diff --git a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
index ea499a1774..0e1a848592 100644
--- a/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
+++ b/browsers/internet-explorer/kb-support/ie-edge-faqs.yml
@@ -93,7 +93,7 @@ sections:
- question: |
Is an example Proxy Auto Configuration (PAC) file available?
answer: |
- Here is a simple PAC file:
+ Here's a simple PAC file:
```vb
function FindProxyForURL(url, host)
@@ -103,7 +103,7 @@ sections:
```
> [!NOTE]
- > The previous PAC always returns the **proxyserver:portnumber** proxy.
+ > The previous PAC always returns the `proxyserver:portnumber` proxy.
For more information about how to write a PAC file and about the different functions in a PAC file, see [the FindProxyForURL website](https://findproxyforurl.com/).
@@ -113,8 +113,7 @@ sections:
- question: |
How to improve performance by using PAC scripts
answer: |
- - [Browser is slow to respond when you use an automatic configuration script](https://support.microsoft.com/en-us/topic/effa1aa0-8e95-543d-6606-03ac68e3f490)
- - [Optimizing performance with automatic Proxyconfiguration scripts (PAC)](/troubleshoot/browsers/optimize-pac-performance)
+ For more information, see [Optimizing performance with automatic Proxy configuration scripts (PAC)](/troubleshoot/developer/browsers/connectivity-navigation/optimize-pac-performance).
- name: Other questions
questions:
@@ -123,7 +122,7 @@ sections:
answer: |
For more information, see the following blog article:
- [How do I set the home page in Microsoft Edge?](https://support.microsoft.com/en-us/microsoft-edge/change-your-browser-home-page-a531e1b8-ed54-d057-0262-cc5983a065c6)
+ [How do I set the home page in Microsoft Edge?](https://support.microsoft.com/microsoft-edge/change-your-browser-home-page-a531e1b8-ed54-d057-0262-cc5983a065c6)
- question: |
How to add sites to the Enterprise Mode (EMIE) site list
@@ -133,7 +132,7 @@ sections:
- question: |
What is Content Security Policy (CSP)?
answer: |
- By using [Content Security Policy](/microsoft-edge/dev-guide/security/content-security-policy), you create an allow list of sources of trusted content in the HTTP headers. You also pre-approve certain servers for content that is loaded into a webpage, and instruct the browser to execute or render only resources from those sources. You can use this technique to prevent malicious content from being injected into sites.
+ By using [Content Security Policy](/microsoft-edge/dev-guide/security/content-security-policy), you create an allowlist of sources of trusted content in the HTTP headers. You also pre-approve certain servers for content that is loaded into a webpage, and instruct the browser to execute or render only resources from those sources. You can use this technique to prevent malicious content from being injected into sites.
Content Security Policy is supported in all versions of Microsoft Edge. It lets web developers lock down the resources that can be used by their web application. This helps prevent [cross-site scripting](https://en.wikipedia.org/wiki/Cross-site_scripting) attacks that remain a common vulnerability on the web. However, the first version of Content Security Policy was difficult to implement on websites that used inline script elements that either pointed to script sources or contained script directly.
@@ -180,7 +179,7 @@ sections:
- question: |
What is Enterprise Mode Feature?
answer: |
- For more information about this topic, see [Enterprise Mode and the Enterprise Mode Site List](../ie11-deploy-guide/what-is-enterprise-mode.md).
+ For more information, see [Enterprise Mode and the Enterprise Mode Site List](../ie11-deploy-guide/what-is-enterprise-mode.md).
- question: |
Where can I obtain a list of HTTP Status codes?
@@ -190,9 +189,9 @@ sections:
- question: |
What is end of support for Internet Explorer 11?
answer: |
- Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it is installed.
+ Internet Explorer 11 is the last major version of Internet Explorer. Internet Explorer 11 will continue receiving security updates and technical support for the lifecycle of the version of Windows on which it's installed.
- For more information, see [Lifecycle FAQ — Internet Explorer and Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
+ For more information, see [Lifecycle FAQ - Internet Explorer and Microsoft Edge](/lifecycle/faq/internet-explorer-microsoft-edge).
- question: |
How to configure TLS (SSL) for Internet Explorer
@@ -229,7 +228,7 @@ sections:
- User Configuration > Administrative Templates > Windows Components > Internet Explorer > Internet Control Panel > Security Page
**References**
- [How to configure Internet Explorer security zone sites using group polices](/archive/blogs/askie/how-to-configure-internet-explorer-security-zone-sites-using-group-polices)
+ [How to configure Internet Explorer security zone sites using group policies](/archive/blogs/askie/how-to-configure-internet-explorer-security-zone-sites-using-group-polices)
- question: |
What are the limits for MaxConnectionsPerServer, MaxConnectionsPer1_0Server for the current versions of Internet Explorer?
diff --git a/education/includes/education-content-updates.md b/education/includes/education-content-updates.md
index 8c86acd85f..e06d4cfd48 100644
--- a/education/includes/education-content-updates.md
+++ b/education/includes/education-content-updates.md
@@ -2,6 +2,45 @@
+## Week of August 08, 2022
+
+
+| Published On |Topic title | Change |
+|------|------------|--------|
+| 8/10/2022 | [Reset devices with Autopilot Reset](/education/windows/autopilot-reset) | modified |
+| 8/10/2022 | [Change history for Windows 10 for Education (Windows 10)](/education/windows/change-history-edu) | modified |
+| 8/10/2022 | [Change to Windows 10 Education from Windows 10 Pro](/education/windows/change-to-pro-education) | modified |
+| 8/10/2022 | [Chromebook migration guide (Windows 10)](/education/windows/chromebook-migration-guide) | modified |
+| 8/10/2022 | [Windows 10 configuration recommendations for education customers](/education/windows/configure-windows-for-education) | modified |
+| 8/10/2022 | [Deploy Windows 10 in a school district (Windows 10)](/education/windows/deploy-windows-10-in-a-school-district) | modified |
+| 8/10/2022 | [Deploy Windows 10 in a school (Windows 10)](/education/windows/deploy-windows-10-in-a-school) | modified |
+| 8/10/2022 | [Deployment recommendations for school IT administrators](/education/windows/edu-deployment-recommendations) | modified |
+| 8/10/2022 | [Education scenarios Microsoft Store for Education](/education/windows/education-scenarios-store-for-business) | modified |
+| 8/10/2022 | [Enable S mode on Surface Go devices for Education](/education/windows/enable-s-mode-on-surface-go-devices) | modified |
+| 8/10/2022 | [Get Minecraft Education Edition](/education/windows/get-minecraft-for-education) | modified |
+| 8/10/2022 | [Windows 10 for Education (Windows 10)](/education/windows/index) | modified |
+| 8/10/2022 | [Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode](/education/windows/s-mode-switch-to-edu) | modified |
+| 8/10/2022 | [For IT administrators get Minecraft Education Edition](/education/windows/school-get-minecraft) | modified |
+| 8/10/2022 | [Azure AD Join with Set up School PCs app](/education/windows/set-up-school-pcs-azure-ad-join) | modified |
+| 8/10/2022 | [What's in Set up School PCs provisioning package](/education/windows/set-up-school-pcs-provisioning-package) | modified |
+| 8/10/2022 | [Shared PC mode for school devices](/education/windows/set-up-school-pcs-shared-pc-mode) | modified |
+| 8/10/2022 | [Set up School PCs app technical reference overview](/education/windows/set-up-school-pcs-technical) | modified |
+| 8/10/2022 | [What's new in the Windows Set up School PCs app](/education/windows/set-up-school-pcs-whats-new) | modified |
+| 8/10/2022 | [Set up student PCs to join domain](/education/windows/set-up-students-pcs-to-join-domain) | modified |
+| 8/10/2022 | [Provision student PCs with apps](/education/windows/set-up-students-pcs-with-apps) | modified |
+| 8/10/2022 | [Set up Windows devices for education](/education/windows/set-up-windows-10) | modified |
+| 8/10/2022 | [Take a Test app technical reference](/education/windows/take-a-test-app-technical) | modified |
+| 8/10/2022 | [Set up Take a Test on multiple PCs](/education/windows/take-a-test-multiple-pcs) | modified |
+| 8/10/2022 | [Set up Take a Test on a single PC](/education/windows/take-a-test-single-pc) | modified |
+| 8/10/2022 | [Take tests in Windows 10](/education/windows/take-tests-in-windows-10) | modified |
+| 8/10/2022 | [For teachers get Minecraft Education Edition](/education/windows/teacher-get-minecraft) | modified |
+| 8/10/2022 | [Test Windows 10 in S mode on existing Windows 10 education devices](/education/windows/test-windows10s-for-edu) | modified |
+| 8/10/2022 | [Use Set up School PCs app](/education/windows/use-set-up-school-pcs-app) | modified |
+| 8/10/2022 | [What is Windows 11 SE](/education/windows/windows-11-se-overview) | modified |
+| 8/10/2022 | [Windows 11 SE settings list](/education/windows/windows-11-se-settings-list) | modified |
+| 8/10/2022 | [Windows 10 editions for education customers](/education/windows/windows-editions-for-education-customers) | modified |
+
+
## Week of July 25, 2022
@@ -11,11 +50,3 @@
| 7/26/2022 | [Secure the Windows boot process](/education/windows/change-home-to-edu) | modified |
| 7/25/2022 | Edit an existing topic using the Edit link | removed |
| 7/26/2022 | [Windows Hello for Business Videos](/education/windows/change-home-to-edu) | modified |
-
-
-## Week of June 27, 2022
-
-
-| Published On |Topic title | Change |
-|------|------------|--------|
-| 6/30/2022 | Get Minecraft Education Edition with your Windows 10 device promotion | removed |
diff --git a/education/index.yml b/education/index.yml
index d9e629b791..b67a140734 100644
--- a/education/index.yml
+++ b/education/index.yml
@@ -10,9 +10,11 @@ metadata:
description: Learn about product documentation and resources available for school IT administrators, teachers, students, and education app developers.
ms.service: help
ms.topic: hub-page
- author: LaurenMoynihan
- ms.author: v-lamoyn
- ms.date: 10/24/2019
+ ms.collection: education
+ author: paolomatarazzo
+ ms.author: paoloma
+ ms.date: 08/10/2022
+ manager: aaroncz
productDirectory:
title: For IT admins
diff --git a/education/windows/autopilot-reset.md b/education/windows/autopilot-reset.md
index 5e41713a4b..ad98be350e 100644
--- a/education/windows/autopilot-reset.md
+++ b/education/windows/autopilot-reset.md
@@ -1,23 +1,23 @@
---
title: Reset devices with Autopilot Reset
description: Gives an overview of Autopilot Reset and how you can enable and use it in your schools.
-keywords: Autopilot Reset, Windows 10, education
-ms.prod: w10
+keywords: Autopilot Reset, Windows, education
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 06/27/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Reset devices with Autopilot Reset
-**Applies to:**
-
-- Windows 10, version 1709
IT admins or technical teachers can use Autopilot Reset to quickly remove personal files, apps, and settings, and reset Windows 10 devices from the lock screen anytime and apply original settings and management enrollment (Azure Active Directory and device management) so the devices are ready to use. With Autopilot Reset, devices are returned to a fully configured or known IT-approved state.
diff --git a/education/windows/change-history-edu.md b/education/windows/change-history-edu.md
index 68e0429bb0..9a1acea7a1 100644
--- a/education/windows/change-history-edu.md
+++ b/education/windows/change-history-edu.md
@@ -2,17 +2,19 @@
title: Change history for Windows 10 for Education (Windows 10)
description: New and changed topics in Windows 10 for Education
keywords: Windows 10 education documentation, change history
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
-author: dansimp
-ms.author: dansimp
-ms.date: 05/21/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
-
# Change history for Windows 10 for Education
This topic lists new and updated topics in the [Windows 10 for Education](index.md) documentation.
diff --git a/education/windows/change-home-to-edu.md b/education/windows/change-home-to-edu.md
index 85b1b85c00..bb3a601ed0 100644
--- a/education/windows/change-home-to-edu.md
+++ b/education/windows/change-home-to-edu.md
@@ -1,7 +1,7 @@
---
title: Upgrade Windows Home to Windows Education on student-owned devices
description: Learn how IT Pros can upgrade student-owned devices from Windows Home to Windows Education using Mobile Device Management or Kivuto OnTheHub with qualifying subscriptions.
-ms.date: 07/05/2021
+ms.date: 08/10/2022
ms.prod: windows
ms.technology: windows
ms.topic: how-to
@@ -10,7 +10,10 @@ author: scottbreenmsft
ms.author: scbree
ms.reviewer: paoloma
manager: jeffbu
-ms.collection: highpri
+ms.collection: education
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Upgrade Windows Home to Windows Education on student-owned devices
diff --git a/education/windows/change-to-pro-education.md b/education/windows/change-to-pro-education.md
index d1ed1e7192..3c0e5424ee 100644
--- a/education/windows/change-to-pro-education.md
+++ b/education/windows/change-to-pro-education.md
@@ -2,16 +2,19 @@
title: Change to Windows 10 Education from Windows 10 Pro
description: Learn how IT Pros can opt into changing to Windows 10 Pro Education from Windows 10 Pro.
keywords: change, free change, Windows 10 Pro to Windows 10 Pro Education, Windows 10 Pro to Windows 10 Pro Education, education customers, Windows 10 Pro Education, Windows 10 Pro
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 05/21/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Change to Windows 10 Pro Education from Windows 10 Pro
diff --git a/education/windows/chromebook-migration-guide.md b/education/windows/chromebook-migration-guide.md
index 6ecad551d4..b7d6452223 100644
--- a/education/windows/chromebook-migration-guide.md
+++ b/education/windows/chromebook-migration-guide.md
@@ -2,26 +2,24 @@
title: Chromebook migration guide (Windows 10)
description: In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment.
ms.assetid: 7A1FA48A-C44A-4F59-B895-86D4D77F8BEA
-ms.reviewer:
-manager: dansimp
keywords: migrate, automate, device, Chromebook migration
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu, devices
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/13/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
+ms.reviewer:
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Chromebook migration guide
-
-**Applies to**
-
-- Windows 10
-
In this guide, you'll learn how to migrate a Google Chromebook-based learning environment to a Windows 10-based learning environment. You'll learn how to perform the necessary planning steps, including Windows device deployment, migration of user and device settings, app migration or replacement, and cloud storage migration. You'll then learn the best method to perform the migration by using automated deployment and migration tools.
## Plan Chromebook migration
diff --git a/education/windows/configure-windows-for-education.md b/education/windows/configure-windows-for-education.md
index 6d0c2694a5..4b876aa023 100644
--- a/education/windows/configure-windows-for-education.md
+++ b/education/windows/configure-windows-for-education.md
@@ -4,21 +4,19 @@ description: Provides guidance on ways to configure the OS diagnostic data, cons
keywords: Windows 10 deployment, recommendations, privacy settings, school, education, configurations, accessibility, assistive technology
ms.mktglfcycl: plan
ms.sitesec: library
-ms.prod: w10
+ms.prod: windows
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date:
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
-
# Windows 10 configuration recommendations for education customers
-**Applies to:**
-
-- Windows 10
-
Privacy is important to us, we want to provide you with ways to customize the OS diagnostic data, consumer experiences, Cortana, search, and some of the preinstalled apps, for usage with [education editions of Windows 10](windows-editions-for-education-customers.md) in education environments. These features work on all Windows 10 editions, but education editions of Windows 10 have the settings preconfigured. We recommend that all Windows 10 devices in an education setting be configured with **[SetEduPolicies](#setedupolicies)** enabled. For more information, see the following table. To learn more about Microsoft's commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305).
diff --git a/education/windows/deploy-windows-10-in-a-school-district.md b/education/windows/deploy-windows-10-in-a-school-district.md
index aa2e5b4d70..d0a8aa44bd 100644
--- a/education/windows/deploy-windows-10-in-a-school-district.md
+++ b/education/windows/deploy-windows-10-in-a-school-district.md
@@ -2,24 +2,23 @@
title: Deploy Windows 10 in a school district (Windows 10)
description: Learn how to deploy Windows 10 in a school district. Integrate the school environment with Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD), use Microsoft Endpoint Configuration Manager, Intune, and Group Policy to manage devices.
keywords: configure, tools, device, school district, deploy Windows 10
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.pagetype: edu
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Deploy Windows 10 in a school district
-**Applies to**
-
-- Windows 10
-
-
This guide shows you how to deploy the Windows 10 operating system in a school district. You learn how to deploy Windows 10 in classrooms; integrate the school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD); and deploy Windows 10 and your apps to new devices or upgrade existing devices to Windows 10. This guide also describes how to use Microsoft Endpoint Configuration Manager, Microsoft Intune, and Group Policy to manage devices. Finally, the guide discusses common, ongoing maintenance tasks that you'll perform after initial deployment and the automated tools and built-in features of the operating system.
## Prepare for district deployment
diff --git a/education/windows/deploy-windows-10-in-a-school.md b/education/windows/deploy-windows-10-in-a-school.md
index b618ca7b09..d9d1aff417 100644
--- a/education/windows/deploy-windows-10-in-a-school.md
+++ b/education/windows/deploy-windows-10-in-a-school.md
@@ -2,15 +2,19 @@
title: Deploy Windows 10 in a school (Windows 10)
description: Learn how to integrate your school environment with Microsoft Office 365, Active Directory Domain Services (AD DS), and Microsoft Azure Active Directory (Azure AD). Deploy Windows 10 and apps to new devices or upgrade existing devices to Windows 10. Manage faculty, students, and devices by using Microsoft Intune and Group Policy.
keywords: configure, tools, device, school, deploy Windows 10
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.pagetype: edu
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Deploy Windows 10 in a school
diff --git a/education/windows/edu-deployment-recommendations.md b/education/windows/edu-deployment-recommendations.md
index fb2c72d34b..c29d3d4a47 100644
--- a/education/windows/edu-deployment-recommendations.md
+++ b/education/windows/edu-deployment-recommendations.md
@@ -4,20 +4,19 @@ description: Provides guidance on ways to customize the OS privacy settings, and
keywords: Windows 10 deployment, recommendations, privacy settings, school
ms.mktglfcycl: plan
ms.sitesec: library
+ms.prod: windows
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/13/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
-ms.prod: w10
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Deployment recommendations for school IT administrators
-**Applies to:**
-
-- Windows 10
-
Your privacy is important to us, so we want to provide you with ways to customize the OS privacy settings, and some of the apps, so that you can choose what information is shared with Microsoft. To learn more about Microsoft’s commitment to privacy, see [Windows 10 and privacy](https://go.microsoft.com/fwlink/?LinkId=809305). The following sections provide some best practices and specific privacy settings we’d like you to be aware of. For more information about ways to customize the OS diagnostic data, consumer experiences, Cortana, and search, see [Windows 10 configuration recommendations for education customers](configure-windows-for-education.md).
diff --git a/education/windows/education-scenarios-store-for-business.md b/education/windows/education-scenarios-store-for-business.md
index 7909586e9b..4fbe0e9f89 100644
--- a/education/windows/education-scenarios-store-for-business.md
+++ b/education/windows/education-scenarios-store-for-business.md
@@ -2,17 +2,20 @@
title: Education scenarios Microsoft Store for Education
description: Learn how IT admins and teachers can use Microsoft Store for Education to acquire and manage apps in schools.
keywords: school, Microsoft Store for Education, Microsoft education store
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
searchScope:
- Store
-author: dansimp
-ms.author: dansimp
-ms.date: 03/30/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Working with Microsoft Store for Education
diff --git a/education/windows/enable-s-mode-on-surface-go-devices.md b/education/windows/enable-s-mode-on-surface-go-devices.md
index e7dce928ea..e056e38381 100644
--- a/education/windows/enable-s-mode-on-surface-go-devices.md
+++ b/education/windows/enable-s-mode-on-surface-go-devices.md
@@ -2,16 +2,19 @@
title: Enable S mode on Surface Go devices for Education
description: Steps that an education customer can perform to enable S mode on Surface Go devices
keywords: Surface Go for Education, S mode
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/30/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Surface Go for Education - Enabling S mode
diff --git a/education/windows/get-minecraft-for-education.md b/education/windows/get-minecraft-for-education.md
index 2ce2c20be3..f03899ae3d 100644
--- a/education/windows/get-minecraft-for-education.md
+++ b/education/windows/get-minecraft-for-education.md
@@ -2,27 +2,24 @@
title: Get Minecraft Education Edition
description: Learn how to get and distribute Minecraft Education Edition.
keywords: school, Minecraft, education edition
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
searchScope:
- Store
-ms.author: dansimp
-ms.date: 01/29/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
-ms.topic: conceptual
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Get Minecraft: Education Edition
-**Applies to:**
-
-- Windows 10
-
-
[Minecraft: Education Edition](https://education.minecraft.net/) is built for learning. Watch this video to learn more about Minecraft.
diff --git a/education/windows/index.md b/education/windows/index.md
index 9db6cd7672..3977c5f664 100644
--- a/education/windows/index.md
+++ b/education/windows/index.md
@@ -2,14 +2,19 @@
title: Windows 10 for Education (Windows 10)
description: Learn how to use Windows 10 in schools.
keywords: Windows 10, education
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/13/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
+ms.reviewer:
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Windows 10 for Education
diff --git a/education/windows/s-mode-switch-to-edu.md b/education/windows/s-mode-switch-to-edu.md
index cb2e995ef3..a09d48ae19 100644
--- a/education/windows/s-mode-switch-to-edu.md
+++ b/education/windows/s-mode-switch-to-edu.md
@@ -4,14 +4,17 @@ description: Switching out of Windows 10 Pro in S mode to Windows 10 Pro Educati
keywords: Windows 10 S switch, S mode Switch, switch in S mode, Switch S mode, Windows 10 Pro Education in S mode, S mode, system requirements, Overview, Windows 10 Pro in S mode, Education, EDU
ms.mktglfcycl: deploy
ms.localizationpriority: medium
-ms.prod: w10
+ms.prod: windows
ms.sitesec: library
ms.pagetype: edu
-ms.date: 12/03/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-author: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Switch to Windows 10 Pro Education in S mode from Windows 10 Pro in S mode
diff --git a/education/windows/school-get-minecraft.md b/education/windows/school-get-minecraft.md
index 6ba860cd94..d209181213 100644
--- a/education/windows/school-get-minecraft.md
+++ b/education/windows/school-get-minecraft.md
@@ -2,27 +2,26 @@
title: For IT administrators get Minecraft Education Edition
description: Learn how IT admins can get and distribute Minecraft in their schools.
keywords: Minecraft, Education Edition, IT admins, acquire
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
searchScope:
- Store
-ms.author: dansimp
-ms.date: 01/30/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
ms.topic: conceptual
---
# For IT administrators - get Minecraft: Education Edition
-**Applies to:**
-
-- Windows 10
-
-When you sign up for a [Minecraft: Education Edition](https://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](https://education.minecraft.net) subscription. Minecraft will be added to the inventory in your Microsoft Store for Education which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Store for Education is only displayed to members of your organization.
+When you sign up for a [Minecraft: Education Edition](https://education.minecraft.net) trial, or purchase a [Minecraft: Education Edition](https://education.minecraft.net) subscription, Minecraft: Education Edition will be added to the inventory in your Microsoft Admin Center which is associated with your Azure Active Directory (Azure AD) tenant. Your Microsoft Admin Center is only displayed to members of your organization with administrative roles.
>[!Note]
>If you don't have an Azure AD or Office 365 tenant, you can set up a free Office 365 Education subscription when you request Minecraft: Education Edition. For more information, see [Office 365 Education plans and pricing](https://products.office.com/academic/compare-office-365-education-plans).
@@ -34,7 +33,7 @@ Schools that purchased these products have an extra option for making Minecraft:
- Microsoft 365 A3 or Microsoft 365 A5
- Minecraft: Education Edition
-If your school has these products in your tenant, admins can choose to enable Minecraft: Education Edition for students using Microsoft 365 A3 or Microsoft 365 A5. From the left-hand menu in Microsoft Admin Center, select Users. From the Users list, select the users you want to add or remove for Minecraft: Education Edition access. Add the relevant A3 or A5 license if it hasn't been assigned already.
+If your school has these products in your tenant, admins can choose to enable Minecraft: Education Edition for students using Microsoft 365 A3 or Microsoft 365 A5. From the left-hand menu in Microsoft Admin Center, select Users. From the Users list, select the users you want to add or remove for Minecraft: Education Edition access. Add the relevant A3 or A5 license if it hasn't been assigned already.
> [!Note]
> If you add a faculty license, the user will be assigned an instructor role in the application and will have elevated permissions.
@@ -43,37 +42,27 @@ After selecting the appropriate product license, ensure Minecraft: Education Edi
If you turn off this setting after students have been using Minecraft: Education Edition, they will have up to 30 more days to use Minecraft: Education Edition before they don't have access.
-## Add Minecraft to your Microsoft Store for Education
+## How to get Minecraft: Education Edition
-You can start with the Minecraft: Education Edition trial to get individual copies of the app. For more information, see [Minecraft: Education Edition - direct purchase](#individual-copies).
+Users in a Microsoft verified academic institution account will have access to the free trial limited logins for Minecraft: Education Edition. This grants faculty accounts 25 free logins and student accounts 10 free logins. To purchase direct licenses, see [Minecraft: Education Edition - direct purchase](#individual-copies).
If you’ve been approved and are part of the Enrollment for Education Solutions volume license program, you can purchase a volume license for Minecraft: Education Edition. For more information, see [Minecraft: Education Edition - volume license](#volume-license).
### Minecraft: Education Edition - direct purchase
-1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **GET STARTED**.
+1. Go to [https://education.minecraft.net/](https://education.minecraft.net/) and select **How to Buy** in the top navigation bar.
-
-
-2. Enter your email address, and select Educator, Administrator, or Student. If your email address isn't associated to an Azure AD or Office 365 Education tenant, you'll be asked to create one.
-
-
+2. Scroll down and select **Buy Now** under Direct Purchase.
-3. Select **Get the app**. This will take you to the Microsoft Store for Education to download the app. You will also receive an email with instructions and a link to the Store.
+3. This will route you to the purchase page in the Microsoft Admin center. You will need to log in to your Administrator account.
-
+4. If necessary, fill in any requested organization or payment information
-4. Sign in to Microsoft Store for Education with your email address.
+5. Select the quantity of licenses you would like to purchase and select **Place Order**.
-5. Read and accept the Microsoft Store for Education Service Agreement, and then select **Next**.
+6. After you’ve purchased licenses, you’ll need to [assign them to users in the Admin Center](https://docs.microsoft.com/microsoft-365/admin/manage/assign-licenses-to-users)
-6. **Minecraft: Education Edition** opens in the Microsoft Store for Education. Select **Get the app**. This places **Minecraft: Education Edition** in your Store inventory.
-
-
-
-Now that the app is in your Microsoft Store for Education inventory, you can choose how to distribute Minecraft. For more information on distribution options, see [Distribute Minecraft](#distribute-minecraft).
-
-If you need additional licenses for **Minecraft: Education Edition**, see [Purchase additional licenses](./education-scenarios-store-for-business.md#purchase-more-licenses).
+If you need additional licenses for **Minecraft: Education Edition**, see [Buy or remove subscription licenses](https://docs.microsoft.com/microsoft-365/commerce/licenses/buy-licenses).
### Minecraft: Education Edition - volume licensing
@@ -89,7 +78,7 @@ You can pay for Minecraft: Education Edition with a debit or credit card, or wit
### Debit or credit cards
-During the purchase, click **Get started! Add a way to pay.** Provide the info needed for your debit or credit card.
+During the purchase, click **Add a new payment method**. Provide the info needed for your debit or credit card.
### Invoices
@@ -101,234 +90,20 @@ Invoices are now a supported payment method for Minecraft: Education Edition. Th
**To pay with an invoice**
-1. During the purchase, click **Get started! Add a way to pay.**
-
- 
+1. During the purchase, click **Add a new payment method.**
2. Select the Invoice option, and provide the info needed for an invoice. The **PO number** item allows you to add a tracking number or info that is meaningful to your organization.
-### Find your invoice
-
-After you've finished the purchase, you can find your invoice by checking **Minecraft: Education Edition** in your **Apps & software**.
-
-> [!NOTE]
-> After you complete a purchase, it can take up to twenty-four hours for the app to appear in **Apps & software**.
-
-**To view your invoice**
-
-1. In Microsoft Store for Education, click **Manage** and then click **Apps & software**.
-2. Click **Minecraft: Education Edition** in the list of apps.
-3. On **Minecraft: Education Edition**, click **View Bills**.
-
- 
-
-4. On **Invoice Bills**, click the invoice number to view and download your invoice. It downloads as a .pdf.
-
- 
-
-The **Payment Instructions** section on the first page of the invoice has information on invoice amount, due date, and how to pay with electronic funds transfer, or with a check.
+For more info on invoices and how to pay by invoice, see [How to pay for your subscription](https://docs.microsoft.com/microsoft-365/commerce/billing-and-payments/pay-for-your-subscription?).
## Distribute Minecraft
-After Minecraft: Education Edition is added to your Microsoft Store for Education inventory, you have three options:
+After Minecraft: Education Edition is added to your Microsoft Admin Center inventory, you can [assign these licenses to your users](https://docs.microsoft.com/microsoft-365/admin/manage/assign-licenses-to-users) or [download the app](https://aka.ms/downloadmee).
-- You can install the app on your PC.
-- You can assign the app to others.
-- You can download the app to distribute.
-
-Admins can also add Minecraft: Education Edition to the private store. This allows people in your organization to install the app from the private store. For more information, see [Distribute apps using your private store](/microsoft-store/distribute-apps-from-your-private-store).
-
-
-
-### Configure automatic subscription assignment
-
-For Minecraft: Education Edition, you can use auto assign subscription to control whether or not you assign a subscription when a member of your organization signs in to the app. When auto assign subscription is on, people from your organization who don’t have a subscription will automatically get one when they sign in to Minecraft: Education Edition. When auto assign subscription is off, people from your organization will get the trial version when they sign in to Minecraft: Education Edition. This allows you to control which people use the trial version, and which people are assigned a full subscription. You can always reassign subscriptions, but planning ahead will reduce time spent managing apps and subscriptions. By default, automatic subscription assignment is turned on.
-
-**How to turn off automatic subscription assignment**
-
-> [!Note]
-> The version of the Minecraft: Education Edition page in the Microsoft Store will be different depending on which Microsoft Store for Education flight you are using.
-
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com)
-2. Click Manage.
-
- You'll see Minecraft: Education Edition product page.
-
- 
-
- -Or-
-
- 
-
-3. Slide the **Auto assign subscription** or select **Turn off auto assign subscription**.
-
-### Install for me
-
-You can install the app on your PC. This gives you a chance to test the app and know how you might help others in your organization use the app.
-
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**, and then click **Install**.
-
-
-
-3. Click **Install**.
-
-### Assign to others
-
-Enter email addresses for your students, and each student will get an email with a link to install the app. This option is best for older, more tech-savvy students who will always use the same PC at school. You can assign the app to individuals, groups, or add it to your private store, where students and teachers in your organization can download the app.
-
-**To assign to others**
-
-1. Sign in to [Microsoft Store for Education](https://educationstore.microsoft.com).
-2. Click **Manage**.
-
- 
-3. Click **Invite people**.
-4. Type the name, or email address of the student or group you want to assign the app to, and then click **Assign**.
-
- You can only assign the app to students with work or school accounts. If you don't find the student, you might need to add a work or school account for the student.
- 
-
-**To finish Minecraft install (for students)**
-
-1. Students will receive an email with a link that will install the app on their PC.
-
- 
-
-2. Click **Get the app** to start the app install in Microsoft Store app.
-3. In Microsoft Store app, click **Install**.
-
- 
-
- After installing the app, students can find Minecraft: Education Edition in Microsoft Store app under **My Library**. Microsoft Store app is preinstalled with Windows 10.
-
- 
-
- When students click **My Library** they'll find apps assigned to them.
-
- 
-
-### Download for others
-Download for others allows teachers or IT admins to download an app that they can install on PCs. This will install Minecraft: Education Edition on the PC, and allows anyone with a Windows account to use the app on that PC. This option is best for students, and for shared computers. Choose this option when:
-- You have administrative permissions to install apps on the PC.
-- You want to install this app on each of your student's Windows 10 (at least version 1511) PCs.
-- Your students share Windows 10 computers, but sign in with their own Windows account.
-
-**Requirements**
-- Administrative permissions are required on the PC. If you don't have the correct permissions, you won't be able to install the app.
-- Windows 10 (at least version 1511) is required for PCs running Minecraft: Education Edition.
-
-**Check for updates**
-Minecraft: Education Edition will not install if there are updates pending for other apps on the PC. Before installing Minecraft, check to see if there are pending updates for Microsoft Store apps.
-
-**To check for app updates**
-
-1. Start Microsoft Store app on the PC (click **Start**, and type **Store**).
-2. Click the account button, and then click **Downloads and updates**.
-
- 
-
-3. Click **Check for updates**, and install all available updates.
-
- 
-
-4. Restart the computer before installing Minecraft: Education Edition.
-
-**To download for others**
-You'll download a .zip file, extract the files, and then use one of the files to install Minecraft: Education Edition on each PC.
-
-1. **Download Minecraft Education Edition.zip**. From the **Minecraft: Education Edition** page, click **Download for others** tab, and then click **Download**.
-
- 
-
-2. **Extract files**. Find the .zip file that you downloaded and extract the files. This is usually your **Downloads** folder, unless you chose to save the .zip file to a different location. Right-click the file and choose **Extract all**.
-3. **Save to USB drive**. After you've extracted the files, save the Minecraft: Education Edition folder to a USB drive, or to a network location that you can access from each PC.
-4. **Install app**. Use the USB drive to copy the Minecraft folder to each Windows 10 PC where you want to install Minecraft: Education Edition. Open Minecraft: Education Edition folder, right-click **InstallMinecraftEducationEdition.bat** and click **Run as administrator**.
-5. **Quick check**. The install program checks the PC to make sure it can run Minecraft: Education Edition. If your PC passes this test, the app will automatically install.
-6. **Restart**. Once installation is complete, restart each PC. Minecraft: Education Edition app is now ready for any student to use.
-
-
-
-
-
-
-
-
-
-
-
## Learn more
-[Working with Microsoft Store for Education – education scenarios](education-scenarios-store-for-business.md)
-Learn about overall Microsoft Store for Education management: manage settings, shop for apps, distribute apps, manage inventory, and manage order history.
-[Roles and permissions in Microsoft Store for Business and Education](/microsoft-store/roles-and-permissions-microsoft-store-for-business)
-[Troubleshoot Microsoft Store for Business and Education](/microsoft-store/troubleshoot-microsoft-store-for-business)
+[About Intune Admin roles in the Microsoft 365 admin center](https://docs.microsoft.com/microsoft-365/business-premium/m365bp-intune-admin-roles-in-the-mac)
## Related topics
-
[Get Minecraft: Education Edition](get-minecraft-for-education.md)
-[For teachers get Minecraft: Education Edition](teacher-get-minecraft.md)
\ No newline at end of file
diff --git a/education/windows/set-up-school-pcs-azure-ad-join.md b/education/windows/set-up-school-pcs-azure-ad-join.md
index a04a034238..b7a35b9784 100644
--- a/education/windows/set-up-school-pcs-azure-ad-join.md
+++ b/education/windows/set-up-school-pcs-azure-ad-join.md
@@ -2,16 +2,19 @@
title: Azure AD Join with Set up School PCs app
description: Describes how Azure AD Join is configured in the Set up School PCs app.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 01/11/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Azure AD Join for school PCs
diff --git a/education/windows/set-up-school-pcs-provisioning-package.md b/education/windows/set-up-school-pcs-provisioning-package.md
index 328e6c3c68..3aeb7d738c 100644
--- a/education/windows/set-up-school-pcs-provisioning-package.md
+++ b/education/windows/set-up-school-pcs-provisioning-package.md
@@ -2,16 +2,19 @@
title: What's in Set up School PCs provisioning package
description: Lists the provisioning package settings that are configured in the Set up School PCs app.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/17/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# What's in my provisioning package?
diff --git a/education/windows/set-up-school-pcs-shared-pc-mode.md b/education/windows/set-up-school-pcs-shared-pc-mode.md
index 25aa35b4f0..e007d4957b 100644
--- a/education/windows/set-up-school-pcs-shared-pc-mode.md
+++ b/education/windows/set-up-school-pcs-shared-pc-mode.md
@@ -2,16 +2,19 @@
title: Shared PC mode for school devices
description: Describes how shared PC mode is set for devices set up with the Set up School PCs app.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/13/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Shared PC mode for school devices
diff --git a/education/windows/set-up-school-pcs-technical.md b/education/windows/set-up-school-pcs-technical.md
index de0bc50602..6dbdf70186 100644
--- a/education/windows/set-up-school-pcs-technical.md
+++ b/education/windows/set-up-school-pcs-technical.md
@@ -2,25 +2,23 @@
title: Set up School PCs app technical reference overview
description: Describes the purpose of the Set up School PCs app for Windows 10 devices.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/11/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# What is Set up School PCs?
-
-**Applies to:**
-
-- Windows 10
-
The **Set up School PCs** app helps you configure new Windows 10 PCs for school use. The
app, which is available for Windows 10 version 1703 and later, configures and saves
school-optimized settings, apps, and policies into a single provisioning package. You can then save the package to a USB drive and distribute it to your school PCs.
diff --git a/education/windows/set-up-school-pcs-whats-new.md b/education/windows/set-up-school-pcs-whats-new.md
index a22f1755e4..fce328a1c0 100644
--- a/education/windows/set-up-school-pcs-whats-new.md
+++ b/education/windows/set-up-school-pcs-whats-new.md
@@ -2,16 +2,20 @@
title: What's new in the Windows Set up School PCs app
description: Find out about app updates and new features in Set up School PCs.
keywords: shared cart, shared PC, school, set up school pcs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 08/04/2022
-ms.reviewer: paoloma
-manager: dansimp
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
+ms.reviewer:
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# What's new in Set up School PCs
diff --git a/education/windows/set-up-students-pcs-to-join-domain.md b/education/windows/set-up-students-pcs-to-join-domain.md
index cbad40867b..32f97bf4b3 100644
--- a/education/windows/set-up-students-pcs-to-join-domain.md
+++ b/education/windows/set-up-students-pcs-to-join-domain.md
@@ -2,21 +2,21 @@
title: Set up student PCs to join domain
description: Learn how to use Configuration Designer to provision student devices to join Active Directory.
keywords: school, student PC setup, Windows Configuration Designer
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/27/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Set up student PCs to join domain
-**Applies to:**
-
-- Windows 10
If your school uses Active Directory, use the Windows Configuration Designer tool to create a provisioning package that will configure a PC for student use that is joined to the Active Directory domain.
diff --git a/education/windows/set-up-students-pcs-with-apps.md b/education/windows/set-up-students-pcs-with-apps.md
index 2f08fa227c..840dd7836b 100644
--- a/education/windows/set-up-students-pcs-with-apps.md
+++ b/education/windows/set-up-students-pcs-with-apps.md
@@ -1,21 +1,19 @@
---
title: Provision student PCs with apps
description: Learn how to use Configuration Designer to easily provision student devices to join Active Directory.
-ms.prod: w10
+ms.prod: windows
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/13/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
-
# Provision student PCs with apps
-**Applies to:**
-
-- Windows 10
-
To create and apply a provisioning package that contains apps to a device running all desktop editions of Windows 10 except Windows 10 Home, follow the steps in [Provision PCs with apps](/windows/configuration/provisioning-packages/provision-pcs-with-apps).
Provisioning packages can include management instructions and policies, installation of specific apps, customization of network connections and policies, and more.
diff --git a/education/windows/set-up-windows-10.md b/education/windows/set-up-windows-10.md
index e1acdf9f1d..a9e53b4beb 100644
--- a/education/windows/set-up-windows-10.md
+++ b/education/windows/set-up-windows-10.md
@@ -2,22 +2,22 @@
title: Set up Windows devices for education
description: Decide which option for setting up Windows 10 is right for you.
keywords: school, Windows device setup, education device setup
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/27/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Set up Windows devices for education
-**Applies to:**
-
-- Windows 10
You have two tools to choose from to set up PCs for your classroom:
* Set up School PCs
diff --git a/education/windows/take-a-test-app-technical.md b/education/windows/take-a-test-app-technical.md
index 3e83e12653..dd064677bf 100644
--- a/education/windows/take-a-test-app-technical.md
+++ b/education/windows/take-a-test-app-technical.md
@@ -2,24 +2,22 @@
title: Take a Test app technical reference
description: The policies and settings applied by the Take a Test app.
keywords: take a test, test taking, school, policies
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 11/28/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Take a Test app technical reference
-**Applies to:**
-
-- Windows 10
-
-
Take a Test is an app that locks down the PC and displays an online assessment web page.
diff --git a/education/windows/take-a-test-multiple-pcs.md b/education/windows/take-a-test-multiple-pcs.md
index fe484ddf82..e6daee3daa 100644
--- a/education/windows/take-a-test-multiple-pcs.md
+++ b/education/windows/take-a-test-multiple-pcs.md
@@ -2,23 +2,22 @@
title: Set up Take a Test on multiple PCs
description: Learn how to set up and use the Take a Test app on multiple PCs.
keywords: take a test, test taking, school, set up on multiple PCs
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 11/08/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Set up Take a Test on multiple PCs
-**Applies to:**
-
-- Windows 10
-
Many schools use online testing for formative and summation assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test.
diff --git a/education/windows/take-a-test-single-pc.md b/education/windows/take-a-test-single-pc.md
index 1ebd02e090..2dcc9c525c 100644
--- a/education/windows/take-a-test-single-pc.md
+++ b/education/windows/take-a-test-single-pc.md
@@ -2,22 +2,21 @@
title: Set up Take a Test on a single PC
description: Learn how to set up and use the Take a Test app on a single PC.
keywords: take a test, test taking, school, set up on single PC
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 11/08/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
-
# Set up Take a Test on a single PC
-**Applies to:**
-
-- Windows 10
To configure [Take a Test](take-tests-in-windows-10.md) on a single PC, follow the guidance in this topic.
diff --git a/education/windows/take-tests-in-windows-10.md b/education/windows/take-tests-in-windows-10.md
index 50853a9e67..e0e44e51c8 100644
--- a/education/windows/take-tests-in-windows-10.md
+++ b/education/windows/take-tests-in-windows-10.md
@@ -2,23 +2,22 @@
title: Take tests in Windows 10
description: Learn how to set up and use the Take a Test app.
keywords: take a test, test taking, school, how to, use Take a Test
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/16/2017
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Take tests in Windows 10
-**Applies to:**
-
-- Windows 10
-
Many schools use online testing for formative and summative assessments. It's critical that students use a secure browser that prevents them from using other computer or Internet resources during the test. The **Take a Test** app in Windows 10 creates the right environment for taking a test:
diff --git a/education/windows/teacher-get-minecraft.md b/education/windows/teacher-get-minecraft.md
index 8d9850ce64..9436f4e605 100644
--- a/education/windows/teacher-get-minecraft.md
+++ b/education/windows/teacher-get-minecraft.md
@@ -2,26 +2,24 @@
title: For teachers get Minecraft Education Edition
description: Learn how teachers can get and distribute Minecraft.
keywords: school, Minecraft, Education Edition, educators, teachers, acquire, distribute
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.localizationpriority: medium
-author: dansimp
searchScope:
- Store
-ms.author: dansimp
-ms.date: 01/05/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
-ms.topic: conceptual
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# For teachers - get Minecraft: Education Edition
-**Applies to:**
-
-- Windows 10
-
The following article describes how teachers can get and distribute Minecraft: Education Edition.
Minecraft: Education Edition is available for anyone to trial, and subscriptions can be purchased by qualified educational institutions directly in the Microsoft Store for Education, via volume licensing agreements and through partner resellers.
diff --git a/education/windows/test-windows10s-for-edu.md b/education/windows/test-windows10s-for-edu.md
index f1ac5e98b3..e76136de39 100644
--- a/education/windows/test-windows10s-for-edu.md
+++ b/education/windows/test-windows10s-for-edu.md
@@ -1,20 +1,20 @@
---
title: Test Windows 10 in S mode on existing Windows 10 education devices
description: Provides guidance on downloading and testing Windows 10 in S mode for existing Windows 10 education devices.
-ms.prod: w10
+ms.prod: windows
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 07/30/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Test Windows 10 in S mode on existing Windows 10 education devices
-**Applies to:**
-- Devices running Windows 10, version 1709: Windows 10 Pro, Windows 10 Pro Education, Windows 10 Education, Windows 10 Enterprise
-
The Windows 10 in S mode self-installer will allow you to test Windows 10 in S mode on various individual Windows 10 devices (except Windows 10 Home) with a genuine, activated license[1](#footnote1). Test Windows 10 in S mode on various devices in your school and share your feedback with us.
Windows 10 in S mode is built to give schools the familiar, robust, and productive experiences you count on from Windows in an experience that's been streamlined for security and performance in the classroom, and built to work with Microsoft Education[2](#footnote2).
diff --git a/education/windows/use-set-up-school-pcs-app.md b/education/windows/use-set-up-school-pcs-app.md
index ca36e12e5a..958e32ad29 100644
--- a/education/windows/use-set-up-school-pcs-app.md
+++ b/education/windows/use-set-up-school-pcs-app.md
@@ -2,18 +2,20 @@
title: Use Set up School PCs app
description: Learn how to use the Set up School PCs app and apply the provisioning package.
keywords: shared cart, shared PC, school, Set up School PCs, overview, how to use
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 10/23/2018
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
-
# Use the Set up School PCs app
IT administrators and technical teachers can use the **Set up School PCs** app to quickly set up Windows 10 PCs for students. The app configures PCs with the apps and features students need, and it removes the ones they don't need. During setup, if licensed in your tenant, the app enrolls each student PC into a mobile device management (MDM) provider, such as Intune for Education. You can then manage all the settings the app configures through the MDM.
diff --git a/education/windows/windows-11-se-overview.md b/education/windows/windows-11-se-overview.md
index dd98543603..32691a8669 100644
--- a/education/windows/windows-11-se-overview.md
+++ b/education/windows/windows-11-se-overview.md
@@ -1,25 +1,22 @@
---
title: What is Windows 11 SE
description: Learn more about Windows 11 SE, and the apps that are included with the operating system. Read about the features IT professionals and administrators should know about Windows 11 SE. Add and deploy your apps using Microsoft Intune for Education.
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-ms.localizationpriority: medium
-ms.topic: article
+manager: aaroncz
+appliesto:
+- ✅ Windows 11 SE
---
# Windows 11 SE for Education
-**Applies to**:
-
-- Windows 11 SE
-- Microsoft Intune for Education
-
Windows 11 SE is a new edition of Windows that's designed for education. It runs on web-first devices that use essential education apps. Microsoft Office 365 is preinstalled (subscription sold separately).
For education customers seeking cost-effective devices, Microsoft Windows 11 SE is a great choice. Windows 11 SE includes the following benefits:
diff --git a/education/windows/windows-11-se-settings-list.md b/education/windows/windows-11-se-settings-list.md
index b2b9df5de8..e654aff272 100644
--- a/education/windows/windows-11-se-settings-list.md
+++ b/education/windows/windows-11-se-settings-list.md
@@ -1,25 +1,22 @@
---
title: Windows 11 SE settings list
description: Windows 11 SE automatically configures settings in the operating system. Learn more about the settings you can control and manage, and the settings you can't change.
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: mobile
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-ms.localizationpriority: medium
-ms.topic: article
+manager: aaroncz
+appliesto:
+- ✅ Windows 11 SE
---
# Windows 11 SE for Education settings list
-**Applies to**:
-
-- Windows 11 SE
-- Microsoft Intune for Education
-
Windows 11 SE automatically configures settings and features in the operating system. These settings use the Configuration Service Provider (CSPs) provided by Microsoft. You can use an MDM provider to configure these settings.
This article lists the settings automatically configured. For more information on Windows 11 SE, see [Windows 11 SE for Education overview](windows-11-se-overview.md).
diff --git a/education/windows/windows-editions-for-education-customers.md b/education/windows/windows-editions-for-education-customers.md
index 759d485046..b53f4a28bc 100644
--- a/education/windows/windows-editions-for-education-customers.md
+++ b/education/windows/windows-editions-for-education-customers.md
@@ -2,23 +2,22 @@
title: Windows 10 editions for education customers
description: Provides an overview of the two Windows 10 editions that are designed for the needs of K-12 institutions.
keywords: Windows 10 Pro Education, Windows 10 Education, Windows 10 editions, education customers
-ms.prod: w10
+ms.prod: windows
ms.mktglfcycl: plan
ms.sitesec: library
ms.pagetype: edu
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-ms.date: 05/21/2019
+ms.collection: education
+author: paolomatarazzo
+ms.author: paoloma
+ms.date: 08/10/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
---
# Windows 10 editions for education customers
-**Applies to:**
-
-- Windows 10
-
Windows 10, version 1607 (Anniversary Update) continues our commitment to productivity, security, and privacy for all customers. Windows 10 Pro and Windows 10 Enterprise offer the functionality and safety features demanded by business and education customers around the globe. Windows 10 is the most secure Windows we’ve ever built. All of our Windows commercial editions can be configured to support the needs of schools, through group policies, domain join, and more. To learn more about Microsoft’s commitment to security and privacy in Windows 10, see more on both [security](/windows/security/security-foundations) and [privacy](https://go.microsoft.com/fwlink/?LinkId=822620).
diff --git a/windows/application-management/add-apps-and-features.md b/windows/application-management/add-apps-and-features.md
index 9ee3c86345..a625c4f1c7 100644
--- a/windows/application-management/add-apps-and-features.md
+++ b/windows/application-management/add-apps-and-features.md
@@ -2,12 +2,12 @@
title: Add or hide optional apps and features on Windows devices | Microsoft Docs
description: Learn how to add Windows 10 and Windows 11 optional features using the Apps & features page in the Settings app. Also see the group policy objects (GPO) and MDM policies that show or hide Apps and Windows Features in the Settings app. Use Windows PowerShell to show or hide specific features in Windows Features.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.localizationpriority: medium
ms.date: 08/30/2021
ms.reviewer:
-manager: dougeby
ms.topic: article
ms.collection: highpri
---
diff --git a/windows/application-management/apps-in-windows-10.md b/windows/application-management/apps-in-windows-10.md
index ba0a92dcf7..0c38b376be 100644
--- a/windows/application-management/apps-in-windows-10.md
+++ b/windows/application-management/apps-in-windows-10.md
@@ -1,11 +1,11 @@
---
title: Learn about the different app types in Windows 10/11 | Microsoft Docs
-ms.reviewer:
-manager: dougeby
description: Learn more and understand the different types of apps that run on Windows 10 and Windows 11. For example, learn more about UWP, WPF, Win32, and Windows Forms apps, including the best way to install these apps.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
+ms.reviewer:
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
diff --git a/windows/application-management/enterprise-background-activity-controls.md b/windows/application-management/enterprise-background-activity-controls.md
index d85b5ea89f..60cb9c5b79 100644
--- a/windows/application-management/enterprise-background-activity-controls.md
+++ b/windows/application-management/enterprise-background-activity-controls.md
@@ -1,13 +1,13 @@
---
-author: aczechowski
title: Remove background task resource restrictions
description: Allow enterprise background tasks unrestricted access to computer resources.
-ms.author: aaroncz
+ms.prod: w10
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 10/03/2017
ms.reviewer:
-manager: dougeby
ms.topic: article
-ms.prod: w10
---
# Remove background task resource restrictions
@@ -43,7 +43,7 @@ Starting with Windows 10, version 1703, enterprises can control background activ
`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground_ForceDenyTheseApps`
`./Vendor/Microsoft/Policy/Config/Privacy/LetAppsRunInBackground_UserInControlOfTheseApps`
-These policies control the background activity battery settings for Universal Windows Platform (UWP) apps. They enable apps to not be managed by the Windows system policies and not be restricted when battery saver is active. Applying these policies to a device will disable the user controls for the applications specified in the policies in the **Settings** app. See [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider#privacy-letappsruninbackground) for more information about these policies.
+These policies control the background activity battery settings for Universal Windows Platform (UWP) apps. They enable apps to not be managed by the Windows system policies and not be restricted when battery saver is active. Applying these policies to a device will disable the user controls for the applications specified in the policies in the **Settings** app. For more information about these policies, visit [Policy CSP](/windows/client-management/mdm/policy-configuration-service-provider#privacy-letappsruninbackground).
An app can determine which settings are in place for itself by using [BackgroundExecutionManager.RequestAccessAsync](/uwp/api/Windows.ApplicationModel.Background.BackgroundAccessStatus) before any background activity is attempted, and then examining the returned [BackgroundAccessStatus](/uwp/api/windows.applicationmodel.background.backgroundaccessstatus) enumeration. The values of this enumeration correspond to settings in the **battery usage by App** settings page:
diff --git a/windows/application-management/includes/app-v-end-life-statement.md b/windows/application-management/includes/app-v-end-life-statement.md
index 17dace9c69..87c9ec2b04 100644
--- a/windows/application-management/includes/app-v-end-life-statement.md
+++ b/windows/application-management/includes/app-v-end-life-statement.md
@@ -1,9 +1,9 @@
---
-author: aczechowski
-ms.author: aaroncz
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 09/20/2021
ms.reviewer:
-manager: dougeby
ms.prod: w10
ms.topic: include
---
diff --git a/windows/application-management/includes/applies-to-windows-client-versions.md b/windows/application-management/includes/applies-to-windows-client-versions.md
index 7cb153ddb7..b26f9904a6 100644
--- a/windows/application-management/includes/applies-to-windows-client-versions.md
+++ b/windows/application-management/includes/applies-to-windows-client-versions.md
@@ -1,9 +1,9 @@
---
-author: aczechowski
-ms.author: aaroncz
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 09/28/2021
ms.reviewer:
-manager: dougeby
ms.prod: w10
ms.topic: include
---
diff --git a/windows/application-management/index.yml b/windows/application-management/index.yml
index 8f6b781ec5..e13b0747f4 100644
--- a/windows/application-management/index.yml
+++ b/windows/application-management/index.yml
@@ -13,9 +13,9 @@ metadata:
ms.collection:
- windows-10
- highpri
- author: aczechowski
- ms.author: aaroncz
- manager: dougeby
+ author: nicholasswhite
+ ms.author: nwhite
+ manager: aaroncz
ms.date: 08/24/2021 #Required; mm/dd/yyyy format.
ms.localizationpriority : medium
diff --git a/windows/application-management/manage-windows-mixed-reality.md b/windows/application-management/manage-windows-mixed-reality.md
index 122ffdd4f1..e0270672bb 100644
--- a/windows/application-management/manage-windows-mixed-reality.md
+++ b/windows/application-management/manage-windows-mixed-reality.md
@@ -2,11 +2,11 @@
title: Enable or block Windows Mixed Reality apps in the enterprise (Windows 10/11)
description: Learn how to enable Windows Mixed Reality apps in WSUS or block the Windows Mixed Reality portal in enterprises.
ms.reviewer:
-manager: dougeby
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.prod: w10
ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
ms.topic: article
---
@@ -58,7 +58,7 @@ IT admins can also create [Side by side feature store (shared folder)](/previous
You can use the [AppLocker configuration service provider (CSP)](/windows/client-management/mdm/applocker-csp) to block the Mixed Reality software.
