recovery-console-allow-floppy-copy-and-access-to-all-drives-and-folders.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: a5b4ac0c-f33d-42b5-a866-72afa7cbd0bd
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Recovery console: Allow floppy copy and access to all drives and folders
diff --git a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
index dafe4d5d59..fbd8bf9e9b 100644
--- a/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
+++ b/windows/security/threat-protection/security-policy-settings/remove-computer-from-docking-station.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 229a385a-a862-4973-899a-413b1b5b6c30
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Remove computer from docking station - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
index c40121b387..3978432395 100644
--- a/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
+++ b/windows/security/threat-protection/security-policy-settings/replace-a-process-level-token.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 5add02db-6339-489e-ba21-ccc3ccbe8745
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Replace a process level token
diff --git a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
index e2f943cd55..900b66a6fe 100644
--- a/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
+++ b/windows/security/threat-protection/security-policy-settings/reset-account-lockout-counter-after.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: d5ccf6dd-5ba7-44a9-8e0b-c478d8b1442c
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/02/2018
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Reset account lockout counter after
diff --git a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
index 5e3f6b9386..ea25267470 100644
--- a/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
+++ b/windows/security/threat-protection/security-policy-settings/restore-files-and-directories.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: c673c0fa-6f49-4edd-8c1f-c5e8513f701d
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Restore files and directories - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
index 7dc532fd31..a620908a28 100644
--- a/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/secpol-advanced-security-audit-policy-settings.md
@@ -4,7 +4,7 @@ description: Provides information about the advanced security audit policy setti
 ms.assetid: 6BF9A642-DBC3-4101-94A3-B2316C553CE3
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Advanced security audit policy settings for Windows 10
diff --git a/windows/security/threat-protection/security-policy-settings/security-options.md b/windows/security/threat-protection/security-policy-settings/security-options.md
index 00441e06c4..2617bbe979 100644
--- a/windows/security/threat-protection/security-policy-settings/security-options.md
+++ b/windows/security/threat-protection/security-policy-settings/security-options.md
@@ -5,14 +5,14 @@ ms.assetid: 405ea253-8116-4e57-b08e-14a8dcdca92b
 ms.reviewer: 
 manager: aaroncz
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
 ms.localizationpriority: medium
 author: vinaypamnani-msft
 ms.date: 06/28/2018
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Security Options
diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
index bfca76513d..cb99f2efbf 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings-reference.md
@@ -4,7 +4,7 @@ description: This reference of security settings provides information about how
 ms.assetid: ef5a4579-15a8-4507-9a43-b7ccddcb0ed1
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Security policy settings reference
diff --git a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
index 5e771b19bd..5ab4550261 100644
--- a/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
+++ b/windows/security/threat-protection/security-policy-settings/security-policy-settings.md
@@ -4,7 +4,7 @@ description: This reference topic describes the common scenarios, architecture,
 ms.assetid: e7ac5204-7f6c-4708-a9f6-6af712ca43b9
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -17,7 +17,7 @@ ms.collection:
   - highpri
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Security policy settings
diff --git a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
index 465e04c8e5..67d5faee52 100644
--- a/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
+++ b/windows/security/threat-protection/security-policy-settings/shut-down-the-system.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: c8e8f890-153a-401e-a957-ba6a130304bf
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Shut down the system - security policy setting
diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
index 06fb947134..191d7707e3 100644
--- a/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
+++ b/windows/security/threat-protection/security-policy-settings/shutdown-allow-system-to-be-shut-down-without-having-to-log-on.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the security
 ms.assetid: f3964767-5377-4416-8eb3-e14d553a7315
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Shutdown: Allow system to be shut down without having to log on
diff --git a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
index 188c435f4f..8dee428efe 100644
--- a/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
+++ b/windows/security/threat-protection/security-policy-settings/shutdown-clear-virtual-memory-pagefile.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management a
 ms.assetid: 31400078-6c56-4891-a6df-6dfb403c4bc9
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 08/01/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Shutdown: Clear virtual memory pagefile 
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
index 460941fd81..b177d97e7f 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-always.md
@@ -4,7 +4,7 @@ description: Learn about best practices, security considerations and more for th
 ms.assetid: 4b7b0298-b130-40f8-960d-60418ba85f76
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # SMBv1 Microsoft network client: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
index 6125397053..735abfb6ec 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-client-digitally-sign-communications-if-server-agrees.md
@@ -4,7 +4,7 @@ description: Best practices, location, values, and security considerations for t
 ms.assetid: e553f700-aae5-425c-8650-f251c90ba5dd
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 # SMBv1 Microsoft network client: Digitally sign communications (if server agrees)
 
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
index b261da96b1..e786e34d26 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-always.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the  security
 ms.assetid: 2007b622-7bc2-44e8-9cf1-d34b62117ea8
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # SMB v1 Microsoft network server: Digitally sign communications (always)
diff --git a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
index d10e1c5531..02d3e39e49 100644
--- a/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
+++ b/windows/security/threat-protection/security-policy-settings/smbv1-microsoft-network-server-digitally-sign-communications-if-client-agrees.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p
 ms.assetid: c92b2e3d-1dbf-4337-a145-b17a585f4fc1
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 01/04/2019
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # SMBv1 Microsoft network server: Digitally sign communications (if client agrees)
diff --git a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
index 207e07ea6f..7e2d99c5ca 100644
--- a/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
+++ b/windows/security/threat-protection/security-policy-settings/store-passwords-using-reversible-encryption.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, and security consid
 ms.assetid: 57f958c2-f1e9-48bf-871b-0a9b3299e238
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Store passwords using reversible encryption
diff --git a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
index 75c07aa23f..27b022d867 100644
--- a/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
+++ b/windows/security/threat-protection/security-policy-settings/synchronize-directory-service-data.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 97b0aaa4-674f-40f4-8974-b4bfb12c232c
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Synchronize directory service data
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
index 8e7bbc95a5..73d75fc780 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-force-strong-key-protection-for-user-keys-stored-on-the-computer.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: 8cbff267-881e-4bf6-920d-b583a5ff7de0
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # System cryptography: Force strong key protection for user keys stored on the computer
diff --git a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
index 384b7464ec..7b1b9ef84d 100644
--- a/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
+++ b/windows/security/threat-protection/security-policy-settings/system-cryptography-use-fips-compliant-algorithms-for-encryption-hashing-and-signing.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations, and more for the policy se
 ms.assetid: 83988865-dc0f-45eb-90d1-ee33495eb045
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 11/16/2018
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing
diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
index 9c4cd9c338..cfc1e3e48a 100644
--- a/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
+++ b/windows/security/threat-protection/security-policy-settings/system-objects-require-case-insensitivity-for-non-windows-subsystems.md
@@ -4,7 +4,7 @@ description: Best practices, security considerations and more for the security p
 ms.assetid: 340d6769-8f33-4067-8470-1458978d1522
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # System objects: Require case insensitivity for non-Windows subsystems
diff --git a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
index bba4ab0d9b..9e16de4a18 100644
--- a/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
+++ b/windows/security/threat-protection/security-policy-settings/system-objects-strengthen-default-permissions-of-internal-system-objects.md
@@ -4,7 +4,7 @@ description: Best practices and more for the security policy setting, System obj
 ms.assetid: 3a592097-9cf5-4fd0-a504-7cbfab050bb6
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # System objects: Strengthen default permissions of internal system objects (for example, Symbolic Links)
diff --git a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
index a36f304e17..0397eca9d7 100644
--- a/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
+++ b/windows/security/threat-protection/security-policy-settings/system-settings-optional-subsystems.md
@@ -4,7 +4,7 @@ description: Describes the best practices, location, values, policy management,
 ms.assetid: 5cb6519a-4f84-4b45-8072-e2aa8a72fb78
 ms.reviewer: 
 ms.author: vinpa
-ms.prod: m365-security
+ms.prod: windows-client
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -15,7 +15,7 @@ audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
 ms.date: 04/19/2017
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # System settings: Optional subsystems
diff --git a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
index f4ddfe874d..d48d5da38b 100644
--- a/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
+++ b/windows/security/threat-protection/use-windows-event-forwarding-to-assist-in-intrusion-detection.md
@@ -4,11 +4,11 @@ description: Learn about an approach to collect events from devices in your orga
 ms.reviewer: 
 manager: aaroncz
 ms.author: dansimp
-ms.prod: m365-security
+ms.prod: windows-client
 author: dulcemontemayor
 ms.date: 02/28/2019
 ms.localizationpriority: medium
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
 # Use Windows Event Forwarding to help with intrusion detection
diff --git a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
index ae3272781f..6b822bc07e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/deploy-appid-tagging-policies.md
@@ -48,7 +48,7 @@ Multiple WDAC policies can be managed from an MDM server through ApplicationCont
 
 However, when policies are unenrolled from an MDM server, the CSP will attempt to remove every policy from devices, not just the policies added by the CSP. The reason for this is that the ApplicationControl CSP doesn't track enrollment sources for individual policies, even though it will query all policies on a device, regardless if they were deployed by the CSP.
 
-For more information, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) to deploy multiple policies, and optionally use Microsoft Endpoint Manager Intune's Custom OMA-URI capability.
+For more information, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp) to deploy multiple policies, and optionally use Microsoft Intune's Custom OMA-URI capability.
 
 > [!NOTE]
 > WMI and GP don't currently support multiple policies. If you can't directly access the MDM stack, use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage multiple policy format Windows Defender Application Control policies.
diff --git a/windows/security/threat-protection/windows-defender-application-control/TOC.yml b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
index 0eee8eff2c..2c063bad24 100644
--- a/windows/security/threat-protection/windows-defender-application-control/TOC.yml
+++ b/windows/security/threat-protection/windows-defender-application-control/TOC.yml
@@ -30,6 +30,8 @@
               href: allow-com-object-registration-in-windows-defender-application-control-policy.md
             - name: Use WDAC with .NET hardening
               href: use-windows-defender-application-control-with-dynamic-code-security.md
+            - name: Script enforcement with Windows Defender Application Control
+              href: design/script-enforcement.md
             - name: Manage packaged apps with WDAC
               href: manage-packaged-apps-with-windows-defender-application-control.md
             - name: Use WDAC to control specific plug-ins, add-ins, and modules
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
index 67142745ef..6b7bda08f8 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/use-applocker-and-software-restriction-policies-in-the-same-domain.md
@@ -1,6 +1,6 @@
 ---
 title: Use AppLocker and Software Restriction Policies in the same domain (Windows)
-description: This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
+description: This article for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
 ms.assetid: 2b7e0cec-df62-49d6-a2b7-6b8e30180943
 ms.reviewer: 
 ms.author: vinpa
@@ -14,7 +14,7 @@ manager: aaroncz
 audience: ITPro
 ms.collection: M365-security-compliance
 ms.topic: conceptual
-ms.date: 09/21/2017
+ms.date: 11/07/2022
 ms.technology: itpro-security
 ---
 
@@ -23,19 +23,16 @@ ms.technology: itpro-security
 **Applies to**
 
 - Windows 10
-- Windows 11
-- Windows Server 2016 and above
+- Windows Server 2016
 
->[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+This article for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
 
-This topic for IT professionals describes concepts and procedures to help you manage your application control strategy using Software Restriction Policies and AppLocker.
+> [!IMPORTANT]
+> Software Restriction Policies were deprecated beginning with Windows 10 build 1803 and above, and also applies to Windows Server 2019 and above. You should use Windows Defender Application Control (WDAC) or AppLocker to control what software runs.
 
 ## Using AppLocker and Software Restriction Policies in the same domain
 
-AppLocker is supported on systems running Windows 7 and above. Software Restriction Policies (SRP) is supported on systems running Windows Vista or earlier. You can continue to use SRP for application control on your pre-Windows 7 computers, but use AppLocker for computers running 
-Windows Server 2008 R2, Windows 7 and later. It's recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, 
-Windows 7 and later, the SRP policies are ignored.
+AppLocker is supported on systems running Windows 8.1. Software Restriction Policies (SRP) is supported on systems running Windows Vista or earlier. You can continue to use SRP for application control on your pre-Windows 7 computers, but use AppLocker for computers running Windows Server 2008 R2, Windows 7 and later. It's recommended that you author AppLocker and SRP rules in separate GPOs and target the GPO with SRP policies to systems running Windows Vista or earlier. When both SRP and AppLocker policies are applied to computers running Windows Server 2008 R2, Windows 7 and later, the SRP policies are ignored.
 
 The following table compares the features and functions of Software Restriction Policies (SRP) and AppLocker.
 
@@ -45,7 +42,7 @@ The following table compares the features and functions of Software Restriction
 |Policy creation|SRP policies are maintained through Group Policy and only the administrator of the GPO can update the SRP policy. The administrator on the local computer can modify the SRP policies defined in the local GPO.|AppLocker policies are maintained through Group Policy and only the administrator of the GPO can update the policy. The administrator on the local computer can modify the AppLocker policies defined in the local GPO.<br/><br/>AppLocker permits customization of error messages to direct users to a Web page for help.|
 |Policy maintenance|SRP policies must be updated by using the Local Security Policy snap-in (if the policies are created locally) or the Group Policy Management Console (GPMC).|AppLocker policies can be updated by using the Local Security Policy snap-in (if the policies are created locally), or the GPMC, or the Windows PowerShell AppLocker cmdlets.|
 |Policy application|SRP policies are distributed through Group Policy.|AppLocker policies are distributed through Group Policy.|
-|Enforcement mode|SRP works in the “blocklist mode” where administrators can create rules for files that they don't want to allow in this Enterprise whereas the rest of the file is allowed to run by default.<br/><br/>SRP can also be configured in the “allowlist mode” so that by default all files are blocked and administrators need to create allow rules for files that they want to allow.|AppLocker by default works in the “allowlist mode” where only those files are allowed to run for which there's a matching allow rule.|
+|Enforcement mode|SRP works in the “blocklist mode” where administrators can create rules for files that they don't want to allow in this Enterprise whereas the rest of the file is allowed to run by default.<br/><br/>SRP can also be configured in the “allowlist mode” so that by default all files are blocked. In "allowlist mode", administrators need to create allow rules for files that they want to run.|AppLocker by default works in the “allowlist mode” where only those files are allowed to run for which there's a matching allow rule.|
 |File types that can be controlled|SRP can control the following file types:<li>Executables<li>Dlls<li>Scripts<li>Windows Installers<br/><br/>SRP can't control each file type separately. All SRP rules are in a single rule collection.|AppLocker can control the following file types:<li>Executables<li>Dlls<li>Scripts<li>Windows Installers<li>Packaged apps and installers<br/><br/>AppLocker maintains a separate rule collection for each of the five file types.|
 |Designated file types|SRP supports an extensible list of file types that are considered executable. Administrators can add extensions for files that should be considered executable.|AppLocker currently supports the following file extensions:<li>Executables (.exe, .com)<li>Dlls (.ocx, .dll)<li>Scripts (.vbs, .js, .ps1, .cmd, .bat)<li>Windows Installers (.msi, .mst, .msp)<li>Packaged app installers (.appx)|
 |Rule types|SRP supports four types of rules:<li>Hash<li>Path<li>Signature<li>Internet zone|AppLocker supports three types of rules:<li>File hash<li>Path<li>Publisher|
diff --git a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md
index 5a2d7b7e72..88273c3c74 100644
--- a/windows/security/threat-protection/windows-defender-application-control/citool-commands.md
+++ b/windows/security/threat-protection/windows-defender-application-control/citool-commands.md
@@ -3,11 +3,12 @@ title: Managing CI Policies and Tokens with CiTool
 description: Learn how to use Policy Commands, Token Commands, and Miscellaneous Commands in CiTool
 author: valemieux
 ms.author: jogeurte
-ms.service: security
 ms.reviewer: jogeurte
 ms.topic: how-to
 ms.date: 08/07/2022
 ms.custom: template-how-to
+ms.prod: windows-client
+ms.technology: itpro-security
 ---
 
 # Manage Windows Defender Application Control (WDAC) Policies with CI Tool
diff --git a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
index af84836ade..f078f7a073 100644
--- a/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
+++ b/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer.md
@@ -29,7 +29,7 @@ ms.technology: itpro-security
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-Windows Defender Application Control (WDAC) includes an option called **managed installer** that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Endpoint Configuration Manager (MEMCM) or Microsoft Intune.
+Windows Defender Application Control (WDAC) includes an option called **managed installer** that helps balance security and manageability when enforcing application control policies. This option lets you automatically allow applications installed by a designated software distribution solution, such as Microsoft Configuration Manager (MEMCM) or Microsoft Intune.
 
 ## How does a managed installer work?
 
@@ -127,7 +127,7 @@ The AppLocker policy creation UI in GPO Editor and the AppLocker PowerShell cmdl
     </RuleCollection>
     ```
 
-4. Verify your AppLocker policy. The following example shows a complete AppLocker policy that sets Configuration Manager and Microsoft Endpoint Manager Intune as managed installers. Only those AppLocker rule collections that have actual rules defined are included in the final XML. This condition-based inclusion ensures the policy will merge successfully on devices that may already have an AppLocker policy in place.
+4. Verify your AppLocker policy. The following example shows a complete AppLocker policy that sets Configuration Manager and Microsoft Intune as managed installers. Only those AppLocker rule collections that have actual rules defined are included in the final XML. This condition-based inclusion ensures the policy will merge successfully on devices that may already have an AppLocker policy in place.
 
     ```xml
     <AppLockerPolicy Version="1">
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
index 87d2d36eb1..0fdfc798f0 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
@@ -12,10 +12,10 @@ ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
-ms.date: 11/20/2019
+ms.date: 11/07/2022
 ms.technology: itpro-security
 ---
 
@@ -30,7 +30,7 @@ ms.technology: itpro-security
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Endpoint Manager. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access.
+This section outlines the process to create a Windows Defender Application Control (WDAC) policy for **fully managed devices** within an organization. The key difference between this scenario and [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md) is that all software deployed to a fully managed device is managed by IT and users of the device can't install arbitrary apps. Ideally, all apps are deployed using a software distribution solution, such as Microsoft Intune. Additionally, users on fully managed devices should ideally run as standard user and only authorized IT pros have administrative access.
 
 > [!NOTE]
 > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
@@ -46,7 +46,7 @@ Alice previously created a policy for the organization's lightly managed devices
 Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully managed devices:
 
 - All clients are running Windows 10 version 1903 or above or Windows 11;
-- All clients are managed by Microsoft Endpoint Manager either with Configuration Manager or with Intune;
+- All clients are managed by Configuration Manager or with Intune;
 - Most, but not all, apps are deployed using Configuration Manager;
 - Sometimes, IT staff install apps directly to these devices without using Configuration Manager;
 - All users except IT are standard users on these devices.
@@ -60,7 +60,7 @@ Based on the above, Alice defines the pseudo-rules for the policy:
    - WHQL (third-party kernel drivers)
    - Windows Store signed apps
 
-2. **"MEMCM works”** rules that include signer and hash rules for Configuration Manager components to properly function.
+2. **"ConfigMgr works”** rules that include signer and hash rules for Configuration Manager components to properly function.
 3. **Allow Managed Installer** (Configuration Manager and *LamnaITInstaller.exe* configured as a managed installer)
 
 The critical differences between this set of pseudo-rules and those pseudo-rules defined for Lamna's [lightly managed devices](create-wdac-policy-for-lightly-managed-devices.md#define-the-circle-of-trust-for-lightly-managed-devices) are:
@@ -85,13 +85,13 @@ Alice follows these steps to complete this task:
       $PolicyPath=$env:userprofile+"\Desktop\"
       $PolicyName= "Lamna_FullyManagedClients_Audit"
       $LamnaPolicy=$PolicyPath+$PolicyName+".xml"
-      $MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
+      $ConfigMgrPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
       ```
 
 3. Copy the policy created by Configuration Manager to the desktop:
 
       ```powershell
-      cp $MEMCMPolicy $LamnaPolicy
+      cp $ConfigMgrPolicy $LamnaPolicy
       ```
 
 4. Give the new policy a unique ID, descriptive name, and initial version number:
@@ -119,10 +119,9 @@ Alice follows these steps to complete this task:
 7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the Windows Defender Application Control policy to a binary format:
 
    ```powershell
-   [xml]$LamnaPolicyXML = Get-Content $LamnaPolicy
-   $PolicyId = $LamnaPolicyXML.SiPolicy.PolicyId
-   $LamnaPolicyBin = $PolicyPath+$PolicyId+".cip"
-   ConvertFrom-CIPolicy $LamnaPolicy $WDACPolicyBin
+    [xml]$PolicyXML = Get-Content $LamnaPolicy
+    $LamnaPolicyBin = Join-Path $PolicyPath "$($PolicyXML.SiPolicy.PolicyID).cip"
+    ConvertFrom-CIPolicy $LamnaPolicy $LamnaPolicyBin
    ```
 
 8. Upload your base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
index 378ee082a0..7878df99b7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-lightly-managed-devices.md
@@ -12,10 +12,10 @@ ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
-ms.date: 08/10/2022
+ms.date: 11/07/2022
 ms.technology: itpro-security
 ---
 
@@ -35,9 +35,9 @@ This section outlines the process to create a Windows Defender Application Contr
 > [!NOTE]
 > Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
 
-As in the [previous article](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
+As in [Windows Defender Application Control deployment in different scenarios: types of devices](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
 
-**Alice Pena** is the IT team lead tasked with the rollout of WDAC. Recognizing that Lamna currently has loose application usage policies and a culture of maximum app flexibility for users, Alice knows she'll need to take an incremental approach to application control and use different policies for different workloads.
+**Alice Pena** is the IT team lead tasked with the rollout of WDAC. Lamna currently has loose application usage policies and a culture of maximum app flexibility for users. So, Alice knows she'll need to take an incremental approach to application control and use different policies for different workloads.
 
 For most users and devices, Alice wants to create an initial policy that is as relaxed as possible in order to minimize user productivity impact, while still providing security value.
 
@@ -46,7 +46,7 @@ For most users and devices, Alice wants to create an initial policy that is as r
 Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's lightly managed devices, which currently include most end-user devices:
 
 - All clients are running Windows 10 version 1903 and above, or Windows 11;
-- All clients are managed by Microsoft Endpoint Manager either with Configuration Manager or with Intune.
+- All clients are managed by Configuration Manager or with Intune.
 - Some, but not all, apps are deployed using Configuration Manager;
 - Most users are local administrators on their devices;
 - Some teams may need more rules to authorize specific apps that don't apply generally to all other users.
@@ -58,7 +58,7 @@ Based on the above, Alice defines the pseudo-rules for the policy:
    - WHQL (third-party kernel drivers)
    - Windows Store signed apps
 
-1. **"MEMCM works”** rules that include:
+1. **"ConfigMgr works”** rules that include:
     - Signer and hash rules for Configuration Manager components to properly function.
     - **Allow Managed Installer** rule to authorize Configuration Manager as a managed installer.
 
@@ -122,8 +122,8 @@ Alice follows these steps to complete this task:
     > If you do not use Configuration Manager, skip this step.
 