-In the following example, the **Id** can be any generated GUID and the **Name** can be any name you choose. Note that `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
+In the following example, the **Id** can be any generated GUID and the **Name** can be any name you choose. `BinaryName="*"` allows you to block any app executable in the Mixed Reality Portal package. **Binary/VersionRange**, as shown in the example, will block all versions of the Mixed Reality Portal app.
```xml
diff --git a/windows/application-management/per-user-services-in-windows.md b/windows/application-management/per-user-services-in-windows.md
index 4657bd8ea3..7735990889 100644
--- a/windows/application-management/per-user-services-in-windows.md
+++ b/windows/application-management/per-user-services-in-windows.md
@@ -2,11 +2,11 @@
title: Per-user services in Windows 10 and Windows Server
description: Learn about per-user services, how to change the template service Startup Type, and manage per-user services through Group Policy and security templates.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 09/14/2017
ms.reviewer:
-manager: dougeby
---
# Per-user services in Windows 10 and Windows Server
@@ -41,7 +41,7 @@ Before you disable any of these services, review the **Description** column in t
| 1803 | DevicePickerUserSvc | DevicePicker | Manual | | Device Picker |
| 1703 | DevicesFlowUserSvc | DevicesFlow | Manual | | Device Discovery and Connecting |
| 1703 | MessagingService | MessagingService | Manual | | Service supporting text messaging and related functionality |
-| 1607 | OneSyncSvc | Sync Host | Auto (delayed) | | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service is not running. |
+| 1607 | OneSyncSvc | Sync Host | Auto (delayed) | | Synchronizes mail, contacts, calendar, and other user data. Mail and other applications dependent on this service don't work correctly when this service isn't running. |
| 1607 | PimIndexMaintenanceSvc | Contact Data | Manual | UnistoreSvc | Indexes contact data for fast contact searching. If you stop or disable this service, search results might not display all contacts. |
| 1709 | PrintWorkflowUserSvc | PrintWorkflow | Manual | | Print Workflow |
| 1607 | UnistoreSvc | User Data Storage | Manual | | Handles storage of structured user data, including contact info, calendars, and messages. If you stop or disable this service, apps that use this data might not work correctly. |
@@ -71,7 +71,7 @@ In light of these restrictions, you can use the following methods to manage per-
### Manage template services using a security template
-You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). See [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings) for more information.
+You can manage the CDPUserSvc and OneSyncSvc per-user services with a [security template](/windows/device-security/security-policy-settings/administer-security-policy-settings#bkmk-sectmpl). For more information, visit [Administer security policy settings](/windows/device-security/security-policy-settings/administer-security-policy-settings).
For example:
@@ -87,13 +87,13 @@ Revision=1
### Manage template services using Group Policy preferences
-If a per-user service can't be disabled using a the security template, you can disable it by using Group Policy preferences.
+If a per-user service can't be disabled using the security template, you can disable it by using Group Policy preferences.
-1. On a Windows Server domain controller or Windows 10 PC that has the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/download/details.aspx?id=45520) installed, click **Start**, type GPMC.MSC, and then press **Enter** to open the **Group Policy Management Console**.
+1. On a Windows Server domain controller or Windows 10 PC that has the [Remote Server Administration Tools (RSAT)](https://www.microsoft.com/download/details.aspx?id=45520) installed, select **Start**, type GPMC.MSC, and then press **Enter** to open the **Group Policy Management Console**.
2. Create a new Group Policy Object (GPO) or use an existing GPO.
-3. Right-click the GPO and click **Edit** to launch the Group Policy Object Editor.
+3. Right-click the GPO and select **Edit** to launch the Group Policy Object Editor.
4. Depending on how you want to target the Group Policy, under **Computer configuration** or **User configuration** browse to Preferences\Windows Settings\Registry.
@@ -101,23 +101,23 @@ If a per-user service can't be disabled using a the security template, you can d
-6. Make sure that HKEY_Local_Machine is selected for Hive and then click ... (the ellipses) next to Key Path.
+6. Make sure that HKEY_Local_Machine is selected for Hive and then select ... (the ellipses) next to Key Path.
-7. Browse to **System\CurrentControlSet\Services\PimIndexMaintenanceSvc**. In the list of values, highlight **Start** and click **Select**.
+7. Browse to **System\CurrentControlSet\Services\PimIndexMaintenanceSvc**. In the list of values, highlight **Start** and select **Select**.
-8. Change **Value data** from **00000003** to **00000004** and click **OK**. Note setting the Value data to **4** = **Disabled**.
+8. Change **Value data** from **00000003** to **00000004** and select **OK**. Note setting the Value data to **4** = **Disabled**.
-9. To add the other services that cannot be managed with a Group Policy templates, edit the policy and repeat steps 5-8.
+9. To add the other services that can't be managed with a Group Policy templates, edit the policy and repeat steps 5-8.
### Managing Template Services with reg.exe
-If you cannot use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe.
+If you can't use Group Policy Preferences to manage the per-user services, you can edit the registry with reg.exe.
To disable the Template Services, change the Startup Type for each service to 4 (disabled).
For example:
@@ -135,7 +135,7 @@ REG.EXE ADD HKLM\System\CurrentControlSet\Services\WpnUserService /v Start /t RE
### Managing Template Services with regedit.exe
-If you cannot use Group Policy preferences to manage the per-user services, you can edit the registry with regedit.exe. To disable the template services, change the Startup Type for each service to 4 (disabled):
+If you can't use Group Policy preferences to manage the per-user services, you can edit the registry with regedit.exe. To disable the template services, change the Startup Type for each service to 4 (disabled):
@@ -159,7 +159,7 @@ Sample script using [sc.exe](/previous-versions/windows/it-pro/windows-server-20
```
sc.exe configure start= disabled
```
-Note that the space after "=" is intentional.
+The space after "=" is intentional.
Sample script using the [Set-Service PowerShell cmdlet](/previous-versions/windows/it-pro/windows-powershell-1.0/ee176963(v=technet.10)):
@@ -169,7 +169,7 @@ Set-Service -StartupType Disabled
## View per-user services in the Services console (services.msc)
-As mentioned you can't view the template services in the Services console, but you can see the user-specific per-user services - they are displayed using the \_LUID format (where LUID is the locally unique identifier).
+As mentioned you can't view the template services in the Services console, but you can see the user-specific per-user services - they're displayed using the \_LUID format (where LUID is the locally unique identifier).
For example, you might see the following per-user services listed in the Services console:
diff --git a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
index 45f7dec8fa..b039ab012b 100644
--- a/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
+++ b/windows/application-management/private-app-repository-mdm-company-portal-windows-11.md
@@ -1,11 +1,11 @@
---
title: Use the Company Portal app for your private app repo on Windows 11 devices | Microsoft Docs
description: Use the Company Portal app in Windows 11 devices to access the private app repository for your organization or company apps. Add apps to an MDM/MAM provider, and deploy the apps to Windows devices using policies. The Company Portal app replaces Microsoft Store for Business private store on Windows 11 devices.
-manager: dougeby
-ms.author: aaroncz
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.reviewer: amanh
ms.prod: w11
-author: aczechowski
ms.date: 09/15/2021
ms.localizationpriority: medium
---
diff --git a/windows/application-management/provisioned-apps-windows-client-os.md b/windows/application-management/provisioned-apps-windows-client-os.md
index c155a0e790..b61fb4f87e 100644
--- a/windows/application-management/provisioned-apps-windows-client-os.md
+++ b/windows/application-management/provisioned-apps-windows-client-os.md
@@ -1,11 +1,11 @@
---
title: Get the provisioned apps on Windows client operating system | Microsoft Docs
ms.reviewer:
-manager: dougeby
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
description: Use the Windows PowerShell Get-AppxProvisionedPackage command to get a list off the provisioned apps installed in Windows OS. See a list of some common provisioned apps installed a Windows Enterprise client computer or device, including Windows 10/11.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
ms.localizationpriority: medium
ms.topic: article
---
@@ -17,7 +17,7 @@ ms.topic: article
- Windows 10
- Windows 11
-Provisioned apps are included with the OS, and automatically installed when a user signs into a Windows device the first time. They are per-user apps, and typically installed in the `C:\Program Files\WindowsApps` folder. On your Windows devices, you can use Windows PowerShell to see the provisioned apps automatically installed.
+Provisioned apps are included with the OS, and automatically installed when a user signs into a Windows device the first time. They're per-user apps, and typically installed in the `C:\Program Files\WindowsApps` folder. On your Windows devices, you can use Windows PowerShell to see the provisioned apps automatically installed.
This article lists some of the built-in provisioned apps on the different Windows client OS versions, and lists the Windows PowerShell command to get a list.
diff --git a/windows/application-management/remove-provisioned-apps-during-update.md b/windows/application-management/remove-provisioned-apps-during-update.md
index d05b8db3c7..817364d24a 100644
--- a/windows/application-management/remove-provisioned-apps-during-update.md
+++ b/windows/application-management/remove-provisioned-apps-during-update.md
@@ -2,17 +2,17 @@
title: How to keep apps removed from Windows 10 from returning during an update
description: How to keep provisioned apps that were removed from your machine from returning during an update.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 05/25/2018
ms.reviewer:
-manager: dougeby
---
# How to keep apps removed from Windows 10 from returning during an update
> Applies to: Windows 10 (General Availability Channel)
-When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed return post-update. This can happen if the computer was offline when you removed the apps. This issue was fixed in Windows 10, version 1803.
+When you update a computer running Windows 10, version 1703 or 1709, you might see provisioned apps that you previously removed post-update. This can happen if the computer was offline when you removed the apps. Windows 10, version 1803 has fixed this issue.
>[!NOTE]
>* This issue only occurs after a feature update (from one version to the next), not monthly updates or security-related updates.
diff --git a/windows/application-management/sideload-apps-in-windows-10.md b/windows/application-management/sideload-apps-in-windows-10.md
index 0e20c16ba3..466370dcd1 100644
--- a/windows/application-management/sideload-apps-in-windows-10.md
+++ b/windows/application-management/sideload-apps-in-windows-10.md
@@ -2,10 +2,10 @@
title: Sideload LOB apps in Windows client OS | Microsoft Docs
description: Learn how to sideload line-of-business (LOB) apps in Windows client operating systems, including Windows 10/11. When you sideload an app, you deploy a signed app package to a device.
ms.reviewer:
-manager: dougeby
-ms.author: aaroncz
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.prod: w10
-author: aczechowski
ms.localizationpriority: medium
---
diff --git a/windows/application-management/svchost-service-refactoring.md b/windows/application-management/svchost-service-refactoring.md
index 7fe5fa1c05..67476d451f 100644
--- a/windows/application-management/svchost-service-refactoring.md
+++ b/windows/application-management/svchost-service-refactoring.md
@@ -2,11 +2,11 @@
title: Service Host service refactoring in Windows 10 version 1703
description: Learn about the SvcHost Service Refactoring introduced in Windows 10 version 1703.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
ms.date: 07/20/2017
ms.reviewer:
-manager: dougeby
---
# Changes to Service Host grouping in Windows 10
diff --git a/windows/application-management/system-apps-windows-client-os.md b/windows/application-management/system-apps-windows-client-os.md
index 89689b0d06..eef2f72573 100644
--- a/windows/application-management/system-apps-windows-client-os.md
+++ b/windows/application-management/system-apps-windows-client-os.md
@@ -1,11 +1,11 @@
---
title: Get the system apps on Windows client operating system | Microsoft Docs
ms.reviewer:
-manager: dougeby
+author: nicholasswhite
+ms.author: nwhite
+manager: aaroncz
description: Use the Windows PowerShell Get-AppxPackage command to get a list off the system apps installed in Windows OS. See a list of some common system apps installed a Windows Enterprise client computer or device, including Windows 10/11.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/client-management/administrative-tools-in-windows-10.md b/windows/client-management/administrative-tools-in-windows-10.md
index 76d04a5dd1..5260e5f1db 100644
--- a/windows/client-management/administrative-tools-in-windows-10.md
+++ b/windows/client-management/administrative-tools-in-windows-10.md
@@ -2,9 +2,9 @@
title: Windows Tools/Administrative Tools
description: The folders for Windows Tools and Administrative Tools are folders in the Control Panel that contain tools for system administrators and advanced users.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: vinaypamnani-msft
+ms.author: vinpa
+manager: aaroncz
ms.localizationpriority: medium
ms.date: 03/28/2022
ms.topic: article
diff --git a/windows/client-management/change-default-removal-policy-external-storage-media.md b/windows/client-management/change-default-removal-policy-external-storage-media.md
index 8b0e587b74..7a16f17f4d 100644
--- a/windows/client-management/change-default-removal-policy-external-storage-media.md
+++ b/windows/client-management/change-default-removal-policy-external-storage-media.md
@@ -1,15 +1,15 @@
---
title: Windows 10 default media removal policy
-description: In Windows 10, version 1809, the default removal policy for external storage media changed from "Better performance" to "Quick removal."
+description: In Windows 10, version 1809, the default removal policy for external storage media changed from Better performance to Quick removal.
ms.prod: w10
-author: Teresa-Motiv
-ms.author: dougeby
+author: vinaypamnani-msft
+ms.author: vinpa
ms.date: 11/25/2020
ms.topic: article
ms.custom:
-- CI 111493
-- CI 125140
-- CSSTroubleshooting
+ - CI 111493
+ - CI 125140
+ - CSSTroubleshooting
audience: ITPro
ms.localizationpriority: medium
manager: kaushika
diff --git a/windows/client-management/connect-to-remote-aadj-pc.md b/windows/client-management/connect-to-remote-aadj-pc.md
index ea9fe24821..a2b2682d33 100644
--- a/windows/client-management/connect-to-remote-aadj-pc.md
+++ b/windows/client-management/connect-to-remote-aadj-pc.md
@@ -2,12 +2,12 @@
title: Connect to remote Azure Active Directory-joined PC (Windows)
description: You can use Remote Desktop Connection to connect to an Azure AD-joined PC.
ms.prod: w10
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
-ms.author: dansimp
+ms.author: vinpa
ms.date: 01/18/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.topic: article
ms.collection: highpri
---
diff --git a/windows/client-management/group-policies-for-enterprise-and-education-editions.md b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
index dfb3d72af7..44304f2950 100644
--- a/windows/client-management/group-policies-for-enterprise-and-education-editions.md
+++ b/windows/client-management/group-policies-for-enterprise-and-education-editions.md
@@ -2,12 +2,12 @@
title: Group Policy settings that apply only to Windows 10 Enterprise and Education Editions (Windows 10)
description: Use this topic to learn about Group Policy settings that apply only to Windows 10 Enterprise and Windows 10 Education.
ms.prod: w10
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/14/2021
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: troubleshooting
---
diff --git a/windows/client-management/manage-corporate-devices.md b/windows/client-management/manage-corporate-devices.md
index 36da3dfcc9..022820d4e9 100644
--- a/windows/client-management/manage-corporate-devices.md
+++ b/windows/client-management/manage-corporate-devices.md
@@ -2,11 +2,11 @@
title: Manage corporate devices
description: You can use the same management tools to manage all device types running Windows 10 or Windows 11 desktops, laptops, tablets, and phones.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
-keywords: ["MDM", "device management"]
+manager: aaroncz
+ms.author: vinpa
+keywords: [MDM, device management]
ms.prod: w10
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/14/2021
ms.topic: article
diff --git a/windows/client-management/manage-device-installation-with-group-policy.md b/windows/client-management/manage-device-installation-with-group-policy.md
index 79544bf12c..7c8c46580d 100644
--- a/windows/client-management/manage-device-installation-with-group-policy.md
+++ b/windows/client-management/manage-device-installation-with-group-policy.md
@@ -2,11 +2,11 @@
title: Manage Device Installation with Group Policy (Windows 10 and Windows 11)
description: Find out how to manage Device Installation Restrictions with Group Policy.
ms.prod: w10
-author: aczechowski
+author: vinaypamnani-msft
ms.date: 09/14/2021
ms.reviewer:
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
---
diff --git a/windows/client-management/manage-settings-app-with-group-policy.md b/windows/client-management/manage-settings-app-with-group-policy.md
index 4914694065..d78eac22f8 100644
--- a/windows/client-management/manage-settings-app-with-group-policy.md
+++ b/windows/client-management/manage-settings-app-with-group-policy.md
@@ -2,11 +2,11 @@
title: Manage the Settings app with Group Policy (Windows 10 and Windows 11)
description: Find out how to manage the Settings app with Group Policy so you can hide specific pages from users.
ms.prod: w10
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/14/2021
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
---
diff --git a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
index 0f27f3d1d1..367392eba4 100644
--- a/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
+++ b/windows/client-management/manage-windows-10-in-your-organization-modern-management.md
@@ -4,10 +4,10 @@ description: This article offers strategies for deploying and managing Windows 1
ms.prod: w10
ms.localizationpriority: medium
ms.date: 06/03/2022
-author: aczechowski
-ms.author: aaroncz
+author: vinaypamnani-msft
+ms.author: vinpa
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.topic: overview
---
diff --git a/windows/client-management/mandatory-user-profile.md b/windows/client-management/mandatory-user-profile.md
index 18aaf583be..cbf11a9442 100644
--- a/windows/client-management/mandatory-user-profile.md
+++ b/windows/client-management/mandatory-user-profile.md
@@ -2,11 +2,11 @@
title: Create mandatory user profiles (Windows 10 and Windows 11)
description: A mandatory user profile is a special type of pre-configured roaming user profile that administrators can use to specify settings for users.
ms.prod: w10
-author: dansimp
-ms.author: dansimp
+author: vinaypamnani-msft
+ms.author: vinpa
ms.date: 09/14/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.topic: article
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/Language-pack-management-csp.md b/windows/client-management/mdm/Language-pack-management-csp.md
index 6e1bc0d9c6..948207dc6d 100644
--- a/windows/client-management/mdm/Language-pack-management-csp.md
+++ b/windows/client-management/mdm/Language-pack-management-csp.md
@@ -2,12 +2,12 @@
title: Language Pack Management CSP
description: Language Pack Management CSP allows a direct way to provision language packs remotely in Windows 10.
ms.reviewer:
-manager: dansimp
-ms.author: v-nsatapathy
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 06/22/2021
---
diff --git a/windows/client-management/mdm/accountmanagement-csp.md b/windows/client-management/mdm/accountmanagement-csp.md
index b55a87941f..03a75d8a7a 100644
--- a/windows/client-management/mdm/accountmanagement-csp.md
+++ b/windows/client-management/mdm/accountmanagement-csp.md
@@ -1,14 +1,14 @@
---
title: AccountManagement CSP
description: Learn about the AccountManagement CSP, which is used to configure settings in the Account Manager service.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/23/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# AccountManagement CSP
diff --git a/windows/client-management/mdm/accountmanagement-ddf.md b/windows/client-management/mdm/accountmanagement-ddf.md
index 51380b7ed8..d425503b6a 100644
--- a/windows/client-management/mdm/accountmanagement-ddf.md
+++ b/windows/client-management/mdm/accountmanagement-ddf.md
@@ -1,14 +1,14 @@
---
title: AccountManagement DDF file
description: View the OMA DM device description framework (DDF) for the AccountManagement configuration service provider. This file is used to configure settings.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/23/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# AccountManagement DDF file
diff --git a/windows/client-management/mdm/accounts-csp.md b/windows/client-management/mdm/accounts-csp.md
index 95689e3b8f..d447311a4e 100644
--- a/windows/client-management/mdm/accounts-csp.md
+++ b/windows/client-management/mdm/accounts-csp.md
@@ -1,14 +1,14 @@
---
title: Accounts CSP
description: The Accounts configuration service provider (CSP) is used by the enterprise to rename devices, and create local Windows accounts & join them to a group.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/27/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Accounts CSP
diff --git a/windows/client-management/mdm/accounts-ddf-file.md b/windows/client-management/mdm/accounts-ddf-file.md
index e522821656..b2bffb3a42 100644
--- a/windows/client-management/mdm/accounts-ddf-file.md
+++ b/windows/client-management/mdm/accounts-ddf-file.md
@@ -1,14 +1,14 @@
---
title: Accounts DDF file
description: View the XML file containing the device description framework (DDF) for the Accounts configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 04/17/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Accounts DDF file
diff --git a/windows/client-management/mdm/activesync-csp.md b/windows/client-management/mdm/activesync-csp.md
index 929b2dc46a..d174729230 100644
--- a/windows/client-management/mdm/activesync-csp.md
+++ b/windows/client-management/mdm/activesync-csp.md
@@ -1,13 +1,13 @@
---
title: ActiveSync CSP
-description: Learn how the ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync.
+description: Learn how the ActiveSync configuration service provider is used to set up and change settings for Exchange ActiveSync.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/activesync-ddf-file.md b/windows/client-management/mdm/activesync-ddf-file.md
index 216550b80b..323fc038e9 100644
--- a/windows/client-management/mdm/activesync-ddf-file.md
+++ b/windows/client-management/mdm/activesync-ddf-file.md
@@ -2,12 +2,12 @@
title: ActiveSync DDF file
description: Learn about the OMA DM device description framework (DDF) for the ActiveSync configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
index 85a599abb8..f5f05c6ddb 100644
--- a/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
+++ b/windows/client-management/mdm/add-an-azure-ad-tenant-and-azure-ad-subscription.md
@@ -2,12 +2,12 @@
title: Add an Azure AD tenant and Azure AD subscription
description: Here's a step-by-step guide to adding an Azure Active Directory tenant, adding an Azure AD subscription, and registering your subscription.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/alljoynmanagement-csp.md b/windows/client-management/mdm/alljoynmanagement-csp.md
index b8a280a346..e8aab159fb 100644
--- a/windows/client-management/mdm/alljoynmanagement-csp.md
+++ b/windows/client-management/mdm/alljoynmanagement-csp.md
@@ -2,12 +2,12 @@
title: AllJoynManagement CSP
description: The AllJoynManagement configuration service provider (CSP) allows an IT administrator to enumerate the AllJoyn devices that are connected to the AllJoyn bus.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/alljoynmanagement-ddf.md b/windows/client-management/mdm/alljoynmanagement-ddf.md
index bcb19ed0cd..edc188feac 100644
--- a/windows/client-management/mdm/alljoynmanagement-ddf.md
+++ b/windows/client-management/mdm/alljoynmanagement-ddf.md
@@ -2,12 +2,12 @@
title: AllJoynManagement DDF
description: Learn the OMA DM device description framework (DDF) for the AllJoynManagement configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/application-csp.md b/windows/client-management/mdm/application-csp.md
index 4502b38c2c..466550a3e5 100644
--- a/windows/client-management/mdm/application-csp.md
+++ b/windows/client-management/mdm/application-csp.md
@@ -2,12 +2,12 @@
title: APPLICATION CSP
description: Learn how the APPLICATION configuration service provider is used to configure an application transport using Open Mobile Alliance (OMA) Client Provisioning.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/applicationcontrol-csp-ddf.md b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
index 2c91bf430b..62648efd94 100644
--- a/windows/client-management/mdm/applicationcontrol-csp-ddf.md
+++ b/windows/client-management/mdm/applicationcontrol-csp-ddf.md
@@ -1,11 +1,11 @@
---
title: ApplicationControl CSP DDF
description: View the OMA DM device description framework (DDF) for the ApplicationControl configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/10/2019
---
diff --git a/windows/client-management/mdm/applicationcontrol-csp.md b/windows/client-management/mdm/applicationcontrol-csp.md
index 970bfa5103..e587cf8a3c 100644
--- a/windows/client-management/mdm/applicationcontrol-csp.md
+++ b/windows/client-management/mdm/applicationcontrol-csp.md
@@ -1,11 +1,11 @@
---
title: ApplicationControl CSP
description: The ApplicationControl CSP allows you to manage multiple Windows Defender Application Control (WDAC) policies from an MDM server.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.reviewer: jsuther1974
ms.date: 09/10/2020
---
diff --git a/windows/client-management/mdm/applocker-csp.md b/windows/client-management/mdm/applocker-csp.md
index 7ed2500275..abccc814e8 100644
--- a/windows/client-management/mdm/applocker-csp.md
+++ b/windows/client-management/mdm/applocker-csp.md
@@ -2,12 +2,12 @@
title: AppLocker CSP
description: Learn how the AppLocker configuration service provider is used to specify which applications are allowed or disallowed.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2019
---
diff --git a/windows/client-management/mdm/applocker-ddf-file.md b/windows/client-management/mdm/applocker-ddf-file.md
index 38e2c8e7bc..30adaa5b15 100644
--- a/windows/client-management/mdm/applocker-ddf-file.md
+++ b/windows/client-management/mdm/applocker-ddf-file.md
@@ -2,12 +2,12 @@
title: AppLocker DDF file
description: Learn about the OMA DM device description framework (DDF) for the AppLocker DDF file configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/applocker-xsd.md b/windows/client-management/mdm/applocker-xsd.md
index 9eedf4f812..4c9943e332 100644
--- a/windows/client-management/mdm/applocker-xsd.md
+++ b/windows/client-management/mdm/applocker-xsd.md
@@ -2,12 +2,12 @@
title: AppLocker XSD
description: View the XSD for the AppLocker CSP. The AppLocker CSP XSD provides an example of how the schema is organized.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/appv-deploy-and-config.md b/windows/client-management/mdm/appv-deploy-and-config.md
index 79bb949ff1..a407704b93 100644
--- a/windows/client-management/mdm/appv-deploy-and-config.md
+++ b/windows/client-management/mdm/appv-deploy-and-config.md
@@ -1,14 +1,14 @@
---
title: Deploy and configure App-V apps using MDM
description: Configure, deploy, and manage Microsoft Application Virtualization (App-V) apps using Microsoft Endpoint Manager or App-V server.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Deploy and configure App-V apps using MDM
diff --git a/windows/client-management/mdm/assign-seats.md b/windows/client-management/mdm/assign-seats.md
index d8c68d15e5..7394103149 100644
--- a/windows/client-management/mdm/assign-seats.md
+++ b/windows/client-management/mdm/assign-seats.md
@@ -2,12 +2,12 @@
title: Assign seat
description: The Assign seat operation assigns seat for a specified user in the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/assignedaccess-csp.md b/windows/client-management/mdm/assignedaccess-csp.md
index cf61a9f2c1..c0085b11e0 100644
--- a/windows/client-management/mdm/assignedaccess-csp.md
+++ b/windows/client-management/mdm/assignedaccess-csp.md
@@ -2,12 +2,12 @@
title: AssignedAccess CSP
description: The AssignedAccess configuration service provider (CSP) is used set the device to run in kiosk mode.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/03/2022
---
diff --git a/windows/client-management/mdm/assignedaccess-ddf.md b/windows/client-management/mdm/assignedaccess-ddf.md
index 276a419912..36b3670dac 100644
--- a/windows/client-management/mdm/assignedaccess-ddf.md
+++ b/windows/client-management/mdm/assignedaccess-ddf.md
@@ -2,12 +2,12 @@
title: AssignedAccess DDF
description: Learn how the OMA DM device description framework (DDF) for the AssignedAccess configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/22/2018
---
diff --git a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
index 5430991444..467e007dd7 100644
--- a/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
+++ b/windows/client-management/mdm/azure-active-directory-integration-with-mdm.md
@@ -2,12 +2,12 @@
title: Azure Active Directory integration with MDM
description: Azure Active Directory is the world largest enterprise cloud identity management service.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
index ce25592491..e54875a1df 100644
--- a/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
+++ b/windows/client-management/mdm/azure-ad-and-microsoft-intune-automatic-mdm-enrollment-in-the-new-portal.md
@@ -1,14 +1,14 @@
---
title: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new Portal
description: Azure AD and Microsoft Intune - Automatic MDM enrollment in the new portal
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Azure AD and Microsoft Intune: Automatic MDM enrollment in the new Portal
diff --git a/windows/client-management/mdm/bitlocker-csp.md b/windows/client-management/mdm/bitlocker-csp.md
index 111fecc2c2..1e27f08aa2 100644
--- a/windows/client-management/mdm/bitlocker-csp.md
+++ b/windows/client-management/mdm/bitlocker-csp.md
@@ -1,15 +1,15 @@
---
title: BitLocker CSP
description: Learn how the BitLocker configuration service provider (CSP) is used by the enterprise to manage encryption of PCs and devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/04/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/bitlocker-ddf-file.md b/windows/client-management/mdm/bitlocker-ddf-file.md
index b40819c5e8..663e7d623f 100644
--- a/windows/client-management/mdm/bitlocker-ddf-file.md
+++ b/windows/client-management/mdm/bitlocker-ddf-file.md
@@ -1,15 +1,15 @@
---
title: BitLocker DDF file
description: Learn about the OMA DM device description framework (DDF) for the BitLocker configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/30/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# BitLocker DDF file
diff --git a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
index 19a2fa944c..a02395dea5 100644
--- a/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
+++ b/windows/client-management/mdm/bulk-assign-and-reclaim-seats-from-user.md
@@ -2,12 +2,12 @@
title: Bulk assign and reclaim seats from users
description: The Bulk assign and reclaim seats from users operation returns reclaimed or assigned seats in the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
index a6d69bff48..c54261ccfa 100644
--- a/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
+++ b/windows/client-management/mdm/bulk-enrollment-using-windows-provisioning-tool.md
@@ -5,12 +5,12 @@ MS-HAID:
- 'p\_phdevicemgmt.bulk\_enrollment'
- 'p\_phDeviceMgmt.bulk\_enrollment\_using\_Windows\_provisioning\_tool'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/cellularsettings-csp.md b/windows/client-management/mdm/cellularsettings-csp.md
index 8e5f9ebac8..6c97d9489d 100644
--- a/windows/client-management/mdm/cellularsettings-csp.md
+++ b/windows/client-management/mdm/cellularsettings-csp.md
@@ -2,12 +2,12 @@
title: CellularSettings CSP
description: Learn how the CellularSettings configuration service provider is used to configure cellular settings on a mobile device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/certificate-authentication-device-enrollment.md b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
index f7af4adf18..9ea52d92fc 100644
--- a/windows/client-management/mdm/certificate-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/certificate-authentication-device-enrollment.md
@@ -2,12 +2,12 @@
title: Certificate authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using certificate authentication policy.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/certificate-renewal-windows-mdm.md b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
index 078523d5fb..96a2369975 100644
--- a/windows/client-management/mdm/certificate-renewal-windows-mdm.md
+++ b/windows/client-management/mdm/certificate-renewal-windows-mdm.md
@@ -5,12 +5,12 @@ MS-HAID:
- 'p\_phdevicemgmt.certificate\_renewal'
- 'p\_phDeviceMgmt.certificate\_renewal\_windows\_mdm'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/certificatestore-csp.md b/windows/client-management/mdm/certificatestore-csp.md
index 423745bbf6..585bfdba94 100644
--- a/windows/client-management/mdm/certificatestore-csp.md
+++ b/windows/client-management/mdm/certificatestore-csp.md
@@ -2,12 +2,12 @@
title: CertificateStore CSP
description: Use the CertificateStore configuration service provider (CSP) to add secure socket layers (SSL), intermediate, and self-signed certificates.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/28/2020
---
diff --git a/windows/client-management/mdm/certificatestore-ddf-file.md b/windows/client-management/mdm/certificatestore-ddf-file.md
index d05b283472..a99edbb1e3 100644
--- a/windows/client-management/mdm/certificatestore-ddf-file.md
+++ b/windows/client-management/mdm/certificatestore-ddf-file.md
@@ -2,12 +2,12 @@
title: CertificateStore DDF file
description: Learn about OMA DM device description framework (DDF) for the CertificateStore configuration service provider. DDF files are used with OMA DM provisioning XML.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/change-history-for-mdm-documentation.md b/windows/client-management/mdm/change-history-for-mdm-documentation.md
index 335e7119ac..a01ff5b853 100644
--- a/windows/client-management/mdm/change-history-for-mdm-documentation.md
+++ b/windows/client-management/mdm/change-history-for-mdm-documentation.md
@@ -1,10 +1,10 @@
---
title: Change history for MDM documentation
description: This article lists new and updated articles for Mobile Device Management.
-author: aczechowski
-ms.author: aaroncz
-ms.reviewer:
-manager: dougeby
+author: vinaypamnani-msft
+ms.author: vinpa
+ms.reviewer:
+manager: aaroncz
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/cleanpc-csp.md b/windows/client-management/mdm/cleanpc-csp.md
index 3c615c5b08..74cd9636c7 100644
--- a/windows/client-management/mdm/cleanpc-csp.md
+++ b/windows/client-management/mdm/cleanpc-csp.md
@@ -1,14 +1,14 @@
---
title: CleanPC CSP
description: The CleanPC configuration service provider (CSP) allows you to remove user-installed and pre-installed applications, with the option to persist user data.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# CleanPC CSP
diff --git a/windows/client-management/mdm/cleanpc-ddf.md b/windows/client-management/mdm/cleanpc-ddf.md
index d5f5924627..9677737584 100644
--- a/windows/client-management/mdm/cleanpc-ddf.md
+++ b/windows/client-management/mdm/cleanpc-ddf.md
@@ -2,12 +2,12 @@
title: CleanPC DDF
description: Learn about the OMA DM device description framework (DDF) for the CleanPC configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/clientcertificateinstall-csp.md b/windows/client-management/mdm/clientcertificateinstall-csp.md
index 8d30b4114c..faff015660 100644
--- a/windows/client-management/mdm/clientcertificateinstall-csp.md
+++ b/windows/client-management/mdm/clientcertificateinstall-csp.md
@@ -2,12 +2,12 @@
title: ClientCertificateInstall CSP
description: The ClientCertificateInstall configuration service provider (CSP) enables the enterprise to install client certificates.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/30/2021
---
diff --git a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
index da749c41ae..716eff3eef 100644
--- a/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
+++ b/windows/client-management/mdm/clientcertificateinstall-ddf-file.md
@@ -2,12 +2,12 @@
title: ClientCertificateInstall DDF file
description: Learn about the OMA DM device description framework (DDF) for the ClientCertificateInstall configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/cm-cellularentries-csp.md b/windows/client-management/mdm/cm-cellularentries-csp.md
index 2204143dfe..910c3b6c31 100644
--- a/windows/client-management/mdm/cm-cellularentries-csp.md
+++ b/windows/client-management/mdm/cm-cellularentries-csp.md
@@ -2,12 +2,12 @@
title: CM\_CellularEntries CSP
description: Learn how to configure the General Packet Radio Service (GPRS) entries using the CM\_CellularEntries CSP.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/02/2017
---
diff --git a/windows/client-management/mdm/cmpolicy-csp.md b/windows/client-management/mdm/cmpolicy-csp.md
index 94b8c15c30..38d7d17625 100644
--- a/windows/client-management/mdm/cmpolicy-csp.md
+++ b/windows/client-management/mdm/cmpolicy-csp.md
@@ -2,12 +2,12 @@
title: CMPolicy CSP
description: Learn how the CMPolicy configuration service provider (CSP) is used to define rules that the Connection Manager uses to identify correct connections.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/cmpolicyenterprise-csp.md b/windows/client-management/mdm/cmpolicyenterprise-csp.md
index a2858ed680..8515da3881 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-csp.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-csp.md
@@ -2,12 +2,12 @@
title: CMPolicyEnterprise CSP
description: Learn how the CMPolicyEnterprise CSP is used to define rules that the Connection Manager uses to identify the correct connection for a connection request.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
index 9714d6d292..47fd1ec39d 100644
--- a/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
+++ b/windows/client-management/mdm/cmpolicyenterprise-ddf-file.md
@@ -2,12 +2,12 @@
title: CMPolicyEnterprise DDF file
description: Learn about the OMA DM device description framework (DDF) for the CMPolicyEnterprise configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/config-lock.md b/windows/client-management/mdm/config-lock.md
index a2167e456e..a9339f8e76 100644
--- a/windows/client-management/mdm/config-lock.md
+++ b/windows/client-management/mdm/config-lock.md
@@ -1,12 +1,12 @@
---
title: Secured-core configuration lock
description: A secured-core PC (SCPC) feature that prevents configuration drift from secured-core PC features caused by unintentional misconfiguration.
-manager: dansimp
-ms.author: v-lsaldanha
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w11
ms.technology: windows
-author: lovina-saldanha
+author: vinaypamnani-msft
ms.date: 05/24/2022
---
diff --git a/windows/client-management/mdm/configuration-service-provider-reference.md b/windows/client-management/mdm/configuration-service-provider-reference.md
index 6c7adbc949..62eca97eea 100644
--- a/windows/client-management/mdm/configuration-service-provider-reference.md
+++ b/windows/client-management/mdm/configuration-service-provider-reference.md
@@ -2,12 +2,12 @@
title: Configuration service provider reference
description: A configuration service provider (CSP) is an interface to read, set, modify, or delete configuration settings on the device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/customdeviceui-csp.md b/windows/client-management/mdm/customdeviceui-csp.md
index de2896f574..759f17f26a 100644
--- a/windows/client-management/mdm/customdeviceui-csp.md
+++ b/windows/client-management/mdm/customdeviceui-csp.md
@@ -2,12 +2,12 @@
title: CustomDeviceUI CSP
description: Learn how the CustomDeviceUI configuration service provider (CSP) allows OEMs to implement their custom foreground application.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/customdeviceui-ddf.md b/windows/client-management/mdm/customdeviceui-ddf.md
index 0433c22507..f847a4ba95 100644
--- a/windows/client-management/mdm/customdeviceui-ddf.md
+++ b/windows/client-management/mdm/customdeviceui-ddf.md
@@ -2,12 +2,12 @@
title: CustomDeviceUI DDF
description: Learn about the OMA DM device description framework (DDF) for the CustomDeviceUI configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/data-structures-windows-store-for-business.md b/windows/client-management/mdm/data-structures-windows-store-for-business.md
index 138c6d80c8..e39e9c9e12 100644
--- a/windows/client-management/mdm/data-structures-windows-store-for-business.md
+++ b/windows/client-management/mdm/data-structures-windows-store-for-business.md
@@ -1,16 +1,16 @@
---
title: Data structures for Microsoft Store for Business
description: Learn about the various data structures for Microsoft Store for Business.
-MS-HAID:
-- 'p\_phdevicemgmt.business\_store\_data\_structures'
-- 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
+MS-HAID:
+ - 'p\_phdevicemgmt.business\_store\_data\_structures'
+ - 'p\_phDeviceMgmt.data\_structures\_windows\_store\_for\_business'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/defender-csp.md b/windows/client-management/mdm/defender-csp.md
index 6a6904fd19..ca3b7ea096 100644
--- a/windows/client-management/mdm/defender-csp.md
+++ b/windows/client-management/mdm/defender-csp.md
@@ -2,12 +2,12 @@
title: Defender CSP
description: Learn how the Windows Defender configuration service provider is used to configure various Windows Defender actions across the enterprise.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/22/2022
---
diff --git a/windows/client-management/mdm/defender-ddf.md b/windows/client-management/mdm/defender-ddf.md
index 9bf6463258..1a99f5c85b 100644
--- a/windows/client-management/mdm/defender-ddf.md
+++ b/windows/client-management/mdm/defender-ddf.md
@@ -2,12 +2,12 @@
title: Defender DDF file
description: Learn how the OMA DM device description framework (DDF) for the Defender configuration service provider is used.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/23/2021
---
diff --git a/windows/client-management/mdm/devdetail-csp.md b/windows/client-management/mdm/devdetail-csp.md
index 23a246c454..a1b368c716 100644
--- a/windows/client-management/mdm/devdetail-csp.md
+++ b/windows/client-management/mdm/devdetail-csp.md
@@ -2,12 +2,12 @@
title: DevDetail CSP
description: Learn how the DevDetail configuration service provider handles the management object. This CSP provides device-specific parameters to the OMA DM server.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/27/2020
---
diff --git a/windows/client-management/mdm/devdetail-ddf-file.md b/windows/client-management/mdm/devdetail-ddf-file.md
index e1d79c9308..957eb5558f 100644
--- a/windows/client-management/mdm/devdetail-ddf-file.md
+++ b/windows/client-management/mdm/devdetail-ddf-file.md
@@ -2,12 +2,12 @@
title: DevDetail DDF file
description: Learn about the OMA DM device description framework (DDF) for the DevDetail configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/03/2020
---
diff --git a/windows/client-management/mdm/developersetup-csp.md b/windows/client-management/mdm/developersetup-csp.md
index 244e26d627..592432a187 100644
--- a/windows/client-management/mdm/developersetup-csp.md
+++ b/windows/client-management/mdm/developersetup-csp.md
@@ -2,12 +2,12 @@
title: DeveloperSetup CSP
description: The DeveloperSetup configuration service provider (CSP) is used to configure developer mode on the device. This CSP was added in the Windows 10, version 1703.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2018
---
diff --git a/windows/client-management/mdm/developersetup-ddf.md b/windows/client-management/mdm/developersetup-ddf.md
index 4d959b186f..ae96fa64df 100644
--- a/windows/client-management/mdm/developersetup-ddf.md
+++ b/windows/client-management/mdm/developersetup-ddf.md
@@ -2,12 +2,12 @@
title: DeveloperSetup DDF file
description: This topic shows the OMA DM device description framework (DDF) for the DeveloperSetup configuration service provider. This CSP was added in Windows 10, version 1703.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/device-update-management.md b/windows/client-management/mdm/device-update-management.md
index 030e89915c..bd5f317fc2 100644
--- a/windows/client-management/mdm/device-update-management.md
+++ b/windows/client-management/mdm/device-update-management.md
@@ -2,12 +2,12 @@
title: Mobile device management MDM for device updates
description: Windows 10 provides several APIs to help mobile device management (MDM) solutions manage updates. Learn how to use these APIs to implement update management.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/15/2017
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/devicelock-csp.md b/windows/client-management/mdm/devicelock-csp.md
index 2ee9b7eb60..29938e34dc 100644
--- a/windows/client-management/mdm/devicelock-csp.md
+++ b/windows/client-management/mdm/devicelock-csp.md
@@ -2,12 +2,12 @@
title: DeviceLock CSP
description: Learn how the DeviceLock configuration service provider (CSP) is used by the enterprise management server to configure device lock related policies.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/devicelock-ddf-file.md b/windows/client-management/mdm/devicelock-ddf-file.md
index 75ec208587..974d878b01 100644
--- a/windows/client-management/mdm/devicelock-ddf-file.md
+++ b/windows/client-management/mdm/devicelock-ddf-file.md
@@ -2,12 +2,12 @@
title: DeviceLock DDF file
description: Learn about the OMA DM device description framework (DDF) for the DeviceLock configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/devicemanageability-csp.md b/windows/client-management/mdm/devicemanageability-csp.md
index 355ebdc632..b650e3c405 100644
--- a/windows/client-management/mdm/devicemanageability-csp.md
+++ b/windows/client-management/mdm/devicemanageability-csp.md
@@ -1,13 +1,13 @@
---
title: DeviceManageability CSP
-description: Learn how the DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
+description: Learn how the DeviceManageability configuration service provider (CSP) is used to retrieve general information about MDM configuration capabilities on the device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/01/2017
---
diff --git a/windows/client-management/mdm/devicemanageability-ddf.md b/windows/client-management/mdm/devicemanageability-ddf.md
index f57ca0aef2..23dd9b8cf6 100644
--- a/windows/client-management/mdm/devicemanageability-ddf.md
+++ b/windows/client-management/mdm/devicemanageability-ddf.md
@@ -2,12 +2,12 @@
title: DeviceManageability DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceManageability configuration service provider. This CSP was added in Windows 10, version 1607.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/devicestatus-csp.md b/windows/client-management/mdm/devicestatus-csp.md
index e804c7d30b..c900b41939 100644
--- a/windows/client-management/mdm/devicestatus-csp.md
+++ b/windows/client-management/mdm/devicestatus-csp.md
@@ -2,12 +2,12 @@
title: DeviceStatus CSP
description: Learn how the DeviceStatus configuration service provider keeps track of device inventory and queries the compliance state of devices within the enterprise.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/25/2021
---
diff --git a/windows/client-management/mdm/devicestatus-ddf.md b/windows/client-management/mdm/devicestatus-ddf.md
index 5327b89015..9019f6a5b9 100644
--- a/windows/client-management/mdm/devicestatus-ddf.md
+++ b/windows/client-management/mdm/devicestatus-ddf.md
@@ -2,12 +2,12 @@
title: DeviceStatus DDF
description: This topic shows the OMA DM device description framework (DDF) for the DeviceStatus configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/12/2018
---
diff --git a/windows/client-management/mdm/devinfo-csp.md b/windows/client-management/mdm/devinfo-csp.md
index c8403f3163..fe9309086b 100644
--- a/windows/client-management/mdm/devinfo-csp.md
+++ b/windows/client-management/mdm/devinfo-csp.md
@@ -2,12 +2,12 @@
title: DevInfo CSP
description: Learn how the DevInfo configuration service provider handles the managed object that provides device information to the OMA DM server.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/devinfo-ddf-file.md b/windows/client-management/mdm/devinfo-ddf-file.md
index 9d99d2d67b..ae70ac7ba1 100644
--- a/windows/client-management/mdm/devinfo-ddf-file.md
+++ b/windows/client-management/mdm/devinfo-ddf-file.md
@@ -2,12 +2,12 @@
title: DevInfo DDF file
description: Learn about the OMA DM device description framework (DDF) for the DevInfo configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
index ea79a37fdb..1191fc721d 100644
--- a/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
+++ b/windows/client-management/mdm/diagnose-mdm-failures-in-windows-10.md
@@ -2,12 +2,12 @@
title: Diagnose MDM failures in Windows 10
description: Learn how to collect MDM logs. Examining these logs can help diagnose enrollment or device management issues in Windows 10 devices managed by an MDM server.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/25/2018
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/diagnosticlog-csp.md b/windows/client-management/mdm/diagnosticlog-csp.md
index cdf8c2917d..119d455dec 100644
--- a/windows/client-management/mdm/diagnosticlog-csp.md
+++ b/windows/client-management/mdm/diagnosticlog-csp.md
@@ -2,12 +2,12 @@
title: DiagnosticLog CSP
description: Learn about the feature areas of the DiagnosticLog configuration service provider (CSP), including the DiagnosticLog area and Policy area.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2019
---
diff --git a/windows/client-management/mdm/diagnosticlog-ddf.md b/windows/client-management/mdm/diagnosticlog-ddf.md
index 38cf705e56..379b38b3fe 100644
--- a/windows/client-management/mdm/diagnosticlog-ddf.md
+++ b/windows/client-management/mdm/diagnosticlog-ddf.md
@@ -2,12 +2,12 @@
title: DiagnosticLog DDF
description: Learn about the the OMA DM device description framework (DDF) for the DiagnosticLog configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
index b3582457ad..31fbaa5aa9 100644
--- a/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
+++ b/windows/client-management/mdm/disconnecting-from-mdm-unenrollment.md
@@ -1,16 +1,16 @@
---
title: Disconnecting from the management infrastructure (unenrollment)
description: Disconnecting is initiated either locally by the user using a phone or remotely by the IT admin using management server.
-MS-HAID:
-- 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_'
-- 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment'
+MS-HAID:
+ - 'p\_phdevicemgmt.disconnecting\_from\_the\_management\_infrastructure\_\_unenrollment\_'
+ - 'p\_phDeviceMgmt.disconnecting\_from\_mdm\_unenrollment'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/dmacc-csp.md b/windows/client-management/mdm/dmacc-csp.md
index 9938c6c5dc..ad9d6ccc76 100644
--- a/windows/client-management/mdm/dmacc-csp.md
+++ b/windows/client-management/mdm/dmacc-csp.md
@@ -2,12 +2,12 @@
title: DMAcc CSP
description: Learn how the DMAcc configuration service provider (CSP) allows an OMA Device Management (DM) version 1.2 server to handle OMA DM account objects.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/dmacc-ddf-file.md b/windows/client-management/mdm/dmacc-ddf-file.md
index b967d91e87..4ba6320269 100644
--- a/windows/client-management/mdm/dmacc-ddf-file.md
+++ b/windows/client-management/mdm/dmacc-ddf-file.md
@@ -2,12 +2,12 @@
title: DMAcc DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMAcc configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/dmclient-csp.md b/windows/client-management/mdm/dmclient-csp.md
index 165584ee19..dbaec53d02 100644
--- a/windows/client-management/mdm/dmclient-csp.md
+++ b/windows/client-management/mdm/dmclient-csp.md
@@ -2,12 +2,12 @@
title: DMClient CSP
description: Understand how the DMClient configuration service provider (CSP) is used to specify enterprise-specific mobile device management (MDM) configuration settings.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/01/2017
---
diff --git a/windows/client-management/mdm/dmclient-ddf-file.md b/windows/client-management/mdm/dmclient-ddf-file.md
index ca0753b5bc..2f7ca1fb7e 100644
--- a/windows/client-management/mdm/dmclient-ddf-file.md
+++ b/windows/client-management/mdm/dmclient-ddf-file.md
@@ -2,12 +2,12 @@
title: DMClient DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMClient configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
index 27091ecd80..471f590bc9 100644
--- a/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
+++ b/windows/client-management/mdm/dmprocessconfigxmlfiltered.md
@@ -3,20 +3,20 @@ title: DMProcessConfigXMLFiltered function
description: Learn how the DMProcessConfigXMLFiltered function configures phone settings by using OMA Client Provisioning XML.
Search.Refinement.TopicID: 184
ms.reviewer:
-manager: dansimp
-topic_type:
-- apiref
-api_name:
-- DMProcessConfigXMLFiltered
-api_location:
-- dmprocessxmlfiltered.dll
-api_type:
-- DllExport
-ms.author: dansimp
+manager: aaroncz
+topic_type:
+ - apiref
+api_name:
+ - DMProcessConfigXMLFiltered
+api_location:
+ - dmprocessxmlfiltered.dll
+api_type:
+ - DllExport
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/dmsessionactions-csp.md b/windows/client-management/mdm/dmsessionactions-csp.md
index 8a95673243..e9c3080fba 100644
--- a/windows/client-management/mdm/dmsessionactions-csp.md
+++ b/windows/client-management/mdm/dmsessionactions-csp.md
@@ -1,14 +1,14 @@
---
title: DMSessionActions CSP
description: Learn how the DMSessionActions configuration service provider (CSP) is used to manage the number of sessions the client skips if the device is in a low-power state.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# DMSessionActions CSP
diff --git a/windows/client-management/mdm/dmsessionactions-ddf.md b/windows/client-management/mdm/dmsessionactions-ddf.md
index 7cebc030ce..fcb5cb106e 100644
--- a/windows/client-management/mdm/dmsessionactions-ddf.md
+++ b/windows/client-management/mdm/dmsessionactions-ddf.md
@@ -1,14 +1,14 @@
---
title: DMSessionActions DDF file
description: Learn about the OMA DM device description framework (DDF) for the DMSessionActions configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# DMSessionActions DDF file
diff --git a/windows/client-management/mdm/dynamicmanagement-csp.md b/windows/client-management/mdm/dynamicmanagement-csp.md
index ce38bf29cd..3e4e54c181 100644
--- a/windows/client-management/mdm/dynamicmanagement-csp.md
+++ b/windows/client-management/mdm/dynamicmanagement-csp.md
@@ -1,14 +1,14 @@
---
title: DynamicManagement CSP
description: Learn how the Dynamic Management configuration service provider (CSP) enables configuration of policies that change how the device is managed.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/dynamicmanagement-ddf.md b/windows/client-management/mdm/dynamicmanagement-ddf.md
index 0bb1c75f3e..0e2a6dd191 100644
--- a/windows/client-management/mdm/dynamicmanagement-ddf.md
+++ b/windows/client-management/mdm/dynamicmanagement-ddf.md
@@ -2,12 +2,12 @@
title: DynamicManagement DDF file
description: Learn about the OMA DM device description framework (DDF) for the DynamicManagement configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/eap-configuration.md b/windows/client-management/mdm/eap-configuration.md
index 6eff7f2a44..1298e152d0 100644
--- a/windows/client-management/mdm/eap-configuration.md
+++ b/windows/client-management/mdm/eap-configuration.md
@@ -2,12 +2,12 @@
title: EAP configuration
description: Learn how to create an Extensible Authentication Protocol (EAP) configuration XML for a VPN profile, including details about EAP certificate filtering in Windows 10.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/email2-csp.md b/windows/client-management/mdm/email2-csp.md
index 2c03c1146b..a88665101f 100644
--- a/windows/client-management/mdm/email2-csp.md
+++ b/windows/client-management/mdm/email2-csp.md
@@ -2,12 +2,12 @@
title: EMAIL2 CSP
description: Learn how the EMAIL2 configuration service provider (CSP) is used to configure Simple Mail Transfer Protocol (SMTP) email accounts.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/email2-ddf-file.md b/windows/client-management/mdm/email2-ddf-file.md
index 7e3c271fc3..ec7d604849 100644
--- a/windows/client-management/mdm/email2-ddf-file.md
+++ b/windows/client-management/mdm/email2-ddf-file.md
@@ -2,12 +2,12 @@
title: EMAIL2 DDF file
description: Learn how the OMA DM device description framework (DDF) for the EMAIL2 configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
index 7a4821350c..a8fdcc53b2 100644
--- a/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
+++ b/windows/client-management/mdm/enable-admx-backed-policies-in-mdm.md
@@ -1,15 +1,15 @@
---
title: Enable ADMX policies in MDM
description: Use this step-by-step guide to configure a selected set of Group Policy administrative templates (ADMX policies) in Mobile Device Management (MDM).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/01/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Enable ADMX policies in MDM
diff --git a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
index 8076b0a504..b7a2a1544c 100644
--- a/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
+++ b/windows/client-management/mdm/enroll-a-windows-10-device-automatically-using-group-policy.md
@@ -1,14 +1,14 @@
---
title: Enroll a Windows 10 device automatically using Group Policy
description: Learn how to use a Group Policy to trigger auto-enrollment to MDM for Active Directory (AD) domain-joined devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 04/30/2022
-ms.reviewer:
-manager: dansimp
+ms.reviewer:
+manager: aaroncz
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
index 75870e43e0..40b17f8970 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp-ddf.md
@@ -1,11 +1,11 @@
---
title: EnrollmentStatusTracking DDF
description: View the OMA DM DDF for the EnrollmentStatusTracking configuration service provider. DDF files are used only with OMA DM provisioning XML.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/17/2019
---
diff --git a/windows/client-management/mdm/enrollmentstatustracking-csp.md b/windows/client-management/mdm/enrollmentstatustracking-csp.md
index d345f06255..3ad33fa688 100644
--- a/windows/client-management/mdm/enrollmentstatustracking-csp.md
+++ b/windows/client-management/mdm/enrollmentstatustracking-csp.md
@@ -1,11 +1,11 @@
---
title: EnrollmentStatusTracking CSP
description: Learn how to execute a hybrid certificate trust deployment of Windows Hello for Business, for systems with no previous installations.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/21/2019
---
diff --git a/windows/client-management/mdm/enterprise-app-management.md b/windows/client-management/mdm/enterprise-app-management.md
index c64c2d9ba3..d2dc640f22 100644
--- a/windows/client-management/mdm/enterprise-app-management.md
+++ b/windows/client-management/mdm/enterprise-app-management.md
@@ -2,12 +2,12 @@
title: Enterprise app management
description: This article covers one of the key mobile device management (MDM) features in Windows 10 for managing the lifecycle of apps across all of Windows.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/04/2021
---
diff --git a/windows/client-management/mdm/enterpriseapn-csp.md b/windows/client-management/mdm/enterpriseapn-csp.md
index 1e49e6f694..7988975af6 100644
--- a/windows/client-management/mdm/enterpriseapn-csp.md
+++ b/windows/client-management/mdm/enterpriseapn-csp.md
@@ -2,12 +2,12 @@
title: EnterpriseAPN CSP
description: The EnterpriseAPN configuration service provider is used by the enterprise to provision an APN for the Internet.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/22/2017
---
diff --git a/windows/client-management/mdm/enterpriseapn-ddf.md b/windows/client-management/mdm/enterpriseapn-ddf.md
index 2e81ae80fd..e83aef75e3 100644
--- a/windows/client-management/mdm/enterpriseapn-ddf.md
+++ b/windows/client-management/mdm/enterpriseapn-ddf.md
@@ -2,12 +2,12 @@
title: EnterpriseAPN DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAPN configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-csp.md b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
index b2a5361647..23d45c61be 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-csp.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-csp.md
@@ -1,14 +1,14 @@
---
title: EnterpriseAppVManagement CSP
-description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 or Windows 11 PCs. (Enterprise and Education editions).
-ms.author: dansimp
+description: Examine the tree format for EnterpriseAppVManagement CSP to manage virtual applications in Windows 10 or Windows 11 PCs. (Enterprise and Education editions).
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# EnterpriseAppVManagement CSP
diff --git a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
index 1c18aff981..0572ef9f96 100644
--- a/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
+++ b/windows/client-management/mdm/enterpriseappvmanagement-ddf.md
@@ -1,14 +1,14 @@
---
title: EnterpriseAppVManagement DDF file
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseAppVManagement configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# EnterpriseAppVManagement DDF file
diff --git a/windows/client-management/mdm/enterprisedataprotection-csp.md b/windows/client-management/mdm/enterprisedataprotection-csp.md
index 176e9f3b24..bf660969d6 100644
--- a/windows/client-management/mdm/enterprisedataprotection-csp.md
+++ b/windows/client-management/mdm/enterprisedataprotection-csp.md
@@ -3,12 +3,12 @@ title: EnterpriseDataProtection CSP
description: Learn how the EnterpriseDataProtection configuration service provider (CSP) configures Windows Information Protection (formerly, Enterprise Data Protection) settings.
ms.assetid: E2D4467F-A154-4C00-9208-7798EF3E25B3
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/09/2017
---
diff --git a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
index 68e337c333..f8be987381 100644
--- a/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedataprotection-ddf-file.md
@@ -2,12 +2,12 @@
title: EnterpriseDataProtection DDF file
description: The following topic shows the OMA DM device description framework (DDF) for the EnterpriseDataProtection configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
index 4b5ab02de2..d06146f5a0 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-csp.md
@@ -3,12 +3,12 @@ title: EnterpriseDesktopAppManagement CSP
description: Learn how the EnterpriseDesktopAppManagement CSP handles enterprise desktop application management tasks, such as installing or removing applications.
ms.assetid: 2BFF7491-BB01-41BA-9A22-AB209EE59FC5
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/11/2017
---
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
index 0803a2e9ab..dcf0663717 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement-ddf-file.md
@@ -2,12 +2,12 @@
title: EnterpriseDesktopAppManagement DDF
description: This topic shows the OMA DM device description framework (DDF) for the EnterpriseDesktopAppManagement configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
index c570ad096b..4117208a89 100644
--- a/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
+++ b/windows/client-management/mdm/enterprisedesktopappmanagement2-xsd.md
@@ -2,12 +2,12 @@
title: EnterpriseDesktopAppManagement XSD
description: This topic contains the XSD schema file for the EnterpriseDesktopAppManagement configuration service provider’s DownloadInstall parameter.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
index 7b616f1543..6aed81068c 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-csp.md
@@ -2,12 +2,12 @@
title: EnterpriseModernAppManagement CSP
description: Learn how the EnterpriseModernAppManagement configuration service provider (CSP) is used for the provisioning and reporting of modern enterprise apps.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2021
---
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
index 9e25733411..3a270aad3c 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-ddf.md
@@ -2,12 +2,12 @@
title: EnterpriseModernAppManagement DDF
description: Learn about the OMA DM device description framework (DDF) for the EnterpriseModernAppManagement configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/01/2019
---
diff --git a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
index dc9995f5ef..95016ab8fc 100644
--- a/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
+++ b/windows/client-management/mdm/enterprisemodernappmanagement-xsd.md
@@ -2,12 +2,12 @@
title: EnterpriseModernAppManagement XSD
description: In this article, view the EnterpriseModernAppManagement XSD example so you can set application parameters.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/esim-enterprise-management.md b/windows/client-management/mdm/esim-enterprise-management.md
index 30cebf3d9e..cdc60b2936 100644
--- a/windows/client-management/mdm/esim-enterprise-management.md
+++ b/windows/client-management/mdm/esim-enterprise-management.md
@@ -2,9 +2,9 @@
title: eSIM Enterprise Management
description: Learn how Mobile Device Management (MDM) Providers support the eSIM Profile Management Solution on Windows.
ms.prod: w10
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
-ms.author: dansimp
+ms.author: vinpa
ms.topic: conceptual
---
diff --git a/windows/client-management/mdm/euiccs-csp.md b/windows/client-management/mdm/euiccs-csp.md
index 4a840115e0..8d50139134 100644
--- a/windows/client-management/mdm/euiccs-csp.md
+++ b/windows/client-management/mdm/euiccs-csp.md
@@ -1,14 +1,14 @@
---
title: eUICCs CSP
description: Learn how the eUICCs CSP is used to support eUICC enterprise use cases and enables the IT admin to manage (assign, reassign, remove) subscriptions to employees.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/02/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# eUICCs CSP
diff --git a/windows/client-management/mdm/euiccs-ddf-file.md b/windows/client-management/mdm/euiccs-ddf-file.md
index e6d041a4a2..c17f08e0f3 100644
--- a/windows/client-management/mdm/euiccs-ddf-file.md
+++ b/windows/client-management/mdm/euiccs-ddf-file.md
@@ -2,12 +2,12 @@
title: eUICCs DDF file
description: Learn about the OMA DM device description framework (DDF) for the eUICCs configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/02/2018
---
diff --git a/windows/client-management/mdm/federated-authentication-device-enrollment.md b/windows/client-management/mdm/federated-authentication-device-enrollment.md
index 1bbe746b59..d0e4cb46c1 100644
--- a/windows/client-management/mdm/federated-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/federated-authentication-device-enrollment.md
@@ -2,12 +2,12 @@
title: Federated authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using federated authentication policy.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/28/2017
---
diff --git a/windows/client-management/mdm/firewall-csp.md b/windows/client-management/mdm/firewall-csp.md
index ddcd82076c..af9202d9ca 100644
--- a/windows/client-management/mdm/firewall-csp.md
+++ b/windows/client-management/mdm/firewall-csp.md
@@ -1,13 +1,13 @@
---
title: Firewall CSP
description: The Firewall configuration service provider (CSP) allows the mobile device management (MDM) server to configure the Windows Defender Firewall global settings.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Firewall configuration service provider (CSP)
diff --git a/windows/client-management/mdm/firewall-ddf-file.md b/windows/client-management/mdm/firewall-ddf-file.md
index fa54a62a29..50b8729198 100644
--- a/windows/client-management/mdm/firewall-ddf-file.md
+++ b/windows/client-management/mdm/firewall-ddf-file.md
@@ -1,14 +1,14 @@
---
title: Firewall DDF file
description: Learn about the OMA DM device description framework (DDF) for the Firewall configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Firewall CSP
diff --git a/windows/client-management/mdm/get-inventory.md b/windows/client-management/mdm/get-inventory.md
index c4613e5251..2aa1418ebf 100644
--- a/windows/client-management/mdm/get-inventory.md
+++ b/windows/client-management/mdm/get-inventory.md
@@ -1,16 +1,16 @@
---
title: Get Inventory
description: The Get Inventory operation retrieves information from the Microsoft Store for Business to determine if new or updated applications are available.
-MS-HAID:
-- 'p\_phdevicemgmt.get\_seatblock'
-- 'p\_phDeviceMgmt.get\_inventory'
+MS-HAID:
+ - 'p\_phdevicemgmt.get\_seatblock'
+ - 'p\_phDeviceMgmt.get\_inventory'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-localized-product-details.md b/windows/client-management/mdm/get-localized-product-details.md
index 1b91dfb6f8..373bebf5d7 100644
--- a/windows/client-management/mdm/get-localized-product-details.md
+++ b/windows/client-management/mdm/get-localized-product-details.md
@@ -2,12 +2,12 @@
title: Get localized product details
description: The Get localized product details operation retrieves the localization information of a product from the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/07/2020
---
diff --git a/windows/client-management/mdm/get-offline-license.md b/windows/client-management/mdm/get-offline-license.md
index 24ff7dd8f5..8960d7a7eb 100644
--- a/windows/client-management/mdm/get-offline-license.md
+++ b/windows/client-management/mdm/get-offline-license.md
@@ -2,12 +2,12 @@
title: Get offline license
description: The Get offline license operation retrieves the offline license information of a product from the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-product-details.md b/windows/client-management/mdm/get-product-details.md
index 2b5f901e1d..14b0e24af9 100644
--- a/windows/client-management/mdm/get-product-details.md
+++ b/windows/client-management/mdm/get-product-details.md
@@ -2,12 +2,12 @@
title: Get product details
description: The Get product details operation retrieves the product information from the Microsoft Store for Business for a specific application.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-product-package.md b/windows/client-management/mdm/get-product-package.md
index aaeb5a3b5e..2fa11f65b3 100644
--- a/windows/client-management/mdm/get-product-package.md
+++ b/windows/client-management/mdm/get-product-package.md
@@ -2,12 +2,12 @@
title: Get product package
description: The Get product package operation retrieves the information about a specific application in the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-product-packages.md b/windows/client-management/mdm/get-product-packages.md
index 3eb39cbd7c..4312842783 100644
--- a/windows/client-management/mdm/get-product-packages.md
+++ b/windows/client-management/mdm/get-product-packages.md
@@ -2,12 +2,12 @@
title: Get product packages
description: The Get product packages operation retrieves the information about applications in the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-seat.md b/windows/client-management/mdm/get-seat.md
index d0aec2af0b..66b6b7340f 100644
--- a/windows/client-management/mdm/get-seat.md
+++ b/windows/client-management/mdm/get-seat.md
@@ -2,12 +2,12 @@
title: Get seat
description: The Get seat operation retrieves the information about an active seat for a specified user in the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-seats-assigned-to-a-user.md b/windows/client-management/mdm/get-seats-assigned-to-a-user.md
index a657aa4026..27a30678ae 100644
--- a/windows/client-management/mdm/get-seats-assigned-to-a-user.md
+++ b/windows/client-management/mdm/get-seats-assigned-to-a-user.md
@@ -2,12 +2,12 @@
title: Get seats assigned to a user
description: The Get seats assigned to a user operation retrieves information about assigned seats in the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/get-seats.md b/windows/client-management/mdm/get-seats.md
index 2dc6f0a475..333d467ee8 100644
--- a/windows/client-management/mdm/get-seats.md
+++ b/windows/client-management/mdm/get-seats.md
@@ -2,12 +2,12 @@
title: Get seats
description: The Get seats operation retrieves the information about active seats in the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/healthattestation-csp.md b/windows/client-management/mdm/healthattestation-csp.md
index 4eb0e57c7d..9c85e6205e 100644
--- a/windows/client-management/mdm/healthattestation-csp.md
+++ b/windows/client-management/mdm/healthattestation-csp.md
@@ -2,12 +2,12 @@
title: Device HealthAttestation CSP
description: Learn how the DHA-CSP enables enterprise IT managers to assess if a device is booted to a trusted and compliant state, and take enterprise policy actions.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date:
---
diff --git a/windows/client-management/mdm/healthattestation-ddf.md b/windows/client-management/mdm/healthattestation-ddf.md
index 65cf48aeb7..1d1e14d1ab 100644
--- a/windows/client-management/mdm/healthattestation-ddf.md
+++ b/windows/client-management/mdm/healthattestation-ddf.md
@@ -2,12 +2,12 @@
title: HealthAttestation DDF
description: Learn about the OMA DM device description framework (DDF) for the HealthAttestation configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/implement-server-side-mobile-application-management.md b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
index 09eb2a8003..9d71b7234b 100644
--- a/windows/client-management/mdm/implement-server-side-mobile-application-management.md
+++ b/windows/client-management/mdm/implement-server-side-mobile-application-management.md
@@ -1,14 +1,14 @@
---
title: Support for mobile application management on Windows
description: Learn about implementing the Windows version of mobile application management (MAM), which is a lightweight solution for managing company data access and security on personal devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/03/2022
-ms.reviewer:
-manager: dansimp
+ms.reviewer:
+manager: aaroncz
---
diff --git a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
index c472c83092..e67b40bb24 100644
--- a/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
+++ b/windows/client-management/mdm/management-tool-for-windows-store-for-business.md
@@ -1,16 +1,16 @@
---
title: Management tool for the Microsoft Store for Business
description: The Microsoft Store for Business has a new web service designed for the enterprise to acquire, manage, and distribute applications in bulk.
-MS-HAID:
-- 'p\_phdevicemgmt.business\_store\_portal\_management\_tool'
-- 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business'
+MS-HAID:
+ - 'p\_phdevicemgmt.business\_store\_portal\_management\_tool'
+ - 'p\_phDeviceMgmt.management\_tool\_for\_windows\_store\_for\_business'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/27/2017
---
diff --git a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
index ddd397d1dc..d8748f2ee6 100644
--- a/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
+++ b/windows/client-management/mdm/mdm-enrollment-of-windows-devices.md
@@ -1,16 +1,16 @@
---
title: MDM enrollment of Windows 10-based devices
description: Learn about mobile device management (MDM) enrollment of Windows 10-based devices to simplify access to your organization’s resources.
-MS-HAID:
-- 'p\_phdevicemgmt.enrollment\_ui'
-- 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
+MS-HAID:
+ - 'p\_phdevicemgmt.enrollment\_ui'
+ - 'p\_phDeviceMgmt.mdm\_enrollment\_of\_windows\_devices'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/mobile-device-enrollment.md b/windows/client-management/mdm/mobile-device-enrollment.md
index b02ed00f8b..b161e96c13 100644
--- a/windows/client-management/mdm/mobile-device-enrollment.md
+++ b/windows/client-management/mdm/mobile-device-enrollment.md
@@ -2,12 +2,12 @@
title: Mobile device enrollment
description: Learn how mobile device enrollment verifies that only authenticated and authorized devices can be managed by their enterprise.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/11/2017
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/multisim-csp.md b/windows/client-management/mdm/multisim-csp.md
index 3a2861bbf1..0042735b48 100644
--- a/windows/client-management/mdm/multisim-csp.md
+++ b/windows/client-management/mdm/multisim-csp.md
@@ -1,14 +1,14 @@
---
title: MultiSIM CSP
description: MultiSIM configuration service provider (CSP) allows the enterprise to manage devices with dual SIM single active configuration.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/22/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# MultiSIM CSP
diff --git a/windows/client-management/mdm/multisim-ddf.md b/windows/client-management/mdm/multisim-ddf.md
index 18b9586283..662c3e0384 100644
--- a/windows/client-management/mdm/multisim-ddf.md
+++ b/windows/client-management/mdm/multisim-ddf.md
@@ -1,14 +1,14 @@
---
title: MultiSIM DDF file
description: XML file containing the device description framework for the MultiSIM configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/27/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# MultiSIM DDF
diff --git a/windows/client-management/mdm/nap-csp.md b/windows/client-management/mdm/nap-csp.md
index f2e5e008b4..2a4d93d58f 100644
--- a/windows/client-management/mdm/nap-csp.md
+++ b/windows/client-management/mdm/nap-csp.md
@@ -2,12 +2,12 @@
title: NAP CSP
description: Learn how the Network Access Point (NAP) configuration service provider (CSP) is used to manage and query GPRS and CDMA connections.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/napdef-csp.md b/windows/client-management/mdm/napdef-csp.md
index c93d4789ae..ebef8beec0 100644
--- a/windows/client-management/mdm/napdef-csp.md
+++ b/windows/client-management/mdm/napdef-csp.md
@@ -2,12 +2,12 @@
title: NAPDEF CSP
description: Learn how the NAPDEF configuration service provider (CSP) is used to add, modify, or delete WAP network access points (NAPs).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/networkproxy-csp.md b/windows/client-management/mdm/networkproxy-csp.md
index 47b33480b1..c249a38718 100644
--- a/windows/client-management/mdm/networkproxy-csp.md
+++ b/windows/client-management/mdm/networkproxy-csp.md
@@ -1,14 +1,14 @@
---
title: NetworkProxy CSP
description: Learn how the NetworkProxy configuration service provider (CSP) is used to configure a proxy server for ethernet and Wi-Fi connections.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/29/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# NetworkProxy CSP
diff --git a/windows/client-management/mdm/networkproxy-ddf.md b/windows/client-management/mdm/networkproxy-ddf.md
index 2b5f2798f2..ed25d003b2 100644
--- a/windows/client-management/mdm/networkproxy-ddf.md
+++ b/windows/client-management/mdm/networkproxy-ddf.md
@@ -1,14 +1,14 @@
---
title: NetworkProxy DDF file
description: AppNetworkProxyLocker DDF file
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# NetworkProxy DDF file
diff --git a/windows/client-management/mdm/networkqospolicy-csp.md b/windows/client-management/mdm/networkqospolicy-csp.md
index 5f455a3e9c..5b5d5d930e 100644
--- a/windows/client-management/mdm/networkqospolicy-csp.md
+++ b/windows/client-management/mdm/networkqospolicy-csp.md
@@ -1,14 +1,14 @@
---
title: NetworkQoSPolicy CSP
description: The NetworkQoSPolicy CSP applies the Quality of Service (QoS) policy for Microsoft Surface Hub. This CSP was added in Windows 10, version 1703.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 04/22/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# NetworkQoSPolicy CSP
diff --git a/windows/client-management/mdm/networkqospolicy-ddf.md b/windows/client-management/mdm/networkqospolicy-ddf.md
index 0ba34a7805..972f823ac5 100644
--- a/windows/client-management/mdm/networkqospolicy-ddf.md
+++ b/windows/client-management/mdm/networkqospolicy-ddf.md
@@ -2,12 +2,12 @@
title: NetworkQoSPolicy DDF
description: View the OMA DM device description framework (DDF) for the NetworkQoSPolicy configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
index 1c9068aa93..fdfb90c836 100644
--- a/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
+++ b/windows/client-management/mdm/new-in-windows-mdm-enrollment-management.md
@@ -1,16 +1,16 @@
---
title: What's new in MDM enrollment and management
description: Discover what's new and breaking changes in Windows 10 and Windows 11 mobile device management (MDM) enrollment and management experience across all Windows 10 devices.
-MS-HAID:
-- 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview'
-- 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management'
+MS-HAID:
+ - 'p\_phdevicemgmt.mdm\_enrollment\_and\_management\_overview'
+ - 'p\_phDeviceMgmt.new\_in\_windows\_mdm\_enrollment\_management'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/20/2020
---
diff --git a/windows/client-management/mdm/nodecache-csp.md b/windows/client-management/mdm/nodecache-csp.md
index 09715dd733..dc9bf7a054 100644
--- a/windows/client-management/mdm/nodecache-csp.md
+++ b/windows/client-management/mdm/nodecache-csp.md
@@ -2,12 +2,12 @@
title: NodeCache CSP
description: Use the NodeCache configuration service provider (CSP) to synchronize, monitor, and manage the client cache.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/nodecache-ddf-file.md b/windows/client-management/mdm/nodecache-ddf-file.md
index e62ba59a21..8fb7117803 100644
--- a/windows/client-management/mdm/nodecache-ddf-file.md
+++ b/windows/client-management/mdm/nodecache-ddf-file.md
@@ -2,12 +2,12 @@
title: NodeCache DDF file
description: Learn about the OMA DM device description framework (DDF) for the NodeCache configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/office-csp.md b/windows/client-management/mdm/office-csp.md
index e3ee2537c2..5fc7af65c0 100644
--- a/windows/client-management/mdm/office-csp.md
+++ b/windows/client-management/mdm/office-csp.md
@@ -1,14 +1,14 @@
---
title: Office CSP
description: The Office configuration service provider (CSP) enables a Microsoft Office client to be installed on a device. This CSP was added in Windows 10, version 1703.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/15/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Office CSP
diff --git a/windows/client-management/mdm/office-ddf.md b/windows/client-management/mdm/office-ddf.md
index 05bf3efc0f..94b6fecffe 100644
--- a/windows/client-management/mdm/office-ddf.md
+++ b/windows/client-management/mdm/office-ddf.md
@@ -2,12 +2,12 @@
title: Office DDF
description: This topic shows the OMA DM device description framework (DDF) for the Office configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/15/2018
---
diff --git a/windows/client-management/mdm/oma-dm-protocol-support.md b/windows/client-management/mdm/oma-dm-protocol-support.md
index 0a6a1332c0..add5219c9e 100644
--- a/windows/client-management/mdm/oma-dm-protocol-support.md
+++ b/windows/client-management/mdm/oma-dm-protocol-support.md
@@ -2,12 +2,12 @@
title: OMA DM protocol support
description: See how the OMA DM client communicates with the server over HTTPS and uses DM Sync (OMA DM v1.2) as the message payload.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
index 4d789fb346..129f2a8aae 100644
--- a/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
+++ b/windows/client-management/mdm/on-premise-authentication-device-enrollment.md
@@ -2,12 +2,12 @@
title: On-premises authentication device enrollment
description: This section provides an example of the mobile device enrollment protocol using on-premises authentication policy.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/passportforwork-csp.md b/windows/client-management/mdm/passportforwork-csp.md
index 5c2ab3a0c1..d45249dffe 100644
--- a/windows/client-management/mdm/passportforwork-csp.md
+++ b/windows/client-management/mdm/passportforwork-csp.md
@@ -2,12 +2,12 @@
title: PassportForWork CSP
description: The PassportForWork configuration service provider is used to provision Windows Hello for Business (formerly Microsoft Passport for Work).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/19/2019
---
diff --git a/windows/client-management/mdm/passportforwork-ddf.md b/windows/client-management/mdm/passportforwork-ddf.md
index 0b43dbee05..5bdaf460f7 100644
--- a/windows/client-management/mdm/passportforwork-ddf.md
+++ b/windows/client-management/mdm/passportforwork-ddf.md
@@ -2,12 +2,12 @@
title: PassportForWork DDF
description: View the OMA DM device description framework (DDF) for the PassportForWork configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/29/2019
---
diff --git a/windows/client-management/mdm/personalization-csp.md b/windows/client-management/mdm/personalization-csp.md
index 2a21d44f28..465ac4ecd9 100644
--- a/windows/client-management/mdm/personalization-csp.md
+++ b/windows/client-management/mdm/personalization-csp.md
@@ -1,14 +1,14 @@
---
title: Personalization CSP
description: Use the Personalization CSP to lock screen and desktop background images, prevent users from changing the image, and use the settings in a provisioning package.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/28/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Personalization CSP
diff --git a/windows/client-management/mdm/personalization-ddf.md b/windows/client-management/mdm/personalization-ddf.md
index bc7605048f..80cdb39b9b 100644
--- a/windows/client-management/mdm/personalization-ddf.md
+++ b/windows/client-management/mdm/personalization-ddf.md
@@ -1,14 +1,14 @@
---
title: Personalization DDF file
-description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP).
-ms.author: dansimp
+description: Learn how to set the OMA DM device description framework (DDF) for the Personalization configuration service provider (CSP).
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Personalization DDF file
diff --git a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
index 96ba99c053..e06e70792f 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-admx-backed.md
@@ -2,12 +2,12 @@
title: ADMX-backed policies in Policy CSP
description: Learn about the ADMX-backed policies in Policy CSP.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/08/2020
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
index fe99b88a1c..55f6a99ca0 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-group-policy.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by Group Policy
description: Learn about the policies in Policy CSP supported by Group Policy.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
index 58fffbd813..f70f86e654 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-commercial-suite.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite
description: Learn the policies in Policy CSP supported by HoloLens (1st gen) Commercial Suite.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/17/2019
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
index 7d67b45cd3..102a2eb6bc 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens-1st-gen-development-edition.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by HoloLens (1st gen) Development Edition
description: Learn about the policies in Policy CSP supported by HoloLens (1st gen) Development Edition.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
index 61da8064e2..d476c304ca 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-hololens2.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by HoloLens 2
description: Learn about the policies in Policy CSP supported by HoloLens 2.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 06/06/2022
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
index 0c5f378ed9..710a6bea37 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-iot-core.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by Windows 10 IoT Core
description: Learn about the policies in Policy CSP supported by Windows 10 IoT Core.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/16/2019
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
index 5ab411d317..128bb7099b 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-supported-by-surface-hub.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP supported by Microsoft Surface Hub
description: Learn about the policies in Policy CSP supported by Microsoft Surface Hub.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/22/2020
---
diff --git a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
index 4f12cf7aec..0529c08779 100644
--- a/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
+++ b/windows/client-management/mdm/policies-in-policy-csp-that-can-be-set-using-eas.md
@@ -2,12 +2,12 @@
title: Policies in Policy CSP that can be set using Exchange Active Sync (EAS)
description: Learn about the policies in Policy CSP that can be set using Exchange Active Sync (EAS).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
---
diff --git a/windows/client-management/mdm/policy-configuration-service-provider.md b/windows/client-management/mdm/policy-configuration-service-provider.md
index 023ece8e40..3b79fcf245 100644
--- a/windows/client-management/mdm/policy-configuration-service-provider.md
+++ b/windows/client-management/mdm/policy-configuration-service-provider.md
@@ -2,12 +2,12 @@
title: Policy CSP
description: Learn how the Policy configuration service provider (CSP) enables the enterprise to configure policies on Windows 10 and Windows 11.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 07/18/2019
ms.collection: highpri
diff --git a/windows/client-management/mdm/policy-csp-abovelock.md b/windows/client-management/mdm/policy-csp-abovelock.md
index e984f6f104..da3b56f932 100644
--- a/windows/client-management/mdm/policy-csp-abovelock.md
+++ b/windows/client-management/mdm/policy-csp-abovelock.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - AboveLock
-description: Learn the various AboveLock Policy configuration service provider (CSP) for Windows editions of Home, Pro, Business, and more.
-ms.author: dansimp
+description: Learn the various AboveLock Policy configuration service provider (CSP) for Windows editions of Home, Pro, Business, and more.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - AboveLock
diff --git a/windows/client-management/mdm/policy-csp-accounts.md b/windows/client-management/mdm/policy-csp-accounts.md
index e261b05c4e..9320bce051 100644
--- a/windows/client-management/mdm/policy-csp-accounts.md
+++ b/windows/client-management/mdm/policy-csp-accounts.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Accounts
-description: Learn about the Accounts policy configuration service provider (CSP). This article describes account policies.
-ms.author: dansimp
+description: Learn about the Accounts policy configuration service provider (CSP). This article describes account policies.
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Accounts
diff --git a/windows/client-management/mdm/policy-csp-activexcontrols.md b/windows/client-management/mdm/policy-csp-activexcontrols.md
index d96b12b249..572eef454e 100644
--- a/windows/client-management/mdm/policy-csp-activexcontrols.md
+++ b/windows/client-management/mdm/policy-csp-activexcontrols.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ActiveXControls
description: Learn about various Policy configuration service provider (CSP) - ActiveXControls settings, including SyncML, for Windows 10.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ActiveXControls
diff --git a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
index 2a3088be3f..05cbc1fcee 100644
--- a/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
+++ b/windows/client-management/mdm/policy-csp-admx-activexinstallservice.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ActiveXInstallService
description: Learn about the Policy CSP - ADMX_ActiveXInstallService.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ActiveXInstallService
diff --git a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
index 19c86af9d2..cf5b1966c0 100644
--- a/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
+++ b/windows/client-management/mdm/policy-csp-admx-addremoveprograms.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AddRemovePrograms
description: Learn about the Policy CSP - ADMX_AddRemovePrograms.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AddRemovePrograms
diff --git a/windows/client-management/mdm/policy-csp-admx-admpwd.md b/windows/client-management/mdm/policy-csp-admx-admpwd.md
index b7c83023fa..5dd95ce744 100644
--- a/windows/client-management/mdm/policy-csp-admx-admpwd.md
+++ b/windows/client-management/mdm/policy-csp-admx-admpwd.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AdmPwd
description: Learn about the Policy CSP - ADMX_AdmPwd.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AdmPwd
diff --git a/windows/client-management/mdm/policy-csp-admx-appcompat.md b/windows/client-management/mdm/policy-csp-admx-appcompat.md
index 09e0448165..ecdf4b38bf 100644
--- a/windows/client-management/mdm/policy-csp-admx-appcompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-appcompat.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AppCompat
description: Policy CSP - ADMX_AppCompat
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/20/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AppCompat
diff --git a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
index bfa6e0e368..3e30dc883a 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxpackagemanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AppxPackageManager
description: Learn about the Policy CSP - ADMX_AppxPackageManager.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/10/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AppxPackageManager
diff --git a/windows/client-management/mdm/policy-csp-admx-appxruntime.md b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
index f9d07fe835..786dc5626b 100644
--- a/windows/client-management/mdm/policy-csp-admx-appxruntime.md
+++ b/windows/client-management/mdm/policy-csp-admx-appxruntime.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AppXRuntime
description: Learn about the Policy CSP - ADMX_AppXRuntime.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/10/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AppXRuntime
diff --git a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
index 991162ca51..0b7733a5a2 100644
--- a/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-attachmentmanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AttachmentManager
description: Learn about the Policy CSP - ADMX_AttachmentManager.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/10/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AttachmentManager
diff --git a/windows/client-management/mdm/policy-csp-admx-auditsettings.md b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
index 4ae15d3c3b..d3fbdfca47 100644
--- a/windows/client-management/mdm/policy-csp-admx-auditsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-auditsettings.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_AuditSettings
description: Learn about the Policy CSP - ADMX_AuditSettings.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_AuditSettings.
diff --git a/windows/client-management/mdm/policy-csp-admx-bits.md b/windows/client-management/mdm/policy-csp-admx-bits.md
index ab01ed785d..52c73b763f 100644
--- a/windows/client-management/mdm/policy-csp-admx-bits.md
+++ b/windows/client-management/mdm/policy-csp-admx-bits.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Bits
description: Learn about the Policy CSP - ADMX_Bits.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/20/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Bits
diff --git a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
index a0033b3741..86f2b2d508 100644
--- a/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
+++ b/windows/client-management/mdm/policy-csp-admx-ciphersuiteorder.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CipherSuiteOrder
description: Learn about the Policy CSP - ADMX_CipherSuiteOrder.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CipherSuiteOrder
diff --git a/windows/client-management/mdm/policy-csp-admx-com.md b/windows/client-management/mdm/policy-csp-admx-com.md
index d24c27f120..8426131fb5 100644
--- a/windows/client-management/mdm/policy-csp-admx-com.md
+++ b/windows/client-management/mdm/policy-csp-admx-com.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_COM
description: Learn about the Policy CSP - ADMX_COM.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_COM
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpanel.md b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
index c38abdd5cc..55e7b8a33f 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpanel.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpanel.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ControlPanel
description: Learn about the Policy CSP - ADMX_ControlPanel.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/05/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ControlPanel
diff --git a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
index 8a4ec1282c..637df89faf 100644
--- a/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
+++ b/windows/client-management/mdm/policy-csp-admx-controlpaneldisplay.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ControlPanelDisplay
description: Learn about the Policy CSP - ADMX_ControlPanelDisplay.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/05/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ControlPanelDisplay
diff --git a/windows/client-management/mdm/policy-csp-admx-cpls.md b/windows/client-management/mdm/policy-csp-admx-cpls.md
index 0191a8c79c..b7c40099e2 100644
--- a/windows/client-management/mdm/policy-csp-admx-cpls.md
+++ b/windows/client-management/mdm/policy-csp-admx-cpls.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Cpls
description: Learn about the Policy CSP - ADMX_Cpls.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Cpls
diff --git a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
index 2787753ef1..b72ed7c028 100644
--- a/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-admx-credentialproviders.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CredentialProviders
description: Learn about the Policy CSP - ADMX_CredentialProviders.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/11/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CredentialProviders
diff --git a/windows/client-management/mdm/policy-csp-admx-credssp.md b/windows/client-management/mdm/policy-csp-admx-credssp.md
index fb24354248..fb4a63852b 100644
--- a/windows/client-management/mdm/policy-csp-admx-credssp.md
+++ b/windows/client-management/mdm/policy-csp-admx-credssp.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CredSsp
description: Learn about the Policy CSP - ADMX_CredSsp.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CredSsp
diff --git a/windows/client-management/mdm/policy-csp-admx-credui.md b/windows/client-management/mdm/policy-csp-admx-credui.md
index 133b87350c..68623bfc04 100644
--- a/windows/client-management/mdm/policy-csp-admx-credui.md
+++ b/windows/client-management/mdm/policy-csp-admx-credui.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CredUI
description: Learn about the Policy CSP - ADMX_CredUI.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CredUI
diff --git a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
index 22bb0e2b9c..0d6a23d272 100644
--- a/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
+++ b/windows/client-management/mdm/policy-csp-admx-ctrlaltdel.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_CtrlAltDel
description: Learn about the Policy CSP - ADMX_CtrlAltDel.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_CtrlAltDel
diff --git a/windows/client-management/mdm/policy-csp-admx-datacollection.md b/windows/client-management/mdm/policy-csp-admx-datacollection.md
index 9f7525d028..18b990f41a 100644
--- a/windows/client-management/mdm/policy-csp-admx-datacollection.md
+++ b/windows/client-management/mdm/policy-csp-admx-datacollection.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DataCollection
description: Learn about the Policy CSP - ADMX_DataCollection.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DataCollection
diff --git a/windows/client-management/mdm/policy-csp-admx-dcom.md b/windows/client-management/mdm/policy-csp-admx-dcom.md
index 4e3e20eb48..f826ec41b1 100644
--- a/windows/client-management/mdm/policy-csp-admx-dcom.md
+++ b/windows/client-management/mdm/policy-csp-admx-dcom.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DCOM
description: Learn about the Policy CSP - ADMX_DCOM.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DCOM
diff --git a/windows/client-management/mdm/policy-csp-admx-desktop.md b/windows/client-management/mdm/policy-csp-admx-desktop.md
index 5017634eeb..c18835be26 100644
--- a/windows/client-management/mdm/policy-csp-admx-desktop.md
+++ b/windows/client-management/mdm/policy-csp-admx-desktop.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Desktop
description: Learn about Policy CSP - ADMX_Desktop.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Desktop
diff --git a/windows/client-management/mdm/policy-csp-admx-devicecompat.md b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
index c1ac73f776..b2ca71c22d 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicecompat.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicecompat.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DeviceCompat
description: Learn about Policy CSP - ADMX_DeviceCompat.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 08/09/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DeviceCompat
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceguard.md b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
index 4a673e49f0..d39a25209b 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceguard.md
@@ -1,19 +1,22 @@
---
title: Policy CSP - ADMX_DeviceGuard
description: Learn about Policy CSP - ADMX_DeviceGuard.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DeviceGuard
+> [!WARNING]
+> Group Policy-based deployment of Windows Defender Application Control policies only supports single-policy format WDAC policies. To use WDAC on devices running Windows 10 1903 and greater, or Windows 11, we recommend using an alternative method for [policy deployment](/windows/security/threat-protection/windows-defender-application-control/windows-defender-application-control-deployment-guide).
+
> [!TIP]
> This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see [Understanding ADMX-backed policies](./understanding-admx-backed-policies.md).
>
@@ -93,4 +96,4 @@ ADMX Info:
## Related topics
-[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
\ No newline at end of file
+[ADMX-backed policies in Policy CSP](./policies-in-policy-csp-admx-backed.md)
diff --git a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
index bbc9785c1b..1da8e03482 100644
--- a/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-admx-deviceinstallation.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DeviceInstallation
description: Learn about Policy CSP - ADMX_DeviceInstallation.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DeviceInstallation
diff --git a/windows/client-management/mdm/policy-csp-admx-devicesetup.md b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
index d3b545c45a..d4559a5746 100644
--- a/windows/client-management/mdm/policy-csp-admx-devicesetup.md
+++ b/windows/client-management/mdm/policy-csp-admx-devicesetup.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DeviceSetup
description: Learn about Policy CSP - ADMX_DeviceSetup.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DeviceSetup
diff --git a/windows/client-management/mdm/policy-csp-admx-dfs.md b/windows/client-management/mdm/policy-csp-admx-dfs.md
index 029c5a1884..3a36dd326e 100644
--- a/windows/client-management/mdm/policy-csp-admx-dfs.md
+++ b/windows/client-management/mdm/policy-csp-admx-dfs.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DFS
description: Learn about Policy CSP - ADMX_DFS.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DFS
diff --git a/windows/client-management/mdm/policy-csp-admx-digitallocker.md b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
index 0b11ba27af..4cb25e95d8 100644
--- a/windows/client-management/mdm/policy-csp-admx-digitallocker.md
+++ b/windows/client-management/mdm/policy-csp-admx-digitallocker.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DigitalLocker
description: Learn about Policy CSP - ADMX_DigitalLocker.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/31/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DigitalLocker
diff --git a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
index 206c700ce3..9262266a8d 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskdiagnostic.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DiskDiagnostic
description: Learn about Policy CSP - ADMX_DiskDiagnostic.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/08/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DiskDiagnostic
diff --git a/windows/client-management/mdm/policy-csp-admx-disknvcache.md b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
index e3d2d46297..92b5a4725e 100644
--- a/windows/client-management/mdm/policy-csp-admx-disknvcache.md
+++ b/windows/client-management/mdm/policy-csp-admx-disknvcache.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DiskNVCache
description: Learn about Policy CSP - ADMX_DiskNVCache.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DiskNVCache
diff --git a/windows/client-management/mdm/policy-csp-admx-diskquota.md b/windows/client-management/mdm/policy-csp-admx-diskquota.md
index ac4604b2d6..bc75db6e4a 100644
--- a/windows/client-management/mdm/policy-csp-admx-diskquota.md
+++ b/windows/client-management/mdm/policy-csp-admx-diskquota.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DiskQuota
description: Learn about Policy CSP - ADMX_DiskQuota.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DiskQuota
diff --git a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
index 098addf8db..7efbc6544a 100644
--- a/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
+++ b/windows/client-management/mdm/policy-csp-admx-distributedlinktracking.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DistributedLinkTracking
description: Learn about Policy CSP - ADMX_DistributedLinkTracking.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/22/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DistributedLinkTracking
diff --git a/windows/client-management/mdm/policy-csp-admx-dnsclient.md b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
index 080d80ae3d..8af9f82bc0 100644
--- a/windows/client-management/mdm/policy-csp-admx-dnsclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-dnsclient.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DnsClient
description: Learn about Policy CSP - ADMX_DnsClient.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DnsClient
diff --git a/windows/client-management/mdm/policy-csp-admx-dwm.md b/windows/client-management/mdm/policy-csp-admx-dwm.md
index a3118e564b..920a8c9d98 100644
--- a/windows/client-management/mdm/policy-csp-admx-dwm.md
+++ b/windows/client-management/mdm/policy-csp-admx-dwm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_DWM
description: Learn about Policy CSP - ADMX_DWM.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/31/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_DWM
diff --git a/windows/client-management/mdm/policy-csp-admx-eaime.md b/windows/client-management/mdm/policy-csp-admx-eaime.md
index 6b81a966e1..c08bae6677 100644
--- a/windows/client-management/mdm/policy-csp-admx-eaime.md
+++ b/windows/client-management/mdm/policy-csp-admx-eaime.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EAIME
description: Learn about the Policy CSP - ADMX_EAIME.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/19/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EAIME
diff --git a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
index 2ef08d8dea..21c1fdf20f 100644
--- a/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
+++ b/windows/client-management/mdm/policy-csp-admx-encryptfilesonmove.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EncryptFilesonMove
description: Learn about the Policy CSP - ADMX_EncryptFilesonMove.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EncryptFilesonMove
diff --git a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
index 7a97834588..01470abcbe 100644
--- a/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-enhancedstorage.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EnhancedStorage
description: Learn about the Policy CSP - ADMX_EnhancedStorage.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EnhancedStorage
diff --git a/windows/client-management/mdm/policy-csp-admx-errorreporting.md b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
index 52dececdfe..75e7132a34 100644
--- a/windows/client-management/mdm/policy-csp-admx-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-admx-errorreporting.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ErrorReporting
description: Learn about the Policy CSP - ADMX_ErrorReporting.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ErrorReporting
diff --git a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
index 0eeeb1a2e2..627492ca73 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventforwarding.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EventForwarding
description: Learn about the Policy CSP - ADMX_EventForwarding.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EventForwarding
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlog.md b/windows/client-management/mdm/policy-csp-admx-eventlog.md
index 8e16b2c305..471b6a5631 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlog.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlog.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EventLog
description: Learn about the Policy CSP - ADMX_EventLog.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EventLog
diff --git a/windows/client-management/mdm/policy-csp-admx-eventlogging.md b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
index 62d1bc8a55..03921b2021 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventlogging.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventlogging.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EventLogging
description: Learn about the Policy CSP - ADMX_EventLogging.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/12/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EventLogging
diff --git a/windows/client-management/mdm/policy-csp-admx-eventviewer.md b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
index e04745a40b..a3979738bd 100644
--- a/windows/client-management/mdm/policy-csp-admx-eventviewer.md
+++ b/windows/client-management/mdm/policy-csp-admx-eventviewer.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_EventViewer
description: Learn about the Policy CSP - ADMX_EventViewer.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/13/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_EventViewer
diff --git a/windows/client-management/mdm/policy-csp-admx-explorer.md b/windows/client-management/mdm/policy-csp-admx-explorer.md
index 36e0b39de2..c3be668f23 100644
--- a/windows/client-management/mdm/policy-csp-admx-explorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-explorer.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Explorer
description: Learn about the Policy CSP - ADMX_Explorer.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Explorer
diff --git a/windows/client-management/mdm/policy-csp-admx-externalboot.md b/windows/client-management/mdm/policy-csp-admx-externalboot.md
index 93b3bee4e0..7d85473280 100644
--- a/windows/client-management/mdm/policy-csp-admx-externalboot.md
+++ b/windows/client-management/mdm/policy-csp-admx-externalboot.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ExternalBoot
description: Learn about the Policy CSP - ADMX_ExternalBoot.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/13/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ExternalBoot
diff --git a/windows/client-management/mdm/policy-csp-admx-filerecovery.md b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
index b5239ba4b3..e81f6e1043 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerecovery.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FileRecovery
description: Learn about the Policy CSP - ADMX_FileRecovery.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/24/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FileRecovery
diff --git a/windows/client-management/mdm/policy-csp-admx-filerevocation.md b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
index dedad2fa09..6cf18b696b 100644
--- a/windows/client-management/mdm/policy-csp-admx-filerevocation.md
+++ b/windows/client-management/mdm/policy-csp-admx-filerevocation.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FileRevocation
description: Learn about the Policy CSP - ADMX_FileRevocation.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/13/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FileRevocation
diff --git a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
index 71897ec183..5f9d1741bd 100644
--- a/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
+++ b/windows/client-management/mdm/policy-csp-admx-fileservervssprovider.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FileServerVSSProvider
description: Learn about the Policy CSP - ADMX_FileServerVSSProvider.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FileServerVSSProvider
diff --git a/windows/client-management/mdm/policy-csp-admx-filesys.md b/windows/client-management/mdm/policy-csp-admx-filesys.md
index 0e4f4f4725..e5c5587bc2 100644
--- a/windows/client-management/mdm/policy-csp-admx-filesys.md
+++ b/windows/client-management/mdm/policy-csp-admx-filesys.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FileSys
description: Learn about the Policy CSP - ADMX_FileSys.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FileSys
diff --git a/windows/client-management/mdm/policy-csp-admx-folderredirection.md b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
index fc2f29a559..cca8d67c3b 100644
--- a/windows/client-management/mdm/policy-csp-admx-folderredirection.md
+++ b/windows/client-management/mdm/policy-csp-admx-folderredirection.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FolderRedirection
description: Learn about the Policy CSP - ADMX_FolderRedirection.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FolderRedirection
diff --git a/windows/client-management/mdm/policy-csp-admx-framepanes.md b/windows/client-management/mdm/policy-csp-admx-framepanes.md
index ba90f4137d..a30e0b8b87 100644
--- a/windows/client-management/mdm/policy-csp-admx-framepanes.md
+++ b/windows/client-management/mdm/policy-csp-admx-framepanes.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FramePanes
description: Learn about the Policy CSP - ADMX_FramePanes.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/14/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FramePanes
diff --git a/windows/client-management/mdm/policy-csp-admx-fthsvc.md b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
index a87f70ce8d..d571a60d05 100644
--- a/windows/client-management/mdm/policy-csp-admx-fthsvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-fthsvc.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_FTHSVC
description: Learn about the Policy CSP - ADMX_FTHSVC.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/15/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_FTHSVC
diff --git a/windows/client-management/mdm/policy-csp-admx-globalization.md b/windows/client-management/mdm/policy-csp-admx-globalization.md
index 7483d618f1..51540ef8ab 100644
--- a/windows/client-management/mdm/policy-csp-admx-globalization.md
+++ b/windows/client-management/mdm/policy-csp-admx-globalization.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Globalization
description: Learn about the Policy CSP - ADMX_Globalization.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Globalization
diff --git a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
index 9b8a2007ca..986333d80f 100644
--- a/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-grouppolicy.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_GroupPolicy
description: Learn about the Policy CSP - ADMX_GroupPolicy.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_GroupPolicy
diff --git a/windows/client-management/mdm/policy-csp-admx-help.md b/windows/client-management/mdm/policy-csp-admx-help.md
index 603e13fa68..ef05d2efca 100644
--- a/windows/client-management/mdm/policy-csp-admx-help.md
+++ b/windows/client-management/mdm/policy-csp-admx-help.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Help
description: Learn about the Policy CSP - ADMX_Help.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/03/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Help
diff --git a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
index d1db72afc5..e013dc38ab 100644
--- a/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
+++ b/windows/client-management/mdm/policy-csp-admx-helpandsupport.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_HelpAndSupport
description: Learn about the Policy CSP - ADMX_HelpAndSupport.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/03/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_HelpAndSupport
diff --git a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
index 48356bdf1a..ba8121417b 100644
--- a/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
+++ b/windows/client-management/mdm/policy-csp-admx-hotspotauth.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_HotSpotAuth
description: Learn about the Policy CSP - ADMX_HotSpotAuth.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/15/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_HotSpotAuth
diff --git a/windows/client-management/mdm/policy-csp-admx-icm.md b/windows/client-management/mdm/policy-csp-admx-icm.md
index c80b5b8007..9e9178ac7a 100644
--- a/windows/client-management/mdm/policy-csp-admx-icm.md
+++ b/windows/client-management/mdm/policy-csp-admx-icm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ICM
description: Learn about the Policy CSP - ADMX_ICM.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ICM
diff --git a/windows/client-management/mdm/policy-csp-admx-iis.md b/windows/client-management/mdm/policy-csp-admx-iis.md
index c68c2b9d10..cdae65ef17 100644
--- a/windows/client-management/mdm/policy-csp-admx-iis.md
+++ b/windows/client-management/mdm/policy-csp-admx-iis.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_IIS
description: Learn about the Policy CSP - ADMX_IIS.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/17/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_IIS
diff --git a/windows/client-management/mdm/policy-csp-admx-iscsi.md b/windows/client-management/mdm/policy-csp-admx-iscsi.md
index 67786a4e35..e4938d1f67 100644
--- a/windows/client-management/mdm/policy-csp-admx-iscsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-iscsi.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_iSCSI
description: Learn about the Policy CSP - ADMX_iSCSI.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_iSCSI
diff --git a/windows/client-management/mdm/policy-csp-admx-kdc.md b/windows/client-management/mdm/policy-csp-admx-kdc.md
index 5ea252a9f3..ec99d97b12 100644
--- a/windows/client-management/mdm/policy-csp-admx-kdc.md
+++ b/windows/client-management/mdm/policy-csp-admx-kdc.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_kdc
description: Learn about the Policy CSP - ADMX_kdc.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_kdc
diff --git a/windows/client-management/mdm/policy-csp-admx-kerberos.md b/windows/client-management/mdm/policy-csp-admx-kerberos.md
index a70fa508b8..3cbff4ed32 100644
--- a/windows/client-management/mdm/policy-csp-admx-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-admx-kerberos.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Kerberos
description: Learn about the Policy CSP - ADMX_Kerberos.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Kerberos
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
index 4baef48f3a..3fe3659069 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanserver.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_LanmanServer
description: Learn about the Policy CSP - ADMX_LanmanServer.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LanmanServer
diff --git a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
index 1459422b9a..969840fdeb 100644
--- a/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-admx-lanmanworkstation.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_LanmanWorkstation
description: Learn about the Policy CSP - ADMX_LanmanWorkstation.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LanmanWorkstation
diff --git a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
index abf93f8dcf..2f421ddce0 100644
--- a/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
+++ b/windows/client-management/mdm/policy-csp-admx-leakdiagnostic.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_LeakDiagnostic
description: Learn about the Policy CSP - ADMX_LeakDiagnostic.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/17/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LeakDiagnostic
diff --git a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
index 8af8087093..ac18bf4c6f 100644
--- a/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-linklayertopologydiscovery.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_LinkLayerTopologyDiscovery
description: Learn about Policy CSP - ADMX_LinkLayerTopologyDiscovery.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/04/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LinkLayerTopologyDiscovery
diff --git a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
index 34d7b1561d..6557e565a3 100644
--- a/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
+++ b/windows/client-management/mdm/policy-csp-admx-locationprovideradm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_LocationProviderAdm
description: Learn about Policy CSP - ADMX_LocationProviderAdm.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_LocationProviderAdm
diff --git a/windows/client-management/mdm/policy-csp-admx-logon.md b/windows/client-management/mdm/policy-csp-admx-logon.md
index 39410f580e..3386f503ec 100644
--- a/windows/client-management/mdm/policy-csp-admx-logon.md
+++ b/windows/client-management/mdm/policy-csp-admx-logon.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Logon
description: Learn about Policy CSP - ADMX_Logon.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Logon
diff --git a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
index b600ea3664..62d92eb76a 100644
--- a/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
+++ b/windows/client-management/mdm/policy-csp-admx-microsoftdefenderantivirus.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MicrosoftDefenderAntivirus
description: Learn about Policy CSP - ADMX_MicrosoftDefenderAntivirus.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 01/03/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MicrosoftDefenderAntivirus
diff --git a/windows/client-management/mdm/policy-csp-admx-mmc.md b/windows/client-management/mdm/policy-csp-admx-mmc.md
index 66f7ee9fa5..1d1d07a118 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmc.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmc.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MMC
description: Learn about Policy CSP - ADMX_MMC.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/03/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MMC
diff --git a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
index 42d6a7faa7..1dc887ce45 100644
--- a/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
+++ b/windows/client-management/mdm/policy-csp-admx-mmcsnapins.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MMCSnapins
description: Learn about Policy CSP - ADMX_MMCSnapins.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MMCSnapins
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
index 5beff76d0e..462bfc2801 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcmobilitycenter.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MobilePCMobilityCenter
description: Learn about Policy CSP - ADMX_MobilePCMobilityCenter.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MobilePCMobilityCenter
diff --git a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
index 382e64f23d..a0b6581b36 100644
--- a/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
+++ b/windows/client-management/mdm/policy-csp-admx-mobilepcpresentationsettings.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MobilePCPresentationSettings
description: Learn about Policy CSP - ADMX_MobilePCPresentationSettings.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MobilePCPresentationSettings
diff --git a/windows/client-management/mdm/policy-csp-admx-msapolicy.md b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
index e95aac830e..a706344772 100644
--- a/windows/client-management/mdm/policy-csp-admx-msapolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-msapolicy.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MSAPolicy
description: Learn about Policy CSP - ADMX_MSAPolicy.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MSAPolicy
diff --git a/windows/client-management/mdm/policy-csp-admx-msched.md b/windows/client-management/mdm/policy-csp-admx-msched.md
index a3e9d15464..039423c269 100644
--- a/windows/client-management/mdm/policy-csp-admx-msched.md
+++ b/windows/client-management/mdm/policy-csp-admx-msched.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_msched
description: Learn about Policy CSP - ADMX_msched.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_msched
diff --git a/windows/client-management/mdm/policy-csp-admx-msdt.md b/windows/client-management/mdm/policy-csp-admx-msdt.md
index 01e72fdc64..3cf6d8ccbd 100644
--- a/windows/client-management/mdm/policy-csp-admx-msdt.md
+++ b/windows/client-management/mdm/policy-csp-admx-msdt.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MSDT
description: Learn about Policy CSP - ADMX_MSDT.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MSDT
diff --git a/windows/client-management/mdm/policy-csp-admx-msi.md b/windows/client-management/mdm/policy-csp-admx-msi.md
index af31120c3c..ee2aa88f20 100644
--- a/windows/client-management/mdm/policy-csp-admx-msi.md
+++ b/windows/client-management/mdm/policy-csp-admx-msi.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MSI
description: Learn about Policy CSP - ADMX_MSI.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/16/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MSI
diff --git a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
index 54717a8f50..b1d046c306 100644
--- a/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
+++ b/windows/client-management/mdm/policy-csp-admx-msifilerecovery.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_MsiFileRecovery
description: Learn about Policy CSP - ADMX_MsiFileRecovery.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_MsiFileRecovery
diff --git a/windows/client-management/mdm/policy-csp-admx-nca.md b/windows/client-management/mdm/policy-csp-admx-nca.md
index 2b520f4ec5..7bfd8617d3 100644
--- a/windows/client-management/mdm/policy-csp-admx-nca.md