     ```powershell
-    $MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
-    Merge-CIPolicy -OutputFilePath $LamnaPolicy -PolicyPaths $LamnaPolicy,$MEMCMPolicy
+    $ConfigMgrPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
+    Merge-CIPolicy -OutputFilePath $LamnaPolicy -PolicyPaths $LamnaPolicy,$ConfigMgrPolicy
     Set-RuleOption -FilePath $LamnaPolicy -Option 13 # Managed Installer
     ```
 
@@ -149,12 +149,12 @@ Alice follows these steps to complete this task:
 1. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the Windows Defender Application Control policy to a binary format:
 
     ```powershell
-    [xml]$policyXML = Get-Content $LamnaPolicy
-    $WDACPolicyBin = Join-Path $PolicyPath "$($PolicyName)_$($policyXML.SiPolicy.PolicyID).cip"
-    ConvertFrom-CIPolicy $LamnaPolicy $WDACPolicyBin
+    [xml]$PolicyXML = Get-Content $LamnaPolicy
+    $LamnaPolicyBin = Join-Path $PolicyPath "$($PolicyXML.SiPolicy.PolicyID).cip"
+    ConvertFrom-CIPolicy $LamnaPolicy $LamnaPolicyBin
     ```
 
-1. Upload your base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
+1. Upload your base policy XML and the associated binary to a source control solution, such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
 
 At this point, Alice now has an initial policy that is ready to deploy in audit mode to the managed clients within Lamna.
 
@@ -164,12 +164,12 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
 - **Users with administrative access**
 
-  This is by far the most impactful security trade-off and allows the device user, or malware running with the user's privileges, to modify or remove the WDAC policy on the device. Additionally, administrators can configure any app to act as a managed installer, which would allow them to gain persistent app authorization for whatever apps or binaries they wish.
+  This trade-off is the most impactful security trade-off. It allows the device user, or malware running with the user's privileges, to modify or remove the WDAC policy on the device. Additionally, administrators can configure any app to act as a managed installer, which would allow them to gain persistent app authorization for whatever apps or binaries they wish.
 
   Possible mitigations:
 
   - Use signed WDAC policies and UEFI BIOS access protection to prevent tampering of WDAC policies.
-  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
+  - To remove the requirement for managed installer, create and deploy signed catalog files as part of the app deployment process.
   - Use device attestation to detect the configuration state of WDAC at boot time and use that information to condition access to sensitive corporate resources.
 
 - **Unsigned policies**
@@ -187,7 +187,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
   Possible mitigations:
 
-  - Create and deploy signed catalog files as part of the app deployment process in order to remove the requirement for managed installer.
+  - To remove the requirement for managed installer, create and deploy signed catalog files as part of the app deployment process.
   - Limit who can elevate to administrator on the device.
 
 - **Intelligent Security Graph (ISG)**
@@ -196,7 +196,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
   Possible mitigations:
 
-  - Implement policies requiring that apps are managed by IT; audit existing app usage and deploy authorized apps using a software distribution solution such as Microsoft Endpoint Manager; move from ISG to managed installer or signature-based rules.
+  - Implement policies that require apps be managed by IT. Audit existing app usage and deploy authorized apps using a software distribution solution, like Microsoft Intune. Move from ISG to managed installer or signature-based rules.
   - Use a restrictive audit mode policy to audit app usage and augment vulnerability detection.
 
 - **Supplemental policies**
@@ -219,7 +219,7 @@ In order to minimize user productivity impact, Alice has defined a policy that m
 
 - **Signed files**
 
-  Although files that are code-signed verify the author's identity and ensures that the code has not been altered by anyone other than the author, it does not guarantee that the signed code is safe.
+  Although files that are code-signed verify the author's identity and ensures that the code hasn't been altered by anyone other than the author, it doesn't guarantee that the signed code is safe.
 
   Possible mitigations:
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
index 2882d6d02c..ee084e1311 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control.md
@@ -152,7 +152,7 @@ To sign the existing catalog file, copy each of the following commands into an e
 
 5. Copy the catalog file to C:\\Windows\\System32\\catroot\\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}.
 
-   For testing purposes, you can manually copy signed catalog files to their intended folder. For large-scale implementations, to copy the appropriate catalog files to all desired computers, we recommend that you use Group Policy File Preferences or an enterprise systems management product such as Microsoft Endpoint Configuration Manager, which also simplifies the management of catalog versions.
+   For testing purposes, you can manually copy signed catalog files to their intended folder. For large-scale implementations, to copy the appropriate catalog files to all desired computers, we recommend that you use Group Policy File Preferences or an enterprise systems management product such as Microsoft Configuration Manager, which also simplifies the management of catalog versions.
 
 ## Add a catalog signing certificate to a Windows Defender Application Control policy
 
@@ -230,7 +230,7 @@ To simplify the management of catalog files, you can use Group Policy preference
 
 Before you begin testing the deployed catalog file, make sure that the catalog signing certificate has been added to an appropriate WDAC policy.
 
-## Deploy catalog files with Microsoft Endpoint Configuration Manager
+## Deploy catalog files with Microsoft Configuration Manager
 
 As an alternative to Group Policy, you can use Configuration Manager to deploy catalog files to the managed computers in your environment. This approach can simplify the deployment and management of multiple catalog files and provide reporting around which catalog each client or collection has deployed. In addition to the deployment of these files, Configuration Manager can also be used to inventory the currently deployed catalog files for reporting and compliance purposes. Complete the following steps to create a new deployment package for catalog files:
 
@@ -305,7 +305,7 @@ After you create the deployment package, deploy it to a collection so that the c
 
 Before you begin testing the deployed catalog file, make sure that the catalog signing certificate has been added to an appropriate WDAC policy,.
 
-## Inventory catalog files with Microsoft Endpoint Configuration Manager
+## Inventory catalog files with Microsoft Configuration Manager
 
 When catalog files have been deployed to the computers within your environment, whether by using Group Policy or Configuration Manager, you can inventory them with the software inventory feature of Configuration Manager. The following process walks you through the enablement of software inventory to discover catalog files on your managed systems through the creation and deployment of a new client settings policy.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
index eb4d4fdceb..1d07caffe7 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies.md
@@ -88,7 +88,7 @@ When you're merging policies, the policy type and ID of the leftmost/first polic
 
 ## Deploying multiple policies
 
-In order to deploy multiple Windows Defender Application Control policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by Microsoft Endpoint Manager Intune's Custom OMA-URI feature.
+In order to deploy multiple Windows Defender Application Control policies, you must either deploy them locally by copying the `*.cip` policy files into the proper folder or by using the ApplicationControl CSP, which is supported by Microsoft Intune's custom OMA-URI feature.
 
 ### Deploying multiple policies locally
 
@@ -106,7 +106,7 @@ Multiple Windows Defender Application Control policies can be managed from an MD
 
 However, when policies are unenrolled from an MDM server, the CSP will attempt to remove every policy from devices, not just the policies added by the CSP. The reason for this is that the ApplicationControl CSP doesn't track enrollment sources for individual policies, even though it will query all policies on a device, regardless if they were deployed by the CSP.
 
-For more information on deploying multiple policies, optionally using Microsoft Endpoint Manager Intune's Custom OMA-URI capability, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp).
+For more information on deploying multiple policies, optionally using Microsoft Intune's custom OMA-URI capability, see [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp).
 
 > [!NOTE]
 > WMI and GP do not currently support multiple policies. Instead, customers who cannot directly access the MDM stack should use the [ApplicationControl CSP via the MDM Bridge WMI Provider](/windows/client-management/mdm/applicationcontrol-csp#powershell-and-wmi-bridge-usage-guidance) to manage Multiple Policy Format Windows Defender Application Control policies.
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
index 1702db9877..d66bca3105 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-memcm.md
@@ -1,6 +1,6 @@
 ---
 title: Deploy Windows Defender Application Control policies with Configuration Manager
-description: You can use Microsoft Endpoint Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
+description: You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC). Learn how with this step-by-step guide.
 ms.prod: windows-client
 ms.technology: itpro-security
 ms.collection: M365-security-compliance
@@ -13,7 +13,7 @@ ms.topic: how-to
 ms.localizationpriority: medium
 ---
 
-# Deploy WDAC policies by using Microsoft Endpoint Configuration Manager
+# Deploy WDAC policies by using Microsoft Configuration Manager
 
 **Applies to:**
 
@@ -24,7 +24,7 @@ ms.localizationpriority: medium
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Application Control feature availability](../feature-availability.md).
 
-You can use Microsoft Endpoint Configuration Manager to configure Windows Defender Application Control (WDAC) on client machines.
+You can use Microsoft Configuration Manager to configure Windows Defender Application Control (WDAC) on client machines.
 
 ## Use Configuration Manager's built-in policies
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
index 99481638a6..9beafe889b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script.md
@@ -82,7 +82,7 @@ You should now have one or more WDAC policies converted into binary form. If not
 
 ## Deploying signed policies
 
-If you are using [signed WDAC policies](/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering), the policies must be deployed into your device's EFI partition in addition to the steps outlined above. Unsigned WDAC policies do not need to be present in the EFI partition. Deploying your policy via [Microsoft Endpoint Manager](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. 
+If you are using [signed WDAC policies](/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering), the policies must be deployed into your device's EFI partition in addition to the steps outlined above. Unsigned WDAC policies do not need to be present in the EFI partition. Deploying your policy via [Microsoft Intune](/windows/security/threat-protection/windows-defender-application-control/deploy-windows-defender-application-control-policies-using-intune) or the Application Control CSP will handle this step automatically. 
 
 1. Mount the EFI volume and make the directory, if it doesn't exist, in an elevated PowerShell prompt: 
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md
index f155922fc3..6f8d77a67f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md
+++ b/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-windows-defender-application-control-policies-using-intune.md
@@ -24,7 +24,7 @@ ms.topic: how-to
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](../feature-availability.md).
 
-You can use a Mobile Device Management (MDM) solution, like Microsoft Endpoint Manager Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps.
+You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to configure Windows Defender Application Control (WDAC) on client machines. Intune includes native support for WDAC, which can be a helpful starting point, but customers may find the available circle-of-trust options too limiting. To deploy a custom policy through Intune and define your own circle of trust, you can configure a profile using Custom OMA-URI. If your organization uses another MDM solution, check with your solution provider for WDAC policy deployment steps.
 
 ## Use Intune's built-in policies
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md b/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md
new file mode 100644
index 0000000000..5a4f9be3f6
--- /dev/null
+++ b/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement.md
@@ -0,0 +1,73 @@
+---
+title: Understand WDAC script enforcement
+description: WDAC script enforcement
+keywords: security, malware
+ms.prod: windows-client
+audience: ITPro
+ms.collection: M365-security-compliance
+author: jsuther1974
+ms.reviewer: jogeurte
+ms.author: jogeurte
+ms.manager: jsuther
+manager: aaroncz
+ms.date: 11/02/2022
+ms.technology: itpro-security
+ms.topic: article
+ms.localizationpriority: medium
+---
+
+# Script enforcement with Windows Defender Application Control (WDAC)
+
+**Applies to:**
+
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
+
+> [!NOTE]
+> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
+
+## Script enforcement overview
+
+By default, script enforcement is enabled for all WDAC policies unless the option **11 Disabled:Script Enforcement** is set in the policy. WDAC script enforcement involves a handshake between an enlightened script host, such as PowerShell, and WDAC. The actual enforcement behavior, however, is handled entirely by the script host. Some script hosts, like the Microsoft HTML Application Host (mshta.exe), simply block all code execution if any WDAC UMCI policy is active. Most script hosts first ask WDAC whether a script should be allowed to run based on the WDAC policies currently active. The script host then either blocks, allows, or changes *how* the script is run to best protect the user and the device.
+
+WDAC shares the *AppLocker - MSI and Script* event log for all script enforcement events. Whenever a script host asks WDAC if a script should be allowed, an event will be logged with the answer WDAC returned to the script host. For more information on WDAC script enforcement events, see [Understanding Application Control events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations#windows-applocker-msi-and-script-log).
+
+> [!IMPORTANT]
+> When a script runs that is not allowed by policy, WDAC raises an event indicating that the script was "blocked". However, the actual script enforcement behavior is handled by the script host and may not actually completely block the file from running.
+>
+> Also be aware that some script hosts may change how they behave even if a WDAC policy is in audit mode only. You should review the information below for each script host and test thoroughly within your environment to ensure the scripts you need to run are working properly.
+
+## Enlightened script hosts that are part of Windows
+
+### PowerShell
+
+All PowerShell scripts (.ps1), modules (.psm1), and manifests (.psd1) must be allowed by WDAC policy in order to run with Full Language rights.
+
+Any **dependent modules** that are loaded by an allowed module must also be allowed by WDAC policy, and module functions must be exported explicitly by name when WDAC is enforced. Modules that do not specify any exported functions (no export name list) will still load but no module functions will be accessible. Modules that use wildcards (\*) in their name will fail to load.
+
+Any PowerShell script that isn't allowed by WDAC policy will still run, but only in Constrained Language Mode.
+
+PowerShell **dot-sourcing** isn't recommended. Instead, scripts should use PowerShell modules to provide common functionality. If a script file that is allowed by WDAC does try to run dot-sourced script files, those script files must also be allowed by the policy.
+
+WDAC will put **interactive PowerShell** into Constrained Language Mode if any WDAC UMCI policy is enforced and *any* active WDAC policy enables script enforcement, even if that policy is in audit mode. To run interactive PowerShell with Full Language rights, you must disable script enforcement for *all* policies.
+
+For more information on PowerShell language modes, see [About Language Modes](/powershell/module/microsoft.powershell.core/about/about_language_modes).
+
+### VBscript, cscript, and jscript
+
+All scripts run using the Windows Based Script Host (wscript.exe) or the Microsoft Console Based Script Host (cscript.exe) must be allowed by the WDAC policy. If not, the script will be blocked.
+
+### Microsoft HTML Application Host (MSHTA) and MSXML
+
+If any WDAC policy is active that enables script enforcement, even if that policy is in audit mode, all code execution using MSHTA or MSXML will be blocked.
+
+### COM objects
+
+WDAC additionally enforces a restricted allowlist for COM objects that can be expanded or further restricted by your WDAC policy. COM object enforcement **isn't** affected by option **11 Disabled:Script Enforcement**. For more information on how to allow or deny COM objects, see [Allow COM object registration](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy).
+
+## Scripts that aren't directly controlled by WDAC
+
+WDAC doesn't directly control code run via the Windows Command Processor (cmd.exe), including .bat/.cmd script files. However, anything that such a batch script tries to run will be subject to WDAC control. If you don't need to run cmd.exe, it's recommended to block it outright or allow it only by exception based on the calling process. See [Use a Windows Defender Application Control policy to control specific plug-ins, add-ins, and modules](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules).
+
+WDAC doesn't control scripts run through an unenlightened script host, such as many 3rd-party Java or Python engines. If your WDAC policy allows an unenlightened script host to run, then you implicitly allow all scripts run through that host. For non-Microsoft script hosts, you should check with the software vendor whether their script hosts are enlightened to WDAC policy.
diff --git a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
index 157e08e8e7..526551ec0e 100644
--- a/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/disable-windows-defender-application-control-policies.md
@@ -1,5 +1,5 @@
 ---
-title: Disable Windows Defender Application Control policies  (Windows)
+title: Remove Windows Defender Application Control policies  (Windows)
 description: Learn how to disable both signed and unsigned Windows Defender Application Control policies, within Windows and within the BIOS.
 keywords: security, malware
 ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
@@ -11,86 +11,169 @@ ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
-ms.date: 05/03/2018
+ms.date: 11/04/2022
 ms.technology: itpro-security
 ---
 
-# Disable Windows Defender Application Control policies
+# Remove Windows Defender Application Control (WDAC) policies
 
 **Applies to:**
 
--   Windows 10
--   Windows 11
--   Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
 
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-This topic covers how to disable unsigned or signed WDAC policies.
+## Removing WDAC policies
 
-## Disable unsigned Windows Defender Application Control policies
+There may come a time when you want to remove one or more WDAC policies, or remove all WDAC policies you've deployed. This article describes the various ways to remove WDAC policies.
 
-There may come a time when an administrator wants to disable a Windows Defender Application Control policy. For unsigned WDAC policies, this process is simple. The method used to deploy the policy (such as Group Policy) must first be disabled, then delete the SIPolicy.p7b policy file from the following locations, and the WDAC policy will be disabled on the next computer restart:
+> [!IMPORTANT]
+> **Signed WDAC policy**
+>
+> If the policy you are trying to remove is a signed WDAC policy, you must first deploy a signed replacement policy that includes option **6 Enabled:Unsigned System Integrity Policy**.
+>
+> The replacement policy must have the same PolicyId as the one it's replacing and a version that's equal to or greater than the existing policy. The replacement policy must also include \<UpdatePolicySigners\>.
+>
+> To take effect, this policy must be signed with a certificate included in the \<UpdatePolicySigners\> section of the original policy you want to replace. 
+>
+> You must then restart the computer so that the UEFI protection of the policy is deactivated. ***Failing to do so will result in a boot start failure.***
 
--   &lt;EFI System Partition&gt;\\Microsoft\\Boot\\
--   &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\
+Before removing any policy, you must first disable the method used to deploy it (such as Group Policy or MDM). Otherwise, the policy may redeploy to the computer.
 
->[!NOTE]
-> As of the Windows 10 May 2019 Update (1903), Windows Defender Application Control allows multiple policies to be deployed to a device. To fully disable WDAC when multiple policies are in effect, you must first disable each method being used to deploy a policy. Then delete the {Policy GUID}.cip policy files found in the \CIPolicies\Active subfolder under each of the paths listed above in addition to any SIPolicy.p7b file found in the root directory.
+To make a policy effectively inactive before removing it, you can first replace the policy with a new one that includes the following changes:
 
-## Disable signed Windows Defender Application Control policies within Windows
+1. Replace the policy rules with "Allow *" rules;
+2. Set option **3 Enabled:Audit Mode** to change the policy to audit mode only;
+3. Set option **11 Disabled:Script Enforcement**;
+4. Allow all COM objects. See [Allow COM object registration in a WDAC policy](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy#examples);
+5. If applicable, remove option **0 Enabled:UMCI** to convert the policy to kernel mode only.
 
-Signed policies protect Windows from administrative manipulation and malware that has gained administrative-level access to the system. For this reason, signed Windows Defender Application Control policies are intentionally more difficult to remove than unsigned policies. They inherently protect themselves from modification or removal and therefore are difficult even for administrators to remove successfully. If the signed WDAC policy is manually enabled and copied to the CodeIntegrity folder, to remove the policy, you must complete the following steps.
+> [!IMPORTANT]
+> After a policy has been removed, you must restart the computer for it to take effect. You can't remove WDAC policies rebootlessly.
+
+### Remove WDAC policies using CiTool.exe
+
+Beginning with the Windows 11 2022 Update, you can remove WDAC policies using CiTool.exe. From an elevated command window, run the following command. Be sure to replace the text *PolicyId GUID* with the actual PolicyId of the WDAC policy you want to remove:
+
+```powershell
+    CiTool.exe -rp "{PolicyId GUID}" -json
+```
+
+Then restart the computer.
+
+### Remove WDAC policies using MDM solutions like Intune
+
+You can use a Mobile Device Management (MDM) solution, like Microsoft Intune, to remove WDAC policies from client machines using the [ApplicationControl CSP](/windows/client-management/mdm/applicationcontrol-csp).
+
+<!-- Waiting for information from Intune team on specific steps...
+
+The steps to use Intune's custom OMA-URI functionality to remove a WDAC policy are:
+
+1. Open the Microsoft Intune portal and [create a profile with custom settings](/mem/intune/configuration/custom-settings-windows-10).
+
+2. Specify a **Name** and **Description** and use the following values for the remaining custom OMA-URI settings:
+    - **OMA-URI**: `./Vendor/MSFT/ApplicationControl/Policies/_PolicyId GUID_/Policy`
+    - **Data type**: Base64 (file)
+    - **Certificate file**: upload your binary format policy file. You don't need to upload a Base64 file, as Intune will convert the uploaded .bin file to Base64 on your behalf.
+
+    > [!div class="mx-imgBorder"]
+    > ![Configure custom WDAC.](../images/wdac-intune-custom-oma-uri.png)
 
 > [!NOTE]
-> For reference, signed WDAC policies should be replaced and removed from the following locations:
-> 
-> * &lt;EFI System Partition&gt;\\Microsoft\\Boot\\
-> * &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\
+> For the _Policy GUID_ value, do not include the curly brackets.
+-->
 
+Consult your MDM solution provider for specific information on using the ApplicationControl CSP.
 
-1.  Replace the existing policy with another signed policy that has the **6 Enabled: Unsigned System Integrity Policy** rule option enabled.
+Then restart the computer.
 
-    > [!NOTE]
-    > To take effect, this policy must be signed with a certificate previously added to the **UpdatePolicySigners** section of the original signed policy you want to replace.
+### Remove WDAC policies using script
 
-2.  Restart the client computer.
+To remove WDAC policies using script, your script must delete the policy file(s) from the computer. For **multiple policy format (1903+) WDAC policies**, look for the policy files in the following locations. Be sure to replace the *PolicyId GUID* with the actual PolicyId of the WDAC policy you want to remove.
 
-3.  Verify that the new signed policy exists on the client.
+- &lt;EFI System Partition&gt;\\Microsoft\\Boot\\CiPolicies\Active\\*\{PolicyId GUID\}*.cip
+- &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\CiPolicies\Active\\*\{PolicyId GUID\}*.cip
 
-    > [!NOTE]
-    > If the signed policy that contains rule option 6 has not been processed on the client, the addition of an unsigned policy may cause boot failures.
+For **single policy format WDAC policies**, in addition to the two locations above, also look for a file called SiPolicy.p7b that may be found in the following locations:
 
-4.  Delete the new policy.
+- &lt;EFI System Partition&gt;\\Microsoft\\Boot\\SiPolicy.p7b
+- &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\SiPolicy.p7b
 
-5.  Restart the client computer.
+Then restart the computer.
 
-If the signed Windows Defender Application Control policy has been deployed by using Group Policy, you must complete the following steps:
+#### Sample script
 
-1.  Replace the existing policy in the GPO with another signed policy that has the **6 Enabled: Unsigned System Integrity Policy** rule option enabled.
+<details>
+  <summary>Expand this section to see a sample script to delete a single WDAC policy</summary>
 
-    > [!NOTE]  
-    > To take effect, this policy must be signed with a certificate previously added to the **UpdatePolicySigners** section of the original signed policy you want to replace.
+```powershell
+    # Set PolicyId GUID to the PolicyId from your WDAC policy XML
+    $PolicyId = "{PolicyId GUID}"
 
-2.  Restart the client computer.
+    # Initialize variables
+    $SinglePolicyFormatPolicyId = "{A244370E-44C9-4C06-B551-F6016E563076}"
+    $SinglePolicyFormatFileName = "\SiPolicy.p7b"
+    $MountPoint =  $env:SystemDrive+"\EFIMount"
+    $SystemCodeIntegrityFolderRoot = $env:windir+"\System32\CodeIntegrity"
+    $EFICodeIntegrityFolderRoot = $MountPoint+"\EFI\Microsoft\Boot"
+    $MultiplePolicyFilePath = "\CiPolicies\Active\"+$PolicyId+".cip"
 
-3.  Verify that the new signed policy exists on the client.
+    # Mount the EFI partition
+    $EFIPartition = (Get-Partition | Where-Object IsSystem).AccessPaths[0]
+    if (-Not (Test-Path $MountPoint)) { New-Item -Path $MountPoint -Type Directory -Force }
+    mountvol $MountPoint $EFIPartition
 
-    > [!NOTE]
-    > If the signed policy that contains rule option 6 has not been processed on the client, the addition of an unsigned policy may cause boot failures.
+    # Check if the PolicyId to be removed is the system reserved GUID for single policy format.
+    # If so, the policy may exist as both SiPolicy.p7b in the policy path root as well as
+    # {GUID}.cip in the CiPolicies\Active subdirectory
+    if ($PolicyId -eq $SinglePolicyFormatPolicyId) {$NumFilesToDelete = 4} else {$NumFilesToDelete = 2}
+    
+    $Count = 1
+    while ($Count -le $NumFilesToDelete) 
+    {
+           
+        # Set the $PolicyPath to the file to be deleted, if exists
+        Switch ($Count)
+        {
+            1 {$PolicyPath = $SystemCodeIntegrityFolderRoot+$MultiplePolicyFilePath}
+            2 {$PolicyPath = $EFICodeIntegrityFolderRoot+$MultiplePolicyFilePath}
+            3 {$PolicyPath = $SystemCodeIntegrityFolderRoot+$SinglePolicyFormatFileName}
+            4 {$PolicyPath = $EFICodeIntegrityFolderRoot+$SinglePolicyFormatFileName}
+        }
 
-4.  Set the GPO to disabled.
+        # Delete the policy file from the current $PolicyPath
+        Write-Host "Attempting to remove $PolicyPath..." -ForegroundColor Cyan
+        if (Test-Path $PolicyPath) {Remove-Item -Path $PolicyPath -Force -ErrorAction Continue}
 
-5.  Delete the new policy.
+        $Count = $Count + 1
+    }
 
-6.  Restart the client computer.
+    # Dismount the EFI partition
+   mountvol $MountPoint /D
+```
 
-## Disable signed Windows Defender Application Control policies within the BIOS
+</Details>
 
-There may be a time when signed Windows Defender Application Control policies cause a boot failure. Because WDAC policies enforce kernel mode drivers, it's important that they be thoroughly tested on each software and hardware configuration before being enforced and signed. Signed WDAC policies are validated in the pre-boot sequence by using Secure Boot. When you disable the Secure Boot feature in the BIOS, and then delete the file from the following locations on the operating system disk, it allows the system to boot into Windows:
+> [!NOTE]
+> You must run the script as administrator to remove WDAC policies on your computer.
 
--   &lt;EFI System Partition&gt;\\Microsoft\\Boot\\
--   &lt;OS Volume&gt;\\Windows\\System32\\CodeIntegrity\\
+## Remove WDAC policies causing boot stop failures
+
+A WDAC policy that blocks boot critical drivers can cause a boot stop failure (BSOD) to occur, though this can be mitigated by setting option **10 Enabled:Boot Audit On Failure** in your policies. Additionally, signed WDAC policies protect the policy from administrative manipulation and malware that has gained administrative-level access to the system. For this reason, signed WDAC policies are intentionally more difficult to remove than unsigned policies even for administrators. Tampering with or removing a signed WDAC policy will cause a BSOD to occur.
+
+To remove a policy that is causing boot stop failures:
+
+1. If the policy is a **signed** WDAC policy, turn off Secure Boot from your [UEFI BIOS menu](/windows-hardware/manufacture/desktop/boot-to-uefi-mode-or-legacy-bios-mode). For help with locating where to turn off Secure Boot within your BIOS menu, consult with your original equipment manufacturer (OEM).
+2. Access the Advanced Boot Options menu on your computer and choose the option to **Disable Driver Signature Enforcement**. For instructions on accessing the Advanced Boot Options menu during startup, consult with your OEM. This option will suspend all code integrity checks, including WDAC, for a single boot session.
+3. Start Windows normally and sign in. Then, [remove WDAC policies using script](#remove-wdac-policies-using-script).
+4. If you turned off Secure Boot in step 1 above and your drive is protected by BitLocker, [suspend BitLocker protection](/troubleshoot/windows-client/windows-security/suspend-bitlocker-protection-non-microsoft-updates) then turn on Secure Boot from your UEFI BIOS menu.
+5. Restart the computer.
+
+> [!NOTE]
+> If your drive is protected by Bitlocker, you may need your Bitlocker recovery keys to perform steps 1-2 above.
diff --git a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
index 6abeab5887..2c666bad22 100644
--- a/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
+++ b/windows/security/threat-protection/windows-defender-application-control/example-wdac-base-policies.md
@@ -15,7 +15,7 @@ author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
-ms.date: 08/05/2022
+ms.date: 11/02/2022
 ms.technology: itpro-security
 ---
 
@@ -35,12 +35,20 @@ When you create policies for use with Windows Defender Application Control (WDAC
 ## Example Base Policies
 
 | **Example Base Policy** | **Description** | **Where it can be found** |
-|----------------------------|---------------------------------------------------------------|--------|
-| **DefaultWindows.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for all [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
-| **AllowMicrosoft.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
-| **AllowAll.xml** | This example policy is useful when creating a blocklist. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
-| **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity) using Windows Defender Application Control. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
-| **DenyAllAudit.xml** | ***Warning: May cause long boot time on Windows Server 2019.*** Only deploy this example policy in audit mode to track all binaries running on critical systems or to meet regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
+|-------------------------|---------------------------------------------------------------|--------|
+| **DefaultWindows_\*.xml** | This example policy is available in both audit and enforced mode. It includes rules to allow Windows, third-party hardware and software kernel drivers, and Windows Store apps. Used as the basis for all [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) policies. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_\*.xml <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\DefaultWindows_Audit.xml |
+| **AllowMicrosoft.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed by the Microsoft product root certificate. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowMicrosoft.xml <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\AllowMicrosoft.xml |
+| **AllowAll.xml** | This example policy is useful when creating a blocklist. All block policies should include rules allowing all other code to run and then add the DENY rules for your organization's needs. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll.xml |
+| **AllowAll_EnableHVCI.xml** | This example policy can be used to enable [memory integrity](https://support.microsoft.com/windows/core-isolation-e30ed737-17d8-42f3-a2a9-87521df09b78) (also known as hypervisor-protected code integrity) using WDAC. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\AllowAll_EnableHVCI.xml |
+| **DenyAllAudit.xml** | ***Warning: May cause long boot time on Windows Server 2019.*** Only deploy this example policy in audit mode to track all binaries running on critical systems or to meet regulatory requirements. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DenyAllAudit.xml |
 | **Device Guard Signing Service (DGSS) DefaultPolicy.xml** | This example policy is available in audit mode. It includes the rules from DefaultWindows and adds rules to trust apps signed with your organization-specific certificates issued by the DGSS. | [Device Guard Signing Service NuGet Package](https://www.nuget.org/packages/Microsoft.Acs.Dgss.Client) |
 | **MEM Configuration Manager** | Customers who use Configuration Manager can deploy a policy with Configuration Manager's built-in WDAC integration, and then use the generated policy XML as an example base policy. | %OSDrive%\Windows\CCM\DeviceGuard on a managed endpoint |
-| **SmartAppControl.xml** | This example policy includes rules based on [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) that are well-suited for lightly managed systems. This policy includes a rule that is unsupported for enterprise WDAC policies and must be removed. For more information about using this example policy, see [Create a custom base policy using an example WDAC base policy](create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy)). | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies |
+| **SmartAppControl.xml** | This example policy includes rules based on [Smart App Control](https://support.microsoft.com/topic/what-is-smart-app-control-285ea03d-fa88-4d56-882e-6698afdb7003) that are well-suited for lightly managed systems. This policy includes a rule that is unsupported for enterprise WDAC policies and must be removed. For more information about using this example policy, see [Create a custom base policy using an example WDAC base policy](create-wdac-policy-for-lightly-managed-devices.md#create-a-custom-base-policy-using-an-example-wdac-base-policy)). | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\SmartAppControl.xml <br>%ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\SignedReputable.xml |
+| **Example supplemental policy** | This example policy shows how to use supplemental policy to expand the DefaultWindows_Audit.xml allow a single Microsoft-signed file. | %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Supplemental.xml |
+| **Microsoft Recommended Block List** | This policy includes a list of Windows and Microsoft-signed code that Microsoft recommends blocking when using WDAC, if possible. | [Microsoft recommended block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules) <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\Recommended_UserMode_Blocklist.xml |
+| **Microsoft recommended driver blocklist** | This policy includes rules to block known vulnerable or malicious kernel drivers. | [Microsoft recommended driver block rules](/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules) <br> %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies\RecommendedDriverBlock_Enforced.xml <br> %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\Recommended_Driver_Blocklist.xml |
+| **Windows S mode** | This policy includes the rules used to enforce [Windows S mode](https://support.microsoft.com/en-us/windows/windows-10-and-windows-11-in-s-mode-faq-851057d6-1ee9-b9e5-c30b-93baebeebc85). | %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\WinSiPolicy.xml.xml |
+| **Windows 11 SE** | This policy includes the rules used to enforce [Windows 11 SE](/education/windows/windows-11-se-overview), a version of Windows built for use in schools. | %ProgramFiles%\WindowsApps\Microsoft.WDAC.WDACWizard*\WinSEPolicy.xml.xml |
+
+> [!NOTE]
+> Not all policies shown available at %OSDrive%\Windows\schemas\CodeIntegrity\ExamplePolicies can be found on all versions of Windows.
diff --git a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
index 49ba15bfb5..4da8421cfe 100644
--- a/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
+++ b/windows/security/threat-protection/windows-defender-application-control/feature-availability.md
@@ -9,7 +9,7 @@ author: jgeurten
 ms.reviewer: aaroncz
 ms.author: jogeurte
 manager: aaroncz
-ms.date: 06/27/2022
+ms.date: 11/02/2022
 ms.custom: asr
 ms.topic: overview
 ---
@@ -27,17 +27,17 @@ ms.topic: overview
 
 | Capability  | Windows Defender Application Control | AppLocker   |
 |-------------|------|-------------|
-| Platform support    | Available on Windows 10, Windows 11, and Windows Server 2016 or later  | Available on Windows 8 or later   |
-| SKU availability     | Cmdlets are available on all SKUs on 1909+ builds.<br>For pre-1909 builds, cmdlets are only available on Enterprise but policies are effective on all SKUs.  | Policies deployed through GP are only effective on Enterprise devices.<br>Policies deployed through MDM are effective on all SKUs.  |
-| Management solutions   | <ul><li>[Intune](./deployment/deploy-windows-defender-application-control-policies-using-intune.md) (limited built-in policies or custom policy deployment via OMA-URI)</li><li>[Microsoft Endpoint Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)</li><li>[Group policy](./deployment/deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>PowerShell</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>Configuration Manager (custom policy deployment via software distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
-| Per-User and Per-User group rules | Not available (policies are device-wide)  | Available on Windows 8+  |
-| Kernel mode policies  | Available on all Windows 10 versions and Windows 11  | Not available |
-| Per-app rules  | [Available on 1703+](./use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md)  | Not available |
-| Managed Installer (MI)  | [Available on 1703+](./configure-authorized-apps-deployed-with-a-managed-installer.md)  | Not available  |
-| Reputation-Based intelligence     | [Available on 1709+](./use-windows-defender-application-control-with-intelligent-security-graph.md)  | Not available |
-| Multiple policy support           | [Available on 1903+](./deploy-multiple-windows-defender-application-control-policies.md)  | Not available  |
-| Path-based rules                  | [Available on 1903+.](./select-types-of-rules-to-create.md#more-information-about-filepath-rules) Exclusions aren't supported. Runtime user-writeability checks enforced by default.  | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
-| COM object configurability        | [Available on 1903+](./allow-com-object-registration-in-windows-defender-application-control-policy.md)  | Not available |
-| Packaged app rules                | [Available on RS5+](./manage-packaged-apps-with-windows-defender-application-control.md)  | Available on Windows 8+   |
-| Enforceable file types       | <ul><li>Driver files: .sys</li><li>Executable files: .exe and .com</li><li>DLLs: .dll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>| <ul><li>Executable files: .exe and .com</li><li>[Optional] DLLs: .dll, .rll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .bat, .cmd, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>|
-| Application ID (AppId) Tagging | [Available on 20H1+](./AppIdTagging/windows-defender-application-control-appid-tagging-guide.md)  | Not available |
+| Platform support    | Available on Windows 10, Windows 11, and Windows Server 2016 or later.  | Available on Windows 8 or later.   |
+| SKU availability     | Available on Windows 10, Windows 11, and Windows Server 2016 or later. <br> WDAC PowerShell cmdlets aren't available on Home edition, but policies are effective on all editions. | Policies deployed through GP are only supported on Enterprise and Server editions.<br>Policies deployed through MDM are supported on all editions. |
+| Management solutions   | <ul><li>[Intune](./deployment/deploy-windows-defender-application-control-policies-using-intune.md)</li><li>[Microsoft Configuration Manager](/configmgr/protect/deploy-use/use-device-guard-with-configuration-manager) (limited built-in policies or custom policy deployment via software distribution)</li><li>[Group policy](./deployment/deploy-windows-defender-application-control-policies-using-group-policy.md) </li><li>[Script](/windows/security/threat-protection/windows-defender-application-control/deployment/deploy-wdac-policies-with-script)</li></ul>  | <ul><li>[Intune](/windows/client-management/mdm/applocker-csp) (custom policy deployment via OMA-URI only)</li><li>Configuration Manager (custom policy deployment via software distribution only)</li><li>[Group Policy](./applocker/determine-group-policy-structure-and-rule-enforcement.md)</li><li>PowerShell</li><ul> |
+| Per-User and Per-User group rules | Not available (policies are device-wide).  | Available on Windows 8+.  |
+| Kernel mode policies  | Available on Windows 10, Windows 11, and Windows Server 2016 or later. | Not available. |
+| [Per-app rules](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules)  | Available on Windows 10, Windows 11, and Windows Server 2019 or later.  | Not available. |
+| [Managed Installer (MI)](/windows/security/threat-protection/windows-defender-application-control/configure-authorized-apps-deployed-with-a-managed-installer)  | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
+| [Reputation-Based intelligence](/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph)     | Available on Windows 10, Windows 11, and Windows Server 2019 or later.  | Not available. |
+| [Multiple policy support](/windows/security/threat-protection/windows-defender-application-control/deploy-multiple-windows-defender-application-control-policies) | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2022.  | Not available.  |
+| [Path-based rules](/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create) | Available on Windows 10, version 1903 and above, Windows 11, and Windows Server 2019 or later. Exclusions aren't supported. Runtime user-writeability checks enforced by default.  | Available on Windows 8+. Exclusions are supported. No runtime user-writeability check. |
+| [COM object allowlisting](/windows/security/threat-protection/windows-defender-application-control/allow-com-object-registration-in-windows-defender-application-control-policy) | Available on Windows 10, Windows 11, and Windows Server 2019 or later. | Not available. |
+| [Packaged app rules](/windows/security/threat-protection/windows-defender-application-control/manage-packaged-apps-with-windows-defender-application-control) | Available on Windows 10, Windows 11, and Windows Server 2019 or later.  | Available on Windows 8+. |
+| Enforceable file types | <ul><li>Driver files: .sys</li><li>Executable files: .exe and .com</li><li>DLLs: .dll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>| <ul><li>Executable files: .exe and .com</li><li>[Optional] DLLs: .dll, .rll and .ocx</li><li>Windows Installer files: .msi, .mst, and .msp</li><li>Scripts: .ps1, .bat, .cmd, .vbs, and .js</li><li>Packaged apps and packaged app installers: .appx</li></ul>|
+| [Application ID (AppId) Tagging](/windows/security/threat-protection/windows-defender-application-control/AppIdTagging/windows-defender-application-control-appid-tagging-guide) | Available on Windows 10, version 20H1 and above, and Windows 11. | Not available. |
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
index 717cc67a0a..407e490e72 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-block-rules.md
@@ -9,7 +9,7 @@ author: jsuther1974
 ms.reviewer: jgeurten
 ms.author: vinpa
 manager: aaroncz
-ms.date: 09/29/2021
+ms.date: 11/04/2022
 ms.topic: reference
 ---
 
@@ -22,11 +22,11 @@ ms.topic: reference
 - Windows Server 2016 and above
 
 >[!NOTE]
->Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
+>Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [WDAC feature availability](feature-availability.md).
 
-Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass Windows Defender Application Control.
+Members of the security community<sup>*</sup> continuously collaborate with Microsoft to help protect customers. With the help of their valuable reports, Microsoft has identified a list of valid applications that an attacker could also potentially use to bypass WDAC.
 
-Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including Windows Defender Application Control:
+Unless your use scenarios explicitly require them, Microsoft recommends that you block the following applications. These applications or files can be used by an attacker to circumvent application allow policies, including WDAC:
 
 - addinprocess.exe
 - addinprocess32.exe
@@ -100,19 +100,19 @@ Unless your use scenarios explicitly require them, Microsoft recommends that you
 > [!NOTE]
 > This application list will be updated with the latest vendor information as application vulnerabilities are resolved and new issues are discovered.
 
-Certain software applications may allow other code to run by design. Such applications should be blocked by your Windows Defender Application Control policy. In addition, when an application version is upgraded to fix a security vulnerability or potential Windows Defender Application Control bypass, you should add *deny* rules to your application control policies for that application’s previous, less secure versions.
+Certain software applications may allow other code to run by design. Such applications should be blocked by your WDAC policy. In addition, when an application version is upgraded to fix a security vulnerability or potential WDAC bypass, you should add *deny* rules to your application control policies for that application’s previous, less secure versions.
 
-Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass Windows Defender Application Control. These modules can't be blocked by name or version, and therefore must be blocked by their corresponding hashes. 
+Microsoft recommends that you install the latest security updates. For example, updates help resolve several issues in PowerShell modules that allowed an attacker to bypass WDAC. These modules can't be blocked by name or version, and therefore must be blocked by their corresponding hashes.
 
 As of October 2017, system.management.automation.dll is updated to revoke earlier versions by hash values, instead of version rules.
 
-Microsoft recommends that you block the following Microsoft-signed applications and PowerShell files by merging the following policy into your existing policy to add these deny rules using the Merge-CIPolicy cmdlet. As of March 2019, each version of Windows requires blocking a specific version of the following files:
+If you wish to use this blocklist policy on Windows Server 2016, locate the deny rules for the following files, and change the comment block to only include the rules for that OS version. Applying the RS5+ rules to Windows Server 2016 may cause apps to malfunction:
 
 - msxml3.dll
 - msxml6.dll
 - jscript9.dll
 
-Select the correct version of each .dll for the Windows release you plan to support, and remove the other versions. Ensure that you also uncomment them in the signing scenarios section.
+The blocklist policy below includes "Allow all" rules for both kernel and user mode that make it safe to deploy as a standalone WDAC policy. On Windows versions 1903 and above, Microsoft recommends converting this policy to multiple policy format using the *Set-CiPolicyIdInfo* cmdlet with the *-ResetPolicyId* switch. Then, you can deploy it as a Base policy side-by-side with any other policies in your environment. To instead add these rules to an existing Base policy, you can merge the policy below using the *Merge-CIPolicy* cmdlet. If merging into an existing policy that includes an explicit allowlist, you should first remove the two "Allow all" rules and their corresponding FileRuleRefs from the sample policy below.
 