+++ b/windows/client-management/mdm/policy-csp-admx-nca.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_nca
description: Policy CSP - ADMX_nca
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_nca
diff --git a/windows/client-management/mdm/policy-csp-admx-ncsi.md b/windows/client-management/mdm/policy-csp-admx-ncsi.md
index 41bfae8db7..ddb9baa7e7 100644
--- a/windows/client-management/mdm/policy-csp-admx-ncsi.md
+++ b/windows/client-management/mdm/policy-csp-admx-ncsi.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_NCSI
description: Learn about Policy CSP - ADMX_NCSI.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_NCSI
diff --git a/windows/client-management/mdm/policy-csp-admx-netlogon.md b/windows/client-management/mdm/policy-csp-admx-netlogon.md
index 517f41ab17..119133aa16 100644
--- a/windows/client-management/mdm/policy-csp-admx-netlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-netlogon.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Netlogon
description: Learn about Policy CSP - ADMX_Netlogon.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/15/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Netlogon
diff --git a/windows/client-management/mdm/policy-csp-admx-networkconnections.md b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
index 210fdcd3ca..178901d5b6 100644
--- a/windows/client-management/mdm/policy-csp-admx-networkconnections.md
+++ b/windows/client-management/mdm/policy-csp-admx-networkconnections.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_NetworkConnections
description: Learn about Policy CSP - ADMX_NetworkConnections.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_NetworkConnections
diff --git a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
index 7d60db6150..efc0936d36 100644
--- a/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-offlinefiles.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_OfflineFiles
description: Learn about Policy CSP - ADMX_OfflineFiles.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_OfflineFiles
diff --git a/windows/client-management/mdm/policy-csp-admx-pca.md b/windows/client-management/mdm/policy-csp-admx-pca.md
index 21b21c87e2..28a333dfcc 100644
--- a/windows/client-management/mdm/policy-csp-admx-pca.md
+++ b/windows/client-management/mdm/policy-csp-admx-pca.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_pca
description: Learn about Policy CSP - ADMX_pca.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/20/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_pca
diff --git a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
index 7218cc97d6..b5e4199768 100644
--- a/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
+++ b/windows/client-management/mdm/policy-csp-admx-peertopeercaching.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_PeerToPeerCaching
description: Learn about Policy CSP - ADMX_PeerToPeerCaching.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/16/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PeerToPeerCaching
diff --git a/windows/client-management/mdm/policy-csp-admx-pentraining.md b/windows/client-management/mdm/policy-csp-admx-pentraining.md
index faf9afb98a..322223fccc 100644
--- a/windows/client-management/mdm/policy-csp-admx-pentraining.md
+++ b/windows/client-management/mdm/policy-csp-admx-pentraining.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_PenTraining
description: Learn about Policy CSP - ADMX_PenTraining.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/22/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PenTraining
diff --git a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
index 18ce028bb6..7c956fcf64 100644
--- a/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
+++ b/windows/client-management/mdm/policy-csp-admx-performancediagnostics.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_PerformanceDiagnostics
description: Learn about Policy CSP - ADMX_PerformanceDiagnostics.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/16/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PerformanceDiagnostics
diff --git a/windows/client-management/mdm/policy-csp-admx-power.md b/windows/client-management/mdm/policy-csp-admx-power.md
index d77be55b2b..e1e9ee133b 100644
--- a/windows/client-management/mdm/policy-csp-admx-power.md
+++ b/windows/client-management/mdm/policy-csp-admx-power.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Power
description: Learn about Policy CSP - ADMX_Power.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/22/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Power
diff --git a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
index d9933722cc..0818fc3b94 100644
--- a/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
+++ b/windows/client-management/mdm/policy-csp-admx-powershellexecutionpolicy.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_PowerShellExecutionPolicy
description: Learn about Policy CSP - ADMX_PowerShellExecutionPolicy.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PowerShellExecutionPolicy
diff --git a/windows/client-management/mdm/policy-csp-admx-previousversions.md b/windows/client-management/mdm/policy-csp-admx-previousversions.md
index cb7bb6a236..05320e6fd6 100644
--- a/windows/client-management/mdm/policy-csp-admx-previousversions.md
+++ b/windows/client-management/mdm/policy-csp-admx-previousversions.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_PreviousVersions
description: Policy CSP - ADMX_PreviousVersions
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PreviousVersions
diff --git a/windows/client-management/mdm/policy-csp-admx-printing.md b/windows/client-management/mdm/policy-csp-admx-printing.md
index fa322d02d0..f107901b56 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Printing
description: Learn about Policy CSP - ADMX_Printing.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/15/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Printing
diff --git a/windows/client-management/mdm/policy-csp-admx-printing2.md b/windows/client-management/mdm/policy-csp-admx-printing2.md
index 74159d9d3c..3032187dbe 100644
--- a/windows/client-management/mdm/policy-csp-admx-printing2.md
+++ b/windows/client-management/mdm/policy-csp-admx-printing2.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Printing2
description: Learn about Policy CSP - ADMX_Printing2.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/15/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Printing2
diff --git a/windows/client-management/mdm/policy-csp-admx-programs.md b/windows/client-management/mdm/policy-csp-admx-programs.md
index 681645a684..3758a6ba32 100644
--- a/windows/client-management/mdm/policy-csp-admx-programs.md
+++ b/windows/client-management/mdm/policy-csp-admx-programs.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Programs
description: Learn about Policy CSP - ADMX_Programs.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Programs
diff --git a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
index 4e6309ff2a..d5ba645c1e 100644
--- a/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
+++ b/windows/client-management/mdm/policy-csp-admx-pushtoinstall.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_PushToInstall
description: Learn about Policy CSP - ADMX_PushToInstall.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_PushToInstall
diff --git a/windows/client-management/mdm/policy-csp-admx-radar.md b/windows/client-management/mdm/policy-csp-admx-radar.md
index dc01eef4a8..bcfa2454cb 100644
--- a/windows/client-management/mdm/policy-csp-admx-radar.md
+++ b/windows/client-management/mdm/policy-csp-admx-radar.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Radar
description: Learn about Policy CSP - ADMX_Radar.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Radar
diff --git a/windows/client-management/mdm/policy-csp-admx-reliability.md b/windows/client-management/mdm/policy-csp-admx-reliability.md
index fd6026410b..08a42720fb 100644
--- a/windows/client-management/mdm/policy-csp-admx-reliability.md
+++ b/windows/client-management/mdm/policy-csp-admx-reliability.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Reliability
description: Policy CSP - ADMX_Reliability
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Reliability
diff --git a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
index 5433779640..5d6a8d5676 100644
--- a/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-admx-remoteassistance.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_RemoteAssistance
description: Learn about Policy CSP - ADMX_RemoteAssistance.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_RemoteAssistance
diff --git a/windows/client-management/mdm/policy-csp-admx-removablestorage.md b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
index a823f286cf..f4f47dc890 100644
--- a/windows/client-management/mdm/policy-csp-admx-removablestorage.md
+++ b/windows/client-management/mdm/policy-csp-admx-removablestorage.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_RemovableStorage
description: Learn about Policy CSP - ADMX_RemovableStorage.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/10/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_RemovableStorage
diff --git a/windows/client-management/mdm/policy-csp-admx-rpc.md b/windows/client-management/mdm/policy-csp-admx-rpc.md
index 5215c95259..6f085b0205 100644
--- a/windows/client-management/mdm/policy-csp-admx-rpc.md
+++ b/windows/client-management/mdm/policy-csp-admx-rpc.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_RPC
description: Learn about Policy CSP - ADMX_RPC.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/08/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_RPC
diff --git a/windows/client-management/mdm/policy-csp-admx-scripts.md b/windows/client-management/mdm/policy-csp-admx-scripts.md
index 06fc58ebc7..fec515d046 100644
--- a/windows/client-management/mdm/policy-csp-admx-scripts.md
+++ b/windows/client-management/mdm/policy-csp-admx-scripts.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Scripts
description: Learn about Policy CSP - ADMX_Scripts.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Scripts
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiageng.md b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
index 7d9082639e..354380bdd2 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiageng.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiageng.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_sdiageng
description: Learn about Policy CSP - ADMX_sdiageng.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_sdiageng
diff --git a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
index 1b35263fab..84cea15e19 100644
--- a/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
+++ b/windows/client-management/mdm/policy-csp-admx-sdiagschd.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_sdiagschd
description: Learn about Policy CSP - ADMX_sdiagschd.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/17/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_sdiagschd
diff --git a/windows/client-management/mdm/policy-csp-admx-securitycenter.md b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
index db28229ae8..66efb88c7f 100644
--- a/windows/client-management/mdm/policy-csp-admx-securitycenter.md
+++ b/windows/client-management/mdm/policy-csp-admx-securitycenter.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Securitycenter
description: Learn about Policy CSP - ADMX_Securitycenter.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Securitycenter
diff --git a/windows/client-management/mdm/policy-csp-admx-sensors.md b/windows/client-management/mdm/policy-csp-admx-sensors.md
index 2849e15624..37049367dc 100644
--- a/windows/client-management/mdm/policy-csp-admx-sensors.md
+++ b/windows/client-management/mdm/policy-csp-admx-sensors.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Sensors
description: Learn about Policy CSP - ADMX_Sensors.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/22/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Sensors
diff --git a/windows/client-management/mdm/policy-csp-admx-servermanager.md b/windows/client-management/mdm/policy-csp-admx-servermanager.md
index a14eb4488d..2f5de5c9a8 100644
--- a/windows/client-management/mdm/policy-csp-admx-servermanager.md
+++ b/windows/client-management/mdm/policy-csp-admx-servermanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ServerManager
description: Learn about Policy CSP - ADMX_ServerManager.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ServerManager
diff --git a/windows/client-management/mdm/policy-csp-admx-servicing.md b/windows/client-management/mdm/policy-csp-admx-servicing.md
index e4d18d9a66..07ca3a013c 100644
--- a/windows/client-management/mdm/policy-csp-admx-servicing.md
+++ b/windows/client-management/mdm/policy-csp-admx-servicing.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Servicing
description: Learn about Policy CSP - ADMX_Servicing.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Servicing
diff --git a/windows/client-management/mdm/policy-csp-admx-settingsync.md b/windows/client-management/mdm/policy-csp-admx-settingsync.md
index c7355a160c..c68630eec1 100644
--- a/windows/client-management/mdm/policy-csp-admx-settingsync.md
+++ b/windows/client-management/mdm/policy-csp-admx-settingsync.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_SettingSync
description: Learn about Policy CSP - ADMX_SettingSync.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_SettingSync
diff --git a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
index c48eab98b9..a018d51a65 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharedfolders.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_SharedFolders
description: Learn about Policy CSP - ADMX_SharedFolders.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_SharedFolders
diff --git a/windows/client-management/mdm/policy-csp-admx-sharing.md b/windows/client-management/mdm/policy-csp-admx-sharing.md
index 9a02cd3b35..77f8afb7f8 100644
--- a/windows/client-management/mdm/policy-csp-admx-sharing.md
+++ b/windows/client-management/mdm/policy-csp-admx-sharing.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Sharing
description: Learn about Policy CSP - ADMX_Sharing.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/21/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Sharing
diff --git a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
index e226b26906..fa6a4ebe37 100644
--- a/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
+++ b/windows/client-management/mdm/policy-csp-admx-shellcommandpromptregedittools.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_ShellCommandPromptRegEditTools
description: Learn about Policy CSP - ADMX_ShellCommandPromptRegEditTools.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_ShellCommandPromptRegEditTools
diff --git a/windows/client-management/mdm/policy-csp-admx-smartcard.md b/windows/client-management/mdm/policy-csp-admx-smartcard.md
index 6c6fae1e34..8145f4e15f 100644
--- a/windows/client-management/mdm/policy-csp-admx-smartcard.md
+++ b/windows/client-management/mdm/policy-csp-admx-smartcard.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Smartcard
description: Learn about Policy CSP - ADMX_Smartcard.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Smartcard
diff --git a/windows/client-management/mdm/policy-csp-admx-snmp.md b/windows/client-management/mdm/policy-csp-admx-snmp.md
index 0767b4c97c..a65f75e734 100644
--- a/windows/client-management/mdm/policy-csp-admx-snmp.md
+++ b/windows/client-management/mdm/policy-csp-admx-snmp.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Snmp
description: Learn about Policy CSP - ADMX_Snmp.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/24/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Snmp
diff --git a/windows/client-management/mdm/policy-csp-admx-soundrec.md b/windows/client-management/mdm/policy-csp-admx-soundrec.md
index 77dcf00f34..dcc94a5737 100644
--- a/windows/client-management/mdm/policy-csp-admx-soundrec.md
+++ b/windows/client-management/mdm/policy-csp-admx-soundrec.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_SoundRec
description: Learn about Policy CSP - ADMX_SoundRec.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/01/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_SoundRec
diff --git a/windows/client-management/mdm/policy-csp-admx-srmfci.md b/windows/client-management/mdm/policy-csp-admx-srmfci.md
index 125aec535d..b5f0f4d1cb 100644
--- a/windows/client-management/mdm/policy-csp-admx-srmfci.md
+++ b/windows/client-management/mdm/policy-csp-admx-srmfci.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_srmfci
description: Learn about Policy CSP - ADMX_srmfci.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_srmfci
diff --git a/windows/client-management/mdm/policy-csp-admx-startmenu.md b/windows/client-management/mdm/policy-csp-admx-startmenu.md
index 78b189b308..8c6e907ba3 100644
--- a/windows/client-management/mdm/policy-csp-admx-startmenu.md
+++ b/windows/client-management/mdm/policy-csp-admx-startmenu.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_StartMenu
description: Learn about Policy CSP - ADMX_StartMenu.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/20/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_StartMenu
diff --git a/windows/client-management/mdm/policy-csp-admx-systemrestore.md b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
index 3349d83359..4ca5a3d3a1 100644
--- a/windows/client-management/mdm/policy-csp-admx-systemrestore.md
+++ b/windows/client-management/mdm/policy-csp-admx-systemrestore.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_SystemRestore
description: Learn about Policy CSP - ADMX_SystemRestore.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_SystemRestore
diff --git a/windows/client-management/mdm/policy-csp-admx-tabletshell.md b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
index 2517de0c90..cfc57b2098 100644
--- a/windows/client-management/mdm/policy-csp-admx-tabletshell.md
+++ b/windows/client-management/mdm/policy-csp-admx-tabletshell.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_TabletShell
description: Learn about Policy CSP - ADMX_TabletShell.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_TabletShell
diff --git a/windows/client-management/mdm/policy-csp-admx-taskbar.md b/windows/client-management/mdm/policy-csp-admx-taskbar.md
index 259cfc544c..3436685cc9 100644
--- a/windows/client-management/mdm/policy-csp-admx-taskbar.md
+++ b/windows/client-management/mdm/policy-csp-admx-taskbar.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Taskbar
description: Learn about Policy CSP - ADMX_Taskbar.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Taskbar
diff --git a/windows/client-management/mdm/policy-csp-admx-tcpip.md b/windows/client-management/mdm/policy-csp-admx-tcpip.md
index 227131133b..7ef48341ef 100644
--- a/windows/client-management/mdm/policy-csp-admx-tcpip.md
+++ b/windows/client-management/mdm/policy-csp-admx-tcpip.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_tcpip
description: Learn about Policy CSP - ADMX_tcpip.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_tcpip
diff --git a/windows/client-management/mdm/policy-csp-admx-terminalserver.md b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
index 3f070da798..f4dd3f6be6 100644
--- a/windows/client-management/mdm/policy-csp-admx-terminalserver.md
+++ b/windows/client-management/mdm/policy-csp-admx-terminalserver.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_TerminalServer
description: Learn about Policy CSP - ADMX_TerminalServer.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/21/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_TerminalServer
diff --git a/windows/client-management/mdm/policy-csp-admx-thumbnails.md b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
index 4cbe4a167f..b8a2fd7483 100644
--- a/windows/client-management/mdm/policy-csp-admx-thumbnails.md
+++ b/windows/client-management/mdm/policy-csp-admx-thumbnails.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Thumbnails
description: Learn about Policy CSP - ADMX_Thumbnails.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/25/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Thumbnails
diff --git a/windows/client-management/mdm/policy-csp-admx-touchinput.md b/windows/client-management/mdm/policy-csp-admx-touchinput.md
index 477fec0b8c..776951f78d 100644
--- a/windows/client-management/mdm/policy-csp-admx-touchinput.md
+++ b/windows/client-management/mdm/policy-csp-admx-touchinput.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_TouchInput
description: Learn about Policy CSP - ADMX_TouchInput.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_TouchInput
diff --git a/windows/client-management/mdm/policy-csp-admx-tpm.md b/windows/client-management/mdm/policy-csp-admx-tpm.md
index c7e72a4d44..2e39f46e4f 100644
--- a/windows/client-management/mdm/policy-csp-admx-tpm.md
+++ b/windows/client-management/mdm/policy-csp-admx-tpm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_TPM
description: Learn about Policy CSP - ADMX_TPM.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/25/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_TPM
diff --git a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
index 1b4c199855..c5a2aabcc3 100644
--- a/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
+++ b/windows/client-management/mdm/policy-csp-admx-userexperiencevirtualization.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_UserExperienceVirtualization
description: Learn about Policy CSP - ADMX_UserExperienceVirtualization.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/30/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_UserExperienceVirtualization
diff --git a/windows/client-management/mdm/policy-csp-admx-userprofiles.md b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
index 799a90014c..f6d9875e16 100644
--- a/windows/client-management/mdm/policy-csp-admx-userprofiles.md
+++ b/windows/client-management/mdm/policy-csp-admx-userprofiles.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_UserProfiles
description: Learn about Policy CSP - ADMX_UserProfiles.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/11/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_UserProfiles
diff --git a/windows/client-management/mdm/policy-csp-admx-w32time.md b/windows/client-management/mdm/policy-csp-admx-w32time.md
index 7324ca3459..9ec5b2733d 100644
--- a/windows/client-management/mdm/policy-csp-admx-w32time.md
+++ b/windows/client-management/mdm/policy-csp-admx-w32time.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_W32Time
description: Learn about Policy CSP - ADMX_W32Time.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/28/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_W32Time
diff --git a/windows/client-management/mdm/policy-csp-admx-wcm.md b/windows/client-management/mdm/policy-csp-admx-wcm.md
index eeeacfe4ca..d396e0aaae 100644
--- a/windows/client-management/mdm/policy-csp-admx-wcm.md
+++ b/windows/client-management/mdm/policy-csp-admx-wcm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WCM
description: Learn about Policy CSP - ADMX_WCM.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/22/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WCM
diff --git a/windows/client-management/mdm/policy-csp-admx-wdi.md b/windows/client-management/mdm/policy-csp-admx-wdi.md
index a5b1ce11d8..b3a2aefd94 100644
--- a/windows/client-management/mdm/policy-csp-admx-wdi.md
+++ b/windows/client-management/mdm/policy-csp-admx-wdi.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WDI
description: Learn about Policy CSP - ADMX_WDI.
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WDI
diff --git a/windows/client-management/mdm/policy-csp-admx-wincal.md b/windows/client-management/mdm/policy-csp-admx-wincal.md
index 81cb16ebed..410eda6d2b 100644
--- a/windows/client-management/mdm/policy-csp-admx-wincal.md
+++ b/windows/client-management/mdm/policy-csp-admx-wincal.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WinCal
description: Policy CSP - ADMX_WinCal
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/28/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WinCal
diff --git a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
index 08e1bacf93..c575e5f9a8 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowscolorsystem.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsColorSystem
description: Policy CSP - ADMX_WindowsColorSystem
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/27/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsColorSystem
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
index 59c5880a8b..8d93498e0d 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsconnectnow.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsConnectNow
description: Policy CSP - ADMX_WindowsConnectNow
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/28/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsConnectNow
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
index cb885ee871..5dd0274b06 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsexplorer.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsExplorer
description: Policy CSP - ADMX_WindowsExplorer
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/29/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsExplorer
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
index d8b921b3e5..e2b7d6b653 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediadrm.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsMediaDRM
description: Policy CSP - ADMX_WindowsMediaDRM
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsMediaDRM
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
index dee6a3efe7..15f9ca5c47 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsmediaplayer.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsMediaPlayer
description: Policy CSP - ADMX_WindowsMediaPlayer
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsMediaPlayer
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
index 927b7686c7..902f22ebc8 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsremotemanagement.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsRemoteManagement
description: Policy CSP - ADMX_WindowsRemoteManagement
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/16/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsRemoteManagement
diff --git a/windows/client-management/mdm/policy-csp-admx-windowsstore.md b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
index 72fffb643f..3a56097a51 100644
--- a/windows/client-management/mdm/policy-csp-admx-windowsstore.md
+++ b/windows/client-management/mdm/policy-csp-admx-windowsstore.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WindowsStore
description: Policy CSP - ADMX_WindowsStore
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/26/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WindowsStore
diff --git a/windows/client-management/mdm/policy-csp-admx-wininit.md b/windows/client-management/mdm/policy-csp-admx-wininit.md
index 421da6c478..0f1c09fbca 100644
--- a/windows/client-management/mdm/policy-csp-admx-wininit.md
+++ b/windows/client-management/mdm/policy-csp-admx-wininit.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WinInit
description: Policy CSP - ADMX_WinInit
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/29/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WinInit
diff --git a/windows/client-management/mdm/policy-csp-admx-winlogon.md b/windows/client-management/mdm/policy-csp-admx-winlogon.md
index 92bcea8397..767e746db8 100644
--- a/windows/client-management/mdm/policy-csp-admx-winlogon.md
+++ b/windows/client-management/mdm/policy-csp-admx-winlogon.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WinLogon
description: Policy CSP - ADMX_WinLogon
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WinLogon
diff --git a/windows/client-management/mdm/policy-csp-admx-winsrv.md b/windows/client-management/mdm/policy-csp-admx-winsrv.md
index 9b5ea557d1..7d744cb320 100644
--- a/windows/client-management/mdm/policy-csp-admx-winsrv.md
+++ b/windows/client-management/mdm/policy-csp-admx-winsrv.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_Winsrv
description: Policy CSP - ADMX_Winsrv
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/25/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_Winsrv
diff --git a/windows/client-management/mdm/policy-csp-admx-wlansvc.md b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
index aeda8eb64c..146fa04b1b 100644
--- a/windows/client-management/mdm/policy-csp-admx-wlansvc.md
+++ b/windows/client-management/mdm/policy-csp-admx-wlansvc.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_wlansvc
description: Policy CSP - ADMX_wlansvc
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/27/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_wlansvc
diff --git a/windows/client-management/mdm/policy-csp-admx-wordwheel.md b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
index 57124ac9b3..b027226ee8 100644
--- a/windows/client-management/mdm/policy-csp-admx-wordwheel.md
+++ b/windows/client-management/mdm/policy-csp-admx-wordwheel.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WordWheel
description: Policy CSP - ADMX_WordWheel
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/22/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WordWheel
diff --git a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
index 3a455a27b2..56d08ee87f 100644
--- a/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
+++ b/windows/client-management/mdm/policy-csp-admx-workfoldersclient.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WorkFoldersClient
description: Policy CSP - ADMX_WorkFoldersClient
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.date: 09/22/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WorkFoldersClient
diff --git a/windows/client-management/mdm/policy-csp-admx-wpn.md b/windows/client-management/mdm/policy-csp-admx-wpn.md
index 857a782385..6397e4e333 100644
--- a/windows/client-management/mdm/policy-csp-admx-wpn.md
+++ b/windows/client-management/mdm/policy-csp-admx-wpn.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ADMX_WPN
description: Policy CSP - ADMX_WPN
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/13/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ADMX_WPN
diff --git a/windows/client-management/mdm/policy-csp-applicationdefaults.md b/windows/client-management/mdm/policy-csp-applicationdefaults.md
index 08788dc5cf..db27b3a605 100644
--- a/windows/client-management/mdm/policy-csp-applicationdefaults.md
+++ b/windows/client-management/mdm/policy-csp-applicationdefaults.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ApplicationDefaults
description: Learn about various Policy configuration service providers (CSP) - ApplicationDefaults, including SyncML, for Windows 10.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ApplicationDefaults
diff --git a/windows/client-management/mdm/policy-csp-applicationmanagement.md b/windows/client-management/mdm/policy-csp-applicationmanagement.md
index a7f90d8ef1..a9bd9d1f06 100644
--- a/windows/client-management/mdm/policy-csp-applicationmanagement.md
+++ b/windows/client-management/mdm/policy-csp-applicationmanagement.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ApplicationManagement
description: Learn about various Policy configuration service providers (CSP) - ApplicationManagement, including SyncML, for Windows 10.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/11/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ApplicationManagement
diff --git a/windows/client-management/mdm/policy-csp-appruntime.md b/windows/client-management/mdm/policy-csp-appruntime.md
index a73acd40df..ab3b3c38da 100644
--- a/windows/client-management/mdm/policy-csp-appruntime.md
+++ b/windows/client-management/mdm/policy-csp-appruntime.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - AppRuntime
description: Learn how the Policy CSP - AppRuntime setting controls whether Microsoft accounts are optional for Windows Store apps that require an account to sign in.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - AppRuntime
diff --git a/windows/client-management/mdm/policy-csp-appvirtualization.md b/windows/client-management/mdm/policy-csp-appvirtualization.md
index 04b7a70206..9803e28948 100644
--- a/windows/client-management/mdm/policy-csp-appvirtualization.md
+++ b/windows/client-management/mdm/policy-csp-appvirtualization.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - AppVirtualization
description: Learn how the Policy CSP - AppVirtualization setting allows you to enable or disable Microsoft Application Virtualization (App-V) feature.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - AppVirtualization
diff --git a/windows/client-management/mdm/policy-csp-attachmentmanager.md b/windows/client-management/mdm/policy-csp-attachmentmanager.md
index 321527a0e3..2878642c3e 100644
--- a/windows/client-management/mdm/policy-csp-attachmentmanager.md
+++ b/windows/client-management/mdm/policy-csp-attachmentmanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - AttachmentManager
description: Manage Windows marks file attachments with information about their zone of origin, such as restricted, internet, intranet, local.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - AttachmentManager
diff --git a/windows/client-management/mdm/policy-csp-audit.md b/windows/client-management/mdm/policy-csp-audit.md
index 2673bc236e..f70ec5324f 100644
--- a/windows/client-management/mdm/policy-csp-audit.md
+++ b/windows/client-management/mdm/policy-csp-audit.md
@@ -1,11 +1,11 @@
---
title: Policy CSP - Audit
description: Learn how the Policy CSP - Audit setting causes an audit event to be generated when an account can't sign in to a computer because the account is locked out.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
---
diff --git a/windows/client-management/mdm/policy-csp-authentication.md b/windows/client-management/mdm/policy-csp-authentication.md
index b934f952aa..b7a3091207 100644
--- a/windows/client-management/mdm/policy-csp-authentication.md
+++ b/windows/client-management/mdm/policy-csp-authentication.md
@@ -1,14 +1,14 @@
---
title: Policy CSP - Authentication
description: The Policy CSP - Authentication setting allows the Azure AD tenant administrators to enable self service password reset feature on the Windows sign-in screen.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.reviewer: bobgil
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Authentication
diff --git a/windows/client-management/mdm/policy-csp-autoplay.md b/windows/client-management/mdm/policy-csp-autoplay.md
index ac10523d39..cbccee0f6f 100644
--- a/windows/client-management/mdm/policy-csp-autoplay.md
+++ b/windows/client-management/mdm/policy-csp-autoplay.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Autoplay
description: Learn how the Policy CSP - Autoplay setting disallows AutoPlay for MTP devices like cameras or phones.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Autoplay
diff --git a/windows/client-management/mdm/policy-csp-bitlocker.md b/windows/client-management/mdm/policy-csp-bitlocker.md
index e56c8f51fb..7aa01b7d63 100644
--- a/windows/client-management/mdm/policy-csp-bitlocker.md
+++ b/windows/client-management/mdm/policy-csp-bitlocker.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - BitLocker
description: Use the Policy configuration service provider (CSP) - BitLocker to manage encryption of PCs and devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - BitLocker
diff --git a/windows/client-management/mdm/policy-csp-bits.md b/windows/client-management/mdm/policy-csp-bits.md
index 19cb5e2ce2..639d2c8e86 100644
--- a/windows/client-management/mdm/policy-csp-bits.md
+++ b/windows/client-management/mdm/policy-csp-bits.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - BITS
-description: Use StartTime, EndTime and Transfer rate together to define the BITS bandwidth-throttling schedule and transfer rate.
-ms.author: dansimp
+description: Use StartTime, EndTime and Transfer rate together to define the BITS bandwidth-throttling schedule and transfer rate.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - BITS
diff --git a/windows/client-management/mdm/policy-csp-bluetooth.md b/windows/client-management/mdm/policy-csp-bluetooth.md
index 8312708e30..0a044cfc57 100644
--- a/windows/client-management/mdm/policy-csp-bluetooth.md
+++ b/windows/client-management/mdm/policy-csp-bluetooth.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Bluetooth
description: Learn how the Policy CSP - Bluetooth setting specifies whether the device can send out Bluetooth advertisements.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/12/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Bluetooth
diff --git a/windows/client-management/mdm/policy-csp-browser.md b/windows/client-management/mdm/policy-csp-browser.md
index 2c340877a4..6da1550f1d 100644
--- a/windows/client-management/mdm/policy-csp-browser.md
+++ b/windows/client-management/mdm/policy-csp-browser.md
@@ -4,11 +4,11 @@ description: Learn how to use the Policy CSP - Browser settings so you can confi
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
-ms.author: dansimp
+author: vinaypamnani-msft
+ms.author: vinpa
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.localizationpriority: medium
---
diff --git a/windows/client-management/mdm/policy-csp-camera.md b/windows/client-management/mdm/policy-csp-camera.md
index 64b48bbc40..ed98c5d85b 100644
--- a/windows/client-management/mdm/policy-csp-camera.md
+++ b/windows/client-management/mdm/policy-csp-camera.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Camera
description: Learn how to use the Policy CSP - Camera setting so that you can configure it to disable or enable the camera.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Camera
diff --git a/windows/client-management/mdm/policy-csp-cellular.md b/windows/client-management/mdm/policy-csp-cellular.md
index 62837b80db..eb2180cddd 100644
--- a/windows/client-management/mdm/policy-csp-cellular.md
+++ b/windows/client-management/mdm/policy-csp-cellular.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Cellular
description: Learn how to use the Policy CSP - Cellular setting so you can specify whether Windows apps can access cellular data.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Cellular
diff --git a/windows/client-management/mdm/policy-csp-connectivity.md b/windows/client-management/mdm/policy-csp-connectivity.md
index 661ffccaf9..f4dc267b7a 100644
--- a/windows/client-management/mdm/policy-csp-connectivity.md
+++ b/windows/client-management/mdm/policy-csp-connectivity.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Connectivity
description: Learn how to use the Policy CSP - Connectivity setting to allow the user to enable Bluetooth or restrict access.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
-ms.reviewer:
-manager: dansimp
+ms.reviewer:
+manager: aaroncz
---
# Policy CSP - Connectivity
diff --git a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
index d795f177d4..da457db759 100644
--- a/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
+++ b/windows/client-management/mdm/policy-csp-controlpolicyconflict.md
@@ -1,14 +1,14 @@
---
title: Policy CSP - ControlPolicyConflict
description: Use the Policy CSP - ControlPolicyConflict setting to control which policy is used whenever both the MDM policy and its equivalent Group Policy are set on the device.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ControlPolicyConflict
diff --git a/windows/client-management/mdm/policy-csp-credentialproviders.md b/windows/client-management/mdm/policy-csp-credentialproviders.md
index beeffe2585..28f4edb5ec 100644
--- a/windows/client-management/mdm/policy-csp-credentialproviders.md
+++ b/windows/client-management/mdm/policy-csp-credentialproviders.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - CredentialProviders
description: Learn how to use the policy CSP for credential provider so you can control whether a domain user can sign in using a convenience PIN.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - CredentialProviders
diff --git a/windows/client-management/mdm/policy-csp-credentialsdelegation.md b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
index e459f00b15..4236a94376 100644
--- a/windows/client-management/mdm/policy-csp-credentialsdelegation.md
+++ b/windows/client-management/mdm/policy-csp-credentialsdelegation.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - CredentialsDelegation
description: Learn how to use the Policy CSP - CredentialsDelegation setting so that remote host can allow delegation of non-exportable credentials.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - CredentialsDelegation
diff --git a/windows/client-management/mdm/policy-csp-credentialsui.md b/windows/client-management/mdm/policy-csp-credentialsui.md
index d126286e24..fd869a6c75 100644
--- a/windows/client-management/mdm/policy-csp-credentialsui.md
+++ b/windows/client-management/mdm/policy-csp-credentialsui.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - CredentialsUI
description: Learn how to use the Policy CSP - CredentialsUI setting to configure the display of the password reveal button in password entry user experiences.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - CredentialsUI
diff --git a/windows/client-management/mdm/policy-csp-cryptography.md b/windows/client-management/mdm/policy-csp-cryptography.md
index 31ebde8cc2..1eb727623a 100644
--- a/windows/client-management/mdm/policy-csp-cryptography.md
+++ b/windows/client-management/mdm/policy-csp-cryptography.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Cryptography
description: Learn how to use the Policy CSP - Cryptography setting to allow or disallow the Federal Information Processing Standard (FIPS) policy.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Cryptography
diff --git a/windows/client-management/mdm/policy-csp-dataprotection.md b/windows/client-management/mdm/policy-csp-dataprotection.md
index 43dc6aeab0..9bb4559320 100644
--- a/windows/client-management/mdm/policy-csp-dataprotection.md
+++ b/windows/client-management/mdm/policy-csp-dataprotection.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DataProtection
description: Use the Policy CSP - DataProtection setting to block direct memory access (DMA) for all hot pluggable PCI downstream ports until a user logs into Windows.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DataProtection
diff --git a/windows/client-management/mdm/policy-csp-datausage.md b/windows/client-management/mdm/policy-csp-datausage.md
index 5e271eabfc..0950d10f87 100644
--- a/windows/client-management/mdm/policy-csp-datausage.md
+++ b/windows/client-management/mdm/policy-csp-datausage.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DataUsage
-description: Learn how to use the Policy CSP - DataUsage setting to configure the cost of 4G connections on the local machine.
-ms.author: dansimp
+description: Learn how to use the Policy CSP - DataUsage setting to configure the cost of 4G connections on the local machine.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DataUsage
diff --git a/windows/client-management/mdm/policy-csp-defender.md b/windows/client-management/mdm/policy-csp-defender.md
index 8912143332..6c42ebfde5 100644
--- a/windows/client-management/mdm/policy-csp-defender.md
+++ b/windows/client-management/mdm/policy-csp-defender.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Defender
description: Learn how to use the Policy CSP - Defender setting so you can allow or disallow scanning of archives.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 05/12/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/policy-csp-deliveryoptimization.md b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
index f49ee66cee..f272b05108 100644
--- a/windows/client-management/mdm/policy-csp-deliveryoptimization.md
+++ b/windows/client-management/mdm/policy-csp-deliveryoptimization.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DeliveryOptimization
description: Learn how to use the Policy CSP - DeliveryOptimization setting to configure one or more Microsoft Connected Cache servers to be used by Delivery Optimization.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 06/09/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DeliveryOptimization
diff --git a/windows/client-management/mdm/policy-csp-desktop.md b/windows/client-management/mdm/policy-csp-desktop.md
index 4d3d97a6bd..6e4f8b2502 100644
--- a/windows/client-management/mdm/policy-csp-desktop.md
+++ b/windows/client-management/mdm/policy-csp-desktop.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Desktop
description: Learn how to use the Policy CSP - Desktop setting to prevent users from changing the path to their profile folders.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Desktop
diff --git a/windows/client-management/mdm/policy-csp-deviceguard.md b/windows/client-management/mdm/policy-csp-deviceguard.md
index 09369cf747..d34fce4b14 100644
--- a/windows/client-management/mdm/policy-csp-deviceguard.md
+++ b/windows/client-management/mdm/policy-csp-deviceguard.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DeviceGuard
description: Learn how to use the Policy CSP - DeviceGuard setting to allow the IT admin to configure the launch of System Guard.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DeviceGuard
diff --git a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
index 65ccf2ff72..b412a147d6 100644
--- a/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
+++ b/windows/client-management/mdm/policy-csp-devicehealthmonitoring.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DeviceHealthMonitoring
description: Learn how the Policy CSP - DeviceHealthMonitoring setting is used as an opt-in health monitoring connection between the device and Microsoft.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DeviceHealthMonitoring
diff --git a/windows/client-management/mdm/policy-csp-deviceinstallation.md b/windows/client-management/mdm/policy-csp-deviceinstallation.md
index ee81f379cf..9ba8e12f78 100644
--- a/windows/client-management/mdm/policy-csp-deviceinstallation.md
+++ b/windows/client-management/mdm/policy-csp-deviceinstallation.md
@@ -1,14 +1,14 @@
---
title: Policy CSP - DeviceInstallation
ms.reviewer:
-manager: dansimp
+manager: aaroncz
description: Use the Policy CSP - DeviceInstallation setting to specify a list of Plug and Play hardware IDs and compatible IDs for devices that Windows is allowed to install.
-ms.author: dansimp
+ms.author: vinpa
ms.date: 09/27/2019
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
---
diff --git a/windows/client-management/mdm/policy-csp-devicelock.md b/windows/client-management/mdm/policy-csp-devicelock.md
index 39fa89a03f..96b7ecf2c1 100644
--- a/windows/client-management/mdm/policy-csp-devicelock.md
+++ b/windows/client-management/mdm/policy-csp-devicelock.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DeviceLock
description: Learn how to use the Policy CSP - DeviceLock setting to specify whether the user must input a PIN or password when the device resumes from an idle state.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 05/16/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DeviceLock
diff --git a/windows/client-management/mdm/policy-csp-display.md b/windows/client-management/mdm/policy-csp-display.md
index 25318d988f..601c24c077 100644
--- a/windows/client-management/mdm/policy-csp-display.md
+++ b/windows/client-management/mdm/policy-csp-display.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Display
description: Learn how to use the Policy CSP - Display setting to disable Per-Process System DPI for a semicolon-separated list of applications.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Display
diff --git a/windows/client-management/mdm/policy-csp-dmaguard.md b/windows/client-management/mdm/policy-csp-dmaguard.md
index 648380d02b..1188039966 100644
--- a/windows/client-management/mdm/policy-csp-dmaguard.md
+++ b/windows/client-management/mdm/policy-csp-dmaguard.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - DmaGuard
description: Learn how to use the Policy CSP - DmaGuard setting to provide more security against external DMA capable devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - DmaGuard
diff --git a/windows/client-management/mdm/policy-csp-eap.md b/windows/client-management/mdm/policy-csp-eap.md
index 94c84c45ca..9b16db9fd4 100644
--- a/windows/client-management/mdm/policy-csp-eap.md
+++ b/windows/client-management/mdm/policy-csp-eap.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - EAP
-description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app.
-ms.author: dansimp
+description: Learn how to use the Policy CSP - Education setting to control graphing functionality in the Windows Calculator app.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - EAP
diff --git a/windows/client-management/mdm/policy-csp-education.md b/windows/client-management/mdm/policy-csp-education.md
index edab7bcabf..1fd25bb275 100644
--- a/windows/client-management/mdm/policy-csp-education.md
+++ b/windows/client-management/mdm/policy-csp-education.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Education
-description: Learn how to use the Policy CSP - Education setting to control the graphing functionality in the Windows Calculator app.
-ms.author: dansimp
+description: Learn how to use the Policy CSP - Education setting to control the graphing functionality in the Windows Calculator app.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Education
diff --git a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
index df2804c31e..2c125b1d1f 100644
--- a/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
+++ b/windows/client-management/mdm/policy-csp-enterprisecloudprint.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - EnterpriseCloudPrint
description: Use the Policy CSP - EnterpriseCloudPrint setting to define the maximum number of printers that should be queried from a discovery end point.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - EnterpriseCloudPrint
diff --git a/windows/client-management/mdm/policy-csp-errorreporting.md b/windows/client-management/mdm/policy-csp-errorreporting.md
index 720f5cae3c..f387a56a6e 100644
--- a/windows/client-management/mdm/policy-csp-errorreporting.md
+++ b/windows/client-management/mdm/policy-csp-errorreporting.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ErrorReporting
description: Learn how to use the Policy CSP - ErrorReporting setting to determine the consent behavior of Windows Error Reporting for specific event types.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ErrorReporting
diff --git a/windows/client-management/mdm/policy-csp-eventlogservice.md b/windows/client-management/mdm/policy-csp-eventlogservice.md
index 1616de5ece..3212b6504e 100644
--- a/windows/client-management/mdm/policy-csp-eventlogservice.md
+++ b/windows/client-management/mdm/policy-csp-eventlogservice.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - EventLogService
description: Learn how to use the Policy CSP - EventLogService setting to control Event Log behavior when the log file reaches its maximum size.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - EventLogService
diff --git a/windows/client-management/mdm/policy-csp-experience.md b/windows/client-management/mdm/policy-csp-experience.md
index ae3ff0f9a6..a2da6374ab 100644
--- a/windows/client-management/mdm/policy-csp-experience.md
+++ b/windows/client-management/mdm/policy-csp-experience.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Experience
description: Learn how to use the Policy CSP - Experience setting to allow history of clipboard items to be stored in memory.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/02/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Experience
diff --git a/windows/client-management/mdm/policy-csp-exploitguard.md b/windows/client-management/mdm/policy-csp-exploitguard.md
index 80582e1ec2..c187c4bbef 100644
--- a/windows/client-management/mdm/policy-csp-exploitguard.md
+++ b/windows/client-management/mdm/policy-csp-exploitguard.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - ExploitGuard
description: Use the Policy CSP - ExploitGuard setting to push out the desired system configuration and application mitigation options to all the devices in the organization.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - ExploitGuard
diff --git a/windows/client-management/mdm/policy-csp-feeds.md b/windows/client-management/mdm/policy-csp-feeds.md
index f8a8f5eea5..281f12f579 100644
--- a/windows/client-management/mdm/policy-csp-feeds.md
+++ b/windows/client-management/mdm/policy-csp-feeds.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Feeds
description: Use the Policy CSP - Feeds setting policy specifies whether news and interests is allowed on the device.
-ms.author: v-nsatapathy
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/17/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Feeds
diff --git a/windows/client-management/mdm/policy-csp-fileexplorer.md b/windows/client-management/mdm/policy-csp-fileexplorer.md
index b46e93af9c..5f49f1d40e 100644
--- a/windows/client-management/mdm/policy-csp-fileexplorer.md
+++ b/windows/client-management/mdm/policy-csp-fileexplorer.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - FileExplorer
description: Use the Policy CSP - FileExplorer setting so you can allow certain legacy plug-in applications to function without terminating Explorer.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - FileExplorer
diff --git a/windows/client-management/mdm/policy-csp-games.md b/windows/client-management/mdm/policy-csp-games.md
index e6fde52f63..16a07d2e71 100644
--- a/windows/client-management/mdm/policy-csp-games.md
+++ b/windows/client-management/mdm/policy-csp-games.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Games
description: Learn to use the Policy CSP - Games setting so that you can specify whether advanced gaming services can be used.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Games
diff --git a/windows/client-management/mdm/policy-csp-handwriting.md b/windows/client-management/mdm/policy-csp-handwriting.md
index 8602af165b..3146be4db8 100644
--- a/windows/client-management/mdm/policy-csp-handwriting.md
+++ b/windows/client-management/mdm/policy-csp-handwriting.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Handwriting
description: Use the Policy CSP - Handwriting setting to allow an enterprise to configure the default mode for the handwriting panel.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Handwriting
diff --git a/windows/client-management/mdm/policy-csp-humanpresence.md b/windows/client-management/mdm/policy-csp-humanpresence.md
index 8b672ccbbf..df30b8f920 100644
--- a/windows/client-management/mdm/policy-csp-humanpresence.md
+++ b/windows/client-management/mdm/policy-csp-humanpresence.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - HumanPresence
description: Use the Policy CSP - HumanPresence setting allows wake on approach and lock on leave that can be managed from MDM.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - HumanPresence
diff --git a/windows/client-management/mdm/policy-csp-internetexplorer.md b/windows/client-management/mdm/policy-csp-internetexplorer.md
index 9d519bfe5d..ef76b0c2fb 100644
--- a/windows/client-management/mdm/policy-csp-internetexplorer.md
+++ b/windows/client-management/mdm/policy-csp-internetexplorer.md
@@ -1,14 +1,14 @@
---
title: Policy CSP - InternetExplorer
description: Use the Policy CSP - InternetExplorer setting to add a specific list of search providers to the user's default list of search providers.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - InternetExplorer
diff --git a/windows/client-management/mdm/policy-csp-kerberos.md b/windows/client-management/mdm/policy-csp-kerberos.md
index 5e4320bf4c..0e1fdaeb77 100644
--- a/windows/client-management/mdm/policy-csp-kerberos.md
+++ b/windows/client-management/mdm/policy-csp-kerberos.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Kerberos
description: Define the list of trusting forests that the Kerberos client searches when attempting to resolve two-part service principal names (SPNs).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Kerberos
diff --git a/windows/client-management/mdm/policy-csp-kioskbrowser.md b/windows/client-management/mdm/policy-csp-kioskbrowser.md
index e5a08afafe..e1456fa569 100644
--- a/windows/client-management/mdm/policy-csp-kioskbrowser.md
+++ b/windows/client-management/mdm/policy-csp-kioskbrowser.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - KioskBrowser
description: Use the Policy CSP - KioskBrowser setting to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - KioskBrowser
diff --git a/windows/client-management/mdm/policy-csp-lanmanworkstation.md b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
index 40e82cbc5d..15b727545c 100644
--- a/windows/client-management/mdm/policy-csp-lanmanworkstation.md
+++ b/windows/client-management/mdm/policy-csp-lanmanworkstation.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - LanmanWorkstation
description: Use the Policy CSP - LanmanWorkstation setting to determine if the SMB client will allow insecure guest sign ins to an SMB server.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - LanmanWorkstation
diff --git a/windows/client-management/mdm/policy-csp-licensing.md b/windows/client-management/mdm/policy-csp-licensing.md
index 80e2f0bd5a..af74d4384d 100644
--- a/windows/client-management/mdm/policy-csp-licensing.md
+++ b/windows/client-management/mdm/policy-csp-licensing.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Licensing
description: Use the Policy CSP - Licensing setting to enable or disable Windows license reactivation on managed devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Licensing
diff --git a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
index af2cf856e3..21dfa77d35 100644
--- a/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
+++ b/windows/client-management/mdm/policy-csp-localpoliciessecurityoptions.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - LocalPoliciesSecurityOptions
description: These settings prevent users from adding new Microsoft accounts on a specific computer using LocalPoliciesSecurityOptions.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 12/16/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - LocalPoliciesSecurityOptions
diff --git a/windows/client-management/mdm/policy-csp-localusersandgroups.md b/windows/client-management/mdm/policy-csp-localusersandgroups.md
index 46d691f702..c2c636a46f 100644
--- a/windows/client-management/mdm/policy-csp-localusersandgroups.md
+++ b/windows/client-management/mdm/policy-csp-localusersandgroups.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - LocalUsersAndGroups
description: Policy CSP - LocalUsersAndGroups
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/14/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - LocalUsersAndGroups
diff --git a/windows/client-management/mdm/policy-csp-lockdown.md b/windows/client-management/mdm/policy-csp-lockdown.md
index 97ea810006..7b338795e8 100644
--- a/windows/client-management/mdm/policy-csp-lockdown.md
+++ b/windows/client-management/mdm/policy-csp-lockdown.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - LockDown
description: Use the Policy CSP - LockDown setting to allow the user to invoke any system user interface by swiping in from any screen edge using touch.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - LockDown
diff --git a/windows/client-management/mdm/policy-csp-maps.md b/windows/client-management/mdm/policy-csp-maps.md
index 6ee7e3956d..d62a84d748 100644
--- a/windows/client-management/mdm/policy-csp-maps.md
+++ b/windows/client-management/mdm/policy-csp-maps.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Maps
description: Use the Policy CSP - Maps setting to allow the download and update of map data over metered connections.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Maps
diff --git a/windows/client-management/mdm/policy-csp-memorydump.md b/windows/client-management/mdm/policy-csp-memorydump.md
index 92d62d27ee..37bcafe0e4 100644
--- a/windows/client-management/mdm/policy-csp-memorydump.md
+++ b/windows/client-management/mdm/policy-csp-memorydump.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - MemoryDump
description: Use the Policy CSP
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - MemoryDump
diff --git a/windows/client-management/mdm/policy-csp-messaging.md b/windows/client-management/mdm/policy-csp-messaging.md
index f002adc108..ea92d4a966 100644
--- a/windows/client-management/mdm/policy-csp-messaging.md
+++ b/windows/client-management/mdm/policy-csp-messaging.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Messaging
description: Enable, and disable, text message backup and restore as well as Messaging Everywhere by using the Policy CSP for messaging.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Messaging
diff --git a/windows/client-management/mdm/policy-csp-mixedreality.md b/windows/client-management/mdm/policy-csp-mixedreality.md
index b0f1607d6b..1467f5ebf7 100644
--- a/windows/client-management/mdm/policy-csp-mixedreality.md
+++ b/windows/client-management/mdm/policy-csp-mixedreality.md
@@ -1,14 +1,14 @@
---
title: Policy CSP - MixedReality
description: Policy CSP - MixedReality
-ms.author: dansimp
+ms.author: vinpa
ms.localizationpriority: medium
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - MixedReality
diff --git a/windows/client-management/mdm/policy-csp-mssecurityguide.md b/windows/client-management/mdm/policy-csp-mssecurityguide.md
index c85466d3ee..d2b17be697 100644
--- a/windows/client-management/mdm/policy-csp-mssecurityguide.md
+++ b/windows/client-management/mdm/policy-csp-mssecurityguide.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - MSSecurityGuide
description: Learn how Policy CSP - MSSecurityGuide, an ADMX-backed policy, requires a special SyncML format to enable or disable.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - MSSecurityGuide
diff --git a/windows/client-management/mdm/policy-csp-msslegacy.md b/windows/client-management/mdm/policy-csp-msslegacy.md
index 83db3103f2..d6d732e4cf 100644
--- a/windows/client-management/mdm/policy-csp-msslegacy.md
+++ b/windows/client-management/mdm/policy-csp-msslegacy.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - MSSLegacy
-description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable.
-ms.author: dansimp
+description: Learn how Policy CSP - MSSLegacy, an ADMX-backed policy, requires a special SyncML format to enable or disable.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - MSSLegacy
diff --git a/windows/client-management/mdm/policy-csp-multitasking.md b/windows/client-management/mdm/policy-csp-multitasking.md
index 9f93048ae9..0329b17188 100644
--- a/windows/client-management/mdm/policy-csp-multitasking.md
+++ b/windows/client-management/mdm/policy-csp-multitasking.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Multitasking
description: Policy CSP - Multitasking
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/30/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Multitasking
diff --git a/windows/client-management/mdm/policy-csp-networkisolation.md b/windows/client-management/mdm/policy-csp-networkisolation.md
index 4b81789c59..d2d4a901b0 100644
--- a/windows/client-management/mdm/policy-csp-networkisolation.md
+++ b/windows/client-management/mdm/policy-csp-networkisolation.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - NetworkIsolation
description: Learn how Policy CSP - NetworkIsolation contains a list of Enterprise resource domains hosted in the cloud that need to be protected.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - NetworkIsolation
diff --git a/windows/client-management/mdm/policy-csp-networklistmanager.md b/windows/client-management/mdm/policy-csp-networklistmanager.md
index 72328ad669..bd33a1ddfa 100644
--- a/windows/client-management/mdm/policy-csp-networklistmanager.md
+++ b/windows/client-management/mdm/policy-csp-networklistmanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - NetworkListManager
description: Policy CSP - NetworkListManager is a setting creates a new MDM policy. This setting allows admins to configure a list of URIs of HTTPS endpoints that are considered secure.
-ms.author: v-nsatapathy
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: nimishasatapathy
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 12/16/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - NetworkListManager
diff --git a/windows/client-management/mdm/policy-csp-newsandinterests.md b/windows/client-management/mdm/policy-csp-newsandinterests.md
index 6eb42f6671..59566c1026 100644
--- a/windows/client-management/mdm/policy-csp-newsandinterests.md
+++ b/windows/client-management/mdm/policy-csp-newsandinterests.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - NewsAndInterests
description: Learn how Policy CSP - NewsandInterests contains a list of news and interests.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - NewsAndInterests
diff --git a/windows/client-management/mdm/policy-csp-notifications.md b/windows/client-management/mdm/policy-csp-notifications.md
index 3039a6845a..32ddde9d1a 100644
--- a/windows/client-management/mdm/policy-csp-notifications.md
+++ b/windows/client-management/mdm/policy-csp-notifications.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Notifications
description: Block applications from using the network to send tile, badge, toast, and raw notifications for Policy CSP - Notifications.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Notifications
diff --git a/windows/client-management/mdm/policy-csp-power.md b/windows/client-management/mdm/policy-csp-power.md
index ca3d7e34bd..117535d8e7 100644
--- a/windows/client-management/mdm/policy-csp-power.md
+++ b/windows/client-management/mdm/policy-csp-power.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Power
description: Learn how the Policy CSP - Power setting manages whether or not Windows is allowed to use standby states when putting the computer in a sleep state.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Power
diff --git a/windows/client-management/mdm/policy-csp-printers.md b/windows/client-management/mdm/policy-csp-printers.md
index 3fe4de393e..bcce2e1390 100644
--- a/windows/client-management/mdm/policy-csp-printers.md
+++ b/windows/client-management/mdm/policy-csp-printers.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Printers
-description: Use this policy setting to control the client Point and Print behavior, including security prompts for Windows Vista computers.