 <br>
 <details>
@@ -145,6 +145,8 @@ Select the correct version of each .dll for the Windows release you plan to supp
   <EKUs />
   <!-- File Rules  -->
   <FileRules>
+    <Allow ID="ID_ALLOW_A_1" FriendlyName="Allow Kernel Drivers" FileName="*" />
+    <Allow ID="ID_ALLOW_A_2" FriendlyName="Allow User mode components" FileName="*" />
     <Deny ID="ID_DENY_ADDINPROCESS" FriendlyName="AddInProcess.exe" FileName="AddInProcess.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_ADDINPROCESS32" FriendlyName="AddInProcess32.exe" FileName="AddInProcess32.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_ADDINUTIL" FriendlyName="AddInUtil.exe" FileName="AddInUtil.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
@@ -161,7 +163,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
     <Deny ID="ID_DENY_FSI" FriendlyName="fsi.exe" FileName="fsi.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_FSI_ANYCPU" FriendlyName="fsiAnyCpu.exe" FileName="fsiAnyCpu.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_INFINSTALL" FriendlyName="infdefaultinstall.exe" FileName="infdefaultinstall.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
-	<Deny ID="ID_DENY_INSTALLUTIL" FriendlyName="Microsoft InstallUtil" FileName="InstallUtil.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
+    <Deny ID="ID_DENY_INSTALLUTIL" FriendlyName="Microsoft InstallUtil" FileName="InstallUtil.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_KD" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_KD_KMCI" FriendlyName="kd.exe" FileName="kd.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_KILL" FriendlyName="kill.exe" FileName="kill.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
@@ -182,7 +184,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
     <Deny ID="ID_DENY_RUNSCRIPTHELPER" FriendlyName="runscripthelper.exe" FileName="runscripthelper.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_TEXTTRANSFORM" FriendlyName="texttransform.exe" FileName="texttransform.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_VISUALUIAVERIFY" FriendlyName="visualuiaverifynative.exe" FileName="visualuiaverifynative.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
-	<Deny ID="ID_DENY_WEBCLNT" FriendlyName="BlockWebDAV WebClnt" FileName="davsvc.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355"/> 
+    <Deny ID="ID_DENY_WEBCLNT" FriendlyName="BlockWebDAV WebClnt" FileName="davsvc.dll" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355"/> 
     <Deny ID="ID_DENY_WFC" FriendlyName="WFC.exe" FileName="wfc.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_WINDBG" FriendlyName="windbg.exe" FileName="windbg.Exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
     <Deny ID="ID_DENY_WMIC" FriendlyName="wmic.exe" FileName="wmic.exe" MinimumFileVersion="0.0.0.0" MaximumFileVersion="65355.65355.65355.65355" />
@@ -197,26 +199,11 @@ Select the correct version of each .dll for the Windows release you plan to supp
     <Deny  ID="ID_DENY_MSXML6"        FriendlyName="msxml6.dll"         FileName="msxml6.dll" MinimumFileVersion ="6.30.14393.2550"/>
     <Deny  ID="ID_DENY_JSCRIPT9"      FriendlyName="jscript9.dll"       FileName="jscript9.dll" MinimumFileVersion ="11.0.14393.2607"/>
     -->
-      <!-- RS2 Windows 1703
-    <Deny  ID="ID_DENY_MSXML3"        FriendlyName="msxml3.dll"         FileName="msxml3.dll" MinimumFileVersion ="8.110.15063.1386"/>
-    <Deny  ID="ID_DENY_MSXML6"        FriendlyName="msxml6.dll"         FileName="msxml6.dll" MinimumFileVersion ="6.30.15063.1386"/>
-    <Deny  ID="ID_DENY_JSCRIPT9"      FriendlyName="jscript9.dll"       FileName="jscript9.dll" MinimumFileVersion ="11.0.15063.1445"/>
-    -->
-      <!-- RS3 Windows 1709
-    <Deny  ID="ID_DENY_MSXML3"        FriendlyName="msxml3.dll"         FileName="msxml3.dll" MinimumFileVersion ="8.110.16299.725"/>
-    <Deny  ID="ID_DENY_MSXML6"        FriendlyName="msxml6.dll"         FileName="msxml6.dll" MinimumFileVersion ="6.30.16299.725"/>
-    <Deny  ID="ID_DENY_JSCRIPT9"      FriendlyName="jscript9.dll"       FileName="jscript9.dll" MinimumFileVersion ="11.0.16299.785"/>
-    -->
-      <!-- RS4 Windows 1803
-    <Deny  ID="ID_DENY_MSXML3"        FriendlyName="msxml3.dll"         FileName="msxml3.dll" MinimumFileVersion ="8.110.17134.344"/>
-    <Deny  ID="ID_DENY_MSXML6"        FriendlyName="msxml6.dll"         FileName="msxml6.dll" MinimumFileVersion ="6.30.17134.344"/>
-    <Deny  ID="ID_DENY_JSCRIPT9"      FriendlyName="jscript9.dll"       FileName="jscript9.dll" MinimumFileVersion ="11.0.17134.406"/>
-    -->
-      <!-- RS5 Windows 1809
+      <!-- RS5 Windows 1809 -->
     <Deny  ID="ID_DENY_MSXML3"        FriendlyName="msxml3.dll"         FileName="msxml3.dll" MinimumFileVersion ="8.110.17763.54"/>
     <Deny  ID="ID_DENY_MSXML6"        FriendlyName="msxml6.dll"         FileName="msxml6.dll" MinimumFileVersion ="6.30.17763.54"/>
     <Deny  ID="ID_DENY_JSCRIPT9"      FriendlyName="jscript9.dll"       FileName="jscript9.dll" MinimumFileVersion ="11.0.17763.133"/>
-    -->
+    <!-- -->
     <Deny ID="ID_DENY_D_1" FriendlyName="Powershell 1" Hash="02BE82F63EE962BCD4B8303E60F806F6613759C6" />
     <Deny ID="ID_DENY_D_2" FriendlyName="Powershell 2" Hash="13765D9A16CC46B2113766822627F026A68431DF" />
     <Deny ID="ID_DENY_D_3" FriendlyName="Powershell 3" Hash="148972F670E18790D62D753E01ED8D22B351A57E45544D88ACE380FEDAF24A40" />
@@ -854,6 +841,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
     <SigningScenario Value="131" ID="ID_SIGNINGSCENARIO_DRIVERS_1" FriendlyName="Driver Signing Scenarios">
       <ProductSigners>
         <FileRulesRef>
+          <FileRuleRef RuleID="ID_ALLOW_A_1" />
           <FileRuleRef RuleID="ID_DENY_KD_KMCI" />
         </FileRulesRef>
       </ProductSigners>
@@ -861,6 +849,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
     <SigningScenario Value="12" ID="ID_SIGNINGSCENARIO_WINDOWS" FriendlyName="User Mode Signing Scenarios">
       <ProductSigners>
         <FileRulesRef>
+          <FileRuleRef RuleID="ID_ALLOW_A_2" />
           <FileRuleRef RuleID="ID_DENY_ADDINPROCESS" />
           <FileRuleRef RuleID="ID_DENY_ADDINPROCESS32" />
           <FileRuleRef RuleID="ID_DENY_ADDINUTIL" />
@@ -877,7 +866,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
           <FileRuleRef RuleID="ID_DENY_FSI" />
           <FileRuleRef RuleID="ID_DENY_FSI_ANYCPU" />
           <FileRuleRef RuleID="ID_DENY_INFINSTALL" />
-		  <FileRuleRef RuleID="ID_DENY_INSTALLUTIL" />
+          <FileRuleRef RuleID="ID_DENY_INSTALLUTIL" />
           <FileRuleRef RuleID="ID_DENY_KD" />
           <FileRuleRef RuleID="ID_DENY_KILL" />
           <FileRuleRef RuleID="ID_DENY_LXSS" />
@@ -897,7 +886,7 @@ Select the correct version of each .dll for the Windows release you plan to supp
           <FileRuleRef RuleID="ID_DENY_RUNSCRIPTHELPER" />
           <FileRuleRef RuleID="ID_DENY_TEXTTRANSFORM" />
           <FileRuleRef RuleID="ID_DENY_VISUALUIAVERIFY" />
-		  <FileRuleRef RuleID="ID_DENY_WEBCLNT" />
+          <FileRuleRef RuleID="ID_DENY_WEBCLNT" />
           <FileRuleRef RuleID="ID_DENY_WFC" />
           <FileRuleRef RuleID="ID_DENY_WINDBG" />
           <FileRuleRef RuleID="ID_DENY_WMIC" />
@@ -905,11 +894,9 @@ Select the correct version of each .dll for the Windows release you plan to supp
           <FileRuleRef RuleID="ID_DENY_WSL" />
           <FileRuleRef RuleID="ID_DENY_WSLCONFIG" />
           <FileRuleRef RuleID="ID_DENY_WSLHOST" />
-          <!-- uncomment the relevant line(s) below if you have uncommented them in the rule definitions above
-		  <FileRuleRef RuleID="ID_DENY_MSXML3" /> 
-		  <FileRuleRef RuleID="ID_DENY_MSXML6" /> 
-		  <FileRuleRef RuleID="ID_DENY_JSCRIPT9" />
-		  -->
+          <FileRuleRef RuleID="ID_DENY_MSXML3" /> 
+          <FileRuleRef RuleID="ID_DENY_MSXML6" /> 
+          <FileRuleRef RuleID="ID_DENY_JSCRIPT9" />
           <FileRuleRef RuleID="ID_DENY_D_1" />
           <FileRuleRef RuleID="ID_DENY_D_2" />
           <FileRuleRef RuleID="ID_DENY_D_3" />
@@ -1528,9 +1515,6 @@ Select the correct version of each .dll for the Windows release you plan to supp
 
 </details>
 
-> [!NOTE]
-> To create a policy that works on both Windows 10, version 1803 and version 1809, you can create two different policies, or merge them into one broader policy.
-
 ## More information
 
-- [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md)
+- [Merge WDAC policies](merge-windows-defender-application-control-policies.md)
diff --git a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
index 86d6a393a3..25e864f812 100644
--- a/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/microsoft-recommended-driver-block-rules.md
@@ -16,7 +16,8 @@ author: jgeurten
 ms.reviewer: jsuther
 ms.author: vinpa
 manager: aaroncz
-ms.date: 10/27/2022
+ms.date: 11/01/2022
+ms.technology: itpro-security
 ---
 
 # Microsoft recommended driver block rules
@@ -49,9 +50,9 @@ With Windows 11 2022 update, the vulnerable driver blocklist  is enabled by defa
 
 > [!NOTE]
 >
-> - The Windows Security app is updated separately from the OS and ships out of box. The version with the vulnerable driver blocklist toggle is in the final validation ring and will ship to all customers very soon.
+> - The Windows Security app is updated separately from the OS and ships out of box. The version with the vulnerable driver blocklist toggle is in the final validation ring and will ship to all customers very soon. Initially, you will be able to view the configuration state only and the toggle will appear grayed out. The ability to turn the toggle on or off will come with a future Windows update.
 >
-> - The option to turn Microsoft's vulnerable driver blocklist on or off using the Windows Security app is grayed out when HVCI, Smart App Control, or S mode is enabled. You must disable HVCI or Smart App Control, or switch the device out of S mode, and restart the device before you can turn off the Microsoft vulnerable driver blocklist.
+> - For Windows Insiders, the option to turn Microsoft's vulnerable driver blocklist on or off using the Windows Security app is grayed out when HVCI, Smart App Control, or S mode is enabled. You must disable HVCI or Smart App Control, or switch the device out of S mode, and restart the device before you can turn off the Microsoft vulnerable driver blocklist.
 
 The blocklist is updated with each new major release of Windows, typically 1-2 times per year, including most recently with the Windows 11 2022 update released in September 2022. The most current blocklist is now also available for Windows 10 20H2 and Windows 11 21H2 users as an optional update from Windows Update. Microsoft will occasionally publish future updates through regular Windows servicing.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
index 4c0c1f6e41..08f23bb4ca 100644
--- a/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
+++ b/windows/security/threat-protection/windows-defender-application-control/plan-windows-defender-application-control-management.md
@@ -11,10 +11,10 @@ ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
-ms.date: 02/21/2018
+ms.date: 11/02/2022
 ms.technology: itpro-security
 ---
 
@@ -22,9 +22,9 @@ ms.technology: itpro-security
 
 **Applies to:**
 
--   Windows 10
--   Windows 11
--   Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
 
 >[!NOTE]
 >Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
@@ -38,11 +38,11 @@ The first step in implementing application control is to consider how your polic
 Most Windows Defender Application Control policies will evolve over time and proceed through a set of identifiable phases during their lifetime. Typically, these phases include:
 
 1. [Define (or refine) the "circle-of-trust"](understand-windows-defender-application-control-policy-design-decisions.md) for the policy and build an audit mode version of the policy XML. In audit mode, block events are generated but files aren't prevented from executing.
-2. Deploy the audit mode policy to intended devices.
-3. Monitor audit block events from the intended devices and add/edit/delete rules as needed to address unexpected/unwanted blocks.
+2. [Deploy the audit mode policy](/windows/security/threat-protection/windows-defender-application-control/audit-windows-defender-application-control-policies) to intended devices.
+3. [Monitor audit block events](/windows/security/threat-protection/windows-defender-application-control/event-id-explanations) from the intended devices and add/edit/delete rules as needed to address unexpected/unwanted blocks.
 4. Repeat steps 2-3 until the remaining block events meet expectations.
-5. Generate the enforced mode version of the policy. In enforced mode, files that aren't allowed by the policy are prevented from executing and corresponding block events are generated.
-6. Deploy the enforced mode policy to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly.
+5. [Generate the enforced mode version](/windows/security/threat-protection/windows-defender-application-control/enforce-windows-defender-application-control-policies) of the policy. In enforced mode, files that aren't allowed by the policy are prevented from executing and corresponding block events are generated.
+6. [Deploy the enforced mode policy](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide) to intended devices. We recommend using staged rollouts for enforced policies to detect and respond to issues before deploying the policy broadly.
 7. Repeat steps 1-6 anytime the desired "circle-of-trust" changes.  
 
 ![Recommended WDAC policy deployment process.](images/policyflow.png)
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index d955ebfc22..836db5154a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -67,7 +67,7 @@ You can set several rule options within a WDAC policy. Table 1 describes each ru
 | **8 Required:EV Signers** | This option isn't currently supported. | No |
 | **9 Enabled:Advanced Boot Options Menu** | The F8 preboot menu is disabled by default for all WDAC policies. Setting this rule option allows the F8 menu to appear to physically present users. | No |
 | **10 Enabled:Boot Audit on Failure** | Used when the WDAC policy is in enforcement mode. When a driver fails during startup, the WDAC policy will be placed in audit mode so that Windows will load. Administrators can validate the reason for the failure in the CodeIntegrity event log. | No |
-| **11 Disabled:Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes).<br/> NOTE: This option is required to run HTA files, and is supported on 1709, 1803, and 1809 builds with the 2019 10C LCU or higher, and on devices with the Windows 10 May 2019 Update (1903) and higher. Using it on versions of Windows without the proper update may have unintended results. | No |
+| **11 Disabled:Script Enforcement** | This option disables script enforcement options, covering PowerShell, Windows Based Script Host (wscript.exe), Windows Console Based Script Host (cscript.exe), HTA files run in Microsoft HTML Application Host (mshta.exe), and MSXML. For more information on script enforcement, see [Script enforcement with WDAC](/windows/security/threat-protection/windows-defender-application-control/design/script-enforcement). <br/> NOTE: This option isn't supported on Windows Server 2016 and shouldn't be used on that operating system. | No |
 | **12 Required:Enforce Store Applications** | If this rule option is enabled, WDAC policies will also apply to Universal Windows applications. | No |
 | **13 Enabled:Managed Installer** | Use this option to automatically allow applications installed by a managed installer. For more information, see [Authorize apps deployed with a WDAC managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) | Yes |
 | **14 Enabled:Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft's Intelligent Security Graph (ISG). | Yes |
@@ -150,7 +150,7 @@ Wildcards can be used at the beginning or end of a path rule; only one wildcard
 You can also use the following macros when the exact volume may vary: `%OSDRIVE%`, `%WINDIR%`, `%SYSTEM32%`.
 
 > [!NOTE]
-> When authoring WDAC policies with Microsoft Endpoint Configuration Manager (MEMCM), you can instruct MEMCM to create rules for specified files and folders. These rules **aren't** WDAC filepath rules. Rather, MEMCM performs a one-time scan of the specified files and folders and builds rules for any binaries found in those locations at the time of that scan. File changes to those specified files and folders after that scan won't be allowed unless the MEMCM policy is reapplied.
+> When authoring WDAC policies with Microsoft Configuration Manager (MEMCM), you can instruct MEMCM to create rules for specified files and folders. These rules **aren't** WDAC filepath rules. Rather, MEMCM performs a one-time scan of the specified files and folders and builds rules for any binaries found in those locations at the time of that scan. File changes to those specified files and folders after that scan won't be allowed unless the MEMCM policy is reapplied.
 
 > [!NOTE]
 > There is currently a bug where MSIs cannot be allow listed in file path rules. MSIs must be allow listed using other rule types, for example, publisher rules or file attribute rules.
diff --git a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
index 5bf1b7518f..7122339287 100644
--- a/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/types-of-devices.md
@@ -42,11 +42,11 @@ Typically, deployment of Windows Defender Application Control (WDAC) happens bes
 
 ## An introduction to Lamna Healthcare Company
 
-In the next set of topics, we'll explore each of the above scenarios using a fictional organization called Lamna Healthcare Company.
+In the next set of articles, we'll explore each of the above scenarios using a fictional organization called Lamna Healthcare Company.
 
 Lamna Healthcare Company (Lamna) is a large healthcare provider operating in the United States. Lamna employs thousands of people, from doctors and nurses to accountants, in-house lawyers, and IT technicians. Their device use cases are varied and include single-user workstations for their professional staff, shared kiosks used by doctors and nurses to access patient records, dedicated medical devices such as MRI scanners, and many others. Additionally, Lamna has a relaxed, bring-your-own-device policy for many of their professional staff.
 
-Lamna uses [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) in hybrid mode with both Configuration Manager and Intune. Although they use Microsoft Endpoint Manager to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response.
+Lamna uses [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager) in hybrid mode with both Configuration Manager and Intune. Although they use Microsoft Intune to deploy many applications, Lamna has always had relaxed application usage practices: individual teams and employees have been able to install and use any applications they deem necessary for their role on their own workstations. Lamna also recently started to use [Microsoft Defender for Endpoint](https://www.microsoft.com/microsoft-365/windows/microsoft-defender-atp) for better endpoint detection and response.
 
 Recently, Lamna experienced a ransomware event that required an expensive recovery process and may have included data exfiltration by the unknown attacker. Part of the attack included installing and running malicious binaries that evaded detection by Lamna's antivirus solution but would have been blocked by an application control policy. In response, Lamna's executive board has authorized many new security IT responses, including tightening policies for application use and introducing application control.
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
index 73a8d6f71b..6627e9c50a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
+++ b/windows/security/threat-protection/windows-defender-application-control/understand-windows-defender-application-control-policy-design-decisions.md
@@ -29,7 +29,7 @@ ms.technology: itpro-security
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control (WDAC) are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-This topic is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning application control policies deployment using Windows Defender Application Control (WDAC), within a Windows operating system environment.
+This article is for the IT professional. It lists the design questions, possible answers, and ramifications for decisions made, when planning application control policies deployment using Windows Defender Application Control (WDAC), within a Windows operating system environment.
 
 When you begin the design and planning process, you should consider the ramifications of your design choices. The resulting decisions will affect your policy deployment scheme and subsequent application control policy maintenance.
 
@@ -62,7 +62,7 @@ Organizations with well-defined, centrally managed app management and deployment
 
 | Possible answers | Design considerations|
 | - | - |
-| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Endpoint Manager](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. Windows Defender Application Control options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. |
+| All apps are centrally managed and deployed using endpoint management tools like [Microsoft Intune](https://www.microsoft.com/microsoft-365/microsoft-endpoint-manager). | Organizations that centrally manage all apps are best-suited for application control. Windows Defender Application Control options like [managed installer](configure-authorized-apps-deployed-with-a-managed-installer.md) can make it easy to authorize apps that are deployed by the organization's app distribution management solution. |
 | Some apps are centrally managed and deployed, but teams can install other apps for their members. | [Supplemental policies](deploy-multiple-windows-defender-application-control-policies.md) can be used to allow team-specific exceptions to your core organization-wide Windows Defender Application Control policy. Alternatively, teams can use managed installers to install their team-specific apps, or admin-only file path rules can be used to allow apps installed by admin users. |
 | Users and teams are free to download and install apps but the organization wants to restrict that right to prevalent and reputable apps only. | Windows Defender Application Control can integrate with Microsoft's [Intelligent Security Graph](use-windows-defender-application-control-with-intelligent-security-graph.md) (the same source of intelligence that powers Microsoft Defender Antivirus and Windows Defender SmartScreen) to allow only apps and binaries that have positive reputation. |
 | Users and teams are free to download and install apps without restriction. | Windows Defender Application Control policies can be deployed in audit mode to gain insight into the apps and binaries running in your organization without impacting user and team productivity.|
@@ -74,7 +74,7 @@ Traditional Win32 apps on Windows can run without being digitally signed. This p
 | Possible answers | Design considerations |
 | - | - |
 | All apps used in your organization must be signed. | Organizations that enforce [codesigning](use-code-signing-to-simplify-application-control-for-classic-windows-applications.md) for all executable code are best-positioned to protect their Windows computers from malicious code execution. Windows Defender Application Control rules can be created to authorize apps and binaries from the organization's internal development teams and from trusted independent software vendors (ISV). |
-| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Endpoint Manager offer multiple ways to distribute signed App Catalogs. | 
+| Apps used in your organization don't need to meet any codesigning requirements. | Organizations can  [use built-in Windows tools](deploy-catalog-files-to-support-windows-defender-application-control.md) to add organization-specific App Catalog signatures to existing apps as a part of the app deployment process, which can be used to authorize code execution. Solutions like Microsoft Intune offer multiple ways to distribute signed App Catalogs. | 
  
 ### Are there specific groups in your organization that need customized application control policies?
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index e752db3d0d..ca5b20ff1f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -14,7 +14,7 @@ author: jsuther1974
 ms.reviewer: jogeurte
 ms.author: vinpa
 manager: aaroncz
-ms.date: 08/15/2022
+ms.date: 11/04/2022
 ms.technology: itpro-security
 ---
 
@@ -42,10 +42,10 @@ Signed Windows Defender Application Control (WDAC) policies give organizations t
 
 Before you sign with PKCS #7 and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run.
 
-Signing WDAC policies by using an on-premises CA-generated certificate or a purchased code signing certificate is straightforward. 
+Signing WDAC policies by using an on-premises CA-generated certificate or a purchased code signing certificate is straightforward.
 If you don't currently have a code signing certificate exported in .pfx format (containing private keys, extensions, and root certificates), see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) to create one with your on-premises CA.
 
-Before PKCS #7-signing WDAC policies for the first time, ensure you enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md).
+Before PKCS #7-signing WDAC policies for the first time, ensure you enable rule options **Enabled:Advanced Boot Options Menu** and **10 Enabled:Boot Audit on Failure** to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath <PathAndFilename> -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md).
 
 To sign a Windows Defender Application Control policy with SignTool.exe, you need the following components:
 
@@ -85,7 +85,7 @@ If you don't have a code signing certificate, see [Optional: Create a code signi
 
    > [!NOTE]
    > *&lt;Path to exported .cer certificate&gt;* should be  the full path to the certificate that you exported in   step 3.
-   Also, adding update signers is crucial to being able to modify or disable this policy in the future. For more information about how to disable signed WDAC policies, see [Disable signed Windows Defender Application Control policies within Windows](disable-windows-defender-application-control-policies.md#disable-signed-windows-defender-application-control-policies-within-windows).
+   Also, adding update signers is crucial to being able to modify or disable this policy in the future. For more information about how to disable signed WDAC policies, see [Remove WDAC policies](disable-windows-defender-application-control-policies.md).
 
 6. Use [Set-RuleOption](/powershell/module/configci/set-ruleoption) to remove the unsigned policy rule option:
 
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
index 13c68dea7d..6830e5bbcd 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-policy-to-control-specific-plug-ins-add-ins-and-modules.md
@@ -13,8 +13,8 @@ ms.localizationpriority: medium
 audience: ITPro
 ms.collection: M365-security-compliance
 author: jsuther1974
-ms.reviewer: isbrahm
-ms.date: 02/10/2022
+ms.reviewer: jogeurte
+ms.date: 11/02/2022
 ms.technology: itpro-security
 ---
 
@@ -24,31 +24,28 @@ ms.technology: itpro-security
 
 - Windows 10
 - Windows 11
-- Windows Server 2016 and above
+- Windows Server 2019 and above
 
 > [!NOTE]
 > Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
 
-As of Windows 10, version 1703, you can use Windows Defender Application Control (WDAC) policies to control applications and also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
+You can use Windows Defender Application Control (WDAC) policies to control applications and also to control whether specific plug-ins, add-ins, and modules can run from specific apps (such as a line-of-business application or a browser):
 
-| Approach (as of Windows 10, version 1703) | Guideline |
+| Approach | Guideline |
 |---|---|
 | You can work from a list of plug-ins, add-ins, or modules that you want only a specific application to be able to run. Other applications would be blocked from running them. | Use `New-CIPolicyRule` with the `-AppID` option. |
 | In addition, you can work  from a list of plug-ins, add-ins, or modules that you want to block in a specific application. Other applications would be allowed to run them. | Use `New-CIPolicyRule` with the `-AppID` and `-Deny` options. |
 
-To work with these options, the typical method is to create a policy that only affects plug-ins, add-ins, and modules, then merge it into your 'master' policy (merging is described in the next section).
-
-For example, to create a Windows Defender Application Control policy allowing **addin1.dll** and **addin2.dll** to run in **ERP1.exe**, your organization's enterprise resource planning (ERP) application, run the following commands. In the second command, **+=** is used to add a second rule to the **$rule** variable:
+For example, to add rules to a WDAC policy called "Lamna_FullyManagedClients_Audit.xml" that allow **addin1.dll** and **addin2.dll** to be run by **ERP1.exe**, Lamna's enterprise resource planning (ERP) application, run the following commands. In the second command, **+=** is used to add a second rule to the **$rule** variable:
 
 ```powershell
 $rule = New-CIPolicyRule -DriverFilePath '.\temp\addin1.dll' -Level FileName -AppID '.\ERP1.exe'
 $rule += New-CIPolicyRule -DriverFilePath '.\temp\addin2.dll' -Level FileName -AppID '.\ERP1.exe'
-New-CIPolicy -Rules $rule -FilePath ".\AllowERPAddins.xml" -UserPEs
 ```
 
-As another example, to create a Windows Defender Application Control policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application:
+As another example, to create a Windows Defender Application Control policy that blocks **addin3.dll** from running in Microsoft Word, run the following command. You must include the `-Deny` option to block the specified add-ins in the specified application. Once you have all the rules you want, you can merge them into an existing WDAC policy using the Merge-CIPolicy cmdlet as shown here:
 
 ```powershell
-$rule = New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe'
-New-CIPolicy -Rules $rule -FilePath ".\BlockAddins.xml" -UserPEs
+$rule += New-CIPolicyRule -DriverFilePath '.\temp\addin3.dll' -Level FileName -Deny -AppID '.\winword.exe'
+Merge-CIPolicy -OutputFilePath .\Lamna_FullyManagedClients_Audit.xml -PolicyPaths .\Lamna_FullyManagedClients_Audit.xml -Rules $rule
 ```
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
index 8b34bf7ff2..a5d9f79a3f 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-intelligent-security-graph.md
@@ -111,4 +111,4 @@ Packaged apps aren't supported with the ISG and will need to be separately autho
 The ISG doesn't authorize kernel mode drivers. The WDAC policy must have rules that allow the necessary drivers to run.  
 
 > [!NOTE]
-> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Endpoint Manager Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](deployment/deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
+> A rule that explicitly denies or allows a file will take precedence over that file's reputation data. Microsoft Intune's built-in WDAC support includes the option to trust apps with good reputation via the ISG, but it has no option to add explicit allow or deny rules. In most cases, customers using application control will need to deploy a custom WDAC policy (which can include the ISG option if desired) using [Intune's OMA-URI functionality](deployment/deploy-windows-defender-application-control-policies-using-intune.md#deploy-wdac-policies-with-custom-oma-uri).
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
index 78fa9baa34..1676591088 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-base-policy.md
@@ -67,7 +67,7 @@ A description of each policy rule, beginning with the left-most column, is provi
 | **Disable Script Enforcement** | This option disables script enforcement options. Unsigned PowerShell scripts and interactive PowerShell are no longer restricted to [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). NOTE: This option is required to run HTA files, and is only supported with the Windows 10 May 2019 Update (1903) and higher. Using it on earlier versions of Windows 10 isn't supported and may have unintended results. |
 |**[Hypervisor-protected code integrity (HVCI)](../device-guard/enable-virtualization-based-protection-of-code-integrity.md)**| When enabled, policy enforcement uses virtualization-based security to run the code integrity service inside a secure environment. HVCI provides stronger protections against kernel malware.|
 | **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by the Microsoft Intelligent Security Graph (ISG). |
-| **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. |
+| **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. |
 | **Require WHQL** | By default, legacy drivers that aren't Windows Hardware Quality Labs (WHQL) signed are allowed to execute. Enabling this rule requires that every executed driver is WHQL signed and removes legacy driver support. Henceforth, every new Windows–compatible driver must be WHQL certified. |
 | **Update Policy without Rebooting** | Use this option to allow future Windows Defender Application Control policy updates to apply without requiring a system reboot. |
 | **Unsigned System Integrity Policy** | Allows the policy to remain unsigned. When this option is removed, the policy must be signed and have UpdatePolicySigners added to the policy to enable future policy modifications. |
diff --git a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
index ef8ad65e17..05d77d395a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/wdac-wizard-create-supplemental-policy.md
@@ -62,7 +62,7 @@ There are only three policy rules that can be configured by the supplemental pol
 | Rule option | Description |
 |------------ | ----------- |
 | **Intelligent Security Graph Authorization** | Use this option to automatically allow applications with "known good" reputation as defined by Microsoft’s Intelligent Security Graph (ISG). |
-| **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Endpoint Configuration Manager, that has been defined as a managed installer. |
+| **Managed Installer** | Use this option to automatically allow applications installed by a software distribution solution, such as Microsoft Configuration Manager, that has been defined as a managed installer. |
 | **Disable Runtime FilePath Rule Protection** | Disable default FilePath rule protection (apps and executables allowed based on file path rules must come from a file path that’s only writable by an administrator) for any FileRule that allows a file based on FilePath. |
 
 ![Rule options UI for Windows Allowed mode.](images/wdac-wizard-supplemental-policy-rule-options-UI.png)
diff --git a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
index 78914e67c0..c8a1476cff 100644
--- a/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
+++ b/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide.md
@@ -59,6 +59,6 @@ All Windows Defender Application Control policy changes should be deployed in au
 There are several options to deploy Windows Defender Application Control policies to managed endpoints, including:
 
 - [Deploy using a Mobile Device Management (MDM) solution](deployment/deploy-windows-defender-application-control-policies-using-intune.md), such as Microsoft Intune
-- [Deploy using Microsoft Endpoint Configuration Manager](deployment/deploy-wdac-policies-with-memcm.md)
+- [Deploy using Microsoft Configuration Manager](deployment/deploy-wdac-policies-with-memcm.md)
 - [Deploy via script](deployment/deploy-wdac-policies-with-script.md)
 - [Deploy via group policy](deployment/deploy-windows-defender-application-control-policies-using-group-policy.md)
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
index 6979f8363a..ab88f6b52c 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-device-performance-health.md
@@ -25,7 +25,7 @@ ms.technology: itpro-security
 - Windows 11
 
 
-The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they're seeing, such as the [configure the Load and unload device drivers security policy setting](/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Endpoint Configuration Manager](/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
+The **Device performance & health** section contains information about hardware, devices, and drivers related to the machine. IT administrators and IT pros should reference the appropriate documentation library for the issues they're seeing, such as the [configure the Load and unload device drivers security policy setting](/windows/device-security/security-policy-settings/load-and-unload-device-drivers) and how to [deploy drivers during Windows 10 deployment using Microsoft Configuration Manager](/windows/deployment/deploy-windows-cm/add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager).
 
 The [Windows 10 IT pro troubleshooting topic](/windows/client-management/windows-10-support-solutions), and the main [Windows 10 documentation library](/windows/windows-10/) can also be helpful for resolving issues.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
index 523459b18b..958d4c9085 100644
--- a/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
+++ b/windows/security/threat-protection/windows-defender-security-center/wdsc-hide-notifications.md
@@ -40,7 +40,7 @@ You can only use Group Policy to change these settings.
 
 ## Use Group Policy to hide non-critical notifications
 
-You can hide notifications that describe regular events related to the health and security of the machine. These notifications are the ones that don't require an action from the machine's user. It can be useful to hide these notifications if you find they're too numerous or you have other status reporting on a larger scale (such as Update Compliance or Microsoft Endpoint Configuration Manager reporting).
+You can hide notifications that describe regular events related to the health and security of the machine. These notifications are the ones that don't require an action from the machine's user. It can be useful to hide these notifications if you find they're too numerous or you have other status reporting on a larger scale (such as Update Compliance or Microsoft Configuration Manager reporting).
 
 These notifications can be hidden only by using Group Policy.
 
diff --git a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
index 5c51d2770e..d34c5fc2b0 100644
--- a/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
+++ b/windows/security/threat-protection/windows-defender-security-center/windows-defender-security-center.md
@@ -70,7 +70,7 @@ For more information about each section, options for configuring the sections, a
     ![Screenshot of Windows Settings showing the different areas available in the Windows Security.](images/settings-windows-defender-security-center-areas.png)
 
 > [!NOTE]
-> Settings configured with management tools, such as group policy, Microsoft Intune, or Microsoft Endpoint Configuration Manager, will generally take precedence over the settings in the Windows Security.
+> Settings configured with management tools, such as group policy, Microsoft Intune, or Microsoft Configuration Manager, will generally take precedence over the settings in the Windows Security.
 
 ## How the Windows Security app works with Windows security features
 
@@ -96,7 +96,7 @@ The Windows Security app operates as a separate app or process from each of the
 
 It acts as a collector or single place to see the status and perform some configuration for each of the features.
 
-If you disable any of the individual features, it will prevent that feature from reporting its status in the Windows Security app. For example, if you disable a feature through group policy or other management tools, such as Microsoft Endpoint Configuration Manager. The Windows Security app itself will still run and show status for the other security features.
+If you disable any of the individual features, it will prevent that feature from reporting its status in the Windows Security app. For example, if you disable a feature through group policy or other management tools, such as Microsoft Configuration Manager. The Windows Security app itself will still run and show status for the other security features.
 
 > [!IMPORTANT]
 > If you individually disable any of the services, it won't disable the other services or the Windows Security app.
diff --git a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
index a942f45633..a5a4b985e6 100644
--- a/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
+++ b/windows/security/threat-protection/windows-defender-system-guard/how-hardware-based-root-of-trust-helps-protect-windows.md
@@ -82,7 +82,7 @@ As Windows 10 boots, a series of integrity measurements are taken by Windows Def
 
 ![Boot time integrity.](images/windows-defender-system-guard-boot-time-integrity.png)
 
-After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or Microsoft Endpoint Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources.
+After the system boots, Windows Defender System Guard signs and seals these measurements using the TPM. Upon request, a management system like Intune or Microsoft Configuration Manager can acquire them for remote analysis. If Windows Defender System Guard indicates that the device lacks integrity, the management system can take a series of actions, such as denying the device access to resources.
 
 ## System requirements for System Guard
 
diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
index 7ed3e77df2..eeb43f2414 100644
--- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
+++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
@@ -3,6 +3,7 @@ title: Best practices for configuring Windows Defender Firewall
 description: Learn about best practices for configuring Windows Defender Firewall
 keywords: firewall, best practices, security, network security, network, rules, filters,
 ms.prod: windows-client
+ms.date: 11/09/2022
 ms.mktglfcycl: deploy
 ms.sitesec: library
 ms.pagetype: security
@@ -17,22 +18,12 @@ ms.collection:
 ms.topic: article
 ms.technology: itpro-security
 appliesto: 
-  - ✅ <b>Windows 10</b>
-  - ✅ <b>Windows 11</b>
-  - ✅ <b>Windows Server 2016</b>
-  - ✅ <b>Windows Server 2019</b>
-  - ✅ <b>Windows Server 2022</b>
+  - ✅ <b>Windows 10 and later</b>
+  - ✅ <b>Windows Server 2016 and later</b>
 ---
 
 # Best practices for configuring Windows Defender Firewall
 
-**Applies to**
-
--   Windows 10
--   Windows 11
--   Windows Server 2016 and above
-
-
 Windows Defender Firewall with Advanced Security provides host-based, two-way
 network traffic filtering and blocks unauthorized network traffic flowing into
 or out of the local device. Configuring your Windows Firewall based on the
@@ -40,8 +31,8 @@ following best practices can help you optimize protection for devices in your
 network. These recommendations cover a wide range of deployments including home
 networks and enterprise desktop/server systems.
 
-To open Windows Firewall, go to the **Start** menu, select **Run**,
-type **WF.msc**, and then select **OK**. See also [Open Windows Firewall](./open-windows-firewall-with-advanced-security.md).
+To open Windows Firewall, go to the **Start** menu, select **Run**,
+type **WF.msc**, and then select **OK**. See also [Open Windows Firewall](./open-windows-firewall-with-advanced-security.md).
 
 ## Keep default settings
 
@@ -51,18 +42,14 @@ When you open the Windows Defender Firewall for the first time, you can see the
 
 *Figure 1: Windows Defender Firewall*
 
-1.  **Domain profile**: Used for networks where there's a system of account authentication against a domain controller (DC), such as an Azure Active Directory DC
-
-2.  **Private profile**: Designed for and best used
-    in private networks such as a home network
-
-3.  **Public profile**: Designed with higher security in mind
-    for public networks like Wi-Fi hotspots, coffee shops, airports, hotels, or stores
+1. **Domain profile**: Used for networks where there's a system of account authentication against an Active Directory domain controller
+1. **Private profile**: Designed for and best used in private networks such as a home network
+1. **Public profile**: Designed with higher security in mind for public networks, like Wi-Fi hotspots, coffee shops, airports, hotels, or stores
 
 View detailed settings for each profile by right-clicking the top-level **Windows Defender Firewall with Advanced Security** node in the left pane and then selecting **Properties**.
 
 Maintain the default settings in Windows Defender
-Firewall whenever possible. These settings have been designed to secure your device for use in most network scenarios. One key example is the default Block behavior for Inbound connections. 
+Firewall whenever possible. These settings have been designed to secure your device for use in most network scenarios. One key example is the default Block behavior for Inbound connections.
 
 ![A screenshot of a cell phone Description automatically generated.](images/fw03-defaults.png)
 
@@ -84,27 +71,20 @@ This rule-adding task can be accomplished by right-clicking either **Inbound Rul
 *Figure 3: Rule Creation Wizard*
 
 > [!NOTE]
->This article does not cover step-by-step rule
-configuration. See the [Windows Firewall with Advanced Security Deployment
-Guide](./windows-firewall-with-advanced-security-deployment-guide.md)
-for general guidance on policy creation.
+>This article does not cover step-by-step rule configuration. See the [Windows Firewall with Advanced Security Deployment Guide](./windows-firewall-with-advanced-security-deployment-guide.md) for general guidance on policy creation.
 
-In many cases, allowing specific types of inbound traffic will be required for
-applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when
-allowing these inbound exceptions.
+In many cases, allowing specific types of inbound traffic will be required for applications to function in the network. Administrators should keep the following rule precedence behaviors in mind when allowing these inbound exceptions.
 
-1.  Explicitly defined allow rules will take precedence over the default block setting.
-
-2.  Explicit block rules will take precedence over any conflicting allow rules.
-
-3.  More specific rules will take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. (For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 will take precedence.)
+1. Explicitly defined allow rules will take precedence over the default block setting.
+1. Explicit block rules will take precedence over any conflicting allow rules.
+1. More specific rules will take precedence over less specific rules, except if there are explicit block rules as mentioned in 2. (For example, if the parameters of rule 1 include an IP address range, while the parameters of rule 2 include a single IP host address, rule 2 will take precedence.)
 
 Because of 1 and 2, it's important that, when designing a set of policies, you make sure that there are no other explicit block rules in place that could inadvertently overlap, thus preventing the traffic flow you wish to allow.
 
 A general security best practice when creating inbound rules is to be as specific as possible. However, when new rules must be made that use ports or IP addresses, consider using consecutive ranges or subnets instead of individual addresses or ports where possible. This approach avoids creation of multiple filters under the hood, reduces complexity, and helps to avoid performance degradation.
 
-> [!NOTE] 
-> Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above. 
+> [!NOTE]
+> Windows Defender Firewall does not support traditional weighted, administrator-assigned rule ordering. An effective policy set with expected behaviors can be created by keeping in mind the few, consistent, and logical rule behaviors described above.
 
 ## Create rules for new applications before first launch
 
@@ -123,7 +103,6 @@ In either of the scenarios above, once these rules are added they must be delete
 > [!NOTE]
 > The firewall's default settings are designed for security. Allowing all inbound connections by default introduces the network to various threats. Therefore, creating exceptions for inbound connections from third-party software should be determined by trusted app developers, the user, or the admin on behalf of the user. 
 
-
 ### Known issues with automatic rule creation
 
 When designing a set of firewall policies for your network, it's a best practice to configure allow rules for any networked applications deployed on the host. Having these rules in place before the user first launches the application will help ensure a seamless experience.
@@ -132,11 +111,9 @@ The absence of these staged rules doesn't necessarily mean that in the end an ap
 
 To determine why some applications are blocked from communicating in the network, check for the following instances:
 
-1.  A user with sufficient privileges receives a query notification advising them that the application needs to make a change to the firewall policy. Not fully understanding the prompt, the user cancels or dismisses the prompt.
-
-2.  A user lacks sufficient privileges and is therefore not prompted to allow the application to make the appropriate policy changes.
-
-3.  Local Policy Merge is disabled, preventing the application or network service from creating local rules.
+1. A user with sufficient privileges receives a query notification advising them that the application needs to make a change to the firewall policy. Not fully understanding the prompt, the user cancels or dismisses the prompt.
+1. A user lacks sufficient privileges and is therefore not prompted to allow the application to make the appropriate policy changes.
+1. Local Policy Merge is disabled, preventing the application or network service from creating local rules.
 
 Creation of application rules at runtime can also be prohibited by administrators using the Settings app or Group Policy.
 
@@ -150,9 +127,9 @@ See also [Checklist: Creating Inbound Firewall Rules](./checklist-creating-inbou
 
 Firewall rules can be deployed:
 
-1. Locally using the Firewall snap-in (**WF.msc**) 
-2. Locally using PowerShell 
-3. Remotely using Group Policy if the device is a member of an Active Directory Name, System  Center Configuration Manager, or Intune (using workplace join)
+1. Locally using the Firewall snap-in (**WF.msc**)
+1. Locally using PowerShell 
+1. Remotely using Group Policy if the device is a member of an Active Directory Name, System  Center Configuration Manager, or Intune (using workplace join)
 
 Rule merging settings control how rules from different policy sources can be combined. Administrators can configure different merge behaviors for Domain, Private, and Public profiles.
 
@@ -163,8 +140,7 @@ The rule-merging settings either allow or prevent local administrators from crea
 *Figure 5: Rule merging setting*
 
 > [!TIP]
-> In the firewall [configuration service provider](/windows/client-management/mdm/firewall-csp), the
-equivalent setting is *AllowLocalPolicyMerge*. This setting can be found under each respective profile node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*. 
+> In the firewall [configuration service provider](/windows/client-management/mdm/firewall-csp), the equivalent setting is *AllowLocalPolicyMerge*. This setting can be found under each respective profile node, *DomainProfile*, *PrivateProfile*, and *PublicProfile*.
 
 If merging of local policies is disabled, centralized deployment of rules is required for any app that needs inbound connectivity.
 
@@ -173,15 +149,12 @@ Management (MDM), or both (for hybrid or co-management environments).
 
 [Firewall CSP](/windows/client-management/mdm/firewall-csp) and [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider) also have settings that can affect rule merging.
 
-As a best practice, it's important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments, a more thorough analysis may be needed using network packet capture tools. 
+As a best practice, it's important to list and log such apps, including the network ports used for communications. Typically, you can find what ports must be open for a given service on the app's website. For more complex or customer application deployments, a more thorough analysis may be needed using network packet capture tools.
 
 In general, to maintain maximum security, admins should only push firewall exceptions for apps and services determined to serve legitimate purposes.
 
-
-
 > [!NOTE]
-> The use of wildcard patterns, such as *C:\*\\teams.exe* is not
-supported in application rules. We currently only support rules created using the full path to the application(s).
+> The use of wildcard patterns, such as *C:\*\\teams.exe* is not supported in application rules. We currently only support rules created using the full path to the application(s).
 
 ## Know how to use "shields up" mode for active attacks
 
@@ -208,15 +181,12 @@ Once the emergency is over, uncheck the setting to restore regular network traff
 
 What follows are a few general guidelines for configuring outbound rules.
 
-- The default configuration of Blocked for Outbound rules can be
-    considered for certain highly secure environments. However, the Inbound rule configuration should never be changed in a way that Allows traffic by default.
-
-- It's recommended to Allow Outbound by default for most deployments for the sake of simplification around app deployments, unless the enterprise prefers tight security controls over ease-of-use.
-
-- In high security environments, an inventory of all enterprise-spanning apps must be taken and logged by the administrator or administrators. Records must include whether an app used requires network connectivity. Administrators will need to create new rules specific to each app that needs network connectivity and push those rules centrally, via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments).
+- The default configuration of Blocked for Outbound rules can be considered for certain highly secure environments. However, the Inbound rule configuration should never be changed in a way that Allows traffic by default
+- It's recommended to Allow Outbound by default for most deployments for the sake of simplification around app deployments, unless the enterprise prefers tight security controls over ease-of-use
+- In high security environments, an inventory of all enterprise-spanning apps must be taken and logged by the administrator or administrators. Records must include whether an app used requires network connectivity. Administrators will need to create new rules specific to each app that needs network connectivity and push those rules centrally, via group policy (GP), Mobile Device Management (MDM), or both (for hybrid or co-management environments)
 
 For tasks related to creating outbound rules, see [Checklist: Creating Outbound Firewall Rules](./checklist-creating-outbound-firewall-rules.md).
 
 ## Document your changes
 
-When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. Rules must be well-documented for ease of review both by you and other admins. We highly encourage taking the time to make the work of reviewing your firewall rules at a later date easier. And *never* create unnecessary holes in your firewall.
+When creating an inbound or outbound rule, you should specify details about the app itself, the port range used, and important notes like creation date. Rules must be well-documented for ease of review both by you and other admins. We highly encourage taking the time to make the work of reviewing your firewall rules at a later date easier. And *never* create unnecessary holes in your firewall.
diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
index dc02971c1c..a3d1293e65 100644
--- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
+++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
@@ -26,7 +26,7 @@ appliesto:
 
 To get started, Open the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), and then go to **Devices** > **Windows** > **Configuration profiles** > **Create profile** > Choose **Windows 10 and later** as the platform, Choose **Templates**, then **Endpoint protection** as the profile type. 
 Select Windows Defender Firewall.
-:::image type="content" source="images/windows-firewall-intune.png" alt-text="Example of a Windows Defender Firewall policy in Microsoft Endpoint Manager.":::
+:::image type="content" source="images/windows-firewall-intune.png" alt-text="Example of a Windows Defender Firewall policy in Microsoft Intune and the Endpoint Manager admin center.":::
 
 >[!IMPORTANT]
 >A single Endpoint Protection profile may contain up to a maximum of 150 firewall rules. If a client device requires more than 150 rules, then multiple profiles must be assigned to it.
diff --git a/windows/security/threat-protection/windows-platform-common-criteria.md b/windows/security/threat-protection/windows-platform-common-criteria.md
index e23ee6cb2e..37bb6cb877 100644
--- a/windows/security/threat-protection/windows-platform-common-criteria.md
+++ b/windows/security/threat-protection/windows-platform-common-criteria.md
@@ -1,35 +1,49 @@
 ---
 title: Common Criteria Certifications
 description: This topic details how Microsoft supports the Common Criteria certification program.
-ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
+ms.prod: windows-client
+ms.author: paoloma
+author: paolomatarazzo
 manager: aaroncz
 ms.collection: M365-identity-device-management
 ms.topic: article
 ms.localizationpriority: medium
-ms.date: 1/14/2022
+ms.date: 11/4/2022
 ms.reviewer: 
-ms.technology: windows-sec
+ms.technology: itpro-security
 ---
 
-# Common Criteria Certifications
+# Common Criteria certifications
 
-Microsoft is committed to optimizing the security of its products and services. As part of that commitment, Microsoft supports the Common Criteria certification program, ensures that products incorporate the features and functions required by relevant Common Criteria Protection Profiles, and completes Common Criteria certifications of Microsoft Windows products.  This topic lists the current and archived certified Windows products, together with relevant documentation from each certification.
+Microsoft is committed to optimizing the security of its products and services. As part of that commitment, Microsoft supports the *Common Criteria Certification Program*, ensures that products incorporate the features and functions required by relevant *Common Criteria Protection Profiles*, and completes *Common Criteria certifications* of Microsoft Windows products.  This topic lists the current and archived certified Windows products, together with relevant documentation from each certification.
 