-ms.author: dansimp
+description: Use this policy setting to control the client Point and Print behavior, including security prompts for Windows Vista computers.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Printers
diff --git a/windows/client-management/mdm/policy-csp-privacy.md b/windows/client-management/mdm/policy-csp-privacy.md
index 6f984cad6c..eef582a24e 100644
--- a/windows/client-management/mdm/policy-csp-privacy.md
+++ b/windows/client-management/mdm/policy-csp-privacy.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Privacy
description: Learn how the Policy CSP - Privacy setting allows or disallows the automatic acceptance of the pairing and privacy user consent dialog when launching apps.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Privacy
diff --git a/windows/client-management/mdm/policy-csp-remoteassistance.md b/windows/client-management/mdm/policy-csp-remoteassistance.md
index 0faafb160a..eb47527466 100644
--- a/windows/client-management/mdm/policy-csp-remoteassistance.md
+++ b/windows/client-management/mdm/policy-csp-remoteassistance.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - RemoteAssistance
description: Learn how the Policy CSP - RemoteAssistance setting allows you to specify a custom message to display.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteAssistance
diff --git a/windows/client-management/mdm/policy-csp-remotedesktop.md b/windows/client-management/mdm/policy-csp-remotedesktop.md
index 077e297205..85588a127d 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktop.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktop.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - RemoteDesktop
description: Learn how the Policy CSP - RemoteDesktop setting allows you to specify a custom message to display.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteDesktop
diff --git a/windows/client-management/mdm/policy-csp-remotedesktopservices.md b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
index bc4a782639..09f3f50725 100644
--- a/windows/client-management/mdm/policy-csp-remotedesktopservices.md
+++ b/windows/client-management/mdm/policy-csp-remotedesktopservices.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - RemoteDesktopServices
description: Learn how the Policy CSP - RemoteDesktopServices setting allows you to configure remote access to computers by using Remote Desktop Services.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteDesktopServices
diff --git a/windows/client-management/mdm/policy-csp-remotemanagement.md b/windows/client-management/mdm/policy-csp-remotemanagement.md
index 82936149da..ff88b2a36d 100644
--- a/windows/client-management/mdm/policy-csp-remotemanagement.md
+++ b/windows/client-management/mdm/policy-csp-remotemanagement.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - RemoteManagement
description: Learn how the Policy CSP - RemoteManagement setting allows you to manage whether the Windows Remote Management (WinRM) client uses Basic authentication.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteManagement
diff --git a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
index 29a499d619..8708f25937 100644
--- a/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
+++ b/windows/client-management/mdm/policy-csp-remoteprocedurecall.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - RemoteProcedureCall
description: The Policy CSP - RemoteProcedureCall setting controls whether RPC clients authenticate when the call they're making contains authentication information.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteProcedureCall
diff --git a/windows/client-management/mdm/policy-csp-remoteshell.md b/windows/client-management/mdm/policy-csp-remoteshell.md
index 9596508d36..53820c929c 100644
--- a/windows/client-management/mdm/policy-csp-remoteshell.md
+++ b/windows/client-management/mdm/policy-csp-remoteshell.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - RemoteShell
description: Learn details about the Policy CSP - RemoteShell setting so that you can configure access to remote shells.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RemoteShell
diff --git a/windows/client-management/mdm/policy-csp-restrictedgroups.md b/windows/client-management/mdm/policy-csp-restrictedgroups.md
index 74e05f8d7b..4e4e6b8876 100644
--- a/windows/client-management/mdm/policy-csp-restrictedgroups.md
+++ b/windows/client-management/mdm/policy-csp-restrictedgroups.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - RestrictedGroups
description: Learn how the Policy CSP - RestrictedGroups setting allows an administrator to define the members that are part of a security-sensitive (restricted) group.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 04/07/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - RestrictedGroups
diff --git a/windows/client-management/mdm/policy-csp-search.md b/windows/client-management/mdm/policy-csp-search.md
index 6c61c3e748..60777e520f 100644
--- a/windows/client-management/mdm/policy-csp-search.md
+++ b/windows/client-management/mdm/policy-csp-search.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Search
description: Learn how the Policy CSP - Search setting allows search and Cortana to search cloud sources like OneDrive and SharePoint.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 02/12/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Search
diff --git a/windows/client-management/mdm/policy-csp-security.md b/windows/client-management/mdm/policy-csp-security.md
index 7399515109..dced08216c 100644
--- a/windows/client-management/mdm/policy-csp-security.md
+++ b/windows/client-management/mdm/policy-csp-security.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Security
description: Learn how the Policy CSP - Security setting can specify whether to allow the runtime configuration agent to install provisioning packages.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Security
diff --git a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
index 55e1034d36..20f852795a 100644
--- a/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
+++ b/windows/client-management/mdm/policy-csp-servicecontrolmanager.md
@@ -1,7 +1,7 @@
---
title: Policy CSP - ServiceControlManager
description: Learn how the Policy CSP - ServiceControlManager setting enables process mitigation options on svchost.exe processes.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
diff --git a/windows/client-management/mdm/policy-csp-settings.md b/windows/client-management/mdm/policy-csp-settings.md
index 1b3303cfb8..37e5e21450 100644
--- a/windows/client-management/mdm/policy-csp-settings.md
+++ b/windows/client-management/mdm/policy-csp-settings.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Settings
description: Learn how to use the Policy CSP - Settings setting so that you can allow the user to change Auto Play settings.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Settings
diff --git a/windows/client-management/mdm/policy-csp-smartscreen.md b/windows/client-management/mdm/policy-csp-smartscreen.md
index cb36588175..11d6e32c39 100644
--- a/windows/client-management/mdm/policy-csp-smartscreen.md
+++ b/windows/client-management/mdm/policy-csp-smartscreen.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - SmartScreen
description: Use the Policy CSP - SmartScreen setting to allow IT Admins to control whether users are allowed to install apps from places other than the Store.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - SmartScreen
diff --git a/windows/client-management/mdm/policy-csp-speech.md b/windows/client-management/mdm/policy-csp-speech.md
index f46af42add..b97360b3f1 100644
--- a/windows/client-management/mdm/policy-csp-speech.md
+++ b/windows/client-management/mdm/policy-csp-speech.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Speech
description: Learn how the Policy CSP - Speech setting specifies whether the device will receive updates to the speech recognition and speech synthesis models.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Speech
diff --git a/windows/client-management/mdm/policy-csp-start.md b/windows/client-management/mdm/policy-csp-start.md
index 3eacbd485d..e794d81f7b 100644
--- a/windows/client-management/mdm/policy-csp-start.md
+++ b/windows/client-management/mdm/policy-csp-start.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Start
description: Use the Policy CSP - Start setting to control the visibility of the Documents shortcut on the Start menu.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Start
diff --git a/windows/client-management/mdm/policy-csp-storage.md b/windows/client-management/mdm/policy-csp-storage.md
index a9e43b4855..d0117fde5d 100644
--- a/windows/client-management/mdm/policy-csp-storage.md
+++ b/windows/client-management/mdm/policy-csp-storage.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Storage
description: Learn to use the Policy CSP - Storage settings to automatically clean some of the user’s files to free up disk space.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 03/25/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Storage
diff --git a/windows/client-management/mdm/policy-csp-system.md b/windows/client-management/mdm/policy-csp-system.md
index b44458dd98..4e5c11cbed 100644
--- a/windows/client-management/mdm/policy-csp-system.md
+++ b/windows/client-management/mdm/policy-csp-system.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - System
description: Learn policy settings that determine whether users can access the Insider build controls in the advanced options for Windows Update.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 08/26/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - System
diff --git a/windows/client-management/mdm/policy-csp-systemservices.md b/windows/client-management/mdm/policy-csp-systemservices.md
index 7ecb2141a8..dda3779328 100644
--- a/windows/client-management/mdm/policy-csp-systemservices.md
+++ b/windows/client-management/mdm/policy-csp-systemservices.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - SystemServices
description: Learn how to use the Policy CSP - SystemServices setting to determine whether the service's start type is Automatic(2), Manual(3), Disabled(4).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - SystemServices
diff --git a/windows/client-management/mdm/policy-csp-taskmanager.md b/windows/client-management/mdm/policy-csp-taskmanager.md
index 123b672f38..359565b3aa 100644
--- a/windows/client-management/mdm/policy-csp-taskmanager.md
+++ b/windows/client-management/mdm/policy-csp-taskmanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - TaskManager
description: Learn how to use the Policy CSP - TaskManager setting to determine whether non-administrators can use Task Manager to end tasks.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - TaskManager
diff --git a/windows/client-management/mdm/policy-csp-taskscheduler.md b/windows/client-management/mdm/policy-csp-taskscheduler.md
index 841d5e8f3e..f6493ca356 100644
--- a/windows/client-management/mdm/policy-csp-taskscheduler.md
+++ b/windows/client-management/mdm/policy-csp-taskscheduler.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - TaskScheduler
description: Learn how to use the Policy CSP - TaskScheduler setting to determine whether the specific task is enabled (1) or disabled (0).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - TaskScheduler
diff --git a/windows/client-management/mdm/policy-csp-textinput.md b/windows/client-management/mdm/policy-csp-textinput.md
index 0d6692ed2c..f2976b8893 100644
--- a/windows/client-management/mdm/policy-csp-textinput.md
+++ b/windows/client-management/mdm/policy-csp-textinput.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - TextInput
description: The Policy CSP - TextInput setting allows the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 03/03/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - TextInput
diff --git a/windows/client-management/mdm/policy-csp-timelanguagesettings.md b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
index a580e736f3..610c3a4580 100644
--- a/windows/client-management/mdm/policy-csp-timelanguagesettings.md
+++ b/windows/client-management/mdm/policy-csp-timelanguagesettings.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - TimeLanguageSettings
description: Learn to use the Policy CSP - TimeLanguageSettings setting to specify the time zone to be applied to the device.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/28/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - TimeLanguageSettings
diff --git a/windows/client-management/mdm/policy-csp-troubleshooting.md b/windows/client-management/mdm/policy-csp-troubleshooting.md
index d588058db0..44b6119a56 100644
--- a/windows/client-management/mdm/policy-csp-troubleshooting.md
+++ b/windows/client-management/mdm/policy-csp-troubleshooting.md
@@ -1,11 +1,11 @@
---
title: Policy CSP - Troubleshooting
description: The Policy CSP - Troubleshooting setting allows IT admins to configure how to apply recommended troubleshooting for known problems on the devices in their domains.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MariciaAlforque
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
---
diff --git a/windows/client-management/mdm/policy-csp-update.md b/windows/client-management/mdm/policy-csp-update.md
index 53012c6503..384768cd58 100644
--- a/windows/client-management/mdm/policy-csp-update.md
+++ b/windows/client-management/mdm/policy-csp-update.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Update
description: The Policy CSP - Update allows the IT admin, when used with Update/ActiveHoursStart, to manage a range of active hours where update reboots aren't scheduled.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 06/15/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.collection: highpri
---
diff --git a/windows/client-management/mdm/policy-csp-userrights.md b/windows/client-management/mdm/policy-csp-userrights.md
index 9d126f072e..628076c675 100644
--- a/windows/client-management/mdm/policy-csp-userrights.md
+++ b/windows/client-management/mdm/policy-csp-userrights.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - UserRights
description: Learn how user rights are assigned for user accounts or groups, and how the name of the policy defines the user right in question.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/24/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - UserRights
diff --git a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
index 4d39b65348..1647ce615c 100644
--- a/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
+++ b/windows/client-management/mdm/policy-csp-virtualizationbasedtechnology.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - VirtualizationBasedTechnology
description: Learn to use the Policy CSP - VirtualizationBasedTechnology setting to control the state of Hypervisor-protected Code Integrity (HVCI) on devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: alekyaj
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/25/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - VirtualizationBasedTechnology
diff --git a/windows/client-management/mdm/policy-csp-wifi.md b/windows/client-management/mdm/policy-csp-wifi.md
index 5306104d5c..8d71416429 100644
--- a/windows/client-management/mdm/policy-csp-wifi.md
+++ b/windows/client-management/mdm/policy-csp-wifi.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - Wifi
description: Learn how the Policy CSP - Wifi setting allows or disallows the device to automatically connect to Wi-Fi hotspots.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - Wifi
diff --git a/windows/client-management/mdm/policy-csp-windowsautopilot.md b/windows/client-management/mdm/policy-csp-windowsautopilot.md
index 5f934b05bd..80be71fb1a 100644
--- a/windows/client-management/mdm/policy-csp-windowsautopilot.md
+++ b/windows/client-management/mdm/policy-csp-windowsautopilot.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - WindowsAutoPilot
description: Learn to use the Policy CSP - WindowsAutoPilot setting to enable or disable Autopilot Agility feature.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: alekyaj
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 11/25/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsAutoPilot
diff --git a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
index efce371108..8ebc7d88fe 100644
--- a/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
+++ b/windows/client-management/mdm/policy-csp-windowsconnectionmanager.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - WindowsConnectionManager
description: The Policy CSP - WindowsConnectionManager setting prevents computers from connecting to a domain-based network and a non-domain-based network simultaneously.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsConnectionManager
diff --git a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
index 665a0824e5..874ba7b1ce 100644
--- a/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
+++ b/windows/client-management/mdm/policy-csp-windowsdefendersecuritycenter.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - WindowsDefenderSecurityCenter
-description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center.
-ms.author: dansimp
+description: Learn how to use the Policy CSP - WindowsDefenderSecurityCenter setting to display the Account protection area in Windows Defender Security Center.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsDefenderSecurityCenter
diff --git a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
index b6cd4ac1ab..6879085541 100644
--- a/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
+++ b/windows/client-management/mdm/policy-csp-windowsinkworkspace.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - WindowsInkWorkspace
description: Learn to use the Policy CSP - WindowsInkWorkspace setting to specify whether to allow the user to access the ink workspace.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsInkWorkspace
diff --git a/windows/client-management/mdm/policy-csp-windowslogon.md b/windows/client-management/mdm/policy-csp-windowslogon.md
index 4951a14248..bb762016fc 100644
--- a/windows/client-management/mdm/policy-csp-windowslogon.md
+++ b/windows/client-management/mdm/policy-csp-windowslogon.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - WindowsLogon
description: Use the Policy CSP - WindowsLogon setting to control whether a device automatically signs in and locks the last interactive user after the system restarts.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsLogon
diff --git a/windows/client-management/mdm/policy-csp-windowspowershell.md b/windows/client-management/mdm/policy-csp-windowspowershell.md
index 2aa49f3cfb..e03c8cee0e 100644
--- a/windows/client-management/mdm/policy-csp-windowspowershell.md
+++ b/windows/client-management/mdm/policy-csp-windowspowershell.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - WindowsPowerShell
description: Use the Policy CSP - WindowsPowerShell setting to enable logging of all PowerShell script input to the Microsoft-Windows-PowerShell/Operational event log.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WindowsPowerShell
diff --git a/windows/client-management/mdm/policy-csp-windowssandbox.md b/windows/client-management/mdm/policy-csp-windowssandbox.md
index 8a946c0358..b66b784a64 100644
--- a/windows/client-management/mdm/policy-csp-windowssandbox.md
+++ b/windows/client-management/mdm/policy-csp-windowssandbox.md
@@ -1,11 +1,11 @@
---
title: Policy CSP - WindowsSandbox
description: Policy CSP - WindowsSandbox
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/14/2020
---
diff --git a/windows/client-management/mdm/policy-csp-wirelessdisplay.md b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
index 54953f93ee..f3891cb68f 100644
--- a/windows/client-management/mdm/policy-csp-wirelessdisplay.md
+++ b/windows/client-management/mdm/policy-csp-wirelessdisplay.md
@@ -1,15 +1,15 @@
---
title: Policy CSP - WirelessDisplay
description: Use the Policy CSP - WirelessDisplay setting to turn off the Wireless Display multicast DNS service advertisement from a Wireless Display receiver.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/27/2019
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Policy CSP - WirelessDisplay
diff --git a/windows/client-management/mdm/policy-ddf-file.md b/windows/client-management/mdm/policy-ddf-file.md
index bffc844378..16bce236f5 100644
--- a/windows/client-management/mdm/policy-ddf-file.md
+++ b/windows/client-management/mdm/policy-ddf-file.md
@@ -2,12 +2,12 @@
title: Policy DDF file
description: Learn about the OMA DM device description framework (DDF) for the Policy configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 10/28/2020
---
diff --git a/windows/client-management/mdm/provisioning-csp.md b/windows/client-management/mdm/provisioning-csp.md
index cf2bf86897..5b0882d135 100644
--- a/windows/client-management/mdm/provisioning-csp.md
+++ b/windows/client-management/mdm/provisioning-csp.md
@@ -2,12 +2,12 @@
title: Provisioning CSP
description: The Provisioning configuration service provider is used for bulk user enrollment to an MDM service.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/push-notification-windows-mdm.md b/windows/client-management/mdm/push-notification-windows-mdm.md
index 5c41f9aa36..5f5f318d06 100644
--- a/windows/client-management/mdm/push-notification-windows-mdm.md
+++ b/windows/client-management/mdm/push-notification-windows-mdm.md
@@ -1,16 +1,16 @@
---
title: Push notification support for device management
description: The DMClient CSP supports the ability to configure push-initiated device management sessions.
-MS-HAID:
-- 'p\_phdevicemgmt.push\_notification\_support\_for\_device\_management'
-- 'p\_phDeviceMgmt.push\_notification\_windows\_mdm'
+MS-HAID:
+ - 'p\_phdevicemgmt.push\_notification\_support\_for\_device\_management'
+ - 'p\_phDeviceMgmt.push\_notification\_windows\_mdm'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/22/2017
---
diff --git a/windows/client-management/mdm/pxlogical-csp.md b/windows/client-management/mdm/pxlogical-csp.md
index cae3527452..78bb60896b 100644
--- a/windows/client-management/mdm/pxlogical-csp.md
+++ b/windows/client-management/mdm/pxlogical-csp.md
@@ -2,12 +2,12 @@
title: PXLOGICAL configuration service provider
description: The PXLOGICAL configuration service provider is used to add, remove, or modify WAP logical and physical proxies by using WAP or the standard Windows techniques.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/reboot-csp.md b/windows/client-management/mdm/reboot-csp.md
index 1934327705..50bb03819f 100644
--- a/windows/client-management/mdm/reboot-csp.md
+++ b/windows/client-management/mdm/reboot-csp.md
@@ -2,12 +2,12 @@
title: Reboot CSP
description: Learn how the Reboot configuration service provider (CSP) is used to configure reboot settings.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/reboot-ddf-file.md b/windows/client-management/mdm/reboot-ddf-file.md
index ec6084c3b0..3628eaf7e4 100644
--- a/windows/client-management/mdm/reboot-ddf-file.md
+++ b/windows/client-management/mdm/reboot-ddf-file.md
@@ -2,12 +2,12 @@
title: Reboot DDF file
description: This topic shows the OMA DM device description framework (DDF) for the Reboot configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/reclaim-seat-from-user.md b/windows/client-management/mdm/reclaim-seat-from-user.md
index c5f35430d4..bdd37fcbbe 100644
--- a/windows/client-management/mdm/reclaim-seat-from-user.md
+++ b/windows/client-management/mdm/reclaim-seat-from-user.md
@@ -2,12 +2,12 @@
title: Reclaim seat from user
description: The Reclaim seat from user operation returns reclaimed seats for a user in the Microsoft Store for Business.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/05/2020
---
diff --git a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
index a51ff42cae..c73053417b 100644
--- a/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
+++ b/windows/client-management/mdm/register-your-free-azure-active-directory-subscription.md
@@ -2,12 +2,12 @@
title: Register your free Azure Active Directory subscription
description: Paid subscribers to Office 365, Microsoft Dynamics CRM Online, Enterprise Mobility Suite, or other Microsoft services, have a free subscription to Azure AD.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/remotefind-csp.md b/windows/client-management/mdm/remotefind-csp.md
index 4453fedf30..96140781af 100644
--- a/windows/client-management/mdm/remotefind-csp.md
+++ b/windows/client-management/mdm/remotefind-csp.md
@@ -2,12 +2,12 @@
title: RemoteFind CSP
description: The RemoteFind configuration service provider retrieves the location information for a particular device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/remotefind-ddf-file.md b/windows/client-management/mdm/remotefind-ddf-file.md
index 1cc00be86b..e92498a5f3 100644
--- a/windows/client-management/mdm/remotefind-ddf-file.md
+++ b/windows/client-management/mdm/remotefind-ddf-file.md
@@ -2,12 +2,12 @@
title: RemoteFind DDF file
description: This topic shows the OMA DM device description framework (DDF) for the RemoteFind configuration service provider. DDF files are used only with OMA DM provisioning XML.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/remotering-csp.md b/windows/client-management/mdm/remotering-csp.md
index 0e0012bb4b..441f69fe60 100644
--- a/windows/client-management/mdm/remotering-csp.md
+++ b/windows/client-management/mdm/remotering-csp.md
@@ -2,12 +2,12 @@
title: RemoteRing CSP
description: The RemoteRing CSP can be used to remotely trigger a device to produce an audible ringing sound regardless of the volume that's set on the device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/remotewipe-csp.md b/windows/client-management/mdm/remotewipe-csp.md
index 8417d9c8af..07413835c9 100644
--- a/windows/client-management/mdm/remotewipe-csp.md
+++ b/windows/client-management/mdm/remotewipe-csp.md
@@ -2,12 +2,12 @@
title: RemoteWipe CSP
description: Learn how the RemoteWipe configuration service provider (CSP) can be used by mobile operators DM server or enterprise management server to remotely wipe a device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2018
---
diff --git a/windows/client-management/mdm/remotewipe-ddf-file.md b/windows/client-management/mdm/remotewipe-ddf-file.md
index b78051384b..290767b7a1 100644
--- a/windows/client-management/mdm/remotewipe-ddf-file.md
+++ b/windows/client-management/mdm/remotewipe-ddf-file.md
@@ -2,12 +2,12 @@
title: RemoteWipe DDF file
description: Learn about the OMA DM device description framework (DDF) for the RemoteWipe configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2018
---
diff --git a/windows/client-management/mdm/reporting-csp.md b/windows/client-management/mdm/reporting-csp.md
index b35de0f323..79814579cb 100644
--- a/windows/client-management/mdm/reporting-csp.md
+++ b/windows/client-management/mdm/reporting-csp.md
@@ -2,12 +2,12 @@
title: Reporting CSP
description: The Reporting configuration service provider is used to retrieve Windows Information Protection (formerly known as Enterprise Data Protection) and security auditing logs.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/reporting-ddf-file.md b/windows/client-management/mdm/reporting-ddf-file.md
index ac2bc0f113..a18c3cb3b6 100644
--- a/windows/client-management/mdm/reporting-ddf-file.md
+++ b/windows/client-management/mdm/reporting-ddf-file.md
@@ -2,12 +2,12 @@
title: Reporting DDF file
description: View the OMA DM device description framework (DDF) for the Reporting configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
index ef51421942..3dc28440bd 100644
--- a/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
+++ b/windows/client-management/mdm/rest-api-reference-windows-store-for-business.md
@@ -1,16 +1,16 @@
---
title: REST API reference for Microsoft Store for Business
description: Learn how the REST API reference for Microsoft Store for Business includes available operations and data structures.
-MS-HAID:
-- 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference'
-- 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business'
+MS-HAID:
+ - 'p\_phdevicemgmt.business\_store\_portal\_management\_rest\_api\_reference'
+ - 'p\_phDeviceMgmt.rest\_api\_reference\_windows\_store\_for\_Business'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/18/2017
---
diff --git a/windows/client-management/mdm/rootcacertificates-csp.md b/windows/client-management/mdm/rootcacertificates-csp.md
index cbfbf19ba1..0ff47616c0 100644
--- a/windows/client-management/mdm/rootcacertificates-csp.md
+++ b/windows/client-management/mdm/rootcacertificates-csp.md
@@ -2,12 +2,12 @@
title: RootCATrustedCertificates CSP
description: Learn how the RootCATrustedCertificates configuration service provider (CSP) enables the enterprise to set the Root Certificate Authority (CA) certificates.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/06/2018
---
diff --git a/windows/client-management/mdm/rootcacertificates-ddf-file.md b/windows/client-management/mdm/rootcacertificates-ddf-file.md
index cc11893ef0..67f5c3a6d7 100644
--- a/windows/client-management/mdm/rootcacertificates-ddf-file.md
+++ b/windows/client-management/mdm/rootcacertificates-ddf-file.md
@@ -2,12 +2,12 @@
title: RootCATrustedCertificates DDF file
description: Learn about the OMA DM device description framework (DDF) for the RootCACertificates configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/07/2018
---
diff --git a/windows/client-management/mdm/secureassessment-csp.md b/windows/client-management/mdm/secureassessment-csp.md
index b973e23145..2f16f647de 100644
--- a/windows/client-management/mdm/secureassessment-csp.md
+++ b/windows/client-management/mdm/secureassessment-csp.md
@@ -2,12 +2,12 @@
title: SecureAssessment CSP
description: Learn how the SecureAssessment configuration service provider (CSP) is used to provide configuration information for the secure assessment browser.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/secureassessment-ddf-file.md b/windows/client-management/mdm/secureassessment-ddf-file.md
index 9c0896a99d..67118163ea 100644
--- a/windows/client-management/mdm/secureassessment-ddf-file.md
+++ b/windows/client-management/mdm/secureassessment-ddf-file.md
@@ -2,12 +2,12 @@
title: SecureAssessment DDF file
description: View the OMA DM device description framework (DDF) for the SecureAssessment configuration service provider. DDF files are used only with OMA DM provisioning XML
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/securitypolicy-csp.md b/windows/client-management/mdm/securitypolicy-csp.md
index 0f55bf6958..a3f9722270 100644
--- a/windows/client-management/mdm/securitypolicy-csp.md
+++ b/windows/client-management/mdm/securitypolicy-csp.md
@@ -2,12 +2,12 @@
title: SecurityPolicy CSP
description: The SecurityPolicy CSP is used to configure security policy settings for WAP push, OMA DM, Service Indication (SI), Service Loading (SL), and MMS.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/server-requirements-windows-mdm.md b/windows/client-management/mdm/server-requirements-windows-mdm.md
index f0cade5d43..1f89f971a0 100644
--- a/windows/client-management/mdm/server-requirements-windows-mdm.md
+++ b/windows/client-management/mdm/server-requirements-windows-mdm.md
@@ -1,16 +1,16 @@
---
title: Server requirements for using OMA DM to manage Windows devices
description: Learn about the general server requirements for using OMA DM to manage Windows devices, including the supported versions of OMA DM.
-MS-HAID:
-- 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm'
-- 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm'
+MS-HAID:
+ - 'p\_phDeviceMgmt.server\_requirements\_for\_oma\_dm'
+ - 'p\_phDeviceMgmt.server\_requirements\_windows\_mdm'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/sharedpc-csp.md b/windows/client-management/mdm/sharedpc-csp.md
index f1c190ab44..1e4509043f 100644
--- a/windows/client-management/mdm/sharedpc-csp.md
+++ b/windows/client-management/mdm/sharedpc-csp.md
@@ -2,12 +2,12 @@
title: SharedPC CSP
description: Learn how the SharedPC configuration service provider is used to configure settings for Shared PC usage.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 01/16/2019
---
diff --git a/windows/client-management/mdm/sharedpc-ddf-file.md b/windows/client-management/mdm/sharedpc-ddf-file.md
index 359f191981..1eb414317a 100644
--- a/windows/client-management/mdm/sharedpc-ddf-file.md
+++ b/windows/client-management/mdm/sharedpc-ddf-file.md
@@ -2,12 +2,12 @@
title: SharedPC DDF file
description: Learn how the OMA DM device description framework (DDF) for the SharedPC configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/storage-csp.md b/windows/client-management/mdm/storage-csp.md
index d9df5b94c6..03f3fe6afa 100644
--- a/windows/client-management/mdm/storage-csp.md
+++ b/windows/client-management/mdm/storage-csp.md
@@ -2,12 +2,12 @@
title: Storage CSP
description: Learn how the Storage enterprise configuration service provider (CSP) is used to configure the storage card settings.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/storage-ddf-file.md b/windows/client-management/mdm/storage-ddf-file.md
index c5870a9cb4..4d2a9283a7 100644
--- a/windows/client-management/mdm/storage-ddf-file.md
+++ b/windows/client-management/mdm/storage-ddf-file.md
@@ -2,12 +2,12 @@
title: Storage DDF file
description: Learn about the OMA DM device description framework (DDF) for the Storage configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
index 15ee879130..d34d3c1746 100644
--- a/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
+++ b/windows/client-management/mdm/structure-of-oma-dm-provisioning-files.md
@@ -2,12 +2,12 @@
title: Structure of OMA DM provisioning files
description: Learn about the structure of OMA DM provisioning files, for example how each message is composed of a header, specified by the SyncHdr element, and a message body.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/supl-csp.md b/windows/client-management/mdm/supl-csp.md
index 42cfa00702..802b366a55 100644
--- a/windows/client-management/mdm/supl-csp.md
+++ b/windows/client-management/mdm/supl-csp.md
@@ -2,12 +2,12 @@
title: SUPL CSP
description: Learn how the SUPL configuration service provider (CSP) is used to configure the location client.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/12/2019
---
diff --git a/windows/client-management/mdm/supl-ddf-file.md b/windows/client-management/mdm/supl-ddf-file.md
index 5d250c07da..62a7531702 100644
--- a/windows/client-management/mdm/supl-ddf-file.md
+++ b/windows/client-management/mdm/supl-ddf-file.md
@@ -2,12 +2,12 @@
title: SUPL DDF file
description: This topic shows the OMA DM device description framework (DDF) for the SUPL configuration service provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/03/2020
---
diff --git a/windows/client-management/mdm/surfacehub-csp.md b/windows/client-management/mdm/surfacehub-csp.md
index 7dc0ffb4eb..a7ea49f35d 100644
--- a/windows/client-management/mdm/surfacehub-csp.md
+++ b/windows/client-management/mdm/surfacehub-csp.md
@@ -2,12 +2,12 @@
title: SurfaceHub CSP
description: The SurfaceHub configuration service provider (CSP) is used to configure Microsoft Surface Hub settings. This CSP was added in Windows 10, version 1511.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/28/2017
---
diff --git a/windows/client-management/mdm/surfacehub-ddf-file.md b/windows/client-management/mdm/surfacehub-ddf-file.md
index 1a8a825bde..3f66986007 100644
--- a/windows/client-management/mdm/surfacehub-ddf-file.md
+++ b/windows/client-management/mdm/surfacehub-ddf-file.md
@@ -2,12 +2,12 @@
title: SurfaceHub DDF file
description: This topic shows the OMA DM device description framework (DDF) for the SurfaceHub configuration service provider. This CSP was added in Windows 10, version 1511.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/tenantlockdown-csp.md b/windows/client-management/mdm/tenantlockdown-csp.md
index a4b4565694..c271871ce1 100644
--- a/windows/client-management/mdm/tenantlockdown-csp.md
+++ b/windows/client-management/mdm/tenantlockdown-csp.md
@@ -1,14 +1,14 @@
---
title: TenantLockdown CSP
description: To lock a device to a tenant to prevent accidental or intentional resets or wipes, use the TenantLockdown configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# TenantLockdown CSP
diff --git a/windows/client-management/mdm/tenantlockdown-ddf.md b/windows/client-management/mdm/tenantlockdown-ddf.md
index e85778cb28..12dc9f5348 100644
--- a/windows/client-management/mdm/tenantlockdown-ddf.md
+++ b/windows/client-management/mdm/tenantlockdown-ddf.md
@@ -1,14 +1,14 @@
---
title: TenantLockdown DDF file
description: XML file containing the device description framework for the TenantLockdown configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/13/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# TenantLockdown DDF file
diff --git a/windows/client-management/mdm/tpmpolicy-csp.md b/windows/client-management/mdm/tpmpolicy-csp.md
index 698e2bf85e..14bb56f7ca 100644
--- a/windows/client-management/mdm/tpmpolicy-csp.md
+++ b/windows/client-management/mdm/tpmpolicy-csp.md
@@ -1,14 +1,14 @@
---
title: TPMPolicy CSP
description: The TPMPolicy configuration service provider (CSP) provides a mechanism to enable zero-exhaust configuration on a Windows device for TPM software components.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/01/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# TPMPolicy CSP
diff --git a/windows/client-management/mdm/tpmpolicy-ddf-file.md b/windows/client-management/mdm/tpmpolicy-ddf-file.md
index 5cd81b56b7..42f7a373d5 100644
--- a/windows/client-management/mdm/tpmpolicy-ddf-file.md
+++ b/windows/client-management/mdm/tpmpolicy-ddf-file.md
@@ -1,14 +1,14 @@
---
title: TPMPolicy DDF file
description: Learn about the OMA DM device description framework (DDF) for the TPMPolicy configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# TPMPolicy DDF file
diff --git a/windows/client-management/mdm/uefi-csp.md b/windows/client-management/mdm/uefi-csp.md
index fd47c179fa..b1fd8cdde4 100644
--- a/windows/client-management/mdm/uefi-csp.md
+++ b/windows/client-management/mdm/uefi-csp.md
@@ -1,14 +1,14 @@
---
title: UEFI CSP
description: The Uefi CSP interfaces to UEFI's Device Firmware Configuration Interface (DFCI) to make BIOS configuration changes.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/02/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# UEFI CSP
diff --git a/windows/client-management/mdm/uefi-ddf.md b/windows/client-management/mdm/uefi-ddf.md
index 0124a0a281..51dec0bdd7 100644
--- a/windows/client-management/mdm/uefi-ddf.md
+++ b/windows/client-management/mdm/uefi-ddf.md
@@ -1,14 +1,14 @@
---
title: UEFI DDF file
description: Learn about the OMA DM device description framework (DDF) for the Uefi configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/02/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# UEFI DDF file
diff --git a/windows/client-management/mdm/understanding-admx-backed-policies.md b/windows/client-management/mdm/understanding-admx-backed-policies.md
index da5516f990..c21a7a2573 100644
--- a/windows/client-management/mdm/understanding-admx-backed-policies.md
+++ b/windows/client-management/mdm/understanding-admx-backed-policies.md
@@ -1,14 +1,14 @@
---
title: Understanding ADMX policies
description: In Windows 10, you can use ADMX policies for Windows 10 mobile device management (MDM) across Windows 10 devices.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Understanding ADMX policies
diff --git a/windows/client-management/mdm/unifiedwritefilter-csp.md b/windows/client-management/mdm/unifiedwritefilter-csp.md
index 46abb8acab..6e9a7e9322 100644
--- a/windows/client-management/mdm/unifiedwritefilter-csp.md
+++ b/windows/client-management/mdm/unifiedwritefilter-csp.md
@@ -2,12 +2,12 @@
title: UnifiedWriteFilter CSP
description: The UnifiedWriteFilter (UWF) configuration service provider allows you to remotely manage the UWF. Understand how it helps protect physical storage media.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/unifiedwritefilter-ddf.md b/windows/client-management/mdm/unifiedwritefilter-ddf.md
index 51a25e686a..f6cfcd2307 100644
--- a/windows/client-management/mdm/unifiedwritefilter-ddf.md
+++ b/windows/client-management/mdm/unifiedwritefilter-ddf.md
@@ -2,12 +2,12 @@
title: UnifiedWriteFilter DDF File
description: UnifiedWriteFilter DDF File
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/universalprint-csp.md b/windows/client-management/mdm/universalprint-csp.md
index fab5cf6f5e..bb4cae4a7b 100644
--- a/windows/client-management/mdm/universalprint-csp.md
+++ b/windows/client-management/mdm/universalprint-csp.md
@@ -1,14 +1,14 @@
---
title: UniversalPrint CSP
description: Learn how the UniversalPrint configuration service provider (CSP) is used to install printers on Windows client devices.
-ms.author: mandia
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MandiOhlinger
+author: vinaypamnani-msft
ms.date: 06/02/2022
ms.reviewer: jimwu
-manager: dougeby
+manager: aaroncz
---
# UniversalPrint CSP
diff --git a/windows/client-management/mdm/universalprint-ddf-file.md b/windows/client-management/mdm/universalprint-ddf-file.md
index cc624c9c29..6e8412dfa0 100644
--- a/windows/client-management/mdm/universalprint-ddf-file.md
+++ b/windows/client-management/mdm/universalprint-ddf-file.md
@@ -1,14 +1,14 @@
---
title: UniversalPrint DDF file
description: UniversalPrint DDF file
-ms.author: mandia
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: MandiOhlinger
+author: vinaypamnani-msft
ms.date: 06/02/2022
ms.reviewer: jimwu
-manager: dougeby
+manager: aaroncz
---
# UniversalPrint DDF file
diff --git a/windows/client-management/mdm/update-csp.md b/windows/client-management/mdm/update-csp.md
index 8924365745..e7c54fb69a 100644
--- a/windows/client-management/mdm/update-csp.md
+++ b/windows/client-management/mdm/update-csp.md
@@ -2,12 +2,12 @@
title: Update CSP
description: Learn how the Update configuration service provider (CSP) enables IT administrators to manage and control the rollout of new updates.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/23/2018
---
diff --git a/windows/client-management/mdm/update-ddf-file.md b/windows/client-management/mdm/update-ddf-file.md
index 3daad32697..06da8be6f1 100644
--- a/windows/client-management/mdm/update-ddf-file.md
+++ b/windows/client-management/mdm/update-ddf-file.md
@@ -2,12 +2,12 @@
title: Update DDF file
description: Learn about the OMA DM device description framework (DDF) for the Update configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/23/2018
---
diff --git a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
index 6d66ae073b..d42e777b93 100644
--- a/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
+++ b/windows/client-management/mdm/using-powershell-scripting-with-the-wmi-bridge-provider.md
@@ -2,12 +2,12 @@
title: Using PowerShell scripting with the WMI Bridge Provider
description: This topic covers using PowerShell Cmdlet scripts to configure per-user and per-device policy settings, and how to invoke methods through the WMI Bridge Provider.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/vpn-csp.md b/windows/client-management/mdm/vpn-csp.md
index e26ae9c716..6d484acd8d 100644
--- a/windows/client-management/mdm/vpn-csp.md
+++ b/windows/client-management/mdm/vpn-csp.md
@@ -2,12 +2,12 @@
title: VPN CSP
description: Learn how the VPN configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 04/02/2017
---
diff --git a/windows/client-management/mdm/vpn-ddf-file.md b/windows/client-management/mdm/vpn-ddf-file.md
index a59443bf05..4cf629cb79 100644
--- a/windows/client-management/mdm/vpn-ddf-file.md
+++ b/windows/client-management/mdm/vpn-ddf-file.md
@@ -2,12 +2,12 @@
title: VPN DDF file
description: Learn about the OMA DM device description framework (DDF) for the VPN configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/vpnv2-csp.md b/windows/client-management/mdm/vpnv2-csp.md
index 053e642943..fb60f1756f 100644
--- a/windows/client-management/mdm/vpnv2-csp.md
+++ b/windows/client-management/mdm/vpnv2-csp.md
@@ -2,12 +2,12 @@
title: VPNv2 CSP
description: Learn how the VPNv2 configuration service provider (CSP) allows the mobile device management (MDM) server to configure the VPN profile of the device.
ms.reviewer: pesmith
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/21/2021
---
diff --git a/windows/client-management/mdm/vpnv2-ddf-file.md b/windows/client-management/mdm/vpnv2-ddf-file.md
index d94de5b3c6..ec744e211f 100644
--- a/windows/client-management/mdm/vpnv2-ddf-file.md
+++ b/windows/client-management/mdm/vpnv2-ddf-file.md
@@ -2,12 +2,12 @@
title: VPNv2 DDF file
description: This topic shows the OMA DM device description framework (DDF) for the VPNv2 configuration service provider.
ms.reviewer: pesmith
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 10/30/2020
---
diff --git a/windows/client-management/mdm/vpnv2-profile-xsd.md b/windows/client-management/mdm/vpnv2-profile-xsd.md
index b1daeaf543..6e67b7102c 100644
--- a/windows/client-management/mdm/vpnv2-profile-xsd.md
+++ b/windows/client-management/mdm/vpnv2-profile-xsd.md
@@ -1,13 +1,13 @@
---
title: ProfileXML XSD
description: Here's the XSD for the ProfileXML node in VPNv2 CSP for Windows 10 and some profile examples.
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+ms.reviewer:
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/14/2020
---
diff --git a/windows/client-management/mdm/w4-application-csp.md b/windows/client-management/mdm/w4-application-csp.md
index a8d705d870..7bc64259b1 100644
--- a/windows/client-management/mdm/w4-application-csp.md
+++ b/windows/client-management/mdm/w4-application-csp.md
@@ -2,12 +2,12 @@
title: w4 APPLICATION CSP
description: Use an APPLICATION configuration service provider (CSP) that has an APPID of w4 to configure Multimedia Messaging Service (MMS).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/w7-application-csp.md b/windows/client-management/mdm/w7-application-csp.md
index cf703e5dca..f5dc037820 100644
--- a/windows/client-management/mdm/w7-application-csp.md
+++ b/windows/client-management/mdm/w7-application-csp.md
@@ -2,12 +2,12 @@
title: w7 APPLICATION CSP
description: Learn that the APPLICATION configuration service provider (CSP) that has an APPID of w7 is used for bootstrapping a device with an OMA DM account.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/wifi-csp.md b/windows/client-management/mdm/wifi-csp.md
index 4c2daf739b..60791f3a53 100644
--- a/windows/client-management/mdm/wifi-csp.md
+++ b/windows/client-management/mdm/wifi-csp.md
@@ -1,13 +1,13 @@
---
title: WiFi CSP
-description: The WiFi configuration service provider (CSP) provides the functionality to add or delete Wi-Fi networks on a Windows device.
+description: The WiFi configuration service provider (CSP) provides the functionality to add or delete Wi-Fi networks on a Windows device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/18/2019
---
diff --git a/windows/client-management/mdm/wifi-ddf-file.md b/windows/client-management/mdm/wifi-ddf-file.md
index 295832f932..3f1d8d46e7 100644
--- a/windows/client-management/mdm/wifi-ddf-file.md
+++ b/windows/client-management/mdm/wifi-ddf-file.md
@@ -2,12 +2,12 @@
title: WiFi DDF file
description: Learn about the OMA DM device description framework (DDF) for the WiFi configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/28/2018
---
diff --git a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
index f822a664d9..824f17444b 100644
--- a/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
+++ b/windows/client-management/mdm/win32-and-centennial-app-policy-configuration.md
@@ -1,14 +1,14 @@
---
title: Win32 and Desktop Bridge app ADMX policy Ingestion
description: Starting in Windows 10, version 1703, you can ingest ADMX files and set those ADMX policies for Win32 and Desktop Bridge apps.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 03/23/2020
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Win32 and Desktop Bridge app ADMX policy Ingestion
diff --git a/windows/client-management/mdm/win32appinventory-csp.md b/windows/client-management/mdm/win32appinventory-csp.md
index c3d3098f0a..82a4e341dd 100644
--- a/windows/client-management/mdm/win32appinventory-csp.md
+++ b/windows/client-management/mdm/win32appinventory-csp.md
@@ -2,12 +2,12 @@
title: Win32AppInventory CSP
description: Learn how the Win32AppInventory configuration service provider (CSP) is used to provide an inventory of installed applications on a device.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/win32appinventory-ddf-file.md b/windows/client-management/mdm/win32appinventory-ddf-file.md
index cbb05d50b8..9cd08b73e2 100644
--- a/windows/client-management/mdm/win32appinventory-ddf-file.md
+++ b/windows/client-management/mdm/win32appinventory-ddf-file.md
@@ -2,12 +2,12 @@
title: Win32AppInventory DDF file
description: Learn about the OMA DM device description framework (DDF) for the Win32AppInventory configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-csp.md b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
index ea3289d926..816e68336d 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-csp.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-csp.md
@@ -1,14 +1,14 @@
---
title: Win32CompatibilityAppraiser CSP
description: Learn how the Win32CompatibilityAppraiser configuration service provider enables the IT admin to query the current status of the Appraiser and UTC telemetry health.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/19/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Win32CompatibilityAppraiser CSP
diff --git a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
index 057c668a74..56b7cbd8ed 100644
--- a/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
+++ b/windows/client-management/mdm/win32compatibilityappraiser-ddf.md
@@ -1,14 +1,14 @@
---
title: Win32CompatibilityAppraiser DDF file
description: Learn about the XML file containing the device description framework for the Win32CompatibilityAppraiser configuration service provider.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/19/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# Win32CompatibilityAppraiser DDF file
diff --git a/windows/client-management/mdm/windows-mdm-enterprise-settings.md b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
index 6ae938bf13..0c7b48f2a8 100644
--- a/windows/client-management/mdm/windows-mdm-enterprise-settings.md
+++ b/windows/client-management/mdm/windows-mdm-enterprise-settings.md
@@ -1,16 +1,16 @@
---
title: Enterprise settings, policies, and app management
description: The DM client manages the interaction between a device and a server. Learn more about the client-server management workflow.
-MS-HAID:
-- 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management'
-- 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings'
+MS-HAID:
+ - 'p\_phdevicemgmt.enterprise\_settings\_\_policies\_\_and\_app\_management'
+ - 'p\_phDeviceMgmt.windows\_mdm\_enterprise\_settings'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
index 153d3dd342..48b0ea237e 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-csp.md
@@ -2,12 +2,12 @@
title: WindowsAdvancedThreatProtection CSP
description: The Windows Defender Advanced Threat Protection (WDATP) CSP allows IT Admins to onboard, determine configuration and health status, and offboard endpoints for WDATP.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/01/2017
---
diff --git a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
index 044557e1f2..cddb4f73e0 100644
--- a/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
+++ b/windows/client-management/mdm/windowsadvancedthreatprotection-ddf.md
@@ -3,12 +3,12 @@ title: WindowsAdvancedThreatProtection DDF file
description: Learn about the OMA DM device description framework (DDF) for the WindowsAdvancedThreatProtection configuration service provider (CSP).
ms.assetid: 0C62A790-4351-48AF-89FD-7D46C42D13E0
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 12/05/2017
---
diff --git a/windows/client-management/mdm/windowsautopilot-csp.md b/windows/client-management/mdm/windowsautopilot-csp.md
index f1a5f8bb5b..b50630eea2 100644
--- a/windows/client-management/mdm/windowsautopilot-csp.md
+++ b/windows/client-management/mdm/windowsautopilot-csp.md
@@ -2,12 +2,12 @@
title: WindowsAutopilot CSP
description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, which results in security and privacy concerns in Autopilot.
ms.reviewer:
-manager: dansimp
-ms.author: v-nsatapathy
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 05/09/2022
---
diff --git a/windows/client-management/mdm/windowsautopilot-ddf-file.md b/windows/client-management/mdm/windowsautopilot-ddf-file.md
index d6f71e89a4..dfc52ce96c 100644
--- a/windows/client-management/mdm/windowsautopilot-ddf-file.md
+++ b/windows/client-management/mdm/windowsautopilot-ddf-file.md
@@ -1,14 +1,14 @@
---
title: WindowsAutopilot DDF file
description: Learn how without the ability to mark a device as remediation required, the device will remain in a broken state, for the WindowsAutopilot DDF file configuration service provider (CSP) .
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 02/07/2022
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WindowsAutopilot DDF file
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
index 6a9c6a3055..e8c9563d43 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-csp.md
@@ -1,14 +1,14 @@
---
title: WindowsDefenderApplicationGuard CSP
description: Configure the settings in Microsoft Defender Application Guard by using the WindowsDefenderApplicationGuard configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 11/02/2021
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WindowsDefenderApplicationGuard CSP
diff --git a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
index d910c1b600..c49a7214d2 100644
--- a/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
+++ b/windows/client-management/mdm/windowsdefenderapplicationguard-ddf-file.md
@@ -1,14 +1,14 @@
---
title: WindowsDefenderApplicationGuard DDF file
description: Learn about the OMA DM device description framework (DDF) for the WindowsDefenderApplicationGuard DDF file configuration service provider (CSP).
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 09/10/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WindowsDefenderApplicationGuard DDF file
diff --git a/windows/client-management/mdm/windowslicensing-csp.md b/windows/client-management/mdm/windowslicensing-csp.md
index 0345c70924..f120a8272e 100644
--- a/windows/client-management/mdm/windowslicensing-csp.md
+++ b/windows/client-management/mdm/windowslicensing-csp.md
@@ -2,12 +2,12 @@
title: WindowsLicensing CSP
description: Learn how the WindowsLicensing configuration service provider (CSP) is designed for licensing related management scenarios.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 08/15/2018
---
diff --git a/windows/client-management/mdm/windowslicensing-ddf-file.md b/windows/client-management/mdm/windowslicensing-ddf-file.md
index c570da1af6..6ebeec7c74 100644
--- a/windows/client-management/mdm/windowslicensing-ddf-file.md
+++ b/windows/client-management/mdm/windowslicensing-ddf-file.md
@@ -2,12 +2,12 @@
title: WindowsLicensing DDF file
description: Learn about the OMA DM device description framework (DDF) for the WindowsLicensing configuration service provider (CSP).
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 07/16/2017
---
diff --git a/windows/client-management/mdm/wirednetwork-csp.md b/windows/client-management/mdm/wirednetwork-csp.md
index ff85447bbd..dd76d25d3e 100644
--- a/windows/client-management/mdm/wirednetwork-csp.md
+++ b/windows/client-management/mdm/wirednetwork-csp.md
@@ -1,14 +1,14 @@
---
title: WiredNetwork CSP
description: The WiredNetwork configuration service provider (CSP) is used by the enterprise to configure wired Internet on devices that don't have GP. Learn how it works.
-ms.author: dansimp
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/27/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WiredNetwork CSP
diff --git a/windows/client-management/mdm/wirednetwork-ddf-file.md b/windows/client-management/mdm/wirednetwork-ddf-file.md
index f527c65745..9d071d2ad5 100644
--- a/windows/client-management/mdm/wirednetwork-ddf-file.md
+++ b/windows/client-management/mdm/wirednetwork-ddf-file.md
@@ -1,14 +1,14 @@
---
title: WiredNetwork DDF file
-description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider.
-ms.author: dansimp
+description: This topic shows the OMA DM device description framework (DDF) for the WiredNetwork configuration service provider.
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/28/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
---
# WiredNetwork DDF file
diff --git a/windows/client-management/mdm/wmi-providers-supported-in-windows.md b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
index c185fbbae1..3026a02d56 100644
--- a/windows/client-management/mdm/wmi-providers-supported-in-windows.md
+++ b/windows/client-management/mdm/wmi-providers-supported-in-windows.md
@@ -1,16 +1,16 @@
---
title: WMI providers supported in Windows 10
description: Manage settings and applications on devices that subscribe to the Mobile Device Management (MDM) service with Windows Management Infrastructure (WMI).
-MS-HAID:
-- 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview'
-- 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows'
+MS-HAID:
+ - 'p\_phdevicemgmt.wmi\_providers\_supported\_in\_windows\_10\_technical\_preview'
+ - 'p\_phDeviceMgmt.wmi\_providers\_supported\_in\_windows'
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.topic: article
ms.prod: w10
ms.technology: windows
-author: dansimp
+author: vinaypamnani-msft
ms.date: 06/26/2017
---
diff --git a/windows/client-management/new-policies-for-windows-10.md b/windows/client-management/new-policies-for-windows-10.md
index 386ac0ed29..5bc9aad966 100644
--- a/windows/client-management/new-policies-for-windows-10.md
+++ b/windows/client-management/new-policies-for-windows-10.md
@@ -2,10 +2,10 @@
title: New policies for Windows 10 (Windows 10)
description: Learn how Windows 10 includes new policies for management, like Group Policy settings for the Windows system and components.
ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: vinpa
ms.prod: w10
-author: dansimp
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.date: 09/15/2021
ms.topic: reference
diff --git a/windows/client-management/quick-assist.md b/windows/client-management/quick-assist.md
index 28cd4f3642..b648d8d7c1 100644
--- a/windows/client-management/quick-assist.md
+++ b/windows/client-management/quick-assist.md
@@ -5,9 +5,9 @@ ms.prod: w10
ms.topic: article
ms.technology: windows
ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: vinaypamnani-msft
+ms.author: vinpa
+manager: aaroncz
ms.reviewer: pmadrigal
ms.collection: highpri
---
diff --git a/windows/client-management/troubleshoot-networking.md b/windows/client-management/troubleshoot-networking.md
index 3e9561ed60..cf2bc78b5b 100644
--- a/windows/client-management/troubleshoot-networking.md
+++ b/windows/client-management/troubleshoot-networking.md
@@ -27,9 +27,9 @@ The following topics are available to help you troubleshoot common problems rela
[802.1X authenticated wired access overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831831(v=ws.11))
[802.1X authenticated wireless access overview](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh994700(v%3dws.11))
-[Wireless cccess deployment overview](/windows-server/networking/core-network-guide/cncg/wireless/b-wireless-access-deploy-overview)
+[Wireless access deployment overview](/windows-server/networking/core-network-guide/cncg/wireless/b-wireless-access-deploy-overview)
[TCP/IP technical reference](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd379473(v=ws.10))
[Network Monitor](/windows/desktop/netmon2/network-monitor)
[RPC and the network](/windows/desktop/rpc/rpc-and-the-network)
[How RPC works](/windows/desktop/rpc/how-rpc-works)
-[NPS reason codes](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v=ws.10))
\ No newline at end of file
+[NPS reason codes](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/dd197570(v=ws.10))
diff --git a/windows/client-management/windows-10-support-solutions.md b/windows/client-management/windows-10-support-solutions.md
index 021f22ec21..6dd2f0b24a 100644
--- a/windows/client-management/windows-10-support-solutions.md
+++ b/windows/client-management/windows-10-support-solutions.md
@@ -2,10 +2,10 @@
title: Windows 10 support solutions
description: Learn where to find information about troubleshooting Windows 10 issues, for example BitLocker issues and bugcheck errors.
ms.reviewer: kaushika
-manager: dansimp
+manager: aaroncz
ms.prod: w10
-ms.author: kaushika
-author: kaushika-msft
+ms.author: vinpa
+author: vinaypamnani-msft
ms.localizationpriority: medium
ms.topic: troubleshooting
---
diff --git a/windows/client-management/windows-libraries.md b/windows/client-management/windows-libraries.md
index ffa5ea88a4..2ec424585c 100644
--- a/windows/client-management/windows-libraries.md
+++ b/windows/client-management/windows-libraries.md
@@ -1,13 +1,13 @@
---
ms.reviewer:
-manager: dansimp
+manager: aaroncz
title: Windows Libraries
ms.prod: windows-server-threshold
-ms.author: dansimp
+ms.author: vinpa
ms.manager: dongill
ms.technology: storage
ms.topic: article
-author: dansimp
+author: vinaypamnani-msft
description: All about Windows Libraries, which are containers for users' content, such as Documents and Pictures.
ms.date: 09/15/2021
---
diff --git a/windows/client-management/windows-version-search.md b/windows/client-management/windows-version-search.md
index ee3d39847a..939d36455a 100644
--- a/windows/client-management/windows-version-search.md
+++ b/windows/client-management/windows-version-search.md
@@ -5,11 +5,11 @@ keywords: Long-Term Servicing Channel, LTSC, LTSB, General Availability Channel,
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: dansimp
-ms.author: dansimp
+author: vinaypamnani-msft
+ms.author: vinpa
ms.date: 04/30/2018
ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.topic: troubleshooting
---
diff --git a/windows/configuration/changes-to-start-policies-in-windows-10.md b/windows/configuration/changes-to-start-policies-in-windows-10.md
index eb7ef825c6..350a9ffd87 100644
--- a/windows/configuration/changes-to-start-policies-in-windows-10.md
+++ b/windows/configuration/changes-to-start-policies-in-windows-10.md
@@ -2,10 +2,10 @@
title: Changes to Group Policy settings for Windows 10 Start menu (Windows 10)
description: Learn about changes to Group Policy settings for the Windows 10 Start menu. Also, learn about the new Windows 10 Start experience.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/28/2017
diff --git a/windows/configuration/configure-windows-10-taskbar.md b/windows/configuration/configure-windows-10-taskbar.md
index e5de9e2f90..53a58baf77 100644
--- a/windows/configuration/configure-windows-10-taskbar.md
+++ b/windows/configuration/configure-windows-10-taskbar.md
@@ -1,17 +1,17 @@
---
title: Configure Windows 10 taskbar (Windows 10)
-description: Administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
-keywords: ["taskbar layout","pin apps"]
+description: Administrators can pin more apps to the taskbar and remove default pinned apps from the taskbar by adding a section to a layout modification XML file.