-## Certified Products
+## Certified products
 
-The product releases below are currently certified against the cited Protection Profile, as listed on the [Common Criteria Portal](https://www.commoncriteriaportal.org/products/).  The Security Target describes the product edition(s) in scope, the security functionality in the product, and the assurance measures from the Protection Profile used as part of the evaluation.  The Administrative Guide provides guidance on configuring the product to match the evaluated configuration.  The Certification Report or Validation Report documents the results of the evaluation by the validation team, with the Assurance Activity Report providing details on the evaluator's actions.
+The product releases below are currently certified against the cited *Protection Profile*, as listed on the [Common Criteria Portal](https://www.commoncriteriaportal.org/products/):
 
-### Microsoft Windows 10, Windows Server version 2004 (May 2020 Update); Microsoft Windows Server Core Datacenter (Azure Frabic Controller); Microsoft Windows Server Core Datacenter (Azure Stack)
-Certified against the Protection Profile for General Purpose Operating Systems, including the Extended Package for Wireless Local Area Network Clients and the Module for Virtual Private Network Clients.
+- The *Security Target* describes the product edition(s) in scope, the security functionality in the product, and the assurance measures from the *Protection Profile* used as part of the evaluation
+- The *Administrative Guide* provides guidance on configuring the product to match the evaluated configuration
+- The *Certification Report or Validation Report* documents the results of the evaluation by the validation team, with the *Assurance Activity Report* providing details on the evaluator's actions
+
+For more details, expand each product section.
+
+<br>
+
+<details>
+<summary><b>  Windows 10, version 2004, Windows Server, version 2004, Windows Server Core Datacenter (Azure Fabric Controller), Windows Server Core Datacenter (Azure Stack)</b></summary>
+
+Certified against the Protection Profile for General Purpose Operating Systems, including the Extended Package for Wireless Local Area Network Clients and the Module for Virtual Private Network Clients
 
 - [Security Target](https://download.microsoft.com/download/a/5/6/a5650848-e86a-4554-bb13-1ad6ff2d45d2/Windows%2010%202004%20GP%20OS%20Security%20Target.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/4/a/6/4a66a459-3c73-4c34-84bb-92cb20301206/Windows%2010%202004%20GP%20OS%20Administrative%20Guide.pdf)
 - [Validation Report](https://download.microsoft.com/download/1/c/b/1cb65e32-f87d-41dd-bc29-88dc943fad9d/Windows%2010%202004%20GP%20OS%20Validation%20Reports.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/3/2/4/324562b6-0917-4708-8f9d-8d2d12859839/Windows%2010%202004%20GP%20OS%20Assurance%20Activity%20Report-Public%20.pdf)
 
-### Microsoft Windows Server, Windows 10 version 1909 (November 2019 Update), Microsoft Windows Server 2019 (version 1809) Hyper-V
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1909, Windows Server, version 1909, Windows Server 2019, version 1809 Hyper-V</b></summary>
+
 Certified against the Protection Profile for Virtualization, including the Extended Package for Server Virtualization.
 
 - [Security Target](https://download.microsoft.com/download/5/f/6/5f6efbb4-88a0-4161-953d-de07450b7107/Windows%20+%20Windows%20Server%201909,%20Windows%20Server%202019%20Hyper-V%20Security%20Target.pdf)
@@ -37,23 +51,35 @@ Certified against the Protection Profile for Virtualization, including the Exten
 - [Validation Report](https://download.microsoft.com/download/4/7/6/476ca991-631d-4943-aa89-b0cd4f448d14/Windows%20+%20Windows%20Server%201909,%20Windows%20Server%202019%20Hyper-V%20Validation%20Report.pdf)
 - [Assurance Activities Report](https://download.microsoft.com/download/3/b/4/3b4818d8-62a1-4b8d-8cb4-9b3256564355/Windows%20+%20Windows%20Server%201909,%20Windows%20Server%202019%20Hyper-V%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 and Windows Server (November 2019 Update, version 1909)
-Certified against the Protection Profile for General Purpose Operating Systems, including the Extended Package for Wireless Local Area Network Clients and the Module for Virtual Private Network Clients.
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1909, Windows Server, version 1909</b></summary>
+
+Certified against the Protection Profile for General Purpose Operating Systems, including the Extended Package for Wireless Local Area Network Clients and the Module for Virtual Private Network Clients.</b></summary>
 
 - [Security Target](https://download.microsoft.com/download/b/3/7/b37981cf-040a-4b02-a93c-a3d3a93986bf/Windows%2010%201909%20GP%20OS%20Security%20Target.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/7/7/3/77303254-05fb-4009-8a39-bf5fe7484a41/Windows%2010%201909%20GP%20OS%20Administrative%20Guide.pdf)
 - [Certification Report](https://download.microsoft.com/download/9/f/3/9f350b73-1790-4dcb-97f7-a0e65a00b55f/Windows%2010%201909%20GP%20OS%20Certification%20Report.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/0/0/d/00d26b48-a051-4e9a-8036-850d825f8ef9/Windows%2010%201909%20GP%20OS%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 and Windows Server (May 2019 Update, version 1903)
-Certified against the Protection Profile for General Purpose Operating Systems, including the Extended Package for Wireless Local Area Network Clients.
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1903, Windows Server, version 1903</b></summary>
+
+Certified against the Protection Profile for General Purpose Operating Systems, including the Extended Package for Wireless Local Area Network Clients.</b></summary>
 
 - [Security Target](https://download.microsoft.com/download/c/6/9/c6903621-901e-4603-b9cb-fbfe5d6aa691/Windows%2010%201903%20GP%20OS%20Security%20Target.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/0/b/b/0bb1c6b7-499a-458e-a5f8-e9cf972dfa8d/Windows%2010%201903%20GP%20OS%20Administrative%20Guide.pdf)
 - [Certification Report](https://download.microsoft.com/download/2/1/9/219909ad-2f2a-44cc-8fcb-126f28c74d36/Windows%2010%201903%20GP%20OS%20Certification%20Report.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/2/a/1/2a103b68-cd12-4476-8945-873746b5f432/Windows%2010%201903%20GP%20OS%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 and Windows Server (October 2018 Update, version 1809)
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1809, Windows Server, version 1809</b></summary>
+
 Certified against the Protection Profile for General Purpose Operating Systems, including the Extended Package for Wireless Local Area Network Clients.
 
 - [Security Target](https://download.microsoft.com/download/3/f/e/3fe6938d-2c2d-4ef1-85d5-1d42dc68ea89/Windows%2010%20version%201809%20GP%20OS%20Security%20Target.pdf)
@@ -61,7 +87,11 @@ Certified against the Protection Profile for General Purpose Operating Systems,
 - [Certification Report](https://download.microsoft.com/download/9/4/0/940ac551-7757-486d-9da1-7aa0300ebac0/Windows%2010%20version%201809%20GP%20OS%20Certification%20Report%20-%202018-61-INF-2795.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/a/6/6/a66bfcf1-f6ef-4991-ab06-5b1c01f91983/Windows%2010%201809%20GP%20OS%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 and Windows Server (April 2018 Update, version 1803)
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1803, Windows Server, version 1803</b></summary>
+
 Certified against the Protection Profile for General Purpose Operating Systems, including the Extended Package for Wireless Local Area Network Clients.
 
 - [Security Target](https://download.microsoft.com/download/0/7/6/0764E933-DD0B-45A7-9144-1DD9F454DCEF/Windows%2010%201803%20GP%20OS%20Security%20Target.pdf)
@@ -69,7 +99,11 @@ Certified against the Protection Profile for General Purpose Operating Systems,
 - [Certification Report](https://download.microsoft.com/download/6/7/1/67167BF2-885D-4646-A61E-96A0024B52BB/Windows%2010%201803%20GP%20OS%20Certification%20Report.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/b/3/d/b3da41b6-6ebc-4a26-a581-2d2ad8d8d1ac/Windows%2010%201803%20GP%20OS%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 and Windows Server (Fall Creators Update, version 1709)
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1709, Windows Server, version 1709</b></summary>
+
 Certified against the Protection Profile for General Purpose Operating Systems.
 
 - [Security Target](https://download.microsoft.com/download/B/6/A/B6A5EC2C-6351-4FB9-8FF1-643D4BD5BE6E/Windows%2010%201709%20GP%20OS%20Security%20Target.pdf)
@@ -77,7 +111,11 @@ Certified against the Protection Profile for General Purpose Operating Systems.
 - [Certification Report](https://download.microsoft.com/download/2/C/2/2C20D013-0610-4047-B2FA-516819DFAE0A/Windows%2010%201709%20GP%20OS%20Certification%20Report.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/e/7/6/e7644e3c-1e59-4754-b071-aec491c71849/Windows%2010%201709%20GP%20OS%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 (Creators Update, version 1703)
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1703, Windows Server, version 1703</b></summary>
+
 Certified against the Protection Profile for General Purpose Operating Systems.
 
 - [Security Target](https://download.microsoft.com/download/e/8/b/e8b8c42a-a0b6-4ba1-9bdc-e704e8289697/windows%2010%20version%201703%20gp%20os%20security%20target%20-%20public%20\(january%2016,%202018\)\(final\)\(clean\).pdf)
@@ -85,7 +123,11 @@ Certified against the Protection Profile for General Purpose Operating Systems.
 - [Certification Report](https://download.microsoft.com/download/3/2/c/32cdf627-dd23-4266-90ff-2f9685fd15c0/2017-49%20inf-2218%20cr.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/a/e/9/ae9a2235-e1cd-4869-964d-c8260f604367/Windows%2010%201703%20GP%20OS%20Assurance%20Activity%20Report.pdf) 
 
-### Microsoft Windows 10 (Anniversary Update, version 1607) and Windows Server 2016
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1607, Windows Server 2016</b></summary>
+
 Certified against the Protection Profile for General Purpose Operating Systems.
 
 - [Security Target](https://download.microsoft.com/download/f/8/c/f8c1c2a4-719c-48ae-942f-9fd3ce5b238f/windows%2010%20au%20and%20server%202016%20gp%20os%20security%20target%20-%20public%20\(december%202%202016\)%20\(clean\).docx)
@@ -93,7 +135,11 @@ Certified against the Protection Profile for General Purpose Operating Systems.
 - [Validation Report](https://download.microsoft.com/download/5/4/8/548cc06e-c671-4502-bebf-20d38e49b731/2016-36-inf-1779.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/a/5/f/a5f08a43-75f9-4433-bd77-aeb14276e587/Windows%2010%201607%20GP%20OS%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 (version 1507) and Windows Server 2012 R2
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1507, Windows Server 2012 R2</b></summary>
+
 Certified against the Protection Profile for General Purpose Operating Systems.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_windows10.pdf)
@@ -101,19 +147,35 @@ Certified against the Protection Profile for General Purpose Operating Systems.
 - [Certification Report](https://www.commoncriteriaportal.org/files/epfiles/cr_windows10.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/7/e/5/7e5575c9-10f9-4f3d-9871-bd7cf7422e3b/Windows%2010%20(1507),%20Windows%20Server%202012%20R2%20GPOS%20Assurance%20Activity%20Report.pdf)
 
-## Archived Certified Products
+</details>
 
-The product releases below were certified against the cited Protection Profile and are now archived, as listed on the [Common Criteria Portal](https://www.commoncriteriaportal.org/products/index.cfm?archived=1).  The Security Target describes the product edition(s) in scope, the security functionality in the product, and the assurance measures from the Protection Profile used as part of the evaluation.  The Administrative Guide provides guidance on configuring the product to match the evaluated configuration.  The Validation Report documents the results of the evaluation by the validation team, with the Assurance Activity Report, where available, providing details on the evaluator's actions.
+## Archived certified products
 
-### Microsoft Windows Server 2016, Windows Server 2012 R2, and Windows 10
-Certified against the Protection Profile for Server Virtualization. 
+The product releases below were certified against the cited *Protection Profile* and are now archived, as listed on the [Common Criteria Portal](https://www.commoncriteriaportal.org/products/index.cfm?archived=1):
+
+- The *Security Target* describes the product edition(s) in scope, the security functionality in the product, and the assurance measures from the *Protection Profile* used as part of the evaluation
+- The *Administrative Guide* provides guidance on configuring the product to match the evaluated configuration
+- The *Certification Report or Validation Report* documents the results of the evaluation by the validation team, with the *Assurance Activity Report* providing details on the evaluator's actions
+
+For more details, expand each product section.
+
+
+<br>
+<details>
+<summary><b>  Windows Server 2016, Windows Server 2012 R2, Windows 10</b></summary>
+
+Certified against the Protection Profile for Server Virtualization.
 
 - [Security Target](https://download.microsoft.com/download/1/c/3/1c3b5ab0-e064-4350-a31f-48312180d9b5/st_vid10823-st.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/d/c/4/dc40b5c8-49c2-4587-8a04-ab3b81eb6fc4/st_vid10823-agd.pdf)
 - [Validation Report](https://download.microsoft.com/download/a/3/3/a336f881-4ac9-4c79-8202-95289f86bb7a/st_vid10823-vr.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/3/f/c/3fcc76e1-d471-4b44-9a19-29e69b6ab899/Windows%2010%20Hyper-V,%20Server%202016,%20Server%202012%20R2%20Virtualization%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 and Windows 10 Mobile (Anniversary Update, version 1607)
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1607, Windows 10 Mobile, version 1607</b></summary>
+
 Certified against the Protection Profile for Mobile Device Fundamentals.
 
 - [Security Target](https://download.microsoft.com/download/1/5/e/15eee6d3-f2a8-4441-8cb1-ce8c2ab91c24/windows%2010%20anniversary%20update%20mdf%20security%20target%20-%20public%20\(april%203%202017\).docx)
@@ -121,7 +183,11 @@ Certified against the Protection Profile for Mobile Device Fundamentals.
 - [Validation Report](https://download.microsoft.com/download/f/2/f/f2f7176e-34f4-4ab0-993c-6606d207bb3c/st_vid10752-vr.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/9/3/9/939b44a8-5755-4d4c-b020-d5e8b89690ab/Windows%2010%20and%20Windows%2010%20Mobile%201607%20MDF%20Assurance%20Activity%20Report.pdf) 
 
-### Microsoft Windows 10 (Anniversary Update, version 1607) and Windows Server 2016
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1607, Windows Server 2016</b></summary>
+
 Certified against the Protection Profile for IPsec Virtual Private Network (VPN) Clients.
 
 - [Security Target](https://download.microsoft.com/download/b/f/5/bf59e430-e57b-462d-8dca-8ac3c93cfcff/windows%2010%20anniversary%20update%20ipsec%20vpn%20client%20security%20target%20-%20public%20\(december%2029%202016\)%20\(clean\).docx)
@@ -129,7 +195,11 @@ Certified against the Protection Profile for IPsec Virtual Private Network (VPN)
 - [Validation Report](https://download.microsoft.com/download/2/0/a/20a8e686-3cd9-43c4-a22a-54b552a9788a/st_vid10753-vr.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/b/8/d/b8ddc36a-408a-4d64-a31c-d41c9c1e9d9e/Windows%2010%201607,%20Windows%20Server%202016%20IPsec%20VPN%20Client%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 (November 2015 Update, version 1511)
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1511</b></summary>
+
 Certified against the Protection Profile for Mobile Device Fundamentals.
 
 - [Security Target](https://download.microsoft.com/download/a/c/2/ac2a6ed8-4d2f-4f48-a9bf-f059d6c9af38/windows%2010%20mdf3%20security%20target%20-%20public%20\(june%2022%202016\)\(final\).docx)
@@ -137,7 +207,11 @@ Certified against the Protection Profile for Mobile Device Fundamentals.
 - [Validation Report](https://download.microsoft.com/download/d/c/b/dcb7097d-1b9f-4786-bb07-3c169fefb579/st_vid10715-vr.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/1/f/1/1f12ed80-6d73-4a16-806f-d5116814bd7c/Windows%2010%20November%202015%20Update%20(1511)%20MDF%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 and Windows 10 Mobile (version 1507)
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1507, Windows 10 Mobile, version 1507</b></summary>
+
 Certified against the Protection Profile for Mobile Device Fundamentals.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10677-st.pdf)
@@ -145,7 +219,11 @@ Certified against the Protection Profile for Mobile Device Fundamentals.
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10694-vr.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/a/1/3/a1365491-0a53-42cd-bd73-ca4067c43d86/Windows%2010,%20Windows%2010%20Mobile%20(1507)%20MDF%20Assurance%20Activity%20Report.pdf)
 
-### Microsoft Windows 10 (version 1507)
+</details>
+
+<details>
+<summary><b>  Windows 10, version 1507</b></summary>
+
 Certified against the Protection Profile for IPsec Virtual Private Network (VPN) Clients.
 
 - [Security Target](https://download.microsoft.com/download/3/7/2/372beb03-b1ed-4bb6-9b9b-b8f43afc570d/st_vid10746-st.pdf)
@@ -153,87 +231,134 @@ Certified against the Protection Profile for IPsec Virtual Private Network (VPN)
 - [Validation Report](https://download.microsoft.com/download/9/b/6/9b633763-6078-48aa-b9ba-960da2172a11/st_vid10746-vr.pdf)
 - [Assurance Activity Report](https://download.microsoft.com/download/9/3/6/93630ffb-5c06-4fea-af36-164da3e359c9/Windows%2010%20IPsec%20VPN%20Client%20Assurance%20Activity%20Report.pdf)
 
-### Windows 8.1 with Surface 3 and Windows Phone 8.1 with Lumia 635 and Lumia 830
+</details>
+
+<details>
+<summary><b>  Windows 8.1 with Surface 3, Windows Phone 8.1 with Lumia 635 and Lumia 830</b></summary>
+
 Certified against the Protection Profile for Mobile Device Fundamentals.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10635-st.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/b/e/3/be365594-daa5-4af3-a6b5-9533d61eae32/surface%20pro%203%20mobile%20operational%20guidance.docx)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10635-vr.pdf)
 
-### Microsoft Surface Pro 3 and Windows 8.1
+</details>
+
+<details>
+<summary><b>  Surface Pro 3, Windows 8.1</b></summary>
+
 Certified against the Protection Profile for Mobile Device Fundamentals.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10632-st.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/b/e/3/be365594-daa5-4af3-a6b5-9533d61eae32/surface%20pro%203%20mobile%20operational%20guidance.docx)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10632-vr.pdf)
 
-### Windows 8.1 and Windows Phone 8.1
+</details>
+
+<details>
+<summary><b>  Windows 8.1, Windows Phone 8.1</b></summary>
+
 Certified against the Protection Profile for Mobile Device Fundamentals.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10592-st.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/b/0/e/b0e30225-5017-4241-ac0a-6c40bc8e6714/mobile%20operational%20guidance.docx)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10592-vr.pdf)
 
-### Windows 8 and Windows Server 2012
+</details>
+
+<details>
+<summary><b>  Windows 8, Windows Server 2012</b></summary>
+
 Certified against the Protection Profile for General Purpose Operating Systems.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10520-st.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/6/0/b/60b27ded-705a-4751-8e9f-642e635c3cf3/microsoft%20windows%208%20windows%20server%202012%20common%20criteria%20supplemental%20admin%20guidance.docx)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10520-vr.pdf)
 
-### Windows 8 and Windows RT
+</details>
+
+<details>
+<summary><b>  Windows 8, Windows RT</b></summary>
+
 Certified against the Protection Profile for General Purpose Operating Systems.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10620-st.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/8/6/e/86e8c001-8556-4949-90cf-f5beac918026/microsoft%20windows%208%20microsoft%20windows%20rt%20common%20criteria%20supplemental%20admin.docx)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10620-vr.pdf)
 
-### Windows 8 and Windows Server 2012 BitLocker
+</details>
+
+<details>
+<summary><b>  Windows 8, Windows Server 2012 BitLocker</b></summary>
+
 Certified against the Protection Profile for Full Disk Encryption.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10540-st.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/0/8/4/08468080-540b-4326-91bf-f2a33b7e1764/administrative%20guidance%20for%20software%20full%20disk%20encryption%20clients.pdf)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10540-vr.pdf)
 
-### Windows 8, Windows RT, and Windows Server 2012 IPsec VPN Client
+</details>
+
+<details>
+<summary><b>  Windows 8, Windows RT, Windows Server 2012 IPsec VPN Client</b></summary>
+
 Certified against the Protection Profile for IPsec Virtual Private Network (VPN) Clients.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10529-st.pdf)
 - [Administrative Guide](https://download.microsoft.com/download/a/9/f/a9fd7e2d-023b-4925-a62f-58a7f1a6bd47/microsoft%20windows%208%20windows%20server%202012%20supplemental%20admin%20guidance%20ipsec%20vpn%20client.docx)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10529-vr.pdf)
 
-### Windows 7 and Windows Server 2008 R2
+</details>
+
+<details>
+<summary><b>  Windows 7, Windows Server 2008 R2</b></summary>
+
 Certified against the Protection Profile for General Purpose Operating Systems.
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10390-st.pdf)
 - [Administrative Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=ee05b6d0-9939-4765-9217-63083bb94a00)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10390-vr.pdf)
 
-### Microsoft Windows Server 2008 R2 Hyper-V Role
+</details>
+
+<details>
+<summary><b>  Microsoft Windows Server 2008 R2 Hyper-V Role</b></summary>
 
 - [Security Target](https://www.microsoft.com/download/en/details.aspx?id=29305)
 - [Administrative Guide](https://www.microsoft.com/download/en/details.aspx?id=29308)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/0570a_pdf.pdf)
 
-### Windows Vista and Windows Server 2008 at EAL4+
+</details>
+
+<details>
+<summary><b>  Windows Vista, Windows Server 2008 at EAL4+</b></summary>
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10291-st.pdf)
 - [Administrative Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=06166288-24c4-4c42-9daa-2b2473ddf567)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10291-vr.pdf)
 
-### Windows Vista and Windows Server 2008 at EAL1
+</details>
+
+<details>
+<summary><b>  Windows Vista, Windows Server 2008 at EAL1</b></summary>
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_st_v1.0.pdf)
 - [Administrative Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=06166288-24c4-4c42-9daa-2b2473ddf567)
 - [Certification Report](https://www.commoncriteriaportal.org/files/epfiles/efs-t005_msvista_msserver2008_eal1_cr_v1.0.pdf)
 
-### Microsoft Windows Server 2008 Hyper-V Role
+</details>
+
+<details>
+<summary><b>  Microsoft Windows Server 2008 Hyper-V Role</b></summary>
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/0570b_pdf.pdf)
 - [Administrative Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=cb19538d-9e13-4ab6-af38-8f48abfdad08)
 - [Certification Report](http://www.commoncriteriaportal.org:80/files/epfiles/0570a_pdf.pdf) 
 
-### Windows Server 2003 Certificate Server
+</details>
+
+<details>
+<summary><b>  Windows Server 2003 Certificate Server</b></summary>
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid9507-st.pdf)
 - [Administrator's Guide](https://www.microsoft.com/downloads/en/details.aspx?familyid=445093d8-45e2-4cf6-884c-8802c1e6cb2d)
@@ -242,7 +367,12 @@ Certified against the Protection Profile for General Purpose Operating Systems.
 - [Evaluation Technical Report](https://www.microsoft.com/downloads/details.aspx?familyid=a594e77f-dcbb-4787-9d68-e4689e60a314)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid9507-vr.pdf)
 
-### Windows Rights Management Services
+</details>
+
+<details>
+<summary><b>  Windows Rights Management Services</b></summary>
 
 - [Security Target](https://www.commoncriteriaportal.org/files/epfiles/st_vid10224-st.pdf)
 - [Validation Report](https://www.commoncriteriaportal.org/files/epfiles/st_vid10224-vr.pdf)
+
+</details>
\ No newline at end of file
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
index 20ae8ff495..1f712dc9f7 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/get-support-for-security-baselines.md
@@ -1,6 +1,6 @@
 ---
 title: Get support for security baselines
-description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related topics.
+description: Find answers to frequently asked question on how to get support for baselines, the Security Compliance Toolkit (SCT), and related articles.
 ms.prod: windows-client
 ms.localizationpriority: medium
 ms.author: vinpa
@@ -32,13 +32,13 @@ Any version of Windows baseline before Windows 10 1703 can still be downloaded u
 
 **What file formats are supported by the new SCT?**
 
-The toolkit supports formats created by the Windows GPO backup feature (.pol, .inf, and .csv). Policy Analyzer saves its data in XML files with a .PolicyRules file extension. LGPO also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. For more information, see the LGPO documentation. Keep in mind that SCMs' .cab files are no longer supported.
+The toolkit supports formats created by the Windows GPO backup feature (.pol, .inf, and .csv). Policy Analyzer saves its data in XML files with a `.PolicyRules` file extension. LGPO also supports its own LGPO text file format as a text-based analog for the binary registry.pol file format. For more information, see the LGPO documentation. Keep in mind that SCMs' .cab files are no longer supported.
 
 **Does SCT support Desired State Configuration (DSC) file format?**
 
 No. PowerShell-based DSC is rapidly gaining popularity, and more DSC tools are coming online to convert GPOs and DSC and to validate system configuration.
 
-**Does SCT support the creation of Microsoft Endpoint Manager DCM packs?**
+**Does SCT support the creation of Microsoft Configuration Manager DCM packs?**
 
 No. A potential alternative is Desired State Configuration (DSC), a feature of the [Windows Management Framework](https://www.microsoft.com/download/details.aspx?id=54616). A tool that supports conversion of GPO Backups to DSC format can be found [here](https://github.com/Microsoft/BaselineManagement).
 
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
index 73d14e6ece..a3d0a27f9d 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/security-compliance-toolkit-10.md
@@ -58,7 +58,7 @@ The Security Compliance Toolkit consists of:
     -   GPO to Policy Rules
 
 
-You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more information about security baseline recommendations, see the [Microsoft Security Guidance blog](/archive/blogs/secguide/).
+You can [download the tools](https://www.microsoft.com/download/details.aspx?id=55319) along with the baselines for the relevant Windows versions. For more information about security baseline recommendations, see the [Microsoft Security Guidance blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/bg-p/Microsoft-Security-Baselines).
 
 ## What is the Policy Analyzer tool?
 
@@ -70,7 +70,7 @@ The Policy Analyzer is a utility for analyzing and comparing sets of Group Polic
 
 Policy Analyzer lets you treat a set of GPOs as a single unit. This treatment makes it easy to determine whether particular settings are duplicated across the GPOs or are set to conflicting values. Policy Analyzer also lets you capture a baseline and then compare it to a snapshot taken at a later time to identify changes anywhere across the set. 
 
-More information on the Policy Analyzer tool can be found on the [Microsoft Security Guidance blog](/archive/blogs/secguide/new-tool-policy-analyzer) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
+More information on the Policy Analyzer tool can be found on the [Microsoft Security Guidance blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
 
 ## What is the Local Group Policy Object (LGPO) tool?
 
@@ -80,7 +80,7 @@ LGPO.exe can import and apply settings from Registry Policy (Registry.pol) files
 It can export local policy to a GPO backup. 
 It can export the contents of a Registry Policy file to the “LGPO text” format that can then be edited, and can build a Registry Policy file from an LGPO text file.
 
-Documentation for the LGPO tool can be found on the [Microsoft Security Guidance blog](/archive/blogs/secguide/lgpo-exe-local-group-policy-object-utility-v1-0) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
+Documentation for the LGPO tool can be found on the [Microsoft Security Guidance blog](https://techcommunity.microsoft.com/t5/microsoft-security-baselines/new-amp-updated-security-tools/ba-p/1631613) or by [downloading the tool](https://www.microsoft.com/download/details.aspx?id=55319).
 
 ## What is the Set Object Security tool?
 
diff --git a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
index c7acc81e52..5bedbaf17a 100644
--- a/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
+++ b/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines.md
@@ -56,7 +56,7 @@ Our recommendations follow a streamlined and efficient approach to baseline defi
 You can use security baselines to:
 
 - Ensure that user and device configuration settings are compliant with the baseline.
-- Set configuration settings. For example, you can use group policy, Microsoft Endpoint Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline.
+- Set configuration settings. For example, you can use group policy, Microsoft Configuration Manager, or Microsoft Intune to configure a device with the setting values specified in the baseline.
 
 ## Where can I get the security baselines?
 
@@ -66,7 +66,7 @@ There are several ways to get and use security baselines:
 
 2. [Mobile device management (MDM) security baselines](/windows/client-management/mdm/#mdm-security-baseline) function like the Microsoft group policy-based security baselines and can easily integrate these baselines into an existing MDM management tool.
 
-3. MDM security baselines can easily be configures in Microsoft Endpoint Manager on devices that run Windows 10 and Windows 11. For more information, see [List of the settings in the Windows 10/11 MDM security baseline in Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
+3. MDM security baselines can easily be configures in Microsoft Intune on devices that run Windows 10 and Windows 11. For more information, see [List of the settings in the Windows 10/11 MDM security baseline in Intune](/mem/intune/protect/security-baseline-settings-mdm-all).
 
 ## Community
 
diff --git a/windows/security/trusted-boot.md b/windows/security/trusted-boot.md
index 37a654e8fd..64689039a1 100644
--- a/windows/security/trusted-boot.md
+++ b/windows/security/trusted-boot.md
@@ -1,18 +1,18 @@
 ---
 title: Secure Boot and Trusted Boot
 description: Trusted Boot prevents corrupted components from loading during the boot-up process in Windows 11
-search.appverid: MET150 
+search.appverid: MET150
 author: vinaypamnani-msft
 ms.author: vinpa
-manager: aaroncz 
+manager: aaroncz
 ms.topic: conceptual
 ms.date: 09/21/2021
-ms.prod: m365-security
-ms.technology: windows-sec
+ms.prod: windows-client
+ms.technology: itpro-security
 ms.localizationpriority: medium
 ms.collection: 
 ms.custom: 
-ms.reviewer: jsuther  
+ms.reviewer: jsuther
 ---
 
 # Secure Boot and Trusted Boot
diff --git a/windows/security/zero-trust-windows-device-health.md b/windows/security/zero-trust-windows-device-health.md
index 6e2cf83c4a..84ff0bde52 100644
--- a/windows/security/zero-trust-windows-device-health.md
+++ b/windows/security/zero-trust-windows-device-health.md
@@ -1,5 +1,5 @@
 ---
-title: Zero Trust and Windows device health 
+title: Zero Trust and Windows device health
 description: Describes the process of Windows device health attestation
 ms.reviewer: 
 ms.topic: article
@@ -8,8 +8,8 @@ ms.author: paoloma
 author: paolomatarazzo
 ms.collection: M365-security-compliance
 ms.custom: intro-overview
-ms.prod: m365-security
-ms.technology: windows-sec
+ms.prod: windows-client
+ms.technology: itpro-security
 ---
 
 # Zero Trust and Windows device health
@@ -60,7 +60,7 @@ A summary of the steps involved in attestation and Zero Trust on the device side
 
 6. The attestation service returns an attestation report that contains information about the security features based on the policy configured in the attestation service.
 
-7. The device then sends the report to the Microsoft Endpoint Manager cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules.
+7. The device then sends the report to the Microsoft Intune cloud to assess the trustworthiness of the platform according to the admin-configured device compliance rules.
 
 8. Conditional access, along with device-compliance state then decides to allow or deny access.
 
diff --git a/windows/whats-new/ltsc/index.md b/windows/whats-new/ltsc/index.md
index faa61e8726..4ebad1267c 100644
--- a/windows/whats-new/ltsc/index.md
+++ b/windows/whats-new/ltsc/index.md
@@ -8,6 +8,7 @@ manager: dougeby
 ms.localizationpriority: low
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-fundamentals
 ---
 
 # Windows 10 Enterprise LTSC
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2015.md b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
index cddd5c8950..8d02105a34 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2015.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2015.md
@@ -8,6 +8,7 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: medium
 ms.topic: article
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10 Enterprise LTSC 2015
@@ -236,7 +237,7 @@ Enterprises have the following identity and management choices.
 |---|---|
 | Identity   | Active Directory; Azure AD         |
 | Grouping   | Domain join; Workgroup; Azure AD join    |
-| Device management | Group Policy; Microsoft Endpoint Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) |
+| Device management | Group Policy; Microsoft Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) |
 
 > [!NOTE]
 > With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](/lifecycle/).
@@ -273,9 +274,9 @@ By using [Group Policy Objects](/previous-versions/cc498727(v=msdn.10)), Windows
 
 -   **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth efficient.
 
--   **Use with existing tools** such as Microsoft Endpoint Manager and the [Enterprise Mobility Suite](/enterprise-mobility-security).
+-   **Use with existing tools** such as Microsoft Intune and the [Enterprise Mobility Suite](/enterprise-mobility-security).
 
-Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, and provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)) and [Microsoft Endpoint Configuration Manager](/configmgr).
+Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, and provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)) and [Microsoft Configuration Manager](/configmgr).
 
 
 Learn more about [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb).
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2016.md b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
index 2f55f78bd5..ff84fce008 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2016.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2016.md
@@ -8,6 +8,7 @@ ms.prod: windows-client
 author: aczechowski
 ms.localizationpriority: low
 ms.topic: article
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10 Enterprise LTSC 2016
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2019.md b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
index ef03698602..99bbdce00b 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2019.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2019.md
@@ -10,6 +10,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.collection: 
   - highpri
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10 Enterprise LTSC 2019
@@ -36,7 +37,7 @@ The Windows 10 Enterprise LTSC 2019 release is an important release for LTSC use
 
 ## Microsoft Intune
 
-Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. However, Windows 10 update rings device profiles don't support LTSC releases. For installing software updates, use the [policy configuration service provider (CSP)](/windows/client-management/mdm/policy-csp-update), Windows Server Update Services (WSUS), or Microsoft Endpoint Configuration Manager.
+Microsoft Intune supports Windows 10 Enterprise LTSC 2019 and later. However, Windows 10 update rings device profiles don't support LTSC releases. For installing software updates, use the [policy configuration service provider (CSP)](/windows/client-management/mdm/policy-csp-update), Windows Server Update Services (WSUS), or Microsoft Configuration Manager.
 
 ## Security
 
@@ -382,7 +383,7 @@ If you wish to take advantage of [Kiosk capabilities in Microsoft Edge](/previou
 
 ### Co-management
 
-Intune and Microsoft Endpoint Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
+Intune and Microsoft Configuration Manager policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
 
 For more information, see [What's New in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management).
 
diff --git a/windows/whats-new/ltsc/whats-new-windows-10-2021.md b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
index a6bb2fa385..6c8dc542bc 100644
--- a/windows/whats-new/ltsc/whats-new-windows-10-2021.md
+++ b/windows/whats-new/ltsc/whats-new-windows-10-2021.md
@@ -10,6 +10,7 @@ ms.localizationpriority: low
 ms.topic: article
 ms.collection: 
   - highpri
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10 Enterprise LTSC 2021
@@ -161,9 +162,9 @@ Windows Hello enhancements include:
 
 ## Cloud Services
 
-### Microsoft Endpoint Manager
+### Microsoft Intune family of products
 
-Configuration Manager, Intune, Desktop Analytics, Co-Management, and Device Management Admin Console are now [Microsoft Endpoint Manager](/configmgr/). See the Nov. 4 2019 [announcement](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/). Also see [Modern management and security principles driving our Microsoft Endpoint Manager vision](https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Modern-management-and-security-principles-driving-our-Microsoft/ba-p/946797).
+Configuration Manager, Intune, Desktop Analytics, Co-Management, and the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) are now part of the [Microsoft endpoint management services](/mem/endpoint-manager-overview). See the Nov. 4 2019 [announcement](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/).
 
 ### Configuration Manager
 
diff --git a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
index f96c6387bf..66b6c21f4d 100644
--- a/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
+++ b/windows/whats-new/whats-new-windows-10-version-1507-and-1511.md
@@ -9,6 +9,7 @@ ms.author: aaroncz
 ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, versions 1507 and 1511 for IT Pros
@@ -277,7 +278,7 @@ Enterprises have the following identity and management choices.
 |---|---|
 | Identity   | Active Directory; Azure AD         |
 | Grouping   | Domain join; Workgroup; Azure AD join    |
-| Device management | Group Policy; Microsoft Endpoint Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) |
+| Device management | Group Policy; Microsoft Configuration Manager; Microsoft Intune; other MDM solutions; Exchange ActiveSync; Windows PowerShell; Windows Management Instrumentation (WMI) |
 
 > [!NOTE]
 > With the release of Windows Server 2012 R2, Network Access Protection (NAP) was deprecated and the NAP client has now been removed in Windows 10. For more information about support lifecycles, see [Microsoft Support Lifecycle](/lifecycle/).
@@ -324,9 +325,9 @@ By using [Group Policy Objects](/previous-versions/cc498727(v=msdn.10)), Windows
 
 -   **Peer-to-peer delivery**, which administrators can enable to make delivery of updates to branch offices and remote sites with limited bandwidth efficient.
 
--   **Use with existing tools** such as Microsoft Endpoint Manager and the [Enterprise Mobility Suite](/enterprise-mobility-security).
+-   **Use with existing tools** such as Microsoft Intune and the [Enterprise Mobility Suite](/enterprise-mobility-security).
 
-Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, and provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)) and [Microsoft Endpoint Configuration Manager](/configmgr).
+Together, these Windows Update for Business features help reduce device management costs, provide controls over update deployment, offer quicker access to security updates, and provide access to the latest innovations from Microsoft on an ongoing basis. Windows Update for Business is a free service for all Windows 10 Pro, Enterprise, and Education editions, and can be used independent of, or in conjunction with, existing device management solutions such as [Windows Server Update Services (WSUS)](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh852345(v=ws.11)) and [Microsoft Configuration Manager](/configmgr).
 
 
 Learn more about [Windows Update for Business](/windows/deployment/update/waas-manage-updates-wufb).
diff --git a/windows/whats-new/whats-new-windows-10-version-1607.md b/windows/whats-new/whats-new-windows-10-version-1607.md
index 61009f9d89..5d80c4bdea 100644
--- a/windows/whats-new/whats-new-windows-10-version-1607.md
+++ b/windows/whats-new/whats-new-windows-10-version-1607.md
@@ -9,6 +9,7 @@ manager: dougeby
 ms.author: aaroncz
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 1607 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-1703.md b/windows/whats-new/whats-new-windows-10-version-1703.md
index f91dd12313..5030a8b526 100644
--- a/windows/whats-new/whats-new-windows-10-version-1703.md
+++ b/windows/whats-new/whats-new-windows-10-version-1703.md
@@ -9,6 +9,7 @@ manager: dougeby
 ms.author: aaroncz
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 1703 for IT Pros
@@ -181,7 +182,7 @@ We recently added the option to download Windows 10 Insider Preview builds using
 
 ### Optimize update delivery
 
-With changes delivered in Windows 10, version 1703, [express updates](/windows/deployment/do/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Endpoint Configuration Manager, starting with version 1702 of Configuration Manager, and with other third-party updating and management products that [implement this new functionality](/windows-server/administration/windows-server-update-services/deploy/express-update-delivery-isv-support). This support is in addition to current Express support on Windows Update, Windows Update for Business and WSUS.
+With changes delivered in Windows 10, version 1703, [express updates](/windows/deployment/do/waas-optimize-windows-10-updates#express-update-delivery) are now fully supported with Microsoft Configuration Manager, starting with version 1702 of Configuration Manager, and with other third-party updating and management products that [implement this new functionality](/windows-server/administration/windows-server-update-services/deploy/express-update-delivery-isv-support). This support is in addition to current Express support on Windows Update, Windows Update for Business and WSUS.
 
 >[!NOTE]
 > The above changes can be made available to Windows 10, version 1607, by installing the April 2017 cumulative update.
diff --git a/windows/whats-new/whats-new-windows-10-version-1709.md b/windows/whats-new/whats-new-windows-10-version-1709.md
index ee7222900f..df9f38a3c3 100644
--- a/windows/whats-new/whats-new-windows-10-version-1709.md
+++ b/windows/whats-new/whats-new-windows-10-version-1709.md
@@ -9,6 +9,7 @@ ms.author: aaroncz
 ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 1709 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-1803.md b/windows/whats-new/whats-new-windows-10-version-1803.md
index b1aaf69503..3815add5bd 100644
--- a/windows/whats-new/whats-new-windows-10-version-1803.md
+++ b/windows/whats-new/whats-new-windows-10-version-1803.md
@@ -9,6 +9,7 @@ ms.author: aaroncz
 ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 1803 for IT Pros
@@ -130,7 +131,7 @@ Portions of the work done during the offline phases of a Windows update have bee
 
 ### Co-management
 
-**Intune** and **Microsoft Endpoint Configuration Manager** policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
+**Intune** and **Microsoft Configuration Manager** policies have been added to enable hybrid Azure AD-joined authentication. Mobile Device Management (MDM) has added over 150 new policies and settings in this release, including the [MDMWinsOverGP](/windows/client-management/mdm/policy-csp-controlpolicyconflict) policy, to enable easier transition to cloud-based management.
 
 For more information, see [What's New in MDM enrollment and management](/windows/client-management/mdm/new-in-windows-mdm-enrollment-management#whatsnew1803)
 
diff --git a/windows/whats-new/whats-new-windows-10-version-1809.md b/windows/whats-new/whats-new-windows-10-version-1809.md
index 7f151bdfcf..ced11ae8ad 100644
--- a/windows/whats-new/whats-new-windows-10-version-1809.md
+++ b/windows/whats-new/whats-new-windows-10-version-1809.md
@@ -9,6 +9,7 @@ ms.author: aaroncz
 ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 1809 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-1903.md b/windows/whats-new/whats-new-windows-10-version-1903.md
index 048526a784..1f6ccc5fac 100644
--- a/windows/whats-new/whats-new-windows-10-version-1903.md
+++ b/windows/whats-new/whats-new-windows-10-version-1903.md
@@ -8,6 +8,7 @@ manager: dougeby
 ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 1903 for IT Pros
@@ -42,7 +43,7 @@ This article lists new and updated features and content that are of interest to
 
 ## Servicing
 
-- [**Delivery Optimization**](/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These new policies now support Microsoft 365 Apps for enterprise updates, and Intune content, with Microsoft Endpoint Manager content coming soon! 
+- [**Delivery Optimization**](/windows/deployment/update/waas-delivery-optimization): Improved Peer Efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These new policies now support Microsoft 365 Apps for enterprise updates and Intune content.
 - [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically sign in as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.  
 - [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period. 
 - **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device backed up and run normally.
diff --git a/windows/whats-new/whats-new-windows-10-version-1909.md b/windows/whats-new/whats-new-windows-10-version-1909.md
index 6c1efb18d1..67c62a1a1f 100644
--- a/windows/whats-new/whats-new-windows-10-version-1909.md
+++ b/windows/whats-new/whats-new-windows-10-version-1909.md
@@ -8,6 +8,7 @@ manager: dougeby
 ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 1909 for IT Pros
@@ -29,7 +30,7 @@ If you're updating from an older version of Windows 10 (version 1809 or earlier)
 
 ### Windows Server Update Services (WSUS)
 
-Pre-release Windows 10 feature updates are now available to IT administrators using WSUS. Microsoft Endpoint Manager version 1906 or later is required. For more information, see [Publishing pre-release Windows 10 feature updates to WSUS](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Publishing-pre-release-Windows-10-feature-updates-to-WSUS/ba-p/845054).
+Pre-release Windows 10 feature updates are now available to IT administrators using WSUS. Microsoft Configuration Manager version 1906 or later is required. For more information, see [Publishing pre-release Windows 10 feature updates to WSUS](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Publishing-pre-release-Windows-10-feature-updates-to-WSUS/ba-p/845054).
 
 The Windows 10, version 1909 enablement package will be available on WSUS as [KB4517245](https://support.microsoft.com/kb/4517245), which can be deployed on existing deployments of Windows 10, version 1903. 
 
@@ -69,9 +70,9 @@ Windows Virtual Desktop is a comprehensive desktop and app virtualization servic
 
 ## Deployment
 
-#### Microsoft Endpoint Manager
+### Microsoft Intune family of products
 
-Configuration Manager, Intune, Desktop Analytics, Co-Management, and Device Management Admin Console are now [Microsoft Endpoint Manager](/configmgr/). See the Nov. 4 2019 [announcement](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/). Also see [Modern management and security principles driving our Microsoft Endpoint Manager vision](https://techcommunity.microsoft.com/t5/Enterprise-Mobility-Security/Modern-management-and-security-principles-driving-our-Microsoft/ba-p/946797).
+Configuration Manager, Intune, Desktop Analytics, Co-Management, and the [Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431) are now part of the [Microsoft endpoint management services](/mem/endpoint-manager-overview). See the Nov. 4 2019 [announcement](https://www.microsoft.com/microsoft-365/blog/2019/11/04/use-the-power-of-cloud-intelligence-to-simplify-and-accelerate-it-and-the-move-to-a-modern-workplace/).
 
 ### Windows 10 Pro and Enterprise in S mode
 
diff --git a/windows/whats-new/whats-new-windows-10-version-2004.md b/windows/whats-new/whats-new-windows-10-version-2004.md
index ce5cb2cd4b..c573b18f86 100644
--- a/windows/whats-new/whats-new-windows-10-version-2004.md
+++ b/windows/whats-new/whats-new-windows-10-version-2004.md
@@ -8,6 +8,7 @@ manager: dougeby
 ms.localizationpriority: medium
 ms.topic: article
 ROBOTS: NOINDEX
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 2004 for IT Pros
@@ -76,7 +77,7 @@ With this release, you can configure [Windows Autopilot user-driven](/windows/de
 
 If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, this skip was only supported with self-deploying profiles.
 
-### Microsoft Endpoint Manager
+### Microsoft Configuration Manager
 
 An in-place upgrade wizard is available in Configuration Manager. For more information, see [Simplifying Windows 10 deployment with Configuration Manager](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/simplifying-windows-10-deployment-with-configuration-manager/ba-p/1214364).
 
@@ -100,7 +101,7 @@ For the latest information about MDT, see the [MDT release notes](/mem/configmgr
 
 Windows PowerShell cmdlets have been improved:
 
-- **Get-DeliveryOptimizationStatus** has added the  **-PeerInfo** option for a real-time peak behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
+- **Get-DeliveryOptimizationStatus** has added the  **-PeerInfo** option for a real-time peek behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
 - **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
 - **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to help in troubleshooting.
 
@@ -243,7 +244,7 @@ Examples include:
 - Monitor panel testing and validation
 - Independent Hardware Vendor (IHV) driver testing and validation
 
-To prevent Windows from using a display, choose Settings > Display and click Advanced display settings. Select a display to view or change, and then set the Remove display from desktop setting to On.  The display will now be available for a specialized use.
+To prevent Windows from using a display, choose Settings > Display and select Advanced display settings. Select a display to view or change, and then set the Remove display from desktop setting to On.  The display will now be available for a specialized use.
 