+keywords: [taskbar layout, pin apps]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 01/18/2018
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
# Configure Windows 10 taskbar
diff --git a/windows/configuration/customize-and-export-start-layout.md b/windows/configuration/customize-and-export-start-layout.md
index 5f13879817..747d7491b2 100644
--- a/windows/configuration/customize-and-export-start-layout.md
+++ b/windows/configuration/customize-and-export-start-layout.md
@@ -2,10 +2,10 @@
title: Customize and export Start layout (Windows 10)
description: The easiest method for creating a customized Start layout is to set up the Start screen and export the layout.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/18/2018
diff --git a/windows/configuration/customize-start-menu-layout-windows-11.md b/windows/configuration/customize-start-menu-layout-windows-11.md
index 069e047309..d50036f2c7 100644
--- a/windows/configuration/customize-start-menu-layout-windows-11.md
+++ b/windows/configuration/customize-start-menu-layout-windows-11.md
@@ -1,11 +1,11 @@
---
title: Add or remove pinned apps on the Start menu in Windows 11 | Microsoft Docs
description: Export Start layout to LayoutModification.json with pinned apps, and add or remove pinned apps. Use the JSON text in an MDM policy to deploy a custom Start menu layout to Windows 11 devices.
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.reviewer: ericpapa
ms.prod: w11
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.collection: highpri
---
diff --git a/windows/configuration/customize-taskbar-windows-11.md b/windows/configuration/customize-taskbar-windows-11.md
index 51335436d5..f9af3940ce 100644
--- a/windows/configuration/customize-taskbar-windows-11.md
+++ b/windows/configuration/customize-taskbar-windows-11.md
@@ -1,11 +1,11 @@
---
title: Configure and customize Windows 11 taskbar | Microsoft Docs
description: On Windows 11 devices, pin and unpin default apps and organization apps on the taskbar using an XML file. Deploy the taskbar XML file using Group Policy or MDM and Microsoft Endpoint Manager. See what happens to the taskbar when the Windows OS client is installed or upgraded.
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.reviewer: chataylo
ms.prod: w11
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.collection: highpri
---
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
index 15c1cc2cad..dff79978bd 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-group-policy.md
@@ -2,11 +2,11 @@
title: Customize Windows 10 Start and taskbar with Group Policy (Windows 10)
description: In Windows 10, you can use a Group Policy Object (GPO) to deploy a customized Start layout to users in a domain.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
ms.collection: highpri
---
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
index fb50dc5a39..d14d3320b6 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-mobile-device-management.md
@@ -2,11 +2,11 @@
title: Change the Windows 10 Start and taskbar using mobile device management | Microsoft Docs
description: In Windows 10, you can use a mobile device management (MDM) policy to deploy a customized Start and taskbar layout to users. For example, use Microsoft Intune to configure the start menu layout and taskbar, and deploy the policy to your devices.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.topic: article
-ms.author: aaroncz
+ms.author: lizlong
ms.localizationpriority: medium
ms.date: 08/05/2021
---
diff --git a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
index 0a2038ce7d..33777e162b 100644
--- a/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
+++ b/windows/configuration/customize-windows-10-start-screens-by-using-provisioning-packages-and-icd.md
@@ -2,10 +2,10 @@
title: Customize Windows 10 Start and taskbar with provisioning packages (Windows 10)
description: In Windows 10, you can use a provisioning package to deploy a customized Start layout to users.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
---
diff --git a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
index 6691dbace6..27d56ce3c5 100644
--- a/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
+++ b/windows/configuration/find-the-application-user-model-id-of-an-installed-app.md
@@ -1,10 +1,10 @@
---
title: Find the Application User Model ID of an installed app
ms.reviewer: sybruckm
-manager: dougeby
-description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device.
-author: aczechowski
-ms.author: aaroncz
+manager: aaroncz
+description: To configure assigned access (kiosk mode), you need the Application User Model ID (AUMID) of apps installed on a device.
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.prod: w10
diff --git a/windows/configuration/guidelines-for-assigned-access-app.md b/windows/configuration/guidelines-for-assigned-access-app.md
index 04f81753d3..28d7a44308 100644
--- a/windows/configuration/guidelines-for-assigned-access-app.md
+++ b/windows/configuration/guidelines-for-assigned-access-app.md
@@ -1,16 +1,16 @@
---
title: Guidelines for choosing an app for assigned access (Windows 10/11)
description: The following guidelines may help you choose an appropriate Windows app for your assigned access experience.
-keywords: ["kiosk", "lockdown", "assigned access"]
+keywords: [kiosk, lockdown, assigned access]
ms.prod: w10
ms.mktglfcycl: manage
ms.sitesec: library
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
ms.reviewer: sybruckm
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
diff --git a/windows/configuration/kiosk-additional-reference.md b/windows/configuration/kiosk-additional-reference.md
index fda7a6c1da..3028bbe1c0 100644
--- a/windows/configuration/kiosk-additional-reference.md
+++ b/windows/configuration/kiosk-additional-reference.md
@@ -2,10 +2,10 @@
title: More kiosk methods and reference information (Windows 10/11)
description: Find more information for configuring, validating, and troubleshooting kiosk configuration.
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: reference
---
diff --git a/windows/configuration/kiosk-mdm-bridge.md b/windows/configuration/kiosk-mdm-bridge.md
index 509e5e3983..abda04599e 100644
--- a/windows/configuration/kiosk-mdm-bridge.md
+++ b/windows/configuration/kiosk-mdm-bridge.md
@@ -2,10 +2,10 @@
title: Use MDM Bridge WMI Provider to create a Windows 10/11 kiosk (Windows 10/11)
description: Environments that use Windows Management Instrumentation (WMI) can use the MDM Bridge WMI Provider to configure the MDM_AssignedAccess class.
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/configuration/kiosk-methods.md b/windows/configuration/kiosk-methods.md
index b0fe2894f6..f2071ae8ea 100644
--- a/windows/configuration/kiosk-methods.md
+++ b/windows/configuration/kiosk-methods.md
@@ -1,12 +1,12 @@
---
title: Configure kiosks and digital signs on Windows 10/11 desktop editions
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
description: In this article, learn about the methods for configuring kiosks and digital signs on Windows 10 or Windows 11 desktop editions.
ms.prod: w10
ms.localizationpriority: medium
-author: aczechowski
+author: lizgt2000
ms.topic: article
ms.collection: highpri
---
diff --git a/windows/configuration/kiosk-policies.md b/windows/configuration/kiosk-policies.md
index a531192fa3..fda5b337bf 100644
--- a/windows/configuration/kiosk-policies.md
+++ b/windows/configuration/kiosk-policies.md
@@ -2,11 +2,11 @@
title: Policies enforced on kiosk devices (Windows 10/11)
description: Learn about the policies enforced on a device when you configure it as a kiosk.
ms.reviewer: sybruckm
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
---
diff --git a/windows/configuration/kiosk-prepare.md b/windows/configuration/kiosk-prepare.md
index 2712131087..011b3f06f3 100644
--- a/windows/configuration/kiosk-prepare.md
+++ b/windows/configuration/kiosk-prepare.md
@@ -2,10 +2,10 @@
title: Prepare a device for kiosk configuration on Windows 10/11 | Microsoft Docs
description: Learn how to prepare a device for kiosk configuration. Also, learn about the recommended kiosk configuration changes.
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
diff --git a/windows/configuration/kiosk-shelllauncher.md b/windows/configuration/kiosk-shelllauncher.md
index 075be3e488..b2ccf80c40 100644
--- a/windows/configuration/kiosk-shelllauncher.md
+++ b/windows/configuration/kiosk-shelllauncher.md
@@ -2,10 +2,10 @@
title: Use Shell Launcher to create a Windows 10/11 kiosk (Windows 10/11)
description: Shell Launcher lets you change the default shell that launches when a user signs in to a device.
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
diff --git a/windows/configuration/kiosk-single-app.md b/windows/configuration/kiosk-single-app.md
index 7c13c2715e..8410a63f1f 100644
--- a/windows/configuration/kiosk-single-app.md
+++ b/windows/configuration/kiosk-single-app.md
@@ -2,10 +2,10 @@
title: Set up a single-app kiosk on Windows 10/11
description: A single-use device is easy to set up in Windows 10 and Windows 11 for desktop editions (Pro, Enterprise, and Education).
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
ms.collection: highpri
diff --git a/windows/configuration/kiosk-troubleshoot.md b/windows/configuration/kiosk-troubleshoot.md
index 091872a845..ad0602aff4 100644
--- a/windows/configuration/kiosk-troubleshoot.md
+++ b/windows/configuration/kiosk-troubleshoot.md
@@ -2,11 +2,11 @@
title: Troubleshoot kiosk mode issues (Windows 10/11)
description: Learn how to troubleshoot single-app and multi-app kiosk configurations, as well as common problems like sign-in issues.
ms.reviewer: sybruckm
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
---
diff --git a/windows/configuration/kiosk-validate.md b/windows/configuration/kiosk-validate.md
index dfc4d3e91d..6a43b111e8 100644
--- a/windows/configuration/kiosk-validate.md
+++ b/windows/configuration/kiosk-validate.md
@@ -2,10 +2,10 @@
title: Validate kiosk configuration (Windows 10/11)
description: In this article, learn what to expect on a multi-app kiosk in Windows 10/11 Pro, Enterprise, and Education.
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/configuration/kiosk-xml.md b/windows/configuration/kiosk-xml.md
index a5f84dcc40..d26ff8c364 100644
--- a/windows/configuration/kiosk-xml.md
+++ b/windows/configuration/kiosk-xml.md
@@ -2,11 +2,11 @@
title: Assigned Access configuration kiosk XML reference (Windows 10/11)
description: Learn about the assigned access configuration (kiosk) for XML and XSD for kiosk device configuration in Windows 10/11.
ms.reviewer: sybruckm
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
---
diff --git a/windows/configuration/lock-down-windows-10-applocker.md b/windows/configuration/lock-down-windows-10-applocker.md
index 4552e63e33..7c5751d47e 100644
--- a/windows/configuration/lock-down-windows-10-applocker.md
+++ b/windows/configuration/lock-down-windows-10-applocker.md
@@ -2,12 +2,12 @@
title: Use AppLocker to create a Windows 10 kiosk that runs multiple apps (Windows 10)
description: Learn how to use AppLocker to configure a kiosk device running Windows 10 Enterprise or Windows 10 Education so that users can only run a few specific apps.
ms.reviewer: sybruckm
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.date: 07/30/2018
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
---
diff --git a/windows/configuration/lock-down-windows-10-to-specific-apps.md b/windows/configuration/lock-down-windows-10-to-specific-apps.md
index fcc521e9df..209003e5e1 100644
--- a/windows/configuration/lock-down-windows-10-to-specific-apps.md
+++ b/windows/configuration/lock-down-windows-10-to-specific-apps.md
@@ -3,9 +3,9 @@ title: Set up a multi-app kiosk on Windows 10
description: Learn how to configure a kiosk device running Windows 10 so that users can only run a few specific apps.
ms.prod: w10
ms.technology: windows
-author: aczechowski
-ms.author: aaroncz
-manager: dougeby
+author: lizgt2000
+ms.author: lizlong
+manager: aaroncz
ms.reviewer: sybruckm
ms.localizationpriority: medium
ms.topic: how-to
diff --git a/windows/configuration/lockdown-features-windows-10.md b/windows/configuration/lockdown-features-windows-10.md
index caeb98056f..05bf244383 100644
--- a/windows/configuration/lockdown-features-windows-10.md
+++ b/windows/configuration/lockdown-features-windows-10.md
@@ -1,11 +1,11 @@
---
title: Lockdown features from Windows Embedded 8.1 Industry (Windows 10)
-description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10.
+description: Many of the lockdown features available in Windows Embedded 8.1 Industry have been modified in some form for Windows 10.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
---
diff --git a/windows/configuration/manage-tips-and-suggestions.md b/windows/configuration/manage-tips-and-suggestions.md
index 6eb41bde06..13dd5ee45a 100644
--- a/windows/configuration/manage-tips-and-suggestions.md
+++ b/windows/configuration/manage-tips-and-suggestions.md
@@ -1,14 +1,14 @@
---
title: Manage Windows 10 and Microsoft Store tips, fun facts, and suggestions (Windows 10)
-description: Windows 10 provides organizations with various options to manage user experiences to provide a consistent and predictable experience for employees.
+description: Windows 10 provides organizations with various options to manage user experiences to provide a consistent and predictable experience for employees.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/20/2017
ms.reviewer:
-manager: dougeby
+manager: aaroncz
---
# Manage Windows 10 and Microsoft Store tips, "fun facts", and suggestions
diff --git a/windows/configuration/manage-wifi-sense-in-enterprise.md b/windows/configuration/manage-wifi-sense-in-enterprise.md
index 1bd58d5c1e..eaff525abc 100644
--- a/windows/configuration/manage-wifi-sense-in-enterprise.md
+++ b/windows/configuration/manage-wifi-sense-in-enterprise.md
@@ -2,10 +2,10 @@
title: Manage Wi-Fi Sense in your company (Windows 10)
description: Wi-Fi Sense automatically connects you to Wi-Fi, so you can get online quickly in more places.
ms.reviewer:
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.topic: article
---
diff --git a/windows/configuration/provisioning-apn.md b/windows/configuration/provisioning-apn.md
index a168bce8f6..2971e83a97 100644
--- a/windows/configuration/provisioning-apn.md
+++ b/windows/configuration/provisioning-apn.md
@@ -2,10 +2,10 @@
title: Configure cellular settings for tablets and PCs (Windows 10)
description: Enterprises can provision cellular settings for tablets and PC with built-in cellular modems or plug-in USB modem dongles.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/13/2018
diff --git a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
index b37a32b863..3e4b126512 100644
--- a/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
+++ b/windows/configuration/provisioning-packages/how-it-pros-can-use-configuration-service-providers.md
@@ -1,11 +1,11 @@
---
title: Configuration service providers for IT pros (Windows 10/11)
-description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
+description: Describes how IT pros and system administrators can use configuration service providers (CSPs) to configure devices.
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
---
diff --git a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
index 53591bd83f..149f92d455 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-for-initial-deployment.md
@@ -1,11 +1,11 @@
---
title: Provision PCs with common settings (Windows 10/11)
-description: Create a provisioning package to apply common settings to a PC running Windows 10.
+description: Create a provisioning package to apply common settings to a PC running Windows 10.
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
---
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
index 45c362c928..2e3e08cf89 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps-and-certificates.md
@@ -1,14 +1,14 @@
---
title: Provision PCs with apps and certificates (Windows 10)
-description: Create a provisioning package to apply settings to a PC running Windows 10.
+description: Create a provisioning package to apply settings to a PC running Windows 10.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/27/2017
ms.reviewer:
-manager: dougeby
+manager: aaroncz
---
# Provision PCs with apps and certificates for initial deployment (advanced provisioning)
diff --git a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
index b35c477258..c96322afd3 100644
--- a/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
+++ b/windows/configuration/provisioning-packages/provision-pcs-with-apps.md
@@ -2,12 +2,12 @@
title: Provision PCs with apps (Windows 10/11)
description: Learn how to install multiple Universal Windows Platform (UWP) apps and Windows desktop applications (Win32) in a provisioning package.
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
-ms.author: aaroncz
+ms.author: lizlong
ms.topic: article
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Provision PCs with apps
diff --git a/windows/configuration/provisioning-packages/provisioning-apply-package.md b/windows/configuration/provisioning-packages/provisioning-apply-package.md
index 97a1f3bd50..f3f3796147 100644
--- a/windows/configuration/provisioning-packages/provisioning-apply-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-apply-package.md
@@ -1,13 +1,13 @@
---
title: Apply a provisioning package (Windows 10/11)
-description: Provisioning packages can be applied to a device during initial setup (OOBE) and after ("runtime").
+description: Provisioning packages can be applied to a device during initial setup (OOBE) and after (runtime).
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Apply a provisioning package
diff --git a/windows/configuration/provisioning-packages/provisioning-command-line.md b/windows/configuration/provisioning-packages/provisioning-command-line.md
index fbe7aecde9..365710b8c3 100644
--- a/windows/configuration/provisioning-packages/provisioning-command-line.md
+++ b/windows/configuration/provisioning-packages/provisioning-command-line.md
@@ -2,12 +2,12 @@
title: Windows Configuration Designer command-line interface (Windows 10/11)
description: Learn more about the ICD syntax, switches, and arguments that you can use in the Windows Configuration Designer command-line interface for Windows10/11 client devices.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Windows Configuration Designer command-line interface (reference)
diff --git a/windows/configuration/provisioning-packages/provisioning-create-package.md b/windows/configuration/provisioning-packages/provisioning-create-package.md
index 3d88ee9da1..a7fc0987ba 100644
--- a/windows/configuration/provisioning-packages/provisioning-create-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-create-package.md
@@ -2,12 +2,12 @@
title: Create a provisioning package (Windows 10/11)
description: Learn how to create a provisioning package for Windows 10/11, which lets you quickly configure a device without having to install a new image.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
diff --git a/windows/configuration/provisioning-packages/provisioning-how-it-works.md b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
index 5d03c7ed2f..935cd2807e 100644
--- a/windows/configuration/provisioning-packages/provisioning-how-it-works.md
+++ b/windows/configuration/provisioning-packages/provisioning-how-it-works.md
@@ -1,13 +1,13 @@
---
title: How provisioning works in Windows 10/11
-description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
+description: Learn more about how provisioning package work on Windows client devices. A provisioning package (.ppkg) is a container for a collection of configuration settings.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# How provisioning works in Windows
diff --git a/windows/configuration/provisioning-packages/provisioning-install-icd.md b/windows/configuration/provisioning-packages/provisioning-install-icd.md
index bae03efaf1..6440a0c7d2 100644
--- a/windows/configuration/provisioning-packages/provisioning-install-icd.md
+++ b/windows/configuration/provisioning-packages/provisioning-install-icd.md
@@ -1,13 +1,13 @@
---
title: Install Windows Configuration Designer (Windows 10/11)
-description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
+description: Learn how to install and use Windows Configuration Designer so you can easily configure devices running Windows 10/11.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
diff --git a/windows/configuration/provisioning-packages/provisioning-multivariant.md b/windows/configuration/provisioning-packages/provisioning-multivariant.md
index 65b4475739..36f22395b0 100644
--- a/windows/configuration/provisioning-packages/provisioning-multivariant.md
+++ b/windows/configuration/provisioning-packages/provisioning-multivariant.md
@@ -2,12 +2,12 @@
title: Create a provisioning package with multivariant settings (Windows 10/11)
description: Create a provisioning package with multivariant settings to customize the provisioned settings for defined conditions.
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
---
# Create a provisioning package with multivariant settings
diff --git a/windows/configuration/provisioning-packages/provisioning-packages.md b/windows/configuration/provisioning-packages/provisioning-packages.md
index b37ea19251..48a18fc43e 100644
--- a/windows/configuration/provisioning-packages/provisioning-packages.md
+++ b/windows/configuration/provisioning-packages/provisioning-packages.md
@@ -2,10 +2,10 @@
title: Provisioning packages overview on Windows 10/11
description: With Windows 10 and Windows 11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image. Learn about what provisioning packages, are and what they do.
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.collection: highpri
diff --git a/windows/configuration/provisioning-packages/provisioning-powershell.md b/windows/configuration/provisioning-packages/provisioning-powershell.md
index 0698178c23..76c5aaf5a9 100644
--- a/windows/configuration/provisioning-packages/provisioning-powershell.md
+++ b/windows/configuration/provisioning-packages/provisioning-powershell.md
@@ -2,12 +2,12 @@
title: PowerShell cmdlets for provisioning Windows 10/11 (Windows 10/11)
description: Learn more about the Windows PowerShell cmdlets that you can use with Provisioning packages on Windows10/11 client desktop devices.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# PowerShell cmdlets for provisioning Windows client (reference)
diff --git a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
index e768666071..b203cd0294 100644
--- a/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
+++ b/windows/configuration/provisioning-packages/provisioning-script-to-install-app.md
@@ -2,12 +2,12 @@
title: Use a script to install a desktop app in provisioning packages (Windows 10/11)
description: With Windows 10/11, you can create provisioning packages that let you quickly and efficiently configure a device without having to install a new image.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Use a script to install a desktop app in provisioning packages
diff --git a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
index 6dc35cd108..553df87c89 100644
--- a/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
+++ b/windows/configuration/provisioning-packages/provisioning-uninstall-package.md
@@ -2,12 +2,12 @@
title: Uninstall a provisioning package - reverted settings (Windows 10/11)
description: This article lists the settings that are reverted when you uninstall a provisioning package on Windows 10/11 desktop client devices.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: gkomatsu
-manager: dougeby
+manager: aaroncz
---
# Settings changed when you uninstall a provisioning package
diff --git a/windows/configuration/set-up-shared-or-guest-pc.md b/windows/configuration/set-up-shared-or-guest-pc.md
index a9bfdbcfdf..191ecb60c4 100644
--- a/windows/configuration/set-up-shared-or-guest-pc.md
+++ b/windows/configuration/set-up-shared-or-guest-pc.md
@@ -2,12 +2,12 @@
title: Set up a shared or guest PC with Windows 10/11
description: Windows 10 and Windows has shared PC mode, which optimizes Windows client for shared use scenarios.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.reviewer: sybruckm
-manager: dougeby
+manager: aaroncz
ms.collection: highpri
---
diff --git a/windows/configuration/setup-digital-signage.md b/windows/configuration/setup-digital-signage.md
index dff1da75a5..572cd93eff 100644
--- a/windows/configuration/setup-digital-signage.md
+++ b/windows/configuration/setup-digital-signage.md
@@ -2,10 +2,10 @@
title: Set up digital signs on Windows 10/11
description: A single-use device such as a digital sign is easy to set up in Windows 10 and Windows 11 (Pro, Enterprise, and Education).
ms.reviewer: sybruckm
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.prod: w10
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
ms.date: 09/20/2021
ms.topic: article
diff --git a/windows/configuration/start-layout-troubleshoot.md b/windows/configuration/start-layout-troubleshoot.md
index 793a35d714..28d3a28707 100644
--- a/windows/configuration/start-layout-troubleshoot.md
+++ b/windows/configuration/start-layout-troubleshoot.md
@@ -2,11 +2,11 @@
title: Troubleshoot Start menu errors
description: Learn how to troubleshoot common Start menu errors in Windows 10. For example, learn to troubleshoot errors related to deployment, crashes, and performance.
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+ms.author: lizlong
+author: lizgt2000
ms.localizationpriority: medium
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.topic: troubleshooting
ms.collection: highpri
---
diff --git a/windows/configuration/start-layout-xml-desktop.md b/windows/configuration/start-layout-xml-desktop.md
index ffcdeef194..4d719d63a3 100644
--- a/windows/configuration/start-layout-xml-desktop.md
+++ b/windows/configuration/start-layout-xml-desktop.md
@@ -2,12 +2,12 @@
title: Start layout XML for desktop editions of Windows 10 (Windows 10)
description: This article describes the options for customizing Start layout in LayoutModification.xml for Windows 10 desktop editions.
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.date: 10/02/2018
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.localizationpriority: medium
ms.collection: highpri
---
diff --git a/windows/configuration/start-secondary-tiles.md b/windows/configuration/start-secondary-tiles.md
index 20c333fb2d..23f838107a 100644
--- a/windows/configuration/start-secondary-tiles.md
+++ b/windows/configuration/start-secondary-tiles.md
@@ -3,11 +3,11 @@ title: Add image for secondary Microsoft Edge tiles (Windows 10)
description: Add app tiles on Windows 10 that's a secondary tile.
ms.prod: w10
ms.localizationpriority: medium
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.reviewer:
-manager: dougeby
+manager: aaroncz
---
# Add image for secondary Microsoft Edge tiles
diff --git a/windows/configuration/stop-employees-from-using-microsoft-store.md b/windows/configuration/stop-employees-from-using-microsoft-store.md
index e819e8e329..03338078f4 100644
--- a/windows/configuration/stop-employees-from-using-microsoft-store.md
+++ b/windows/configuration/stop-employees-from-using-microsoft-store.md
@@ -2,10 +2,10 @@
title: Configure access to Microsoft Store (Windows 10)
description: Learn how to configure access to Microsoft Store for client computers and mobile devices in your organization.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 4/16/2018
diff --git a/windows/configuration/supported-csp-start-menu-layout-windows.md b/windows/configuration/supported-csp-start-menu-layout-windows.md
index 30ef22ea5a..cc9735faab 100644
--- a/windows/configuration/supported-csp-start-menu-layout-windows.md
+++ b/windows/configuration/supported-csp-start-menu-layout-windows.md
@@ -1,11 +1,11 @@
---
title: Supported CSP policies to customize Start menu on Windows 11 | Microsoft Docs
description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Start menu.
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.reviewer: ericpapa
ms.prod: w11
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
---
diff --git a/windows/configuration/supported-csp-taskbar-windows.md b/windows/configuration/supported-csp-taskbar-windows.md
index 40ada8b099..da0f246bc9 100644
--- a/windows/configuration/supported-csp-taskbar-windows.md
+++ b/windows/configuration/supported-csp-taskbar-windows.md
@@ -1,11 +1,11 @@
---
title: Supported CSP policies to customize the Taskbar on Windows 11 | Microsoft Docs
description: See a list of the Policy CSP - Start items that are supported on Windows 11 to customize the Taskbar.
-manager: dougeby
-ms.author: aaroncz
+manager: aaroncz
+ms.author: lizlong
ms.reviewer: chataylo
ms.prod: w11
-author: aczechowski
+author: lizgt2000
ms.localizationpriority: medium
---
diff --git a/windows/configuration/ue-v/uev-release-notes-1607.md b/windows/configuration/ue-v/uev-release-notes-1607.md
index 67badc0dbf..743b218e4a 100644
--- a/windows/configuration/ue-v/uev-release-notes-1607.md
+++ b/windows/configuration/ue-v/uev-release-notes-1607.md
@@ -1,6 +1,6 @@
---
title: User Experience Virtualization (UE-V) Release Notes
-description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that is not included in the UE-V documentation.
+description: Read the latest information required to successfully install and use User Experience Virtualization (UE-V) that isn't included in the UE-V documentation.
author: aczechowski
ms.prod: w10
ms.date: 04/19/2017
@@ -15,7 +15,7 @@ ms.topic: article
**Applies to**
- Windows 10, version 1607
-This topic includes information required to successfully install and use UE-V that is not included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative.
+This topic includes information required to successfully install and use UE-V that isn't included in the User Experience Virtualization (UE-V) documentation. If there are differences between the information in this topic and other UE-V topics, the latest change should be considered authoritative.
### Company Settings Center removed in UE-V for Windows 10, version 1607
@@ -44,33 +44,33 @@ When a user generates a valid settings location template for the Skype desktop a
WORKAROUND: Remove or unregister the Skype template to allow Skype to work again.
-### Registry settings do not synchronize between App-V and native applications on the same device
+### Registry settings don't synchronize between App-V and native applications on the same device
-When a device has an application that is installed through both Application Virtualization (App-V) and locally with a Windows Installer (.msi) file, the registry-based settings do not synchronize between the technologies.
+When a device has an application that is installed through both Application Virtualization (App-V) and locally with a Windows Installer (.msi) file, the registry-based settings don't synchronize between the technologies.
WORKAROUND: To resolve this problem, run the application by selecting one of the two technologies, but not both.
### Unpredictable results when both Office 2010 and Office 2013 are installed on the same device
-When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This could cause the Office 2010 package size to be large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
+When a user has both Office 2010 and Office 2013 installed, any common settings between the two versions of Office are roamed by UE-V. This roaming could cause the Office 2010 package size to be large or result in unpredictable conflicts with 2013, particularly if Office 365 is used.
WORKAROUND: Install only one version of Office or limit which settings are synchronized by UE-V.
### Uninstallation and reinstallation of Windows 8 applications reverts settings to initial state
-While using UE-V settings synchronization for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but does not remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
+While UE-V settings synchronization is being used for a Windows 8 application, if the user uninstalls the application and then reinstalls the application, the application’s settings revert to their default values. This result happens because the uninstall removes the local (cached) copy of the application’s settings but doesn't remove the local UE-V settings package. When the application is reinstalled and launched, UE-V gathers the application settings that were reset to the application defaults and then uploads the default settings to the central storage location. Other computers running the application then download the default settings. This behavior is identical to the behavior of desktop applications.
WORKAROUND: None.
-### UE-V does not support roaming settings between 32-bit and 64-bit versions of Microsoft Office
+### UE-V doesn't support roaming settings between 32-bit and 64-bit versions of Microsoft Office
-We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V does not support roaming settings between 32-bit and 64-bit versions of Office.
+We recommend that you install the 32-bit version of Microsoft Office for both 32-bit and 64-bit operating systems. To choose the Microsoft Office version that you need, click [here](). UE-V supports roaming settings between identical architecture versions of Office. For example, 32-bit Office settings will roam between all 32-bit Office instances. UE-V doesn't support roaming settings between 32-bit and 64-bit versions of Office.
WORKAROUND: None
-### Favicons that are associated with Internet Explorer 9 favorites do not roam
+### Favicons that are associated with Internet Explorer 9 favorites don't roam
-The favicons that are associated with Internet Explorer 9 favorites are not roamed by User Experience Virtualization and do not appear when the favorites first appear on a new computer.
+The favicons that are associated with Internet Explorer 9 favorites aren't roamed by User Experience Virtualization and don't appear when the favorites first appear on a new computer.
WORKAROUND: Favicons will appear with their associated favorites once the bookmark is used and cached in the Internet Explorer 9 browser.
@@ -84,7 +84,7 @@ WORKAROUND: Use folder redirection or some other technology to ensure that any f
Keep settings storage paths as short as possible. Long paths could prevent resolution or synchronization. UE-V uses the Settings storage path as part of the calculated path to store settings. That path is calculated in the following way: settings storage path + "settingspackages" + package dir (template ID) + package name (template ID) + .pkgx. If that calculated path exceeds 260 characters, package storage will fail and generate the following error message in the UE-V operational event log:
-\[boost::filesystem::copy\_file: The system cannot find the path specified\]
+\[boost::filesystem::copy\_file: The system can't find the path specified\]
To check the operational log events, open the Event Viewer and navigate to Applications and Services Logs / Microsoft / User Experience Virtualization / Logging / Operational.
@@ -92,7 +92,7 @@ WORKAROUND: None.
### Some operating system settings only roam between like operating system versions
-Operating system settings for Narrator and currency characters specific to the locale (that is, language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters will not roam between Windows 7 and Windows 8.
+Operating system settings for Narrator and currency characters specific to the locale (that is, language and regional settings) will only roam across like operating system versions of Windows. For example, currency characters won't roam between Windows 7 and Windows 8.
WORKAROUND: None
diff --git a/windows/configuration/ue-v/uev-security-considerations.md b/windows/configuration/ue-v/uev-security-considerations.md
index b7dc73d2d0..d6c504b837 100644
--- a/windows/configuration/ue-v/uev-security-considerations.md
+++ b/windows/configuration/ue-v/uev-security-considerations.md
@@ -23,13 +23,13 @@ This topic contains a brief overview of accounts and groups, log files, and othe
> [!IMPORTANT]
> When you create the settings storage share, limit the share access to users who require access.
-Because settings packages might contain personal information, you should take care to protect them as well as possible. In general, do the following:
+Because settings packages might contain personal information, you should take care to protect them as much as possible. In general, do the following steps:
- Restrict the share to only those users who require access. Create a security group for users who have redirected folders on a particular share and limit access to only those users.
-- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share is not visible in My Network Places.
+- When you create the share, hide the share by putting a $ after the share name. This addition hides the share from casual browsers, and the share isn't visible in My Network Places.
-- Only give users the minimum amount of permissions that they must have. The following tables show the required permissions.
+- Only give users the minimum number of permissions that they must have. The following tables show the required permissions.
1. Set the following share-level SMB permissions for the setting storage location folder.
@@ -59,10 +59,10 @@ Because settings packages might contain personal information, you should take ca
|User account|Recommended permissions|Apply to|
|--- |--- |--- |
- |Creator/Owner|Full control|This folder, sub-folders, and files|
- |Domain Computers|List folder contents and Read permissions|This folder, sub-folders, and files|
+ |Creator/Owner|Full control|This folder, subfolders, and files|
+ |Domain Computers|List folder contents and Read permissions|This folder, subfolders, and files|
|Everyone|No permissions|No permissions|
- |Administrators|Full Control|This folder, sub-folders, and files|
+ |Administrators|Full Control|This folder, subfolders, and files|
### Use Windows Server as of Windows Server 2003 to host redirected file shares
@@ -72,9 +72,9 @@ User settings data is vulnerable to these potential threats: interception of the
As of Windows Server 2003, several features of the Windows Server operating system can help secure user data:
-- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client does not know whether the server is valid. This difference is particularly important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos is not available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
+- **Kerberos** - Kerberos is standard on all versions of Microsoft Windows 2000 Server and Windows Server beginning with Windows Server 2003. Kerberos ensures the highest level of security to network resources. NTLM authenticates the client only; Kerberos authenticates the server and the client. When NTLM is used, the client doesn't know whether the server is valid. This difference is important if the client exchanges personal files with the server, as is the case with Roaming User Profiles. Kerberos provides better security than NTLM. Kerberos isn't available on the Microsoft Windows NT Server 4.0 or earlier operating systems.
-- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures the following:
+- **IPsec** - The IP Security Protocol (IPsec) provides network-level authentication, data integrity, and encryption. IPsec ensures that:
- Roamed data is safe from data modification while data is en route.
@@ -82,23 +82,23 @@ As of Windows Server 2003, several features of the Windows Server operating sys
- Roamed data is safe from access by unauthenticated parties.
-- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. Note that the SMB signing imposes a performance penalty. It does not consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
+- **SMB Signing** - The Server Message Block (SMB) authentication protocol supports message authentication, which prevents active message and "man-in-the-middle" attacks. SMB signing provides this authentication by placing a digital signature into each SMB. The digital signature is then verified by both the client and the server. In order to use SMB signing, you must first either enable it, or you must require it on both the SMB client and the SMB server. The SMB signing imposes a performance penalty. It doesn't consume any more network bandwidth, but it uses more CPU cycles on the client and server side.
### Always use the NTFS file system for volumes that hold user data
For the most secure configuration, configure servers that host the UE-V settings files to use the NTFS file system. Unlike the FAT file system, NTFS supports Discretionary access control lists (DACLs) and system access control lists (SACLs). DACLs and SACLs control who can perform operations on a file and what events trigger the logging of actions that is performed on a file.
-### Do not rely on EFS to encrypt user files when they are transmitted over the network
+### Don't rely on EFS to encrypt user files when they're transmitted over the network
-When you use the Encrypting File System (EFS) to encrypt files on a remote server, the encrypted data is not encrypted during transit over the network; it only becomes encrypted when it is stored on disk.
+When you use the Encrypting File System (EFS) to encrypt files on a remote server, the encrypted data isn't encrypted during transit over the network; it only becomes encrypted when it's stored on disk.
-This encryption process does not apply when your system includes Internet Protocol security (IPsec) or Web Distributed Authoring and Versioning (WebDAV). IPsec encrypts data while it is transported over a TCP/IP network. If the file is encrypted before it is copied or moved to a WebDAV folder on a server, it remains encrypted during the transmission and while it is stored on the server.
+This encryption process doesn't apply when your system includes Internet Protocol security (IPsec) or Web Distributed Authoring and Versioning (WebDAV). IPsec encrypts data while it's transported over a TCP/IP network. If the file is encrypted before it's copied or moved to a WebDAV folder on a server, it remains encrypted during the transmission and while it's stored on the server.
### Let the UE-V service create folders for each user
To ensure that UE-V works optimally, create only the root share on the server, and let the UE-V service create the folders for each user. UE-V creates these user folders with the appropriate security.
-This permission configuration enables users to create folders for settings storage. The UE-V service creates and secures a settings package folder while it runs in the context of the user. Users receive full control to their settings package folder. Other users do not inherit access to this folder. You do not have to create and secure individual user directories. The UE-V service that runs in the context of the user does it automatically.
+This permission configuration enables users to create folders for settings storage. The UE-V service creates and secures a settings package folder while it runs in the context of the user. Users receive full control to their settings package folder. Other users don't inherit access to this folder. You don't have to create and secure individual user directories. The UE-V service that runs in the context of the user does it automatically.
> [!NOTE]
> Additional security can be configured when a Windows Server is used for the settings storage share. UE-V can be configured to verify that either the local Administrators group or the current user is the owner of the folder where settings packages are stored. To enable additional security, use the following command:
@@ -107,12 +107,12 @@ This permission configuration enables users to create folders for settings stora
2. Set the registry key value to *1*.
-When this configuration setting is in place, the UE-V service verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V service does not grant access to the folder.
+When this configuration setting is in place, the UE-V service verifies that the local Administrators group or current user is the owner of the settings package folder. If not, then the UE-V service doesn't grant access to the folder.
If you must create folders for the users, ensure that you have the correct permissions set.
-We strongly recommend that you do not pre-create folders. Instead, let the UE-V service create the folder for the user.
+We strongly recommend that you don't pre-create folders. Instead, let the UE-V service create the folder for the user.
### Ensure correct permissions to store UE-V 2 settings in a home directory or custom directory
@@ -120,9 +120,9 @@ If you redirect UE-V settings to a user’s home directory or a custom Active Di
### Review the contents of settings location templates and control access to them as needed
-When creating a settings location template, the UE-V generator uses a Lightweight Directory Access Protocol (LDAP) query to get username and email address of the current logged in user. This information is stored in the template as the template author name and template author email. (None of this information is sent to Microsoft.)
+When a settings location template is being created, the UE-V generator uses a Lightweight Directory Access Protocol (LDAP) query to get username and email address of the current logged in user. This information is stored in the template as the template author name and template author email. (None of this information is sent to Microsoft.)
-If you plan to share settings location templates with anyone outside your organization you should review all the settings locations and ensure the settings location templates do not contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
+If you plan to share settings location templates with anyone outside your organization, you should review all the settings locations and ensure the settings location templates don't contain any personal or company information. You can view the contents by opening the settings location template files using any XML viewer. The following are ways you can view and remove any personal or company information from the settings location template files before sharing with anyone outside your company:
- **Template Author Name** – Specify a general, non-identifying name for the template author name or exclude this data from the template.
diff --git a/windows/configuration/ue-v/uev-sync-methods.md b/windows/configuration/ue-v/uev-sync-methods.md
index 47ddb1c82a..0bfc613f89 100644
--- a/windows/configuration/ue-v/uev-sync-methods.md
+++ b/windows/configuration/ue-v/uev-sync-methods.md
@@ -25,7 +25,7 @@ This table provides a description of each SyncMethod configuration:
|------------------------------|---------------------|
| SyncProvider (Default) | Settings changes for a specific application or for global Windows desktop settings are saved locally to a cache folder. These changes are then synchronized with the settings storage location when a synchronization trigger event takes place. Pushing out changes will save the local changes to the settings storage path.
This default setting is the gold standard for computers. This option attempts to synchronize the setting and times out after a short delay to ensure that the application or operating system startup isn’t delayed for a long period of time.
This functionality is also tied to the Scheduled task – Sync Controller Application. The administrator controls the frequency of the Scheduled task. By default, computers synchronize their settings every 30 min after logging on. |
| External | This configuration method specifies that if UE-V settings are written to a local folder on the user computer, then any external sync engine (such as OneDrive for Business, Work Folders, Sharepoint, or Dropbox) can be used to apply these settings to the different computers that users access. |
-| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available.
Any settings changes are saved directly to the server. If the network connection to the settings storage path is not available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path is not found and the user profile is removed from a pooled VDI environment on logoff, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path.
Apps and OS will wait indefinitely for the location to be present. This could cause App load or OS logon time to dramatically increase if the location is not found. |
+| None | This configuration setting is designed for the Virtual Desktop Infrastructure (VDI) and Streamed Application experience primarily. This setting should be used on computers running the Windows Server operating system in a datacenter, where the connection will always be available.
Any settings changes are saved directly to the server. If the network connection to the settings storage path isn't available, then the settings changes are cached on the device and are synchronized the next time that the Sync Provider runs. If the settings storage path isn't found and the user profile is removed from a pooled VDI environment on sign out, then these settings changes are lost, and the user must reapply the change when the computer can again reach the settings storage path.
Apps and OS will wait indefinitely for the location to be present. This waiting period could cause App load or OS sign-in time to dramatically increase if the location isn't found. |
You can configure the sync method in these ways:
diff --git a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
index 051be1125c..56ff1970cc 100644
--- a/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
+++ b/windows/configuration/ue-v/uev-synchronizing-microsoft-office-with-uev.md
@@ -17,11 +17,13 @@ ms.topic: article
Microsoft User Experience Virtualization (UE-V) supports the synchronization of Microsoft Office application settings. The combination of UE-V and App-V support for Office enables the same experience on virtualized instances of Office from any UE-V-enabled device or virtualized desktop.
+To synchronize Office applications settings, you can download Office templates from the [User Experience Virtualization (UE-V) Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V). This resource provides Microsoft-authored UE-V settings location templates and community-developed settings location templates.
+
## Microsoft Office support in UE-V
UE-V includes settings location templates for Microsoft Office 2016, 2013, and 2010. In previous versions of UE-V, settings location templates for Office 2013 and Office 2010 were distributed and registered when you installed the UE-V agent. Now that UE-V is a feature in Windows 10, version 1607, settings location templates are installed when you install or upgrade to the new operating system.
-These templates help synchronize users' Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience are not included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
+These templates help synchronize users’ Office experience between devices. Microsoft Office 2016 settings roamed by Office 365 experience aren't included in these settings. For a list of Office 365-specific settings, see [Overview of user and roaming settings for Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
## Synchronized Office Settings
@@ -42,7 +44,6 @@ Review the following tables for details about Office support in UE-V:
## Deploying Office templates
-
You can deploy UE-V settings location template with the following methods:
- **Registering template with PowerShell**. If you use Windows PowerShell to manage computers, run the following Windows PowerShell command as Administrator to register this settings location template:
diff --git a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
index 59e4e1d213..0396b91e54 100644
--- a/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
+++ b/windows/configuration/ue-v/uev-using-uev-with-application-virtualization-applications.md
@@ -16,7 +16,7 @@ ms.topic: article
**Applies to**
- Windows 10, version 1607
-User Experience Virtualization (UE-V) supports Microsoft Application Virtualization (App-V) applications without any required modifications to either the App-V package or the UE-V template. However, an additional step is required because you cannot run the UE-V template generator directly on a virtualized App-V application. Instead, you must install the application locally, generate the template, and then apply the template to the virtualized application. UE-V supports App-V for Windows 10 packages and App-V 5.0 packages.
+User Experience Virtualization (UE-V) supports Microsoft Application Virtualization (App-V) applications without any required modifications to either the App-V package or the UE-V template. However, another step is required because you can't run the UE-V template generator directly on a virtualized App-V application. Instead, you must install the application locally, generate the template, and then apply the template to the virtualized application. UE-V supports App-V for Windows 10 packages and App-V 5.0 packages.
## UE-V settings synchronization for App-V applications
@@ -26,7 +26,7 @@ UE-V monitors when an application opens by the program name and, optionally, by
1. Run the UE-V template generator to collect the settings of the locally installed application whose settings you want to synchronize between computers. This process creates a settings location template. If you use a built-in template such as a Microsoft Office template, skip this step. For more information about using the UE-V template generator, see [Deploy UE-V for custom applications](uev-deploy-uev-for-custom-applications.md).
-2. Install the App-V application package if you have not already done so.
+2. Install the App-V application package if you haven't already done so.
3. Publish the template to the location of your settings template catalog or manually install the template by using the `Register-UEVTemplate` Windows PowerShell cmdlet.
diff --git a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
index dccc836fe6..a0b47df0de 100644
--- a/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
+++ b/windows/configuration/ue-v/uev-whats-new-in-uev-for-windows.md
@@ -37,7 +37,7 @@ For more information about how to configure an existing UE-V installation after
## New UE-V template generator is available from the Windows 10 ADK
-UE-V for Windows 10 includes a new template generator, available from a new location. If you are upgrading from an existing UE-V installation, you'll need to use the new generator to create settings location templates. The UE-V for Windows 10 template generator is now available in the [Windows 10 Assessment and Deployment Kit](/windows-hardware/get-started/adk-install) (Windows ADK).
+UE-V for Windows 10 includes a new template generator, available from a new location. If you're upgrading from an existing UE-V installation, you’ll need to use the new generator to create settings location templates. The UE-V for Windows 10 template generator is now available in the [Windows 10 Assessment and Deployment Kit](https://developer.microsoft.com/en-us/windows/hardware/windows-assessment-deployment-kit) (Windows ADK).
## Company Settings Center removed in UE-V for Windows 10, version 1607
@@ -47,7 +47,8 @@ With the release of Windows 10, version 1607, the Company Settings Center was re
Administrators can still define which user-customized application settings can synchronize (roam) with Group Policy or Windows PowerShell.
-**Note** With the removal of the Company Settings Center, the following group policies are no longer applicable:
+>[!Note]
+>With the removal of the Company Settings Center, the following group policies are no longer applicable:
- Contact IT Link Text
- Contact IT URL
@@ -57,7 +58,7 @@ Administrators can still define which user-customized application settings can s
With Windows 10, version 1607, users can synchronize Windows application settings and Windows operating system settings to Azure instead of to OneDrive. You can use the Windows 10 enterprise sync functionality together with UE-V for on-premises domain-joined devices only.
-In hybrid cloud environments, UE-V can roam Win32 applications on-premises while [Enterprise State Roaming](/azure/active-directory/devices/enterprise-state-roaming-enable) (ESR) can roam the rest, e.g., Windows and desktop settings, themes, colors, etc., to an Azure cloud installation.
+In hybrid cloud environments, UE-V can roam Win32 applications on-premises while [Enterprise State Roaming](/azure/active-directory/devices/enterprise-state-roaming-overview) (ESR) can roam the rest, for example, Windows and desktop settings, themes, colors, and so on, to an Azure cloud installation.
To configure UE-V to roam Windows desktop and application data only, change the following group policies:
@@ -76,13 +77,14 @@ Additionally, to enable Windows 10 and UE-V to work together, configure these po
## Settings Synchronization Behavior Changed in UE-V for Windows 10
-While earlier versions of UE-V roamed taskbar settings between Windows 10 devices, UE-V for Windows 10, version 1607 does not synchronize taskbar settings between devices running Windows 10 and devices running previous versions of Windows.
+While earlier versions of UE-V roamed taskbar settings between Windows 10 devices, UE-V for Windows 10, version 1607 doesn't synchronize taskbar settings between devices running Windows 10 and devices running previous versions of Windows.
In addition, UE-V for Windows has removed support for the Windows calculator application.
-The Windows modern apps settings (DontSyncWindows8AppSettings) group policy is enabled by default and therefore, modern apps will not roam unless this policy is changed to disabled.
+The Windows modern apps settings (DontSyncWindows8AppSettings) group policy is enabled by default and therefore, modern apps won't roam unless this policy is changed to disabled.
-Please note, UE-V will roam any AppX apps that use the WinRT settings roaming API, provided that they have been opted in to roam at the time of development by the developer so there is no definitive list.
+> [!NOTE]
+> UE-V will roam any AppX apps that use the WinRT settings roaming API, if they've been opted in to roam at the time of development by the developer so there is no definitive list.
## Support Added for Roaming Network Printers
@@ -96,21 +98,23 @@ Printer roaming in UE-V requires one of these scenarios:
- The printer driver can be imported from Windows Update.
-> **Note** The UE-V printer roaming feature does not roam printer settings or preferences, such as printing double-sided.
+> [!Note]
+> The UE-V printer roaming feature doesn't roam printer settings or preferences, such as printing double-sided.
## Office 2016 Settings Location Template
UE-V for Windows 10, version 1607 includes the Microsoft Office 2016 settings location template with improved Outlook signature support. We've added synchronization of default signature settings for new, reply, and forwarded emails. Users no longer have to choose the default signature settings.
-> **Note** An Outlook profile must be created on any device on which a user wants to synchronize their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
+> [!Note]
+> An Outlook profile must be created on any device on which a user wants to synchronize their Outlook signature. If the profile is not already created, the user can create one and then restart Outlook on that device to enable signature synchronization.
-UE-V works with Office 365 to determine whether Office 2016 settings are roamed by Office 365. If settings are roamed by Office 365, they are not roamed by UE-V. See [Overview of user and roaming settings for Microsoft Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)) for more information.
+UE-V works with Office 365 to determine whether Office 2016 settings are roamed by Office 365. If settings are roamed by Office 365, they aren't roamed by UE-V. For more information, see [Overview of user and roaming settings for Microsoft Office](/previous-versions/office/office-2013-resource-kit/jj733593(v=office.15)).
-To enable settings synchronization using UE-V, do one of the following:
+To enable settings synchronization using UE-V, do one of the following steps:
- Use Group Policy to disable Office 365 synchronization
-- Do not enable the Office 365 synchronization experience during Office 2013 installation
+- Don't enable the Office 365 synchronization experience during Office 2013 installation
UE-V includes Office 2016, Office 2013, and Office 2010 templates.
diff --git a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
index f53af25e62..f857c6ac20 100644
--- a/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
+++ b/windows/configuration/ue-v/uev-working-with-custom-templates-and-the-uev-generator.md
@@ -16,9 +16,9 @@ ms.topic: article
**Applies to**
- Windows 10
-User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those included in the default templates, you can create your own custom settings location templates with the UE-V template generator. You can also edit or validate custom settings location templates with the UE-V template generator.
+User Experience Virtualization (UE-V) uses XML files called ***settings location templates*** to monitor and synchronize application settings and Windows settings between user devices. By default, some settings location templates are included in UE-V. However, if you want to synchronize settings for desktop applications other than those settings included in the default templates, you can create your own custom settings location templates with the UE-V template generator. You can also edit or validate custom settings location templates with the UE-V template generator.
-Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator does not create settings location templates for the following types of applications:
+Use the UE-V template generator to monitor, discover, and capture the locations where Win32 applications store settings. The template generator doesn't create settings location templates for the following types of applications:
- Virtualized applications
- Applications that are offered through Terminal Services
@@ -37,9 +37,9 @@ The UE-V template generator opens the application as part of the discovery proce
- **Application Settings Files** - Files that are stored under \\ **Users** \\ \[User name\] \\ **AppData** \\ **Roaming**
-The UE-V template generator excludes locations, which commonly store application software files, but do not synchronize well between user computers or environments. The UE-V template generator excludes these locations. Excluded locations are as follows:
+The UE-V template generator excludes locations, which commonly store application software files, but don't synchronize well between user computers or environments. The UE-V template generator excludes these locations. Excluded locations are as follows:
-- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user cannot write values
+- HKEY\_CURRENT\_USER registry keys and files to which the logged-on user can't write values
- HKEY\_CURRENT\_USER registry keys and files that are associated with the core functionality of the Windows operating system
@@ -112,8 +112,7 @@ Use the UE-V template generator to edit settings location templates. When the re
## Validate settings location templates with the UE-V template generator
-
-It is possible to create or edit settings location templates in an XML editor without using the UE-V template generator. If you do, you can use the UE-V template generator to validate that the new or revised XML matches the schema that has been defined for the template.
+It's possible to create or edit settings location templates in an XML editor without using the UE-V template generator. If you do, you can use the UE-V template generator to validate that the new or revised XML matches the schema that has been defined for the template.
To validate a UE-V settings location template with the UE-V template generator:
@@ -131,6 +130,21 @@ To validate a UE-V settings location template with the UE-V template generator:
## Next steps
+## Share settings location templates with the Template Gallery
+
+The [User Experience Virtualization Template Gallery](https://gallery.technet.microsoft.com/site/search?f%5B0%5D.Type=RootCategory&f%5B0%5D.Value=UE-V&f%5B0%5D.Text=UE-V) enables administrators to share their UE-V settings location templates. Upload your settings location templates to the gallery for other users to use, and download templates that other users have created.
+
+Before you share a settings location template on the UE-V template gallery, ensure it doesn't contain any personal or company information. You can use any XML viewer to open and view the contents of a settings location template file. The following template values should be reviewed before you share a template with anyone outside your company.
+
+- Template Author Name – Specify a general, non-identifying name for the template author name or exclude this data from the template.
+
+- Template Author Email – Specify a general, non-identifying template author email or exclude this data from the template.
+
+Before you deploy any settings location template that you've downloaded from the UE-V gallery, you should first test the template to ensure that the application settings synchronize settings correctly in a test environment.
+
+
+## Related topics
+
[Administering UE-V](uev-administering-uev.md)
[Use UE-V with custom applications](uev-deploy-uev-for-custom-applications.md)
diff --git a/windows/configuration/wcd/wcd-accounts.md b/windows/configuration/wcd/wcd-accounts.md
index 94e31def8a..0186f5e66f 100644
--- a/windows/configuration/wcd/wcd-accounts.md
+++ b/windows/configuration/wcd/wcd-accounts.md
@@ -43,8 +43,8 @@ Specifies the settings you can configure when joining a device to a domain, incl
| Account | String | Account to use to join computer to domain |
| AccountOU | Enter the full path for the organizational unit. For example: OU=testOU,DC=domain,DC=Domain,DC=com. | Name of organizational unit for the computer account |
| ComputerName | On desktop PCs, this setting specifies the DNS hostname of the computer (Computer Name) up to 63 characters. Use `%RAND:x%` to generate x number of random digits in the name, where x must be a number less than 63. For domain-joined computers, the unique name must use `%RAND:x%`. Use `%SERIAL%` to generate the name with the `computer's` serial number embedded. If the serial number exceeds the character limit, it will be truncated from the beginning of the sequence. The character restriction limit doesn't count the length of the macros, including `%RAND:x%` and `%SERIAL%`. This setting is supported only in Windows 10, version 1803 and later. To change this setting in Windows 10 version 1709 and earlier releases, use the **ComputerName** setting under **Accounts**. | Specifies the name of the Windows device (computer name on PCs) |
-| DomainName | String (cannot be empty) | Specify the name of the domain that the device will join |
-| Password | String (cannot be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain. |
+| DomainName | String (can't be empty) | Specify the name of the domain that the device will join |
+| Password | String (can't be empty) | Corresponds to the password of the user account that's authorized to join the computer account to the domain. |
## Users
@@ -52,7 +52,7 @@ Use these settings to add local user accounts to the device.
| Setting | Value | Description |
| --- | --- | --- |
-| UserName | String (cannot be empty) | Specify a name for the local user account |
-| HomeDir | String (cannot be empty) | Specify the path of the home directory for the user |
-| Password | String (cannot be empty) | Specify the password for the user account |
-| UserGroup | String (cannot be empty) | Specify the local user group for the user |
+| UserName | String (can't be empty) | Specify a name for the local user account |
+| HomeDir | String (can't be empty) | Specify the path of the home directory for the user |
+| Password | String (can't be empty) | Specify the password for the user account |
+| UserGroup | String (can't be empty) | Specify the local user group for the user |
diff --git a/windows/configuration/wcd/wcd-browser.md b/windows/configuration/wcd/wcd-browser.md
index 5ebc1cccde..df8f60051d 100644
--- a/windows/configuration/wcd/wcd-browser.md
+++ b/windows/configuration/wcd/wcd-browser.md
@@ -36,7 +36,7 @@ Select between **Prevent Pre-launching** and **Allow Pre-launching**.