 ## Desktop Analytics
 
diff --git a/windows/whats-new/whats-new-windows-10-version-20H2.md b/windows/whats-new/whats-new-windows-10-version-20H2.md
index 3a35dafa98..ac69c0d7b2 100644
--- a/windows/whats-new/whats-new-windows-10-version-20H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-20H2.md
@@ -8,6 +8,7 @@ manager: dougeby
 ms.localizationpriority: high
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 20H2 for IT Pros
@@ -69,7 +70,7 @@ Activities are grouped into the following phases: **Plan** > **Prepare** > **Dep
 Enhancements to Windows Autopilot since the last release of Windows 10 include:
 - [Windows Autopilot for HoloLens](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-autopilot-for-hololens-2/ba-p/1371494): Set up HoloLens 2 devices with Windows Autopilot for HoloLens 2 self-deploying mode.
 - [Windows Autopilot with co-management](/mem/configmgr/comanage/quickstart-autopilot): Co-management and Autopilot together can help you reduce cost and improve the end user experience.
-- Enhancements to Windows Autopilot deployment reporting are in preview. From the Microsoft Endpoint Manager admin center (endpoint.microsoft.com), select **Devices** > **Monitor** and scroll down to the **Enrollment** section. Click **Autopilot deployment (preview)**.
+- Enhancements to Windows Autopilot deployment reporting are in preview. In the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431), select **Devices** > **Monitor** and scroll down to the **Enrollment** section. Select **Autopilot deployment (preview)**.
 
 ### Windows Assessment and Deployment Toolkit (ADK)
 
diff --git a/windows/whats-new/whats-new-windows-10-version-21H1.md b/windows/whats-new/whats-new-windows-10-version-21H1.md
index 1edaf57d80..67ec5e934e 100644
--- a/windows/whats-new/whats-new-windows-10-version-21H1.md
+++ b/windows/whats-new/whats-new-windows-10-version-21H1.md
@@ -8,6 +8,7 @@ manager: dougeby
 ms.localizationpriority: high
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 21H1 for IT Pros
diff --git a/windows/whats-new/whats-new-windows-10-version-21H2.md b/windows/whats-new/whats-new-windows-10-version-21H2.md
index 3e965fd0a1..5d8e006605 100644
--- a/windows/whats-new/whats-new-windows-10-version-21H2.md
+++ b/windows/whats-new/whats-new-windows-10-version-21H2.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.collection: highpri
 ms.custom: intro-overview
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 10, version 21H2
@@ -51,7 +52,7 @@ For more information, and what GPU compute support means for you, see the [GPU a
 
 The [KB5005101  September 1, 2021 update](https://support.microsoft.com/topic/september-1-2021-kb5005101-os-builds-19041-1202-19042-1202-and-19043-1202-preview-82a50f27-a56f-4212-96ce-1554e8058dc1) includes about 1400 CSPs that were made available to MDM providers.
 
-These CSPs are built in to Windows 10, version 21H2. These settings are available in Endpoint Manager in the [Settings Catalog](/mem/intune/configuration/settings-catalog). [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) also includes these GPOs in its analysis.
+These CSPs are built in to Windows 10, version 21H2. These settings are available in Microsoft Intune in the [Settings Catalog](/mem/intune/configuration/settings-catalog). [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) also includes these GPOs in its analysis.
 
 For more information on the CSPs, see the [Configuration service provider reference](/windows/client-management/mdm/configuration-service-provider-reference).
 
diff --git a/windows/whats-new/whats-new-windows-11-version-22H2.md b/windows/whats-new/whats-new-windows-11-version-22H2.md
index ba75d6dbc6..a36d8795f6 100644
--- a/windows/whats-new/whats-new-windows-11-version-22H2.md
+++ b/windows/whats-new/whats-new-windows-11-version-22H2.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.collection: highpri
 ms.custom: intro-overview
+ms.technology: itpro-fundamentals
 ---
 
 # What's new in Windows 11, version 22H2
diff --git a/windows/whats-new/windows-10-insider-preview.md b/windows/whats-new/windows-10-insider-preview.md
index 9f9114f7ef..bdfa205f5c 100644
--- a/windows/whats-new/windows-10-insider-preview.md
+++ b/windows/whats-new/windows-10-insider-preview.md
@@ -8,6 +8,7 @@ ms.reviewer:
 manager: dansimp
 ms.author: dansimp
 ms.topic: article
+ms.technology: itpro-fundamentals
 ---
 
 # Documentation for Windows 10 Insider Preview
diff --git a/windows/whats-new/windows-11-overview.md b/windows/whats-new/windows-11-overview.md
index 19c319c011..165bd132d3 100644
--- a/windows/whats-new/windows-11-overview.md
+++ b/windows/whats-new/windows-11-overview.md
@@ -24,7 +24,7 @@ Windows 11 is the next client operating system, and includes features that organ
 
 It offers innovations focused on enhancing end-user productivity, and is designed to support today's hybrid work environment.
 
-Your investments in update and device management are carried forward. For example, many of the same apps and tools can be used in Windows 11. Many of the same security settings and policies can be applied to Windows 11 devices, including PCs. You can use Windows Autopilot with a zero touch deployment to enroll your Windows devices in Microsoft Endpoint Manager. You can also use newer features, such as Azure Virtual Desktop and Windows 365 on your Windows 11 devices.
+Your investments in update and device management are carried forward. For example, many of the same apps and tools can be used in Windows 11. Many of the same security settings and policies can be applied to Windows 11 devices, including PCs. You can use Windows Autopilot with a zero touch deployment to enroll your Windows devices in Microsoft Intune. You can also use newer features, such as Azure Virtual Desktop and Windows 365 on your Windows 11 devices.
 
 This article lists what's new, and some of the features & improvements. For more information on what's new for OEMs, see [What's new in manufacturing, customization, and design](/windows-hardware/get-started/what-s-new-in-windows).
 
@@ -40,7 +40,7 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur
   
   For more information, see [Windows security baselines](/windows/security/threat-protection/windows-security-configuration-framework/windows-security-baselines).
 
-- **Microsoft Defender Antivirus** is built into Windows, and helps protect devices using next-generation security. When used with Microsoft Defender for Endpoint, your organization gets strong endpoint protection, and advanced endpoint protection & response. If you use Endpoint Manager to manage devices, then you can create policies based on threat levels in Microsoft Defender for Endpoint.
+- **Microsoft Defender Antivirus** is built into Windows, and helps protect devices using next-generation security. When used with Microsoft Defender for Endpoint, your organization gets strong endpoint protection, and advanced endpoint protection & response. If you use Intune to manage devices, then you can create policies based on threat levels in Microsoft Defender for Endpoint.
 
   For more information, see:
 
@@ -54,15 +54,15 @@ The security and privacy features in Windows 11 are similar to Windows 10. Secur
 
 - **Windows Hello for Business** helps protect users and identities. It replaces passwords, and uses a PIN or biometric that stays locally on the device. Device manufacturers are including more secure hardware features, such as IR cameras and TPM chips. These features are used with Windows Hello for Business to help protect user identities on your organization devices.
 
-  As an admin, going passwordless help secures user identities. The Windows OS, Azure AD, and Endpoint Manager work together to remove passwords, create more secure policies, and help enforce compliance.
+  As an admin, going passwordless help secures user identities. The Windows OS, Azure AD, and Intune work together to remove passwords, create more secure policies, and help enforce compliance.
 
   For more information, see:
 
   - [Windows Hello for Business Overview](/windows/security/identity-protection/hello-for-business/hello-overview)
   - [Trusted Platform Module Technology Overview](/windows/security/information-protection/tpm/trusted-platform-module-overview)
-  - [Integrate Windows Hello for Business with Endpoint Manager](/mem/intune/protect/windows-hello)
+  - [Integrate Windows Hello for Business with Intune](/mem/intune/protect/windows-hello)
 
-For more information on the security features you can configure, manage, and enforce using Endpoint Manager, see [Protect data and devices with Microsoft Endpoint Manager](/mem/intune/protect/device-protect).
+For more information on the security features you can configure, manage, and enforce using Intune, see [Protect data and devices with Microsoft Intune](/mem/intune/protect/device-protect).
 
 ## Easier access to new services, and services you already use
 
@@ -74,11 +74,11 @@ For more information on the security features you can configure, manage, and enf
 
   :::image type="content" source="./images/windows-11-whats-new/windows-11-taskbar-microsoft-teams.png" alt-text="On the Windows 11 taskbar, select the camera chat icon to start a Microsoft Teams call.":::
 
-  This version of Microsoft Teams is for personal accounts. For organization accounts, such as `user@contoso.com`, you can deploy the Microsoft Teams app using MDM policy, such as Endpoint Manager. For more information, see:
+  This version of Microsoft Teams is for personal accounts. For organization accounts, such as `user@contoso.com`, you can deploy the Microsoft Teams app using MDM policy, such as Intune. For more information, see:
 
-  - [Get started with Microsoft Endpoint Manager](/mem/endpoint-manager-getting-started)
+  - [What is Intune?](/mem/intune/fundamentals/what-is-intune)
   - [Add Microsoft 365 apps to Windows 10 devices with Microsoft Intune](/mem/intune/apps/apps-add-office365)
-  - [Install Microsoft Teams using Microsoft Endpoint Configuration Manager](/microsoftteams/msi-deployment)
+  - [Install Microsoft Teams using Microsoft Configuration Manager](/microsoftteams/msi-deployment)
 
   Users can manage preinstalled apps using the **Settings** app > **Apps** > **Apps & Features**. Admins can [create a policy that pins apps, or removes the default pinned apps from the Taskbar](/windows/configuration/customize-taskbar-windows-11).
 
@@ -158,9 +158,9 @@ For more information on the security features you can configure, manage, and enf
 
   In the **Settings** app > **Apps**, users can manage some of the app settings. For example, they can get apps anywhere, but let the user know if there's a comparable app in the Microsoft Store. They can also choose which apps start when they sign in.
 
-  Using an MDM provider, like Endpoint Manager, you can create policies that also manage some app settings. For a list of settings, see [App Store in Endpoint Manager](/mem/intune/configuration/device-restrictions-windows-10#app-store).
+  Using an MDM provider, like Intune, you can create policies that also manage some app settings. For a list of settings, see [App Store in Intune](/mem/intune/configuration/device-restrictions-windows-10#app-store).
 
-- If you manage devices using Endpoint Manager, then you might be familiar with the **Company Portal app**. Starting with Windows 11, the Company Portal is your private app repository for your organization apps. For more information, see [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11).
+- If you manage devices using Intune, then you might be familiar with the **Company Portal app**. Starting with Windows 11, the Company Portal is your private app repository for your organization apps. For more information, see [Private app repository in Windows 11](/windows/application-management/private-app-repository-mdm-company-portal-windows-11).
 
   For public and retail apps, continue using the Microsoft Store.
 
@@ -183,7 +183,7 @@ For more information on the security features you can configure, manage, and enf
 
   To save system resources, Microsoft Edge uses sleeping tabs. Users can configure these settings, and more, in `edge://settings/system`.
 
-  Using Group Policy or an MDM provider, such as Endpoint Manager, you can configure some Microsoft Edge settings. For more information, see [Microsoft Edge - Policies](/deployedge/microsoft-edge-policies) and [Configure Microsoft Edge policy settings](/mem/intune/configuration/administrative-templates-configure-edge).
+  Using Group Policy or an MDM provider, such as Intune, you can configure some Microsoft Edge settings. For more information, see [Microsoft Edge - Policies](/deployedge/microsoft-edge-policies) and [Configure Microsoft Edge policy settings](/mem/intune/configuration/administrative-templates-configure-edge).
 
 ## Deployment and servicing
 
@@ -197,15 +197,15 @@ For more information on the security features you can configure, manage, and enf
 
   If you have a global or remote workforce, then Autopilot might be the right option to install the OS, and get it ready for use. For more information, see [Overview of Windows Autopilot](/mem/autopilot/windows-autopilot).
 
-- **Microsoft Endpoint Manager** is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.
+- **Microsoft Intune** is a mobile application management (MAM) and mobile device management (MDM) provider. It helps manage devices, and manage apps on devices in your organization. You configure policies, and then deploy these policies to users and groups. You can create and deploy policies that install apps, configure device features, enforce PIN requirements, block compromised devices, and more.
 
-  If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Endpoint Manager, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects.
+  If you use Group Policy to manage your Windows 10 devices, then you can also use Group Policy to manage Windows 11 devices. In Intune, there are [administrative templates](/mem/intune/configuration/administrative-templates-windows) and the [settings catalog](/mem/intune/configuration/settings-catalog) that include many of the same policies. [Group Policy analytics](/mem/intune/configuration/group-policy-analytics) analyze your on-premises group policy objects.
 
 - **Windows Updates and Delivery optimization** helps manage updates, and manage features on your devices. Starting with Windows 11, the OS feature updates are installed annually. For more information on servicing channels, and what they are, see [Servicing channels](/windows/deployment/update/waas-overview#servicing-channels).
 
   Like Windows 10, Windows 11 will receive monthly quality updates.
 
-  You have options to install updates on your Windows devices, including Endpoint Manager, Group Policy, Windows Server Update Services (WSUS), and more. For more information, see [Assign devices to servicing channels](/windows/deployment/update/waas-servicing-channels-windows-10-updates).
+  You have options to install updates on your Windows devices, including Intune, Group Policy, Windows Server Update Services (WSUS), and more. For more information, see [Assign devices to servicing channels](/windows/deployment/update/waas-servicing-channels-windows-10-updates).
 
   Some updates are large, and use bandwidth. Delivery optimization helps reduce bandwidth consumption. It shares the work of downloading the update packages with multiple devices in your deployment. Windows 11 updates are smaller, as they only pull down source files that are different. You can create policies that configure delivery optimization settings. For example, set the maximum upload and download bandwidth, set caching sizes, and more.
 
diff --git a/windows/whats-new/windows-11-plan.md b/windows/whats-new/windows-11-plan.md
index 8184fe2b9e..1a2f7d3b76 100644
--- a/windows/whats-new/windows-11-plan.md
+++ b/windows/whats-new/windows-11-plan.md
@@ -8,6 +8,7 @@ manager: dougeby
 ms.localizationpriority: high
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-fundamentals
 ---
 
 # Plan for Windows 11
@@ -45,7 +46,7 @@ The availability of Windows 11 will vary according to a device's hardware and wh
 
 ##### Managed devices
 
-Managed devices are devices that are under organization control. Managed devices include those devices managed by Microsoft Intune, Microsoft Endpoint Configuration Manager, or other endpoint management solutions. 
+Managed devices are devices that are under organization control. Managed devices include those devices managed by Microsoft Intune, Microsoft Configuration Manager, or other endpoint management solutions. 
 
 If you manage devices on behalf of your organization, you'll be able to upgrade eligible devices to Windows 11 using your existing deployment and management tools at no cost when the upgrade reaches general availability. Organizations that use Windows Update for Business will have added benefits, such as:  
 
@@ -71,7 +72,7 @@ The recommended method to determine if your infrastructure, deployment processes
 
 As you plan your endpoint management strategy for Windows 11, consider moving to cloud-based mobile device management (MDM), such as [Microsoft Intune](/mem/intune/fundamentals/what-is-intune). If a cloud-only approach isn't right for your organization yet, you can still modernize and streamline essential pieces of your endpoint management strategy as follows:
 - Create a [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview) (CMG) to manage Configuration Manager clients over the internet.
-- Attach your existing Configuration Management estate to the cloud with [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions) so you can manage all devices from within the Microsoft Endpoint Manager admin center. 
+- Attach your existing Configuration Management estate to the cloud with [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions) so you can manage all devices from within the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431). 
 - Use [co-management](/mem/configmgr/comanage/overview) to concurrently manage devices using both Configuration Manager and Microsoft Intune. This concurrent management allows you to take advantage of cloud-powered capabilities like [Conditional Access](/azure/active-directory/conditional-access/overview). 
 
 For more information on the benefits of these approaches, see [Cloud Attach Your Future: The Big 3](https://techcommunity.microsoft.com/t5/configuration-manager-blog/cloud-attach-your-future-part-ii-quot-the-big-3-quot/ba-p/1750664). 
@@ -104,7 +105,7 @@ If you run into compatibility issues or want to ensure that your organization's
 
 **App Assure**: With enrollment in the [App Assure](/windows/compatibility/app-assure) service, any app compatibility issues that you find with Windows 11 can be resolved. Microsoft will help you remedy application issues at no cost. Since 2018, App Assure has evaluated almost 800,000 apps, and subscriptions are free for eligible customers with 150+ seats. 
 
-**Test Base for Microsoft 365**: For software publishers, systems integrators, and IT administrators, [Test Base for Microsoft 365](https://aka.ms/testbase) (currently in private preview) is a service that allows you to validate your apps across various Windows features and quality updates and environments in a Microsoft-managed Azure environment. Enterprise organizations can also nominate their software publishers for participation by completing a short form.  
+**Test Base for Microsoft 365**: For software publishers, systems integrators, and IT administrators, [Test Base for Microsoft 365](https://aka.ms/testbase) is a service that allows you to validate your apps across various Windows features and quality updates and environments in a Microsoft-managed Azure environment. Enterprise organizations can also nominate their software publishers for participation by completing a short form.  
 
 You might already be using App Assure and Test Base in your Windows 10 environment. Both of these tools will continue to function with Windows 11. 
 
diff --git a/windows/whats-new/windows-11-prepare.md b/windows/whats-new/windows-11-prepare.md
index 7cf00b9522..1ae1ed1629 100644
--- a/windows/whats-new/windows-11-prepare.md
+++ b/windows/whats-new/windows-11-prepare.md
@@ -8,6 +8,7 @@ manager: dougeby
 ms.localizationpriority: high
 ms.topic: article
 ms.collection: highpri
+ms.technology: itpro-fundamentals
 ---
 
 # Prepare for Windows 11
@@ -35,7 +36,7 @@ The tools that you use for core workloads during Windows 10 deployments can stil
   > [!NOTE]
   > During deployment, you will be prompted to agree to the Microsoft Software License Terms on behalf of your users. Additionally, you will not see an x86 option because Windows 11 is not supported on 32-bit architecture.
 
-- If you use [Microsoft Endpoint Configuration Manager](/mem/configmgr/), you can sync the new **Windows 11** product category and begin upgrading eligible devices. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.  
+- If you use [Microsoft Configuration Manager](/mem/configmgr/), you can sync the new **Windows 11** product category and begin upgrading eligible devices. If you would like to validate Windows 11 prior to release, you can sync the **Windows Insider Pre-release** category as well.  
 
   > [!NOTE]
   > Configuration Manager will prompt you to accept the Microsoft Software License Terms on behalf of the users in your organization. 
@@ -56,13 +57,13 @@ The tools that you use for core workloads during Windows 10 deployments can stil
 
 ## Cloud-based management
 
-If you aren’t already taking advantage of cloud-based management capabilities, like those available in [Microsoft Endpoint Manager](/mem/endpoint-manager-overview), it's worth considering. In addition to consolidating device management and endpoint security into a single platform, Microsoft Endpoint Manager can better support the diverse bring-your-own-device (BYOD) ecosystem that is increasingly the norm with hybrid work scenarios. It can also enable you to track your progress against compliance and business objectives, while protecting user privacy.  
+If you aren’t already taking advantage of cloud-based management capabilities, like those available in the [Microsoft Intune family of products](/mem/endpoint-manager-overview), it's worth considering. In addition to consolidating device management and endpoint security into a single platform, Microsoft Intune can better support the diverse bring-your-own-device (BYOD) ecosystem that is increasingly the norm with hybrid work scenarios. It can also enable you to track your progress against compliance and business objectives, while protecting user privacy.  
 
-The following are some common use cases and the corresponding Microsoft Endpoint Manager capabilities that support them: 
+The following are some common use cases and the corresponding Microsoft Intune capabilities that support them: 
 
 - **Provision and pre-configure new Windows 11 devices**: [Windows Autopilot](/mem/autopilot/windows-autopilot) enables you to deploy new Windows 11 devices in a “business-ready” state that includes your desired applications, settings, and policies. It can also be used to change the edition of Windows. For example, you can upgrade from Pro to Enterprise edition and gain the use of advanced features. The [Windows Autopilot diagnostics page](/mem/autopilot/windows-autopilot-whats-new#preview-windows-autopilot-diagnostics-page) is new feature that is available when you use in Windows Autopilot to deploy Windows 11.
 - **Configure rules and control settings for users, apps, and devices**: When you enroll devices in [Microsoft Intune](/mem/intune/fundamentals/what-is-intune), administrators have full control over apps, settings, features, and security for both Windows 11 and Windows 10. You can also use app protection policies to require multifactor authentication (MFA) for specific apps. 
-- **Streamline device management for frontline, remote, and onsite workers**: Introduced with Windows 10, [cloud configuration](/mem/intune/fundamentals/cloud-configuration) is a standard, easy-to-manage, device configuration that is cloud-optimized for users with specific workflow needs. It can be deployed to devices running the Pro, Enterprise, and Education editions of Windows 11 by using Microsoft Endpoint Manager. 
+- **Streamline device management for frontline, remote, and onsite workers**: Introduced with Windows 10, [cloud configuration](/mem/intune/fundamentals/cloud-configuration) is a standard, easy-to-manage, device configuration that is cloud-optimized for users with specific workflow needs. It can be deployed to devices running the Pro, Enterprise, and Education editions of Windows 11 by using Microsoft Intune. 
 
 If you're exclusively using an on-premises device management solution (for example, Configuration Manager), you can still use the [cloud management gateway](/mem/configmgr/core/clients/manage/cmg/overview), enable [tenant attach](/mem/configmgr/tenant-attach/device-sync-actions), or enable [co-management](/mem/configmgr/comanage/overview) with Microsoft Intune. These solutions can make it easier to keep devices secure and up-to-date. 
 
@@ -97,7 +98,7 @@ Regardless of the method you choose, you have the benefit of free Microsoft supp
 
 #### Analytics and assessment tools 
 
-If you use Microsoft Endpoint Manager and have onboarded devices to Endpoint analytics, you'll have access to a hardware readiness assessment later this year. This tool enables you to quickly identify which of your managed devices are eligible for the Windows 11 upgrade.
+If you use Microsoft Intune and have onboarded devices to Endpoint analytics, you'll have access to a hardware readiness assessment later this year. This tool enables you to quickly identify which of your managed devices are eligible for the Windows 11 upgrade.
 
 [Desktop Analytics](/mem/configmgr/desktop-analytics/overview) doesn't support Windows 11. You must use [Endpoint analytics](/mem/analytics/overview).
 
diff --git a/windows/whats-new/windows-11-requirements.md b/windows/whats-new/windows-11-requirements.md
index f7a02bf116..cbb7d6dbb6 100644
--- a/windows/whats-new/windows-11-requirements.md
+++ b/windows/whats-new/windows-11-requirements.md
@@ -9,6 +9,7 @@ ms.localizationpriority: medium
 ms.topic: article
 ms.custom: seo-marvel-apr2020
 ms.collection: highpri
+ms.technology: itpro-fundamentals
 ---
 
 # Windows 11 requirements