Use to add items to the Favorites Bar in Microsoft Edge.
-1. Enter a name for the item, and select **Add**. (The name you enter here is only used to distinguish the group of settings, and is not shown on the device when the settings are applied.)
+1. Enter a name for the item, and select **Add**. (The name you enter here's only used to distinguish the group of settings, and isn't shown on the device when the settings are applied.)
2. In **Available customizations**, select the item that you added, and then configure the following settings for that item:
Setting | Description
@@ -53,7 +53,7 @@ To add a new item under the browser's **Favorites** list:
1. In the **Name** field, enter a friendly name for the item, and then click **Add**.
-2. In the **Available customizations** pane, select the friendly name that you just created, and in the text field, enter the URL for the item.
+2. In the **Available customizations** pane, select the friendly name that you created, and in the text field, enter the URL for the item.
For example, to include the corporate Web site to the list of browser favorites, a company called Contoso can specify **Contoso** as the value for the name and "" for the URL.
@@ -65,18 +65,18 @@ For example, to include the corporate Web site to the list of browser favorites,
Set the value to a character string that corresponds to the OEM's Partner Search Code. This identification code must match the one assigned to you by Microsoft.
-OEMs who are part of the program only have one PartnerSearchCode and this should be used for all Windows 10 for desktop editions images.
+OEMs who are part of the program only have one PartnerSearchCode which should be used for all Windows 10 for desktop editions images.
## SearchProviders
-Contains the settings you can use to configure the default and additional search providers.
+Contains the settings you can use to configure the default and other search providers.
### Default
-Use *Default* to specify a name that matches one of the search providers you enter in [SearchProviderList](#searchproviderlist). If you don't specify a default search provider, this will default to Microsoft Bing.
+Use *Default* to specify a name that matches one of the search providers you enter in [SearchProviderList](#searchproviderlist). If you don't specify a default search provider, this search provider will default to Microsoft Bing.
#### Specific region guidance
@@ -89,13 +89,13 @@ Some countries require specific, default search providers. The following table l
### SearchProviderList
-Use to specify a list of additional search providers.
+Use to specify a list of extra search providers.
1. In the **Name** field, enter a name for the item, and then click **Add**.
-2. In the **Available customizations** pane, select the name that you just created, and in the text field, enter the URL for the additional search provider.
+2. In the **Available customizations** pane, select the name that you created, and in the text field, enter the URL for the other search provider.
For example, to specify Yandex in Russia and Commonwealth of Independent States (CIS), set the value of URL to "https://yandex.ru/search/touch/?text={searchTerm}&clid=2234144".
-When configured with multiple search providers, the browser can display up to ten search providers.
+When configured with multiple search providers, the browser can display up to 10 search providers.
diff --git a/windows/configuration/wcd/wcd-cellcore.md b/windows/configuration/wcd/wcd-cellcore.md
index 615458a1b5..f2f39286c3 100644
--- a/windows/configuration/wcd/wcd-cellcore.md
+++ b/windows/configuration/wcd/wcd-cellcore.md
@@ -13,12 +13,12 @@ manager: dougeby
# CellCore (Windows Configuration Designer reference)
-Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore is not available in Windows 10, version 1809.
+>Setting documentation is provided for Windows 10, version 1803 and earlier. CellCore isn't available in Windows 10, version 1809.
Use to configure settings for cellular data.
>[!IMPORTANT]
->These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and are not intended for use by administrators in the enterprise.
+>These settings are intended to be used only by manufacturers, mobile operators, and solution providers when configuring devices, and aren't intended for use by administrators in the enterprise.
## Applies to
|Setting groups | Windows client | Surface Hub | HoloLens | IoT Core|
@@ -47,12 +47,12 @@ Use to configure settings for cellular data.
### CellConfigurations
1. In **CellConfiguration** > **PropertyGroups**, enter a name for the property group.
-2. Select the **PropertyGroups** you just created in the **Available customizations** pane and then enter a **PropertyName**.
-3. Select the **PropertyName** you just created in the **Available customizations** pane, and then select one of the following data types for the property:
- - Binary
- - Boolean
- - Integer
- - String
+2. Select the **PropertyGroups** you created in the **Available customizations** pane and then enter a **PropertyName**.
+3. Select the **PropertyName** you created in the **Available customizations** pane, and then select one of the following data types for the property:
+ - Binary
+ - Boolean
+ - Integer
+ - String
4. The data type that you selected is added in **Available customizations**. Select it to enter a value for the property.
### CellData
@@ -121,11 +121,11 @@ Use to configure settings for cellular data.
### CGDual
-Use **CGDual** > **RestrictToGlobalMode** to configure settings for global mode on C+G Dual SIM phones. When the device registration changes, if the value for this setting is set, the OS changes the preferred system type to the default preferred system type for world mode. If the phone is not camped on any network, the OS assumes the phone is on the home network and changes the network registration preference to default mode.
+Use **CGDual** > **RestrictToGlobalMode** to configure settings for global mode on C+G Dual SIM phones. When the device registration changes, if the value for this setting is set, the OS changes the preferred system type to the default preferred system type for world mode. If the phone isn't camped on any network, the OS assumes the phone is on the home network and changes the network registration preference to default mode.
-Select from the following:
+Select from the following modes:
-- RestrictToGlobalMode_Disabled: the phone is not restricted to global mode.
+- RestrictToGlobalMode_Disabled: the phone isn't restricted to global mode.
- RestrictToGlobalMobe_Home: when a slot is registered at home and supports global mode, the mode selection is restricted to global mode.
- RestrictToGlobalMode_Always: if a slot supports global mode and this value is selected, the mode selection is restricted to global mode.
@@ -205,7 +205,7 @@ Configure **FwUpdate** > **AllowedAppIdList** to list apps that are allowed to u
|:--|:--|
|AckExpirySeconds |Set the value, in seconds, for how long to wait for a client ACK before trying to deliver. |
|DefaultMCC |Set the default mobile country code (MCC).|
-|Encodings > GSM7BitEncodingPage |Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)|
+|Encodings > GSM7BitEncodingPage |Enter the code page value for the 7-bit GSM default alphabet encoding. Values:- Code page value: 55000 (Setting value: 0xD6D8)(Code page: default alphabet)- Code page value: 55001 (Setting value: 0xD6D9)(Code page: GSM with single shift for Spanish)- Code page value: 55002 (Setting value: 0xD6DA)(Code page: GSM with single shift for Portuguese)- Code page value: 55003 (Setting value: 0xD6DB)(Code page: GSM with single shift for Turkish)- Code page value: 55004 (Setting value: 0xD6DC)(Code page: SMS Greek Reduction)|
|Encodings > GSM8BitEncodingPage|Enter the code page value for GSM 8-bit encoding (OEM set). OEM-created code page IDs should be in the range 55050–55099. |
|Encodings > OctetEncodingPage |Set the octet (binary) encoding.|
|Encodings > SendUDHNLSS |Set the 7 bit GSM shift table encoding.|
@@ -229,8 +229,9 @@ Configure **FwUpdate** > **AllowedAppIdList** to list apps that are allowed to u
Setting | Description
|:-|:--|
-|SIM1ToUIM1 |Used to show UIM1 as an alternate string instead of SIM1 for the first SIM on C+G dual SIM phones.|
-|SIMToSIMUIM |Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This can provide a better user experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM".|
+SIM1ToUIM1 | Used to show UIM1 as an alternate string instead of SIM1 for the first SIM on C+G dual SIM phones.
+SIMToSIMUIM | Partners can change the string "SIM" to "SIM/UIM" to accommodate scenarios such as Dual Mode cards of SIM cards on the phone. This scenario can provide a better experience for users in some markets. Enabling this customization changes all "SIM" strings to "SIM/UIM".
+
### UTK
@@ -242,6 +243,7 @@ Setting | Description
## PerIMSI
Enter an IMSI, click **Add**, and then select the IMSI that you added to configure the following settings.
+
### CellData
|Setting |Description|
@@ -385,7 +387,9 @@ See descriptions in Windows Configuration Designer.
|3 (The SIM card fails authentication or one of the identity check procedures. This can also happen due to a duplication of the TMSI across different MSCs.) |Can't verify SIM MM#3 |Invalid SIM|
|6 (The device has been put on a block list, such as when the phone has been stolen or the IMEI is restricted.) | Phone not allowed MM#6 | No service|
-## Values for MultivariantProvisionedSPN
+
+
+## Values for MultivariantProvisionedSPN
Set the MultivariantProvisionedSPN value to the name of the SPN or mobile operator.
@@ -394,17 +398,17 @@ The following table shows the scenarios supported by this customization.
>[!NOTE]
>In the Default SIM name column:
>
->- The " " in MultivariantProvisionedSPN" "1234 means that there is a space between the mobile operator name or SPN and the last 4 digits of the MSISDN.
+>- The " " in MultivariantProvisionedSPN" "1234 means that there's a space between the mobile operator name or SPN and the last 4 digits of the MSISDN.
>- MultivariantProvisionedSPN means the value that you set for the MultivariantProvisionedSPN setting.
>- SIM 1 or SIM 2 is the default friendly name for the SIM in slot 1 or slot 2.
-|Multivariant setting set?|SPN provisioned?|MSISDN (last 4 digits: 1234, for example) provisioned?|Default SIM name|
-|:---|:---|:---|:---|
-|Yes|Yes|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234|
-|Yes|No|No|*MultivariantProvisionedSPN* (up to 16 characters)|
-|Yes|Yes|No|*MultivariantProvisionedSPN* (up to 16 characters)|
-|Yes|No|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234|
-|No|Yes|Yes|If SPN string >= 12: *SPN*1234If SPN string < 12: *SPN*" "1234|
-|No|No|No|*SIM 1* or *SIM 2*|
-|No|Yes|No|SPN (up to 16 characters)|
-|No|No|Yes|*SIM 1* or *SIM 2*|
+Multivariant setting set?|SPN provisioned?|MSISDN (last four digits: 1234, for example) provisioned?|Default SIM name
+--- | --- | --- | ---
+Yes|Yes|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234
+Yes|No|No|*MultivariantProvisionedSPN* (up to 16 characters)
+Yes|Yes|No|*MultivariantProvisionedSPN* (up to 16 characters)
+Yes|No|Yes|*MultivariantProvisionedSPN*1234 or *MultivariantProvisionedSPN*" "1234
+No|Yes|Yes|If SPN string >= 12: *SPN*1234If SPN string < 12: *SPN*" "1234
+No|No|No|*SIM 1* or *SIM 2*
+No|Yes|No|SPN (up to 16 characters)
+No|No|Yes|*SIM 1* or *SIM 2*
diff --git a/windows/configuration/wcd/wcd-certificates.md b/windows/configuration/wcd/wcd-certificates.md
index a83e01ed1d..02b779a5db 100644
--- a/windows/configuration/wcd/wcd-certificates.md
+++ b/windows/configuration/wcd/wcd-certificates.md
@@ -19,7 +19,7 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo
- In [ClientCertificates](#clientcertificates), you specify a certificate that will be added to the Personal store on the target device, and provide (password, keylocation), (and configure whether the certificate can be exported).
- In [RootCertificates](#rootcertificates), you specify a certificate that will be added to the Trusted Root CA store on the target device.
- In [TrustedPeopleCertificates](#trustedpeoplecertificates), you specify a certificate that will be added to the Trusted People store on the target device.
-- In [TrustedProvisioners](#trustedprovisioners), you specify a certificate which allows devices to automatically trust packages from the specified publisher.
+- In [TrustedProvisioners](#trustedprovisioners), you specify a certificate that allows devices to automatically trust packages from the specified publisher.
## Applies to
@@ -31,14 +31,14 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo
## CACertificates
1. In **Available customizations**, select **CACertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
3. In **CertificatePath**, browse to or enter the path to the certificate.
## ClientCertificates
1. In **Available customizations**, select **ClientCertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. Settings in **bold** are required.
+2. In **Available customizations**, select the name that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Value | Description |
| --- | --- | ---- |
@@ -50,20 +50,20 @@ Use to deploy Root Certificate Authority (CA) certificates to devices. The follo
## RootCertificates
1. In **Available customizations**, select **RootCertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
3. In **CertificatePath**, browse to or enter the path to the certificate.
## TrustedPeopleCertificates
1. In **Available customizations**, select **TrustedPeopleCertificates**, enter a friendly name for the certificate, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
3. In **TrustedCertificate**, browse to or enter the path to the certificate.
## TrustedProvisioners
1. In **Available customizations**, select **TrustedPprovisioners**, enter a CertificateHash, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
3. In **TrustedProvisioner**, browse to or enter the path to the certificate.
## Related topics
diff --git a/windows/configuration/wcd/wcd-connections.md b/windows/configuration/wcd/wcd-connections.md
index 24465ae5a5..4468f64eee 100644
--- a/windows/configuration/wcd/wcd-connections.md
+++ b/windows/configuration/wcd/wcd-connections.md
@@ -24,7 +24,7 @@ Use to configure settings related to various types of phone connections.
For each setting group:
1. In **Available customizations**, select the setting group (such as **Cellular**), enter a friendly name for the connection, and then click **Add**.
-2. In **Available customizations**, select the name that you just created.
+2. In **Available customizations**, select the name that you created.
## Cellular
diff --git a/windows/configuration/wcd/wcd-connectivityprofiles.md b/windows/configuration/wcd/wcd-connectivityprofiles.md
index 307aab14ca..21f4e49131 100644
--- a/windows/configuration/wcd/wcd-connectivityprofiles.md
+++ b/windows/configuration/wcd/wcd-connectivityprofiles.md
@@ -31,7 +31,7 @@ Use to configure profiles that a user will connect with, such as an email accoun
Specify an email account to be automatically set up on the device.
1. In **Available customizations**, select **Email**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure for each account. Settings in **bold** are required.
+2. In **Available customizations**, select the name that you created. The following table describes the settings you can configure for each account. Settings in **bold** are required.
| Setting | Description |
| --- | --- |
@@ -61,7 +61,7 @@ Configure settings related to Exchange email server. These settings are related
1. In **Available customizations**, select **Exchange**, enter a name for the account, and then click **Add**. A globally unique identifier (GUID) is generated for the account.
-2. In **Available customizations**, select the GUID that you just created. The following table describes the settings you can configure. Settings in **bold** are required.
+2. In **Available customizations**, select the GUID that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Description |
| --- | --- |
@@ -88,7 +88,7 @@ Configure settings related to Exchange email server. These settings are related
## KnownAccounts
-Configure the settings to add additional email accounts.
+Configure the settings to add more email accounts.
| Setting | Description |
| --- | --- |
@@ -110,7 +110,7 @@ Configure settings to change the default maximum transmission unit ([MTU](#mtu))
### VPN
1. In **Available customizations**, select **VPNSetting**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the name that you just created. The following table describes the settings you can configure. Settings in **bold** are required.
+2. In **Available customizations**, select the name that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Description |
| --- | --- |
@@ -118,14 +118,14 @@ Configure settings to change the default maximum transmission unit ([MTU](#mtu))
| AlwaysOn | Set to **True** to automatically connect the VPN at sign-in |
| ByPassForLocal | When set to **True**, requests to local resources on the same Wi-Fi network as the VPN client can bypass VPN |
| DnsSuffix | Enter one or more comma-separated DNS suffixes. The first suffix listed is used as the primary connection-specific DNS suffix for the VPN interface. The list is added to the SuffixSearchList. |
-| LockDown | When set to **True**:- Profile automatically becomes an "always on" profile- VPN cannot be disconnected-If the profile is not connected, the user has no network connectivity- No other profiles can be connected or modified |
+| LockDown | When set to **True**:- Profile automatically becomes an "always on" profile- VPN can't be disconnected-If the profile isn't connected, the user has no network connectivity- No other profiles can be connected or modified |
| Proxy | Configure to **Automatic** or **Manual** |
| ProxyAutoConfigUrl | When **Proxy** is set to **Automatic**, enter the URL to automatically retrieve the proxy settings |
| ProxyServer | When **Proxy** is set to **Manual**, enter the proxy server address as a fully qualified hostname or enter `IP address:Port` |
| RememberCredentials | Select whether credentials should be cached |
-| TrustedNetworkDetection | Enter a comma-separated string to identify the trusted network. VPN will not connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. |
+| TrustedNetworkDetection | Enter a comma-separated string to identify the trusted network. VPN won't connect automatically when the user is on their corporate wireless network where protected resources are directly accessible to the device. |
-When **ProfileType** is set to **Native**, the following additional settings are available.
+When **ProfileType** is set to **Native**, the following extra settings are available.
Setting | Description
--- | ---
@@ -135,11 +135,11 @@ NativeProtocolType | Choose between **PPTP**, **L2TP**, **IKEv2**, and **Automat
RoutingPolicyType | Choose between **SplitTunnel**, in which traffic can go over any interface as determined by the networking stack, and **ForceTunnel**, in which all IP traffic must go over the VPN interface.
Server | Enter the public or routable IP address or DNS name for the VPN gateway. It can point to the external IP of a gateway or a virtual IP for a server farm.
-When **ProfileType** is set to **Third Party**, the following additional settings are available.
+When **ProfileType** is set to **Third Party**, the following extra settings are available.
Setting | Description
--- |---
-PluginProfileCustomConfiguration | Enter HTML-encoded XML for SSL-VPN plug-in specific configuration, including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plug-in provider for format and other details. Most plug-ins can also configure values based on the server negotiations as well as defaults.
+PluginProfileCustomConfiguration | Enter HTML-encoded XML for SSL-VPN plug-in specific configuration, including authentication information that is deployed to the device to make it available for SSL-VPN plug-ins. Contact the plug-in provider for format and other details. Most plug-ins can also configure values based on the server negotiations and defaults.
PluginProfilePackageFamilyName | Choose between **Pulse Secure VPN**, **F5 VPN Client**, and **SonicWALL Mobile Connect**.
PluginProfileServerUrlList | Enter a comma-separated list of servers in URL, hostname, or IP format.
@@ -173,7 +173,7 @@ You can use these settings to configure system capabilities for Wi-Fi adapters,
| --- | --- |
| CoexistenceSupport | Specify the type of co-existence that's supported on the device:- **Both**: Both Wi-Fi and Bluetooth work at the same performance level during co-existence- **Wi-Fi reduced**: On a 2X2 system, Wi-Fi performance is reduced to 1X1 level- **Bluetooth centered**: When co-existing, Bluetooth has priority and restricts Wi-Fi performance- **One**: Either Wi-Fi or Bluetooth will stop working |
| NumAntennaConnected | Enter the number of antennas that are connected to the WLAN radio |
-| SimultaneousMultiChannelSupported | Enter the maximum number of channels that the Wi-Fi device can simultaneously operate on. For example, you can use this to specify support for Station mode and Wi-Fi Direct GO on separate channels simultaneously. |
+| SimultaneousMultiChannelSupported | Enter the maximum number of channels that the Wi-Fi device can simultaneously operate on. For example, you can use this setting to specify support for Station mode and Wi-Fi Direct GO on separate channels simultaneously. |
| WLANFunctionLevelDeviceResetSupported | Select whether the device supports functional level device reset (FLDR). The FLDR feature in the OS checks this system capability exclusively to determine if it can run. |
| WLANPlatformLevelDeviceResetSupported | Select whether the device supports platform level device reset (PLDR). The PLDR feature in the OS checks this system capability exclusively to determine if it can run. |
@@ -192,7 +192,7 @@ Configure settings for wireless connectivity.
### WLANXmlSettings
-Enter a SSID, click **Add**, and then configure the following settings for the SSID.
+Enter an SSID, click **Add**, and then configure the following settings for the SSID.
| Settings | Description |
| --- | --- |
diff --git a/windows/configuration/wcd/wcd-deviceformfactor.md b/windows/configuration/wcd/wcd-deviceformfactor.md
index 6a101c9fd1..a643a6b0f5 100644
--- a/windows/configuration/wcd/wcd-deviceformfactor.md
+++ b/windows/configuration/wcd/wcd-deviceformfactor.md
@@ -34,7 +34,7 @@ Select the appropriate form from the dropdown menu.
| --- | --- |
| Phone | A typical smartphone combines cellular connectivity, a touch screen, rechargeable power source, and other components into a single chassis. |
| LargeScreen | Microsoft Surface Hub |
-| HMD | (Head-mounted display) A holographic computer that is completely untethered - no wires, phones, or connection to a PC needed. |
+| HMD | (Head-mounted display) A holographic computer that is untethered - no wires, phones, or connection to a PC needed. |
| IndustryHandheld | A device screen less than 7” diagonal designed for industrial solutions. May or may not have a cellular stack. |
| IndustryTablet | A device with an integrated screen greater than 7” diagonal and no attached keyboard designed for industrial solutions as opposed to consumer personal computer. May or may not have a cellular stack. |
| Banking | A machine at a bank branch or another location that enables customers to perform basic banking activities including withdrawing money and checking one's bank balance. |
@@ -54,10 +54,10 @@ Select the appropriate form from the dropdown menu.
| Toy | A device used solely for enjoyment or entertainment. |
| Vending | A machine that dispenses items in exchange for payment in the form of coin, currency, or credit/debit card. |
| IndustryOther |A device that doesn't fit into any of the previous categories. |
-| Desktop | A desktop PC form factor traditional comes in an upright tower or small desktop chassis and does not have an integrated screen. |
-| Notebook | A notebook is a portable clamshell device with an attached keyboard that cannot be removed. |
-| Convertible | A convertible device is an evolution of the traditional notebook where the keyboard can be swiveled, rotated or flipped, but not completely removed. It is a blend between a traditional notebook and tablet, also called a 2-in-1. |
-| Detachable | A detachable device is an evolution of the traditional notebook where the keyboard can be completely removed. It is a blend between a traditional notebook and tablet, also called a 2-in-1. |
+| Desktop | A desktop PC form factor traditional comes in an upright tower or small desktop chassis and doesn't have an integrated screen. |
+| Notebook | A notebook is a portable clamshell device with an attached keyboard that can't be removed. |
+| Convertible | A convertible device is an evolution of the traditional notebook where the keyboard can be swiveled, rotated or flipped, but not completely removed. It's a blend between a traditional notebook and tablet, also called a 2-in-1. |
+| Detachable | A detachable device is an evolution of the traditional notebook where the keyboard can be removed. It's a blend between a traditional notebook and tablet, also called a 2-in-1. |
| AIO | An All-in-One (AIO) device is an evolution of the traditional desktop with an attached display. |
| Stick | A device that turns your TV into a Windows computer. Plug the stick into the HDMI slot on the TV and connect a USB or Bluetooth keyboard or mouse. |
| Puck | A small-size PC that users can use to plug in a monitor and keyboard. |
diff --git a/windows/configuration/wcd/wcd-devicemanagement.md b/windows/configuration/wcd/wcd-devicemanagement.md
index a5bb59742b..0eba4cd0e2 100644
--- a/windows/configuration/wcd/wcd-devicemanagement.md
+++ b/windows/configuration/wcd/wcd-devicemanagement.md
@@ -27,7 +27,7 @@ Use to configure device management settings.
## Accounts
1. In **Available customizations**, select **Accounts**, enter a friendly name for the account, and then click **Add**.
-2. In **Available customizations**, select the account that you just created. The following table describes the settings you can configure. Settings in **bold** are required.
+2. In **Available customizations**, select the account that you created. The following table describes the settings you can configure. Settings in **bold** are required.
| Setting | Description |
| --- | --- |
@@ -58,14 +58,14 @@ Use to configure device management settings.
## PGList
1. In **Available customizations**, select **PGList**, enter a LogicalProxyName, and then click **Add**.
-2. In **Available customizations**, select the LogicalProxyName that you just created, and then select **PhysicalProxies**.
+2. In **Available customizations**, select the LogicalProxyName that you created, and then select **PhysicalProxies**.
3. Enter a PhysicalProxyName, and then click **Add**. The following table describes the settings you can configure for the physical proxy and for **Trust**.
| Setting | Description |
| --- | --- |
| Address | Enter the address of the physical proxy |
| AddressType | Select between **E164**, **IPV4**, and **IPV^** for the format and protocol of the PXADDR element for a physical proxy |
-| MatchedNapID | Enter a string that defines the SMS bearer. This string must match the NAPID exactly. The value must contains MVID macro if it is an IPv4 PXADDRTYPE. |
+| MatchedNapID | Enter a string that defines the SMS bearer. This string must match the NAPID exactly. The value must contain MVID macro if it's an IPv4 PXADDRTYPE. |
| PushEnabled | Select whether push operations are enabled |
| Trust | Specify whether or not the physical proxies in this logical proxy are privileged |
diff --git a/windows/configuration/wcd/wcd-networkproxy.md b/windows/configuration/wcd/wcd-networkproxy.md
index 20e53f7d72..4d50550dee 100644
--- a/windows/configuration/wcd/wcd-networkproxy.md
+++ b/windows/configuration/wcd/wcd-networkproxy.md
@@ -27,18 +27,18 @@ Automatically detect network proxy settings.
| Value | Description |
| --- | --- |
-| 0 | Disabled. Do not automatically detect settings. |
+| 0 | Disabled. Don't automatically detect settings. |
| 1 | Enabled. Automatically detect settings. |
## ProxyServer
-Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings do not apply to VPN connections.
+Node for configuring a static proxy for Ethernet and Wi-Fi connections. The same proxy server is used for all protocols - including HTTP, HTTPS, FTP, and SOCKS. These settings don't apply to VPN connections.
| Setting | Description |
| --- | --- |
| ProxyAddress | Address to the proxy server. Specify an address in the format `server:port`. |
-| ProxyExceptions | Addresses that should not use the proxy server. The system will not use the proxy server for addresses that begin with the values specified in this node. Use semicolons (;) to separate entries. |
-| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Do not use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
+| ProxyExceptions | Addresses that shouldn't use the proxy server. The system won't use the proxy server for addresses that begin with the values specified in this node. Use semicolons (;) to separate entries. |
+| UseProxyForLocalAddresses | Whether the proxy server should be used for local (intranet) addresses.- 0 = Disabled. Don't use the proxy server for local addresses.- 1 = Enabled. Use the proxy server for local addresses. |
## SetupScriptUrl
diff --git a/windows/configuration/wcd/wcd-policies.md b/windows/configuration/wcd/wcd-policies.md
index fddfc8e061..59377ff9bc 100644
--- a/windows/configuration/wcd/wcd-policies.md
+++ b/windows/configuration/wcd/wcd-policies.md
@@ -46,10 +46,10 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowAllTrustedApps](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowalltrustedapps) | Whether non-Microsoft Store apps are allowed | ✔️ | | | ✔️ |
| [AllowAppStoreAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowappstoreautoupdate) | Whether automatic update of apps from Microsoft Store is allowed | ✔️ | | | ✔️ |
| [AllowDeveloperUnlock](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowdeveloperunlock) | Whether developer unlock of device is allowed | ✔️ | ✔️ | ✔️ | ✔️ |
-| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting is allowed | ✔️ | | | |
+| [AllowGameDVR](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowgamedvr) |Whether DVR and broadcasting are allowed | ✔️ | | | |
| [AllowSharedUserAppData](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowshareduserappdata) | Whether multiple users of the same app can share data | ✔️ | | | |
| [AllowStore](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-allowstore) | Whether app store is allowed at device | | | | |
-| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allow list, disallow list, etc. | | | | |
+| [ApplicationRestrictions](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-applicationrestrictions) | An XML blob that specifies app restrictions, such as an allowlist, disallow list, etc. | | | | |
| [LaunchAppAfterLogOn](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-launchappafterlogon) |Whether to launch an app or apps when the user signs in. | ✔️ | | | |
| [RestrictAppDataToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictappdatatosystemvolume) | Whether app data is restricted to the system drive | ✔️ | | | ✔️ |
| [RestrictAppToSystemVolume](/windows/client-management/mdm/policy-configuration-service-provider#applicationmanagement-restrictapptosystemvolume) | Whether the installation of apps is restricted to the system drive | ✔️ | | | ✔️ |
@@ -63,7 +63,7 @@ This section describes the **Policies** settings that you can configure in [prov
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowFastReconnect](/windows/client-management/mdm/policy-csp-authentication#authentication-allowfastreconnect) | Allows EAP Fast Reconnect from being attempted for EAP Method TLS. | ✔️ | ✔️ | ✔️ | ✔️ |
| [EnableFastFirstSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablefastfirstsignin) | Enables a quick first sign-in experience for a user by automatically connecting new non-admin Azure AD accounts to the pre-configured candidate local accounts. | ✔️ | ✔️ | | ✔️ |
-| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows logon support for non-ADFS federated providers (e.g. SAML). | ✔️ | ✔️ | | ✔️ |
+| [EnableWebSignin](/windows/client-management/mdm/policy-csp-authentication#authentication-enablewebsignin) | Enables Windows sign-in support for non-ADFS federated providers (for example, SAML). | ✔️ | ✔️ | | ✔️ |
| [PreferredAadTenantDomainName](/windows/client-management/mdm/policy-csp-authentication#authentication-preferredaadtenantdomainname) | Specifies the preferred domain among available domains in the Azure AD tenant. | ✔️ | ✔️ | | ✔️ |
@@ -95,7 +95,7 @@ This section describes the **Policies** settings that you can configure in [prov
[AllowConfigurationUpdateForBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-allowconfigurationupdateforbookslibrary) | Specify whether Microsoft Edge can automatically update the configuration data for the Books Library. | ✔️ | | | |
| [AllowCookies](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowcookies) | Specify whether cookies are allowed. | ✔️ | ✔️ | | ✔️ |
| [AllowDeveloperTools](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdevelopertools) | Specify whether employees can use F12 Developer Tools on Microsoft Edge. | ✔️ | | | |
-| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do Not Track headers are allowed. | ✔️ | ✔️ | | ✔️ |
+| [AllowDoNotTrack](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowdonottrack) | Specify whether Do not Track headers are allowed. | ✔️ | ✔️ | | ✔️ |
| [AllowExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowextensions) | Specify whether Microsoft Edge extensions are allowed. | ✔️ | | | |
| [AllowFlash](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflash) | Specify whether Adobe Flash can run in Microsoft Edge. | ✔️ | | | |
| [AllowFlashClickToRun](/windows/client-management/mdm/policy-configuration-service-provider#browser-allowflashclicktorun) | Specify whether users must take an action, such as clicking the content or a Click-to-Run button, before seeing content in Adobe Flash. | ✔️ | | | |
@@ -115,18 +115,18 @@ This section describes the **Policies** settings that you can configure in [prov
| [AllowWebContentOnNewTabPage](/windows/client-management/mdm/policy-csp-browser#browser-allowwebcontentonnewtabpage) | Specify whether a New tab page opens with the default content or a blank page. | ✔️ | ✔️ | | ✔️ |
[AlwaysEnableBooksLibrary](/windows/client-management/mdm/policy-csp-browser#browser-alwaysenablebookslibrary) | Always show the Books Library in Microsoft Edge. | ✔️ | | | |
| [ClearBrowsingDataOnExit](/windows/client-management/mdm/policy-configuration-service-provider#browser-clearbrowsingdataonexit) | Specify whether to clear browsing data when exiting Microsoft Edge. | ✔️ | | | |
-| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to 5 additional search engines for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
+| [ConfigureAdditionalSearchEngines](/windows/client-management/mdm/policy-configuration-service-provider#browser-configureadditionalsearchengines) | Allows you to add up to five more search engines for MDM-enrolled devices. | ✔️ | ✔️ | | ✔️ |
| [ConfigureFavoritesBar](/windows/client-management/mdm/policy-csp-browser#browser-configurefavoritesbar) | Specify whether the Favorites bar is shown or hidden on all pages. | ✔️ | | | |
-| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it is selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | |
+| [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) | Configure whether the Home button will be shown, and what should happen when it's selected. You should also configure the [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) setting. To configure this setting and also allow users to make changes to the Home button, see the [UnlockHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-unlockhomebutton) setting. | ✔️ | | | |
| [ConfigureKioskMode](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskmode) | Configure how Microsoft Edge operates when it's running in kiosk mode, either as a single-app kiosk or as one of multiple apps running on the kiosk device. | ✔️ | | | |
| [ConfigureKioskResetAfterIdleTimeout](/windows/client-management/mdm/policy-csp-browser#browser-configurekioskresetafteridletimeout) | Specify the time, in minutes, after which Microsoft Edge running in kiosk mode resets to the default kiosk configuration. | ✔️ | | | |
| [ConfigureOpenMicrosoftEdgeWith](/windows/client-management/mdm/policy-csp-browser#browser-configureopenmicrosoftedgewith) | Specify which pages should load when Microsoft Edge opens. You should also configure the [ConfigureStartPages](/windows/client-management/mdm/policy-csp-browser#browser-configurestartpages) setting and [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) setting. | ✔️ | | | |
| [ConfigureTelemetryForMicrosoft365Analytics](/windows/client-management/mdm/policy-csp-browser#browser-configuretelemetryformicrosoft365analytics) | Specify whether to send Microsoft Edge browsing history data to Microsoft 365 Analytics. | ✔️ | | | |
| [DisableLockdownOfStartPages](/windows/client-management/mdm/policy-configuration-service-provider#browser-disablelockdownofstartpages) | Specify whether the lockdown on the Start pages is disabled. | ✔️ | | | |
-[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send additional diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | |
+[EnableExtendedBooksTelemetry](/windows/client-management/mdm/policy-csp-browser#browser-enableextendedbookstelemetry) | Enable this setting to send more diagnostic data, on top of the basic diagnostic data, from the Books tab. | ✔️ | ✔️ | | |
| [EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist) | Allow the user to specify a URL of an enterprise site list. | ✔️ | | | |
| [EnterpriseSiteListServiceUrl](/windows/client-management/mdm/policy-csp-browser#browser-enterprisesitelistserviceurl) | This policy (introduced in Windows 10, version 1507) was deprecated in Windows 10, version 1511 by [Browser/EnterpriseModeSiteList](/windows/client-management/mdm/policy-configuration-service-provider#browser-enterprisemodesitelist). | ✔️ | | | |
-| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it is opened for the first time. | ✔️ | | | |
+| [FirstRunURL](/windows/client-management/mdm/policy-configuration-service-provider#browser-firstrunurl) | Specify the URL that Microsoft Edge will use when it's opened for the first time. | ✔️ | | | |
| [HomePages](/windows/client-management/mdm/policy-configuration-service-provider#browser-homepages) | Specify your Start pages for MDM-enrolled devices. | ✔️ | | | |
[LockdownFavorites](/windows/client-management/mdm/policy-csp-browser#browser-lockdownfavorites) | Configure whether employees can add, import, sort, or edit the Favorites list in Microsoft Edge. | ✔️ | | | |
| [PreventAccessToAboutFlagsInMicrosoftEdge](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventaccesstoaboutflagsinmicrosoftedge) | Specify whether users can access the **about:flags** page, which is used to change developer settings and to enable experimental features. | ✔️ | ✔️ | | ✔️ |
@@ -136,9 +136,9 @@ This section describes the **Policies** settings that you can configure in [prov
| [PreventSmartScreenPromptOverride](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverride) | Specify whether users can override the Windows Defender SmartScreen warnings about potentially malicious websites. | ✔️ | ✔️ | | ✔️ |
| [PreventSmartScreenPromptOverrideForFiles](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventsmartscreenpromptoverrideforfiles) | Specify whether users can override the Windows Defender SmartScreen warnings about downloading unverified files. | ✔️ | ✔️ | | ✔️ |
PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Start and New Tab page at Windows startup and each time Microsoft Edge is closed. Applies to Windows 10, version 1803 and earlier only. | ✔️ | | | |
-| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users cannot turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | |
+| [PreventTurningOffRequiredExtensions](/windows/client-management/mdm/policy-configuration-service-provider#browser-forceenabledextensions) | Enter a list of extensions in Microsoft Edge that users can't turn off, using a semi-colon delimited list of extension package family names. | ✔️ | | | |
| [PreventUsingLocalHostIPAddressForWebRTC](/windows/client-management/mdm/policy-configuration-service-provider#browser-preventusinglocalhostipaddressforwebrtc) | Specify whether a user's localhost IP address is displayed while making phone calls using the WebRTC protocol. | ✔️ | ✔️ | | ✔️ |
-[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites which will appear for employees. | ✔️ | | | |
+[ProvisionFavorites](/windows/client-management/mdm/policy-csp-browser#browser-provisionfavorites) | Configure a default set of favorites that will appear for employees. | ✔️ | | | |
| [SendIntranetTraffictoInternetExplorer](/windows/client-management/mdm/policy-configuration-service-provider#browser-sendintranettraffictointernetexplorer) | Specify whether to send intranet traffic to Internet Explorer. | ✔️ | | | |
| [SetDefaultSearchEngine](/windows/client-management/mdm/policy-configuration-service-provider#browser-setdefaultsearchengine) | Configure the default search engine for your employees. | ✔️ | ✔️ | | ✔️ |
| [SetHomeButtonURL](/windows/client-management/mdm/policy-csp-browser#browser-sethomebuttonurl) | Specify a custom URL for the Home button. You should also enable the [ConfigureHomeButton](/windows/client-management/mdm/policy-csp-browser#browser-configurehomebutton) setting and select the **Show the home button; clicking the home button loads a specific URL** option. | ✔️ | | | |
@@ -175,7 +175,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy does not actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered the devices are for ready for use by information workers or students. | ✔️ | | | |
+[DisableAutomaticReDeploymentCredentials](/windows/client-management/mdm/policy-csp-credentialproviders) | This setting disables the visibility of the credential provider that triggers the PC refresh on a device. This policy doesn't actually trigger the refresh. The admin user is required to authenticate to trigger the refresh on the target device. The Windows 10 Autopilot Reset feature allows admin to reset devices to a known good managed state while preserving the management enrollment. After the automatic redeployment is triggered, the devices are for ready for use by information workers or students. | ✔️ | | | |
## Cryptography
@@ -205,7 +205,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| [DaysToRetainCleanedMalware](/windows/client-management/mdm/policy-configuration-service-provider#defender-daystoretaincleanedmalware) | Specify time period (in days) that quarantine items will be stored on the system. | ✔️ | | | |
| [ExcludedExtensions](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedextensions) | Specify a list of file type extensions to ignore during a scan. Separate each file type in the list by using \|. | ✔️ | | | |
| [ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) | Specify a list of directory paths to ignore during a scan. Separate each path in the list by using \|. | ✔️ | | | |
-| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself is not excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | |
+| [ExcludedProcesses](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedprocesses) | Specify a list of files opened by processes to ignore during a scan. Separate each file type in the list by using \|. The process itself isn't excluded from the scan, but can be excluded by using the [Defender/ExcludedPaths](/windows/client-management/mdm/policy-configuration-service-provider#defender-excludedpaths) policy to exclude its path. | ✔️ | | | |
| [RealTimeScanDirection](/windows/client-management/mdm/policy-configuration-service-provider#defender-realtimescandirection) | Control which sets of files should be monitored. | ✔️ | | | |
| [ScanParameter](/windows/client-management/mdm/policy-configuration-service-provider#defender-scanparameter) | Select whether to perform a quick scan or full scan. | ✔️ | | | |
| [ScheduleQuickScanTime](/windows/client-management/mdm/policy-configuration-service-provider#defender-schedulequickscantime) | Specify the time of day that Windows Defender quick scan should run. | ✔️ | | | |
@@ -280,7 +280,7 @@ PreventTabPreloading | Prevent Microsoft Edge from starting and loading the Star
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste is allowed. | | | | |
+| [AllowCopyPaste](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcopypaste) | Specify whether copy and paste are allowed. | | | | |
| [AllowCortana](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowcortana) | Specify whether Cortana is allowed on the device. | ✔️ | | ✔️ | |
| [AllowDeviceDiscovery](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowdevicediscovery) | Allow users to turn device discovery on or off in the UI. | ✔️ | | | |
| [AllowFindMyDevice](/windows/client-management/mdm/policy-configuration-service-provider#experience-allowfindmydevice) | Turn on **Find my device** feature. | ✔️ | | | |
@@ -319,13 +319,13 @@ These settings apply to the **Kiosk Browser** app available in Microsoft Store.
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | |
-|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This is used to configure blocked URLs kiosk browsers cannot navigate to. | ✔️ | | | |
+|[BlockedUrlExceptions](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurlexceptions) | List of exceptions to the blocked website URLs (with wildcard support). This setting is used to configure URLs kiosk browsers are allowed to navigate to, which are a subset of the blocked URLs. | ✔️ | | | |
+|[BlockedUrls](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-blockedurls) | List of blocked website URLs (with wildcard support). This setting is used to configure blocked URLs kiosk browsers can't navigate to. | ✔️ | | | |
|[DefaultURL](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-defaulturl) | Configures the default URL kiosk browsers to navigate on launch and restart. | ✔️ | | | |
|[EnableEndSessionButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enableendsessionbutton) | Enable/disable kiosk browser's end session button. | ✔️ | | | |
|[EnableHomeButton](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablehomebutton) | Enable/disable kiosk browser's home button. | ✔️ | | | |
|[EnableNavigationButtons](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-enablenavigationbuttons) | Enable/disable kiosk browser's navigation buttons (forward/back). | ✔️ | | | |
-|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the amount of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty which means there is no idle timeout within the kiosk browser. | ✔️ | | | |
+|[RestartOnIdleTime](/windows/client-management/mdm/policy-csp-kioskbrowser#kioskbrowser-restartonidletime) | Amount of time in minutes the session is idle until the kiosk browser restarts in a fresh state. The value is an int 1-1440 that specifies the number of minutes the session is idle until the kiosk browser restarts in a fresh state. The default value is empty, which means there's no idle timeout within the kiosk browser. | ✔️ | | | |
To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in Windows Configuration Designer:
@@ -334,7 +334,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
3. Insert the null character string in between each URL (e.g www.bing.comwww.contoso.com).
4. Save the XML file.
5. Open the project again in Windows Configuration Designer.
-6. Export the package. Ensure you do not revisit the created policies under Kiosk Browser or else the null character will be removed.
+6. Export the package. Ensure you don't revisit the created policies under Kiosk Browser or else the null character will be removed.
## LocalPoliciesSecurityOptions
@@ -348,7 +348,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
-| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Do not use. | | | | |
+| [EnableLocation](/windows/client-management/mdm/policy-configuration-service-provider#location-enablelocation) | Don't use. | | | | |
## Power
@@ -374,8 +374,8 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| [StandbyTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#standbytimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep while plugged in. | ✔️ | | | |
| [TurnOffHybridSleepOnBattery](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeponbattery) | Turn off hybrid sleep while on battery. | ✔️ | | | |
| [TurnOffHybridSleepPluggedIn](/windows/client-management/mdm/policy-csp-power#turnoffhybridsleeppluggedin) | Turn off hybrid sleep while plugged in. | ✔️ | | | |
-| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while on battery. | ✔️ | | | |
-| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user is not present while plugged in. | ✔️ | | | |
+| [UnattendedSleepTimeoutOnBattery](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutonbattery) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while on battery. | ✔️ | | | |
+| [UnattendedSleepTimeoutPluggedIn](/windows/client-management/mdm/policy-csp-power#unattendedsleeptimeoutpluggedin) | Specify the period of inactivity before Windows transitions the system to sleep automatically when a user isn't present while plugged in. | ✔️ | | | |
## Privacy
@@ -390,11 +390,11 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
[AllowCloudSearch](/windows/client-management/mdm/policy-csp-search#search-allowcloudsearch) | Allow search and Cortana to search cloud sources like OneDrive and SharePoint. T | ✔️ | | | |
-[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | |
+[AllowCortanaInAAD](/windows/client-management/mdm/policy-csp-search#search-allowcortanainaad) | This setting specifies whether the Cortana consent page can appear in the Azure Active Directory (AAD) device out-of-box-experience (OOBE) flow. | ✔️ | | | |
| [AllowIndexingEncryptedStoresOrItems](/windows/client-management/mdm/policy-configuration-service-provider#search-allowindexingencryptedstoresoritems) | Allow or disallow the indexing of items. | ✔️ | | | |
| [AllowSearchToUseLocation](/windows/client-management/mdm/policy-configuration-service-provider#search-allowsearchtouselocation) | Specify whether search can use location information. | ✔️ | | ✔️ | |
| [AllowUsingDiacritics](/windows/client-management/mdm/policy-configuration-service-provider#search-allowusingdiacritics) | Allow the use of diacritics. | ✔️ | | | |
-| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To do this, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✔️ | | | |
+| [AllowWindowsIndexer](/windows/client-management/mdm/policy-csp-search#search-allowwindowsindexer) | The indexer provides fast file, email, and web history search for apps and system components including Cortana, Outlook, file explorer, and Edge. To provide these features, it requires access to the file system and app data stores such as Outlook OST files.- **Off** setting disables Windows indexer- **EnterpriseSecure** setting stops the indexer from indexing encrypted files or stores, and is recommended for enterprises using Windows Information Protection (WIP)- **Enterprise** setting reduces potential network loads for enterprises- **Standard** setting is appropriate for consumers | ✔️ | | | |
| [AlwaysUseAutoLangDetection](/windows/client-management/mdm/policy-configuration-service-provider#search-alwaysuseautolangdetection) | Specify whether to always use automatic language detection when indexing content and properties. | ✔️ | | | |
| [DoNotUseWebResults](/windows/client-management/mdm/policy-configuration-service-provider#search-donotusewebresults) | Specify whether to allow Search to perform queries on the web. | ✔️ | | | |
| [DisableBackoff](/windows/client-management/mdm/policy-configuration-service-provider#search-disablebackoff) | If enabled, the search indexer backoff feature will be disabled. | ✔️ | | | |
@@ -424,7 +424,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| [AllowAutoPlay](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowautoplay) | Allow the user to change AutoPlay settings. | | | | |
| [AllowDataSense](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowdatasense) | Allow the user to change Data Sense settings. | | | | |
| [AllowVPN](/windows/client-management/mdm/policy-configuration-service-provider#settings-allowvpn) | Allow the user to change VPN settings. | | | ✔️ | |
-| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing additional calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | |
+| [ConfigureTaskbarCalendar](/windows/client-management/mdm/policy-configuration-service-provider#settings-configuretaskbarcalendar) | Configure the default setting for showing other calendars (besides the default calendar for the locale) in the taskbar clock and calendar flyout. | ✔️ | | | |
[PageVisiblityList](/windows/client-management/mdm/policy-csp-settings#settings-pagevisibilitylist) | Allows IT admins to prevent specific pages in the System Settings app from being visible or accessible. Pages are identified by a shortened version of their already [published URIs](/windows/uwp/launch-resume/launch-settings-app#ms-settings-uri-scheme-reference), which is the URI minus the "ms-settings:" prefix. For example, if the URI for a settings page is "ms-settings:foo", the page identifier used in the policy will be just "foo". Multiple page identifiers are separated by semicolons. | ✔️ | | | |
## Start
@@ -448,7 +448,7 @@ To configure multiple URLs for **Blocked URL Exceptions** or **Blocked URLs** in
| [HideFrequentlyUsedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hidefrequentlyusedapps) | Hide **Most used** section of Start. | ✔️ | | | |
| [HideHibernate](/windows/client-management/mdm/policy-configuration-service-provider#start-hidehibernate) | Prevent **Hibernate** option from appearing in the Power button. | ✔️ | | | |
| [HideLock](/windows/client-management/mdm/policy-configuration-service-provider#start-hidelock) | Prevent **Lock** from appearing in the user tile. | ✔️ | | | |
-| HidePeopleBar | Remove the people icon from the taskbar, as well as the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | |
+| HidePeopleBar | Remove the people icon from the taskbar, and the corresponding settings toggle. It also prevents users from pinning people to the taskbar. | ✔️ | | | |
| [HidePowerButton](/windows/client-management/mdm/policy-configuration-service-provider#start-hidepowerbutton) | Hide the **Power** button. | ✔️ | | | |
| [HideRecentJumplists](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentjumplists) | Hide jumplists of recently opened items. | ✔️ | | | |
| [HideRecentlyAddedApps](/windows/client-management/mdm/policy-configuration-service-provider#start-hiderecentlyaddedapps) | Hide **Recently added** section of Start. | ✔️ | | | |
@@ -478,7 +478,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| DisableDeviceDelete | Specify whether the delete diagnostic data is enabled in the Diagnostic & Feedback Settings page. | ✔️ | | | |
| DisableDataDiagnosticViewer | Configure whether users can enable and launch the Diagnostic Data Viewer from the Diagnostic & Feedback Settings page. | ✔️ | | | |
| [DisableOneDriveFileSync](/windows/client-management/mdm/policy-configuration-service-provider#system-disableonedrivefilesync) | Prevent apps and features from working with files on OneDrive. | ✔️ | | | |
-| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus additional events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus additional enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or do not configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | | | |
+| [LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics) | This policy setting, in combination with the System/AllowTelemetry policy setting, enables organizations to send Microsoft a specific set of diagnostic data for IT insights via Windows Analytics services. To enable this behavior you must enable this policy setting, and set Allow Telemetry to level 2 (Enhanced). When you configure these policy settings, a basic level of diagnostic data plus other events that are required for Windows Analytics are sent to Microsoft. These events are documented in [Windows 10, version 1703 basic level Windows diagnostic events and fields](/windows/privacy/enhanced-diagnostic-data-windows-analytics-events-and-fields). Enabling enhanced diagnostic data in the System/AllowTelemetry policy in combination with not configuring this policy will also send the required events for Windows Analytics, plus other enhanced level diagnostic data. This setting has no effect on computers configured to send full, basic or security level diagnostic data to Microsoft. If you disable or don't configure this policy setting, then the level of diagnostic data sent to Microsoft is determined by the System/AllowTelemetry policy. | ✔️ | | | |
## TextInput
@@ -486,7 +486,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
| --- | --- | :---: | :---: | :---: | :---: |
| [AllowIMELogging](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimelogging) | Allow the user to turn on and off the logging for incorrect conversion and saving auto-tuning result to a file and history-based predictive input. | ✔️ | | | |
-| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that do not exist in the device's local dictionary. | ✔️ | | | |
+| [AllowIMENetworkAccess](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowimenetworkaccess) | Allow the user to turn on Open Extended Dictionary, Internet search integration, or cloud candidate features to provide input suggestions that don't exist in the device's local dictionary. | ✔️ | | | |
| [AllowInputPanel](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowinputpanel) | Disable the touch/handwriting keyboard. | ✔️ | | | |
| [AllowJapaneseIMESurrogatePairCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseimesurrogatepaircharacters) | Allow the Japanese IME surrogate pair characters. | ✔️ | | | |
| [AllowJapaneseIVSCharacters](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseivscharacters) | Allow Japanese Ideographic Variation Sequence (IVS) characters. | ✔️ | | | |
@@ -494,7 +494,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| [AllowJapaneseUserDictionary](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowjapaneseuserdictionary) | Allow the Japanese user dictionary. | ✔️ | | | |
| [AllowKeyboardTextSuggestions](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowkeyboardtextsuggestions) | Specify whether text prediction is enabled or disabled for the on-screen keyboard, touch keyboard, and handwriting recognition tool. | ✔️ | | | |
| [AllowLanguageFeaturesUninstall](/windows/client-management/mdm/policy-configuration-service-provider#textinput-allowlanguagefeaturesuninstall) | All language features to be uninstalled. | ✔️ | | | |
-| AllowUserInputsFromMiracastRecevier | Do not use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
+| AllowUserInputsFromMiracastRecevier | Don't use. Instead, use [WirelessDisplay](#wirelessdisplay)/[AllowUserInputFromWirelessDisplayReceiver](/windows/client-management/mdm/policy-configuration-service-provider#wirelessdisplay-allowuserinputfromwirelessdisplayreceiver) | | | | |
| [ExcludeJapaneseIMEExceptISO208](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
| [ExcludeJapaneseIMEExceptISO208andEUDC](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptjis0208andeudc) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
| [ExcludeJapaneseIMEExceptShiftJIS](/windows/client-management/mdm/policy-configuration-service-provider#textinput-excludejapaneseimeexceptshiftjis) | Allow users to restrict character code range of conversion by setting the character filter. | ✔️ | | | |
@@ -511,9 +511,9 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| Setting | Description | Windows client | Surface Hub | HoloLens | IoT Core |
|---------|-------------|:--------------:|:-----------:|:--------:|:--------:|
-| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ |
+| [ActiveHoursEnd](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursend) | Use with **Update/ActiveHoursStart** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
| [ActiveHoursMaxRange](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursmaxrange) | Specify the maximum active hours range. | ✔️ | ✔️ | | ✔️ |
-| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots are not scheduled. | ✔️ | ✔️ | | ✔️ |
+| [ActiveHoursStart](/windows/client-management/mdm/policy-configuration-service-provider#update-activehoursstart) | Use with **Update/ActiveHoursEnd** to manage the range of active hours where update reboots aren't scheduled. | ✔️ | ✔️ | | ✔️ |
| [AllowAutoUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-allowautoupdate) | Configure automatic update behavior to scan, download, and install updates. | ✔️ | ✔️ | ✔️ | ✔️ |
| [AllowAutoWindowsUpdateDownloadOverMeteredNetwork](/windows/client-management/mdm/policy-csp-update#update-allowautowindowsupdatedownloadovermeterednetwork) | Option to download updates automatically over metered connections (off by default). Enter `0` for not allowed, or `1` for allowed. | ✔️ | ✔️ | | ✔️ |
| [AllowMUUpdateService](/windows/client-management/mdm/policy-configuration-service-provider#update-allowmuupdateservice) | Manage whether to scan for app updates from Microsoft Update. | ✔️ | ✔️ | ✔️ | ✔️ |
@@ -529,7 +529,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| [DeferUpdatePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupdateperiod) | Specify update delays for up to 4 weeks. | ✔️ | ✔️ | ✔️ | ✔️ |
| [DeferUpgradePeriod](/windows/client-management/mdm/policy-csp-update#update-deferupgradeperiod) | Specify upgrade delays for up to 8 months. | ✔️ | ✔️ | ✔️ | ✔️ |
| [DetectionFrequency](/windows/client-management/mdm/policy-configuration-service-provider#update-detectionfrequency) | Specify the frequency to scan for updates, from every 1-22 hours. | ✔️ | ✔️ | ✔️ | ✔️ |
-| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Do not allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ |
+| [DisableDualScan](/windows/client-management/mdm/policy-csp-update#update-disabledualscan) | Don't allow update deferral policies to cause scans against Windows Update. | ✔️ | ✔️ | | ✔️ |
| [EngagedRestartDeadline](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadline) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
| [EngagedRestartDeadlineForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartdeadlineforfeatureupdates) | Specify the deadline in days before automatically scheduling and executing a pending restart outside of active hours. | ✔️ | ✔️ | | ✔️ |
| [EngagedRestartSnoozeSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestartsnoozeschedule) | Specify the number of days a user can snooze Engaged restart reminder notifications. | ✔️ | ✔️ | | ✔️ |
@@ -537,7 +537,7 @@ ConfigureTelemetryOptInSettingsUx | This policy setting determines whether peopl
| [EngagedRestartTransitionSchedule](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionschedule) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
| [EngagedRestartTransitionScheduleForFeatureUpdates](/windows/client-management/mdm/policy-configuration-service-provider#update-engagedrestarttransitionscheduleforfeatureupdates) | Specify the timing before transitioning from Auto restarts scheduled outside of active hours to Engaged restart, which requires the user to schedule. | ✔️ | ✔️ | | ✔️ |
| [ExcludeWUDriversInQualityUpdate](/windows/client-management/mdm/policy-configuration-service-provider#update-excludewudriversinqualityupdate) | Exclude Windows Update (WU) drivers during quality updates. | ✔️ | ✔️ | | ✔️ |
-| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it is missing from the metadata. | ✔️ | ✔️ | | ✔️ |
+| [FillEmptyContentUrls](/windows/client-management/mdm/policy-configuration-service-provider#update-fillemptycontenturls) | Allow Windows Update Agent to determine the download URL when it's missing from the metadata. | ✔️ | ✔️ | | ✔️ |
| ManagePreviewBuilds | Use to enable or disable preview builds. | ✔️ | ✔️ | ✔️ | ✔️ |
| PhoneUpdateRestrictions | Deprecated | | ✔️ | | |
| [RequireDeferUpgrade](/windows/client-management/mdm/policy-configuration-service-provider#update-requiredeferupgrade) | Configure device to receive updates from Current Branch for Business (CBB). | ✔️ | ✔️ | ✔️ | ✔️ |
diff --git a/windows/configuration/wcd/wcd-surfacehubmanagement.md b/windows/configuration/wcd/wcd-surfacehubmanagement.md
index 4d3996dcfd..5e2b059925 100644
--- a/windows/configuration/wcd/wcd-surfacehubmanagement.md
+++ b/windows/configuration/wcd/wcd-surfacehubmanagement.md
@@ -29,8 +29,8 @@ Use SurfaceHubManagement settings to set the administrator group that will manag
## GroupName
-Enter the group name for the administrators group in Active Directory.
+Enter the group name for the administrators' group in Active Directory.
## GroupSid
-Enter the SID or the administrators group in Active Directory.
+Enter the SID or the administrators' group in Active Directory.
diff --git a/windows/configuration/windows-10-accessibility-for-ITPros.md b/windows/configuration/windows-10-accessibility-for-ITPros.md
index 3f9a6310d2..6bd9df7cb4 100644
--- a/windows/configuration/windows-10-accessibility-for-ITPros.md
+++ b/windows/configuration/windows-10-accessibility-for-ITPros.md
@@ -1,14 +1,14 @@
---
title: Windows 10 accessibility information for IT Pros (Windows 10)
-description: Lists the various accessibility features available in Windows 10 with links to detailed guidance on how to set them
+description: Lists the various accessibility features available in Windows 10 with links to detailed guidance on how to set them
keywords: accessibility, settings, vision, hearing, physical, cognition, assistive
ms.prod: w10
-ms.author: aaroncz
-author: aczechowski
+ms.author: lizlong
+author: lizgt2000
ms.localizationpriority: medium
ms.date: 01/12/2018
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.topic: reference
---
@@ -19,7 +19,7 @@ This topic helps IT administrators learn about built-in accessibility features,
## General recommendations
- **Be aware of Ease of Access settings** – Understand how people in your organization might use these settings. Help people in your organization learn how they can customize Windows 10.
- **Do not block settings** – Avoid using Group Policy or MDM settings that override Ease of Access settings.
-- **Encourage choice** – Allow people in your organization to customize their computers based on their needs. That might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
+- **Encourage choice** – Allow people in your organization to customize their computers based on their needs. That customization might mean installing an add-on for their browser, or a non-Microsoft assistive technology.
## Vision
@@ -28,12 +28,12 @@ This topic helps IT administrators learn about built-in accessibility features,
| [Use Narrator to use devices without a screen](https://support.microsoft.com/help/22798/windows-10-narrator-get-started) | Narrator describes Windows and apps and enables you to control devices by using a keyboard, controller, or with a range of gestures on touch-supported devices.|
| [Create accessible apps](https://developer.microsoft.com/windows/accessible-apps) | You can develop accessible apps just like Mail, Groove, and Store that work well with Narrator and other leading screen readers.|
| Use keyboard shortcuts for [Windows](https://support.microsoft.com/help/12445/windows-keyboard-shortcuts), [Narrator](https://support.microsoft.com/help/22806), and [Magnifier](https://support.microsoft.com/help/13810) | Get the most out of Windows with shortcuts for apps and desktops.|
-| Get closer with [Magnifier](https://support.microsoft.com/help/11542/windows-use-magnifier) | Magnifier enlarges all or part of your screen and offers a variety of configuration settings.|
+| Get closer with [Magnifier](https://support.microsoft.com/help/11542/windows-use-magnifier) | Magnifier enlarges all or part of your screen and offers various configuration settings.|
| [Cursor and pointer adjustments](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | Changing the size or color of pointers or adding trails or touch feedback make it easier to follow the mouse.|
-| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle a variety of tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
+| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
| [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
| [Customize the size](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) of screen items | You can adjust the size of text, icons, and other screen items to make them easier to see.|
-| [Improve contrast](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | A number of high-contrast themes are available to suit your needs.|
+| [Improve contrast](https://support.microsoft.com/help/27928/windows-10-make-windows-easier-to-see) | Many high-contrast themes are available to suit your needs.|
| [Simplify for focus](https://support.microsoft.com/help/27930) | Reducing animations and turning off background images and transparency can minimize distractions.|
| [Keep notifications around longer](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear) | If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.|
| [Read in Braille](https://support.microsoft.com/help/4004263) | Narrator supports braille displays from more than 35 manufacturers using more than 40 languages and multiple braille variants.|
@@ -43,19 +43,19 @@ This topic helps IT administrators learn about built-in accessibility features,
| Accessibility feature | Description |
|---------------------------|------------|
| [Transcribe with Translator](https://www.skype.com/en/features/skype-translator) | Translator can transcribe voice to text so you won’t miss what’s being said. |
-| [Use Skype for sign language](https://www.skype.com/en/) | Skype is available on a variety of platforms and devices, so you don’t have to worry about whether your co-workers, friends and family can communicate with you.|
+| [Use Skype for sign language](https://www.skype.com/en/) | Skype is available on various platforms and devices, so you don’t have to worry about whether your co-workers, friends and family can communicate with you.|
| [Get visual notifications for sounds](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear) | You can replace audible alerts with visual alerts.|
| [Keep notifications around longer](https://support.microsoft.com/help/27933/windows-10-make-windows-easier-to-hear)|If notifications aren't staying visible long enough for you to notice them, you can increase the time a notification will be displayed up to five minutes.|
| [Read spoken words with closed captioning](https://support.microsoft.com/help/21055/windows-10-closed-caption-settings) | You can customize things like color, size, and background transparency to suit your needs and tastes.|
-| [Switch to mono audio](https://support.microsoft.com/help/27933/) | Sending all sounds to both left and right channels is helpful for those with partial hearing loss or deafness in one ear.|
+| [Switch to mono audio](https://support.microsoft.com/help/27933/) | Sending all sounds to both left and right channels is helpful for those people with partial hearing loss or deafness in one ear.|
## Physical
| Accessibility feature | Description|
|---------------------------|------------|
-| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle a variety of tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
+| [Have Cortana assist](https://support.microsoft.com/help/17214/windows-10-what-is) | Cortana can handle various tasks for you, including setting reminders, opening apps, finding facts, and sending emails and texts.|
| [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
-| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or othet pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
+| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or other pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
| [Live Tiles](https://support.microsoft.com/help/17176/windows-10-organize-your-apps)| Because Live Tiles display constantly updated information for many apps, you don't have to bother actually opening them. You can arrange, resize, and move tiles as needed.|
| [Keyboard assistance features](https://support.microsoft.com/help/27936)| You can personalize your keyboard to ignore repeated keys and do other helpful things if you have limited control of your hands.|
| [Mouse Keys](https://support.microsoft.com/help/27936)|If a mouse is difficult to use, you can control the pointer by using your numeric keypad.|
@@ -65,7 +65,7 @@ This topic helps IT administrators learn about built-in accessibility features,
| Accessibility feature | Description|
|---------------------------|------------|
| [Simplify for focus](https://support.microsoft.com/help/27930) | Reducing animations and turning off background images and transparency can minimize distractions.|
-| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or othet pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
+| Use the On-Screen Keyboard (OSK) | Instead of relying on a physical keyboard, you can use the [On-Screen Keyboard](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard) to type and enter data and select keys with a mouse or other pointing device. Additionally, the OSK offers [word prediction and completion](https://support.microsoft.com/help/10762/windows-use-on-screen-keyboard).|
| [Dictate text and commands](https://support.microsoft.com/help/17208/windows-10-use-speech-recognition) | Windows includes speech recognition that lets you tell it what to do.|
| [Use fonts that are easier to read](https://www.microsoft.com/download/details.aspx?id=50721) | Fluent Sitka Small and Fluent Calibri are fonts that address "visual crowding" by adding character and enhance word and line spacing. |
| [Edge Reading View](https://support.microsoft.com/help/17204/windows-10-take-your-reading-with-you) | Clears distracting content from web pages so you can stay focused on what you really want to read. |
@@ -80,7 +80,7 @@ This topic helps IT administrators learn about built-in accessibility features,
| [Use Speech Recognition]( https://support.microsoft.com/help/17208 ) | Narrator reads text on your PC screen aloud and describes events, such as notifications or calendar appointments, so you can use your PC without a display.|
| [Save time with keyboard shortcuts]( https://support.microsoft.com/help/17189) | Keyboard shortcuts for apps and desktops.|
-## Additional resources
+## Other resources
[Windows accessibility](https://www.microsoft.com/Accessibility/windows)
[Designing accessible software]( https://msdn.microsoft.com/windows/uwp/accessibility/designing-inclusive-software)
diff --git a/windows/configuration/windows-10-start-layout-options-and-policies.md b/windows/configuration/windows-10-start-layout-options-and-policies.md
index 4965185168..11028a1ef0 100644
--- a/windows/configuration/windows-10-start-layout-options-and-policies.md
+++ b/windows/configuration/windows-10-start-layout-options-and-policies.md
@@ -2,10 +2,10 @@
title: Customize and manage the Windows 10 Start and taskbar layout (Windows 10) | Microsoft Docs
description: On Windows devices, customize the start menu layout and taskbar using XML, group policy, provisioning package, or MDM policy. You can add pinned folders, add a start menu size, pin apps to the taskbar, and more.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 08/05/2021
diff --git a/windows/configuration/windows-spotlight.md b/windows/configuration/windows-spotlight.md
index 88baf2f9e0..fcf7dec824 100644
--- a/windows/configuration/windows-spotlight.md
+++ b/windows/configuration/windows-spotlight.md
@@ -2,10 +2,10 @@
title: Configure Windows Spotlight on the lock screen (Windows 10)
description: Windows Spotlight is an option for the lock screen background that displays different background images on the lock screen.
ms.reviewer:
-manager: dougeby
+manager: aaroncz
ms.prod: w10
-author: aczechowski
-ms.author: aaroncz
+author: lizgt2000
+ms.author: lizlong
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/30/2018
@@ -35,7 +35,7 @@ For managed devices running Windows 10 Enterprise and Windows 10 Education, en
- **Background image**
- The Windows Spotlight displays a new image on the lock screen each day. The initial background image is included during installation. Additional images are downloaded on ongoing basis.
+ The Windows Spotlight displays a new image on the lock screen each day. The initial background image is included during installation. More images are downloaded on ongoing basis.
@@ -67,7 +67,7 @@ Windows Spotlight is enabled by default. Windows 10 provides Group Policy and mo
| **Configure Spotlight on lock screen** | **Experience/Configure Windows Spotlight On Lock Screen** | Specifically controls the use of the dynamic Windows Spotlight image on the lock screen, and can be enabled or disabled | Windows 10 Enterprise and Education, version 1607 and later |
| **Turn off the Windows Spotlight on Action Center** | **Experience/Allow Windows Spotlight On Action Center** | Turn off Suggestions from Microsoft that show after each clean install, upgrade, or on an on-going basis to introduce users to what is new or changed | Windows 10 Enterprise and Education, version 1703 |
| **Do not use diagnostic data for tailored experiences** | **Experience/Allow Tailored Experiences With Diagnostic Data** | Prevent Windows from using diagnostic data to provide tailored experiences to the user | Windows 10 Pro, Enterprise, and Education, version 1703 |
-| **Turn off the Windows Welcome Experience** | **Experience/Allow Windows Spotlight Windows Welcome Experience** | Turn off the Windows Spotlight Windows Welcome experience which helps introduce users to Windows, such as launching Microsoft Edge with a web page highlighting new features | Windows 10 Enterprise and Education, version 1703 |
+| **Turn off the Windows Welcome Experience** | **Experience/Allow Windows Spotlight Windows Welcome Experience** | Turn off the Windows Spotlight Windows Welcome experience that helps introduce users to Windows, such as launching Microsoft Edge with a web page highlighting new features | Windows 10 Enterprise and Education, version 1703 |
**Turn off the Windows Spotlight on Settings** | **Experience/Allow Windows Spotlight on Settings** | Turn off the Windows Spotlight in the Settings app. | Windows 10 Enterprise and Education, version 1803 |
@@ -80,11 +80,11 @@ Windows Spotlight is enabled by default. Windows 10 provides Group Policy and mo
-Pay attention to the checkbox in **Options**. In addition to providing the path to the lock screen image, administrators can choose to allow or **Turn off fun facts, tips, tricks, and more on lock screen**. If the checkbox is not selected, users will see the lock screen image that is defined in the policy setting, and will also see occasional messages.
+Pay attention to the checkbox in **Options**. In addition to providing the path to the lock screen image, administrators can choose to allow or **Turn off fun facts, tips, tricks, and more on lock screen**. If the checkbox isn't selected, users will see the lock screen image that is defined in the policy setting, and will also see occasional messages.
## Resolution for custom lock screen image
-A concern with custom lock screen images is how they will appear on different screen sizes and resolutions.
+A concern with custom lock screen images is how they'll appear on different screen sizes and resolutions.
A custom lock screen image created in 16:9 aspect ratio (1600x900) will scale properly on devices using a 16:9 resolution, such as 1280x720 or 1920x1080. On devices using other aspect ratios, such as 4:3 (1024x768) or 16:10 (1280x800), height scales correctly and width is cropped to a size equal to the aspect ratio. The image will remain centered on the screen
diff --git a/windows/deployment/TOC.yml b/windows/deployment/TOC.yml
index 35e59bd128..5daa9b74d5 100644
--- a/windows/deployment/TOC.yml
+++ b/windows/deployment/TOC.yml
@@ -185,8 +185,9 @@
- name: Monitor Windows client updates
items:
- name: Monitor with Update Compliance (preview version)
- href: update/update-compliance-v2-overview.md
items:
+ - name: Update Compliance overview
+ href: update/update-compliance-v2-overview.md
- name: Enable Update Compliance (preview)
items:
- name: Update Compliance prerequisites
@@ -200,11 +201,15 @@
- name: Configure clients with Microsoft Endpoint Manager
href: update/update-compliance-v2-configuration-mem.md
- name: Use Update Compliance (preview)
- items:
- - name: Use Update Compliance
- href: update/update-compliance-v2-use.md
+ items:
+ - name: Update Compliance workbook
+ href: update/update-compliance-v2-workbook.md
- name: Software updates in the Microsoft admin center (preview)
- href: update/update-status-admin-center.md
+ href: update/update-status-admin-center.md
+ - name: Use Update Compliance data
+ href: update/update-compliance-v2-use.md
+ - name: Feedback, support, and troubleshooting
+ href: update/update-compliance-v2-help.md
- name: Update Compliance schema reference (preview)
items:
- name: Update Compliance schema reference
diff --git a/windows/deployment/Windows-AutoPilot-EULA-note.md b/windows/deployment/Windows-AutoPilot-EULA-note.md
index 7fce81849b..1b7ef3ad3b 100644
--- a/windows/deployment/Windows-AutoPilot-EULA-note.md
+++ b/windows/deployment/Windows-AutoPilot-EULA-note.md
@@ -17,4 +17,4 @@ ms.topic: article
Using this tool allows you to configure individual installations of Windows on devices managed by your organization. You may choose to suppress or hide certain set-up screens that are normally presented to users when setting up Windows, including the EULA acceptance screen.
-By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you did not suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you have not validly acquired a license for the software from Microsoft or its licensed distributors.
+By using this function, you agree that suppressing or hiding any screens that are designed to provide users with notice or acceptance of terms means that you, on behalf of your organization or the individual user as the case may be, have consented to the notices and accepted the applicable terms. This consent includes your agreement to the terms and conditions of the license or notice that would be presented to the user if you didn't suppress or hide it using this tool. You and your users may not use the Windows software on those devices if you haven't validly acquired a license for the software from Microsoft or its licensed distributors.
diff --git a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
index a841cb6907..a4360e4aa4 100644
--- a/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
+++ b/windows/deployment/configure-a-pxe-server-to-load-windows-pe.md
@@ -34,7 +34,7 @@ All four of the roles specified above can be hosted on the same computer or each
2. Right-click **Deployment and Imaging Tools Environment** and then click **Run as administrator**. The Deployment and Imaging Tools Environment shortcut opens a Command Prompt window and automatically sets environment variables to point to all the necessary tools.
-3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. The value of **<architecture>** can be **x86**, **amd64**, or **arm** and **<destination>** is a path to a local directory. If the directory does not already exist, it will be created.
+3. Run the following command to copy the base Windows PE files into a new folder. The script requires two arguments: hardware architecture and destination location. The value of **<architecture>** can be **x86**, **amd64**, or **arm** and **<destination>** is a path to a local directory. If the directory doesn't already exist, it will be created.
```
copype.cmd
@@ -167,7 +167,7 @@ ramdisksdipath \Boot\boot.sdi
## PXE boot process summary
-The following summarizes the PXE client boot process.
+The following process summarizes the PXE client boot.
>The following assumes that you have configured DHCP option 67 (Bootfile Name) to "boot\PXEboot.n12" which enables direct boot to PXE with no user interaction. For more information about DHCP options for network boot, see [Managing Network Boot Programs](/previous-versions/windows/it-pro/windows-server-2008-R2-and-2008/cc732351(v=ws.10)).
@@ -177,7 +177,7 @@ The following summarizes the PXE client boot process.
5. Bootmgr.exe reads the BCD operating system entries and downloads boot\\boot.sdi and the Windows PE image (boot\\boot.wim). Optional files that can also be downloaded include true type fonts (boot\\Fonts\\wgl4\_boot.ttf) and the hibernation state file (\\hiberfil.sys) if these files are present.
6. Bootmgr.exe starts Windows PE by calling winload.exe within the Windows PE image.
7. Windows PE loads, a command prompt opens and wpeinit.exe is run to initialize Windows PE.
-8. The Windows PE client provides access to tools like imagex, diskpart, and bcdboot using the Windows PE command prompt. Using these tools together with a Windows 10 image file, the destination computer can be formatted properly to load a full Windows 10 operating system.
+8. The Windows PE client provides access to tools like imagex, diskpart, and bcdboot using the Windows PE command prompt. With the help of these tools accompanied by a Windows 10 image file, the destination computer can be formatted properly to load a full Windows 10 operating system.
## See Also
diff --git a/windows/deployment/deploy-enterprise-licenses.md b/windows/deployment/deploy-enterprise-licenses.md
index abb43c1a9e..0eb5352dfa 100644
--- a/windows/deployment/deploy-enterprise-licenses.md
+++ b/windows/deployment/deploy-enterprise-licenses.md
@@ -18,10 +18,10 @@ This topic describes how to deploy Windows 10 or Windows 11 Enterprise E3 or E5
> * Windows 10/11 Enterprise Subscription Activation (EA or MPSA) requires Windows 10 Pro, version 1703 or later. Windows 11 is considered "later" in this context.
> * Windows 10/11 Enterprise E3 in CSP requires Windows 10 Pro, version 1607 or later.
> * Automatic, non-KMS activation requires Windows 10, version 1803 or later, on a device with a firmware-embedded activation key.
-> * Windows 10/11 Enterprise Subscription Activation requires Windows 10/11 Enterprise per user licensing; it does not work on per device based licensing.
+> * Windows 10/11 Enterprise Subscription Activation requires Windows 10/11 Enterprise per user licensing; it doesn't work on per device based licensing.
> [!IMPORTANT]
-> An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device is not able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1. If this REG_DWORD is present, it must be set to 0.
+> An issue has been identified where devices can lose activation status or be blocked from upgrading to Windows Enterprise if the device isn't able to connect to Windows Update. A workaround is to ensure that devices do not have the REG_DWORD present HKLM\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\DoNotConnectToWindowsUpdateInternetLocations and set to 1. If this REG_DWORD is present, it must be set to 0.
>
>Also ensure that the Group Policy setting: Computer Configuration > Administrative Templates > Windows Components > Windows Update > "Do not connect to any Windows Update Internet locations" is set to "Disabled".
@@ -33,18 +33,18 @@ To determine if the computer has a firmware-embedded activation key, type the fo
(Get-CimInstance -query ‘select * from SoftwareLicensingService’).OA3xOriginalProductKey
```
-If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device does not have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
+If the device has a firmware-embedded activation key, it will be displayed in the output. If the output is blank, the device doesn't have a firmware embedded activation key. Most OEM-provided devices designed to run Windows 8 or later will have a firmware-embedded key.
## Enabling Subscription Activation with an existing EA
-If you are an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant:
+If you're an EA customer with an existing Office 365 tenant, use the following steps to enable Windows 10 Subscription licenses on your existing tenant:
1. Work with your reseller to place an order for one $0 SKU per user. There are two SKUs available, depending on their current Windows Enterprise SA license:
- **AAA-51069** - Win10UsrOLSActv Alng MonthlySub Addon E3
- **AAA-51068** - Win10UsrOLSActv Alng MonthlySub Addon E5
-2. After placing an order, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
+2. After an order is placed, the OLS admin on the agreement will receive a service activation email, indicating their subscription licenses have been provisioned on the tenant.
3. The admin can now assign subscription licenses to users.
Use the following process if you need to update contact information and retrigger activation in order to resend the activation email:
@@ -55,7 +55,7 @@ Use the following process if you need to update contact information and retrigge
4. Enter your agreement number, and then click **Search**.
5. Click the **Service Name**.
6. In the **Subscription Contact** section, click the name listed under **Last Name**.
-7. Update the contact information, then click **Update Contact Details**. This will trigger a new email.
+7. Update the contact information, then click **Update Contact Details**. This action will trigger a new email.
Also in this article:
- [Explore the upgrade experience](#explore-the-upgrade-experience): How to upgrade devices using the deployed licenses.
@@ -65,7 +65,7 @@ Also in this article:
You probably have on-premises Active Directory Domain Services (AD DS) domains. Users will use their domain-based credentials to sign in to the AD DS domain. Before you start deploying Windows 10/11 Enterprise E3 or E5 licenses to users, you need to synchronize the identities in the on-premises ADDS domain with Azure AD.
-You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10/11 Enterprise E3 or E5). This means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
+You might ask why you need to synchronize these identities. The answer is so that users will have a *single identity* that they can use to access their on-premises apps and cloud services that use Azure AD (such as Windows 10/11 Enterprise E3 or E5). This synchronization means that users can use their existing credentials to sign in to Azure AD and access the cloud services that you provide and manage for them.
**Figure 1** illustrates the integration between the on-premises AD DS domain with Azure AD. [Microsoft Azure Active Directory Connect](https://www.microsoft.com/download/details.aspx?id=47594) (Azure AD Connect) is responsible for synchronization of identities between the on-premises AD DS domain and Azure AD. Azure AD Connect is a service that you can install on-premises or in a virtual machine in Azure.
@@ -79,7 +79,7 @@ For more information about integrating on-premises AD DS domains with Azure AD,
- [Azure AD + Domain Join + Windows 10](https://blogs.technet.microsoft.com/enterprisemobility/2016/02/17/azure-ad-domain-join-windows-10/)
> [!NOTE]
-> If you are implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
+> If you're implementing Azure AD, and you already have an on-premises domain, you don't need to integrate with Azure AD, since your main authentication method is your internal AD. If you want to manage all your infrastructure in the cloud, you can safely configure your domain controller remotely to integrate your computers with Azure AD, but you won't be able to apply fine controls using GPO. Azure AD is best suited for the global administration of devices when you don't have any on-premises servers.
## Preparing for deployment: reviewing requirements
@@ -164,7 +164,7 @@ Now the device is Azure AD–joined to the company's subscription.
### Step 2: Pro edition activation
> [!IMPORTANT]
-> If your device is running Windows 10, version 1803 or later, this step is not needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
+> If your device is running Windows 10, version 1803 or later, this step isn't needed. From Windows 10, version 1803, the device will automatically activate Windows 10 Enterprise using the firmware-embedded activation key.
> If the device is running Windows 10, version 1703 or 1709, then Windows 10 Pro must be successfully activated in **Settings > Update & Security > Activation**, as illustrated in **Figure 7a**.
@@ -175,7 +175,7 @@ Windows 10/11 Pro activation is required before Enterprise E3 or E5 can be enabl
### Step 3: Sign in using Azure AD account
-Once the device is joined to your Azure AD subscription, the user will sign in by using his or her Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
+Once the device is joined to your Azure AD subscription, the users will sign in by using their Azure AD account, as illustrated in **Figure 8**. The Windows 10 Enterprise E3 or E5 license associated with the user will enable Windows 10 Enterprise edition capabilities on the device.
@@ -208,14 +208,14 @@ Virtual machines (VMs) must be configured to enable Windows 10 Enterprise subscr
In some instances, users may experience problems with the Windows 10/11 Enterprise E3 or E5 subscription. The most common problems that users may experience are as follows:
-- The existing Windows 10 Pro, version 1703 or 1709 operating system is not activated. This problem does not apply to Windows 10, version 1803 or later.
+- The existing Windows 10 Pro, version 1703 or 1709 operating system isn't activated. This problem doesn't apply to Windows 10, version 1803 or later.
- The Windows 10/11 Enterprise E3 or E5 subscription has lapsed or has been removed.
Use the following figures to help you troubleshoot when users experience these common problems:
- [Figure 9](#win-10-activated-subscription-active) (see the section above) illustrates a device in a healthy state, where Windows 10 Pro is activated and the Windows 10 Enterprise subscription is active.
-- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro is not activated, but the Windows 10 Enterprise subscription is active.
+- [Figure 10](#win-10-not-activated) (below) illustrates a device on which Windows 10 Pro isn't activated, but the Windows 10 Enterprise subscription is active.
@@ -227,7 +227,7 @@ Use the following figures to help you troubleshoot when users experience these c
Figure 11 - Windows 10 Enterprise subscription lapsed or removed in Settings
-- [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license is not activated and the Windows 10 Enterprise subscription is lapsed or removed.
+- [Figure 12](#win-10-not-activated-subscription-not-active) (below) illustrates a device on which Windows 10 Pro license isn't activated and the Windows 10 Enterprise subscription is lapsed or removed.
@@ -252,5 +252,5 @@ If a device is running a version of Windows 10 Pro prior to version 1703 (for ex
### Delay in the activation of Enterprise License of Windows 10
-This is by design. Windows 10 and Windows 11 include a built-in cache that is used when determining upgrade eligibility, including responses that indicate that the device is not eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires.
+This delay is by design. Windows 10 and Windows 11 include a built-in cache that is used when determining upgrade eligibility, including responses that indicate that the device isn't eligible for an upgrade. It can take up to four days after a qualifying purchase before the upgrade eligibility is enabled and the cache expires.
diff --git a/windows/deployment/deploy-m365.md b/windows/deployment/deploy-m365.md
index c32aeb19ba..778cc5f140 100644
--- a/windows/deployment/deploy-m365.md
+++ b/windows/deployment/deploy-m365.md
@@ -20,7 +20,7 @@ ms.custom: seo-marvel-apr2020
This topic provides a brief overview of Microsoft 365 and describes how to use a free 90-day trial account to review some of the benefits of Microsoft 365.
-[Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS). See the [M365 Enterprise poster](#m365-enterprise-poster) for an overview.
+[Microsoft 365](https://www.microsoft.com/microsoft-365) is a new offering from Microsoft that combines [Windows 10](https://www.microsoft.com/windows/features) with [Office 365](https://www.microsoft.com/microsoft-365/office-365), and [Enterprise Mobility and Security](https://www.microsoft.com/cloud-platform/enterprise-mobility-security) (EMS). See the [Microsoft 365 Enterprise poster](#microsoft-365-enterprise-poster) for an overview.
For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor that can walk you through the entire process of deploying Windows 10. The wizard supports multiple Windows 10 deployment methods, including:
@@ -35,7 +35,7 @@ For Windows 10 deployment, Microsoft 365 includes a fantastic deployment advisor
**If you already have a Microsoft services subscription account and access to the Microsoft 365 Admin Center**
From the [Microsoft 365 Admin Center](https://portal.office.com), go to Billing and then Purchase services.
-In the Enterprise Suites section of the service offerings, you will find Microsoft 365 E3 and Microsoft 365 E5 tiles.
+In the Enterprise Suites section of the service offerings, you'll find Microsoft 365 E3 and Microsoft 365 E5 tiles.
There are "Start Free Trial" options available for your selection by hovering your mouse over the tiles.
**If you do not already have a Microsoft services subscription**
@@ -45,11 +45,11 @@ You can check out the Microsoft 365 deployment advisor and other resources for f
>[!NOTE]
>If you have not run a setup guide before, you will see the **Prepare your environment** guide first. This is to make sure you have basics covered like domain verification and a method for adding users. At the end of the "Prepare your environment" guide, there will be a **Ready to continue** button that sends you to the original guide that was selected.
-1. [Explore Microsoft 365](https://www.microsoft.com/microsoft-365/business/).
+1. [Obtain a free Microsoft 365 trial](/microsoft-365/commerce/try-or-buy-microsoft-365).
2. Check out the [Microsoft 365 deployment advisor](https://aka.ms/microsoft365setupguide).
3. Also check out the [Windows Analytics deployment advisor](/mem/configmgr/desktop-analytics/overview). This advisor will walk you through deploying [Desktop Analytics](/mem/configmgr/desktop-analytics/overview).
-That's all there is to it!
+That's all there's to it!
Examples of these two deployment advisors are shown below.
@@ -62,9 +62,9 @@ Examples of these two deployment advisors are shown below.
## Windows Analytics deployment advisor example
-## M365 Enterprise poster
+## Microsoft 365 Enterprise poster
-[](https://aka.ms/m365eposter)
+[](https://aka.ms/m365eposter)
## Related Topics
diff --git a/windows/deployment/deploy-whats-new.md b/windows/deployment/deploy-whats-new.md
index 6f43fb16f4..55f1a653a6 100644
--- a/windows/deployment/deploy-whats-new.md
+++ b/windows/deployment/deploy-whats-new.md
@@ -42,7 +42,7 @@ The [Windows ADK for Windows 11](/windows-hardware/get-started/adk-install) is a
New capabilities are available for [Delivery Optimization](#delivery-optimization) and [Windows Update for Business](#windows-update-for-business).
VPN support is added to [Windows Autopilot](#windows-autopilot)
An in-place upgrade wizard is available in [Configuration Manager](#microsoft-endpoint-configuration-manager).
-The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with additional content added and more content coming soon.
+The Windows 10 deployment and update [landing page](index.yml) has been redesigned, with more content added and more content coming soon.
## The Modern Desktop Deployment Center
@@ -55,7 +55,7 @@ Microsoft 365 is a new offering from Microsoft that combines
- Office 365
- Enterprise Mobility and Security (EMS).
-See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, which now includes a link to download a nifty [M365 Enterprise poster](deploy-m365.md#m365-enterprise-poster).
+See [Deploy Windows 10 with Microsoft 365](deploy-m365.md) for an overview, which now includes a link to download a nifty [Microsoft 365 Enterprise poster](deploy-m365.md#microsoft-365-enterprise-poster).
## Windows 10 servicing and support
@@ -65,12 +65,12 @@ Windows PowerShell cmdlets for Delivery Optimization have been improved:
- **Get-DeliveryOptimizationStatus** has added the **-PeerInfo** option for a real-time peak behind the scenes on peer-to-peer activity (for example the peer IP Address, bytes received / sent).
- **Get-DeliveryOptimizationLogAnalysis** is a new cmdlet that provides a summary of the activity in your DO log (# of downloads, downloads from peers, overall peer efficiency). Use the **-ListConnections** option to for in-depth look at peer-to-peer connections.
-- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to assist in troubleshooting.
+- **Enable-DeliveryOptimizationVerboseLogs** is a new cmdlet that enables a greater level of logging detail to help in troubleshooting.
-Additional improvements in [Delivery Optimization](./do/waas-delivery-optimization.md) include:
+Other improvements in [Delivery Optimization](./do/waas-delivery-optimization.md) include:
- Enterprise network [throttling is enhanced](/windows-insider/archive/new-for-business#new-download-throttling-options-for-delivery-optimization-build-18917) to optimize foreground vs. background throttling.
- Automatic cloud-based congestion detection is available for PCs with cloud service support.
-- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). This now supports Microsoft 365 Apps for enterprise updates and Intune content, with Microsoft Endpoint Manager content coming soon!
+- Improved peer efficiency for enterprises and educational institutions with complex networks is enabled with [new policies](/windows/client-management/mdm/policy-csp-deliveryoptimization). These policies now support Microsoft 365 Apps for enterprise updates and Intune content, with Microsoft Endpoint Manager content coming soon!
The following Delivery Optimization policies are removed in the Windows 10, version 2004 release:
@@ -85,17 +85,17 @@ The following Delivery Optimization policies are removed in the Windows 10, vers
[Windows Update for Business](./update/waas-manage-updates-wufb.md) enhancements in this release include:
- Intune console updates: target version is now available allowing you to specify which version of Windows 10 you want devices to move to. Additionally, this capability enables you to keep devices on their current version until they reach end of service. Check it out in Intune, also available as a Group Policy and Configuration Service Provider (CSP) policy.
-- Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we have created a new policy that enables admins to opt devices out of the built-in safeguard holds.
+- Validation improvements: To ensure devices and end users stay productive and protected, Microsoft uses safeguard holds to block devices from updating when there are known issues that would impact that device. Also, to better enable IT administrators to validate on the latest release, we've created a new policy that enables admins to opt devices out of the built-in safeguard holds.
-- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically log on as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
+- [**Automatic Restart Sign-on (ARSO)**](/windows-server/identity/ad-ds/manage/component-updates/winlogon-automatic-restart-sign-on--arso-): Windows will automatically sign in as the user and lock their device in order to complete the update, ensuring that when the user returns and unlocks the device, the update will be completed.
- [**Windows Update for Business**](https://techcommunity.microsoft.com/t5/Windows-IT-Pro-Blog/Windows-Update-for-Business-and-the-retirement-of-SAC-T/ba-p/339523): There will now be a single, common start date for phased deployments (no more SAC-T designation). In addition, there will be a new notification and reboot scheduling experience for end users, the ability to enforce update installation and reboot deadlines, and the ability to provide end user control over reboots for a specific time period.
-- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and running normally.
-- **Pause updates**: We have extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you will need to update your device before pausing again.
+- **Update rollback improvements**: You can now automatically recover from startup failures by removing updates if the startup failure was introduced after the installation of recent driver or quality updates. When a device is unable to start up properly after the recent installation of Quality of driver updates, Windows will now automatically uninstall the updates to get the device back up and run normally.
+- **Pause updates**: We've extended the ability to pause updates for both feature and monthly updates. This extension ability is for all editions of Windows 10, including Home. You can pause both feature and monthly updates for up to 35 days (seven days at a time, up to five times). Once the 35-day pause period is reached, you'll need to update your device before pausing again.
- **Improved update notifications**: When there's an update requiring you to restart your device, you'll see a colored dot on the Power button in the Start menu and on the Windows icon in your taskbar.
-- **Intelligent active hours**: To further enhance active hours, users will now have the option to let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
+- **Intelligent active hours**: To further enhance active hours, users now can let Windows Update intelligently adjust active hours based on their device-specific usage patterns. You must enable the intelligent active hours feature for the system to predict device-specific usage patterns.
- **Improved update orchestration to improve system responsiveness**: This feature will improve system performance by intelligently coordinating Windows updates and Microsoft Store updates, so they occur when users are away from their devices to minimize disruptions.
-Microsoft previously announced that we are [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. This includes all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Microsoft 365 Apps for enterprise will continue to be supported for 18 months (there is no change for these editions). These support policies are summarized in the table below.
+Microsoft previously announced that we're [extending support](https://www.microsoft.com/microsoft-365/blog/2018/09/06/helping-customers-shift-to-a-modern-desktop) for Windows 10 Enterprise and Windows 10 Education editions to 30 months from the version release date. These editions include all past versions and future versions that are targeted for release in September (versions ending in 09, ex: 1809). Future releases that are targeted for release in March (versions ending in 03, ex: 1903) will continue to be supported for 18 months from their release date. All releases of Windows 10 Home, Windows 10 Pro, and Microsoft 365 Apps for enterprise will continue to be supported for 18 months (there's no change for these editions). These support policies are summarized in the table below.
@@ -115,14 +115,14 @@ For more information, see [Windows 10 Enterprise E3 in CSP](windows-10-enterpris
With the release of Windows 10, version 2004 you can configure [Windows Autopilot user-driven](/windows/deployment/windows-autopilot/user-driven) Hybrid Azure Active Directory join with VPN support. This support is also backported to Windows 10, version 1909 and 1903.
-If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, this was only supported with self-deploying profiles.
+If you configure the language settings in the Autopilot profile and the device is connected to Ethernet, all scenarios will now skip the language, locale, and keyboard pages. In previous versions, these language settings were only supported with self-deploying profiles.
The following Windows Autopilot features are available in Windows 10, version 1903 and later:
-- [Windows Autopilot for white glove deployment](/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they are fully configured and business ready for your users.
+- [Windows Autopilot for white glove deployment](/windows/deployment/windows-autopilot/white-glove) is new in Windows 10, version 1903. "White glove" deployment enables partners or IT staff to pre-provision devices so they're fully configured and business ready for your users.
- The Intune [enrollment status page](/intune/windows-enrollment-status) (ESP) now tracks Intune Management Extensions.
- [Cortana voiceover](/windows-hardware/customize/desktop/cortana-voice-support) and speech recognition during OOBE is disabled by default for all Windows 10 Pro Education, and Enterprise SKUs.
-- Windows Autopilot is self-updating during OOBE. Starting with the Windows 10, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
+- Windows Autopilot is self-updating during OOBE. From Windows 10 onward, version 1903 Autopilot functional and critical updates will begin downloading automatically during OOBE.
- Windows Autopilot will set the [diagnostics data](/windows/privacy/windows-diagnostic-data) level to Full on Windows 10 version 1903 and later during OOBE.
### Microsoft Endpoint Configuration Manager
@@ -137,11 +137,11 @@ With Windows 10, version 1903, you can step-up from Windows 10 Pro Education to
### SetupDiag
-[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When searching log files, SetupDiag uses a set of rules to match known issues.
+[SetupDiag](upgrade/setupdiag.md) is a command-line tool that can help diagnose why a Windows 10 update failed. SetupDiag works by searching Windows Setup log files. When log files are being searched, SetupDiag uses a set of rules to match known issues.
In Windows 10, version 2004, SetupDiag is now automatically installed.
-During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, Windows Setup now also installs SetupDiag.exe to this directory. If there is an issue with the upgrade, SetupDiag is automatically run to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under %SystemDrive%\Windows.Old for cleanup.
+During the upgrade process, Windows Setup will extract all its sources files to the **%SystemDrive%\$Windows.~bt\Sources** directory. With Windows 10, version 2004 and later, Windows Setup now also installs SetupDiag.exe to this directory. If there's an issue with the upgrade, SetupDiag is automatically run to determine the cause of the failure. If the upgrade process proceeds normally, this directory is moved under %SystemDrive%\Windows.Old for cleanup.
### Upgrade Readiness
@@ -179,7 +179,7 @@ For more information, see [MBR2GPT.EXE](mbr-to-gpt.md).
### Microsoft Deployment Toolkit (MDT)
-MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019. There is currently an issue that causes MDT to incorrectly detect that UEFI is present in Windows 10, version 2004. This issue is currently under investigation.
+MDT version 8456 supports Windows 10, version 2004 and earlier operating systems, including Windows Server 2019. There's currently an issue that causes MDT to incorrectly detect that UEFI is present in Windows 10, version 2004. This issue is currently under investigation.
For the latest information about MDT, see the [MDT release notes](/mem/configmgr/mdt/release-notes).
diff --git a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
index 785a68cc3d..02c1c8a43b 100644
--- a/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
+++ b/windows/deployment/deploy-windows-cm/prepare-for-zero-touch-installation-of-windows-10-with-configuration-manager.md
@@ -20,7 +20,7 @@ This article walks you through the Zero Touch Installation (ZTI) process of Wind
## Prerequisites
-In this topic, you'll use [components](#components-of-configuration-manager-operating-system-deployment) of an existing Configuration Manager infrastructure to prepare for Windows 10 OSD. In addition to the base setup, the following configurations should be made in the Configuration Manager environment:
+In this article, you'll use [components](#components-of-configuration-manager-operating-system-deployment) of an existing Configuration Manager infrastructure to prepare for Windows 10 OSD. In addition to the base setup, the following configurations should be made in the Configuration Manager environment:
- Configuration Manager current branch + all security and critical updates are installed.
@@ -33,8 +33,9 @@ In this topic, you'll use [components](#components-of-configuration-manager-oper
- A file system folder structure and Configuration Manager console folder structure for packages has been created. Steps to verify or create this folder structure are [provided below](#review-the-sources-folder-structure).
- The [Windows ADK](/windows-hardware/get-started/adk-install) (including USMT) version 1903, Windows PE add-on, WSIM 1903 update, [MDT](https://www.microsoft.com/download/details.aspx?id=54259) version 8456, and DaRT 10 (part of [MDOP 2015](https://my.visualstudio.com/Downloads?q=Desktop%20Optimization%20Pack%202015)) are installed.
- The [CMTrace tool](/configmgr/core/support/cmtrace) (cmtrace.exe) is installed on the distribution point.
+
> [!NOTE]
- > CMTrace is automatically installed with the current branch of Configuration Manager at **Program Files\Microsoft Configuration Manager\tools\cmtrace.exe**. In previous releases of ConfigMgr, it was necessary to install the [Configuration Manager Toolkit](https://www.microsoft.com/download/details.aspx?id=50012) separately to get the CMTrace tool, but this separate installation is no longer needed. Configuration Manager version 1910 installs version 5.0.8913.1000 of the CMTrace tool.
+ > CMTrace is automatically installed with the current branch of Configuration Manager at **Program Files\Microsoft Configuration Manager\tools\cmtrace.exe**.
For the purposes of this guide, we'll use three server computers: DC01, CM01 and HV01.
- DC01 is a domain controller and DNS server for the contoso.com domain. DHCP services are also available and optionally installed on DC01 or another server.
@@ -62,7 +63,7 @@ On **DC01**:
To create the OU structure, you can use the Active Directory Users and Computers console (dsa.msc), or you can use Windows PowerShell. The procedure below uses Windows PowerShell.
-To use Windows PowerShell, copy the following commands into a text file and save it as C:\Setup\Scripts\ou.ps1. Ensure that you're viewing file extensions and that you save the file with the .ps1 extension.
+To use Windows PowerShell, copy the following commands into a text file and save it as `C:\Setup\Scripts\ou.ps1` Ensure that you're viewing file extensions and that you save the file with the `.ps1` extension.
```powershell
$oulist = Import-csv -Path c:\oulist.txt
@@ -378,13 +379,13 @@ You can create reference images for Configuration Manager in Configuration Manag
- MDT Lite Touch supports a Suspend action that allows for reboots, which is useful when you need to perform a manual installation or check the reference image before it's automatically captured.
- MDT Lite Touch doesn't require any infrastructure and is easy to delegate.
-## Related topics
+## Related articles
-[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)
-[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)
-[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)
-[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)
-[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)
-[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)
-[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)
+[Create a custom Windows PE boot image with Configuration Manager](create-a-custom-windows-pe-boot-image-with-configuration-manager.md)\
+[Add a Windows 10 operating system image using Configuration Manager](add-a-windows-10-operating-system-image-using-configuration-manager.md)\
+[Create an application to deploy with Windows 10 using Configuration Manager](create-an-application-to-deploy-with-windows-10-using-configuration-manager.md)\
+[Add drivers to a Windows 10 deployment with Windows PE using Configuration Manager](add-drivers-to-a-windows-10-deployment-with-windows-pe-using-configuration-manager.md)\
+[Create a task sequence with Configuration Manager and MDT](./create-a-task-sequence-with-configuration-manager-and-mdt.md)\
+[Deploy Windows 10 using PXE and Configuration Manager](deploy-windows-10-using-pxe-and-configuration-manager.md)\
+[Refresh a Windows 7 SP1 client with Windows 10 using Configuration Manager](refresh-a-windows-7-client-with-windows-10-using-configuration-manager.md)\
[Replace a Windows 7 SP1 client with Windows 10 using Configuration Manager](replace-a-windows-7-client-with-windows-10-using-configuration-manager.md)
diff --git a/windows/deployment/update/includes/update-compliance-admin-center-permissions.md b/windows/deployment/update/includes/update-compliance-admin-center-permissions.md
new file mode 100644
index 0000000000..01f67b2713
--- /dev/null
+++ b/windows/deployment/update/includes/update-compliance-admin-center-permissions.md
@@ -0,0 +1,22 @@
+---
+author: mestew
+ms.author: mstewart
+manager: dougeby
+ms.prod: w10
+ms.collection: M365-modern-desktop
+ms.topic: include
+ms.date: 08/18/2022
+ms.localizationpriority: medium
+---
+
+[Enabling Update Compliance](../update-compliance-v2-enable.md) requires access to the [Microsoft admin center software updates (preview) page](../update-status-admin-center.md) as does displaying Update Compliance data in the admin center. The following permissions are needed for access to the [Microsoft 365 admin center](https://admin.microsoft.com):
+
+
+- To enable Update Compliance, edit Update Compliance configuration settings, and view the **Windows** tab in the **Software Updates** page:
+ - [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
+ - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
+- To view the **Windows** tab in the **Software Updates** page:
+ - [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
+
+> [!NOTE]
+> These permissions for the Microsoft 365 admin center apply specifically to the **Windows** tab of the **Software Updates** page. For more information about the **Microsoft 365 Apps** tab, see [Microsoft 365 Apps updates in the admin center](/DeployOffice/updates/software-update-status).
diff --git a/windows/deployment/update/includes/update-compliance-onboard-admin-center.md b/windows/deployment/update/includes/update-compliance-onboard-admin-center.md
new file mode 100644
index 0000000000..13183b46dd
--- /dev/null
+++ b/windows/deployment/update/includes/update-compliance-onboard-admin-center.md
@@ -0,0 +1,23 @@
+---
+author: mestew
+ms.author: mstewart
+manager: dougeby
+ms.prod: w10
+ms.collection: M365-modern-desktop
+ms.topic: include
+ms.date: 08/18/2022
+ms.localizationpriority: medium
+---
+
+1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
+1. Expand **Health**, then select **Software Updates**. You may need to use the **Show all** option to display **Health** in the navigation menu.
+1. In the **Software Updates** page, select the **Windows** tab.
+1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](../update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance:
+
+ - The Azure subscription
+ - The Log Analytics workspace
+1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**.
+1. After the initial setup is complete, the **Windows** tab will display your Update Compliance data in the charts.
+
+> [!Tip]
+> If you don't see an entry for **Software updates (preview)** in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates).
diff --git a/windows/deployment/update/includes/update-compliance-script-error-codes.md b/windows/deployment/update/includes/update-compliance-script-error-codes.md
new file mode 100644
index 0000000000..fa70e9df8b
--- /dev/null
+++ b/windows/deployment/update/includes/update-compliance-script-error-codes.md
@@ -0,0 +1,62 @@
+---
+author: mestew
+ms.author: mstewart
+manager: dougeby
+ms.prod: w10
+ms.collection: M365-modern-desktop
+ms.topic: include
+ms.date: 08/18/2022
+ms.localizationpriority: medium
+---
+
+|Error |Description |
+|---------|---------|
+| 1 | General unexpected error|
+| 6 | Invalid CommercialID|
+| 8 | Couldn't create registry key path to set up CommercialID|
+| 9 | Couldn't write CommercialID at registry key path|
+| 11 | Unexpected result when setting up CommercialID.|
+| 12 | CheckVortexConnectivity failed, check Log output for more information.|
+| 12 | Unexpected failure when running CheckVortexConnectivity.|
+| 16 | Reboot is pending on device, restart device and restart script.|
+| 17 | Unexpected exception in CheckRebootRequired.|
+| 27 | Not system account. |
+| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
+| 34 | Unexpected exception when attempting to check Proxy settings.|
+| 35 | Unexpected exception when checking User Proxy.|
+| 37 | Unexpected exception when collecting logs|
+| 40 | Unexpected exception when checking and setting telemetry.|
+| 41 | Unable to impersonate logged-on user.|
+| 42 | Unexpected exception when attempting to impersonate logged-on user.|
+| 43 | Unexpected exception when attempting to impersonate logged-on user.|
+| 44 | Error when running CheckDiagTrack service.|
+| 45 | DiagTrack.dll not found.|
+| 48 | CommercialID isn't a GUID|
+| 50 | DiagTrack service not running.|
+| 51 | Unexpected exception when attempting to run Census.exe|
+| 52 | Couldn't find Census.exe|
+| 53 | There are conflicting CommercialID values.|
+| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.|
+| 55 | Failed to create new registry path for SetDeviceNameOptIn|
+| 56 | Failed to create property for SetDeviceNameOptIn at registry path|
+| 57 | Failed to update value for SetDeviceNameOptIn|
+| 58 | Unexpected exception in SetrDeviceNameOptIn|
+| 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.|
+| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
+| 61 | Unexpected exception when attempting to clean up OneSettings.|
+| 62 | AllowTelemetry registry key isn't of the correct type REG_DWORD|
+| 63 | AllowTelemetry isn't set to the appropriate value and it couldn't be set by the script.|
+| 64 | AllowTelemetry isn't of the correct type REG_DWORD.|
+| 66 | Failed to verify UTC connectivity and recent uploads.|
+| 67 | Unexpected failure when verifying UTC CSP.|
+| 91 | Failed to create new registry path for EnableAllowUCProcessing|
+| 92 | Failed to create property for EnableAllowUCProcessing at registry path|
+| 93 | Failed to update value for EnableAllowUCProcessing|
+| 94 | Unexpected exception in EnableAllowUCProcessing|
+| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline |
+| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path |
+| 97 | Failed to update value for EnableAllowCommercialDataPipeline |
+| 98 | Unexpected exception in EnableAllowCommercialDataPipeline |
+| 99 | Device isn't Windows 10.|
+| 100 | Device must be AADJ or hybrid AADJ to use Update Compliance |
+| 101 | Check AADJ failed with unexpected exception |
\ No newline at end of file
diff --git a/windows/deployment/update/includes/update-compliance-verify-device-configuration.md b/windows/deployment/update/includes/update-compliance-verify-device-configuration.md
new file mode 100644
index 0000000000..d3fdaa9c05
--- /dev/null
+++ b/windows/deployment/update/includes/update-compliance-verify-device-configuration.md
@@ -0,0 +1,43 @@
+---
+author: mestew
+ms.author: mstewart
+manager: dougeby
+ms.prod: w10
+ms.collection: M365-modern-desktop
+ms.topic: include
+ms.date: 08/10/2022
+ms.localizationpriority: medium
+---
+
+
+In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps:
+
+1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer).
+ 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
+ 1. Under **View diagnostic data**, select **On** for the following option:
+
+ - Windows 11: **Turn on the Diagnostic Data Viewer (uses up to 1 GB of hard drive space)**
+ - Windows 10: **Turn on this setting to see your data in the Diagnostic Data Viewer. (Setting uses up to 1GB of hard drive space.)**
+
+1. Select **Open Diagnostic Data Viewer**.
+ - If the application isn't installed, select **Get** when you're asked to download the [Diagnostic Data Viewer from the Microsoft Store](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
+ - If the application is already installed, it will open. You can either close the application before running a scan for software updates, or use the refresh button to fetch the new data after the scan is completed.
+
+1. Check for software updates on the client device.
+ - Windows 11:
+ 1. Go to **Start**, select **Settings** > **Windows Update**.
+ 1. Select **Check for updates** then wait for the update check to complete.
+ - Windows 10:
+ 1. Go to **Start**, select **Settings** > **Update & Security** > **Windows Update**.
+ 1. Select **Check for updates** then wait for the update check to complete.
+
+1. Run the **Diagnostic Data Viewer**.
+ 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
+ 1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**.
+1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items:
+ - The **EnrolledTenantID** field under **m365a** should equal the `CommercialID` of your Log Analytics workspace for Update Compliance. `CommercialID` is no longer required for the [preview version of Updates Compliance](../update-compliance-v2-overview.md), but the value may still be listed in this field.
+ - The **MSP** field value under **protocol** should be either `16` or `18`.
+ - If you need to send this data to Microsoft Support, select **Export data**.
+
+ :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="../media/update-compliance-diagnostic-data-viewer.png" lightbox="../media/update-compliance-diagnostic-data-viewer.png":::
+
diff --git a/windows/deployment/update/media/33771278-overall-security-update-status.png b/windows/deployment/update/media/33771278-overall-security-update-status.png
new file mode 100644
index 0000000000..49d634956c
Binary files /dev/null and b/windows/deployment/update/media/33771278-overall-security-update-status.png differ
diff --git a/windows/deployment/update/media/33771278-update-compliance-feedback.png b/windows/deployment/update/media/33771278-update-compliance-feedback.png
new file mode 100644
index 0000000000..bab180d192
Binary files /dev/null and b/windows/deployment/update/media/33771278-update-compliance-feedback.png differ
diff --git a/windows/deployment/update/media/33771278-update-compliance-workbook-summary.png b/windows/deployment/update/media/33771278-update-compliance-workbook-summary.png
new file mode 100644
index 0000000000..bf5f0272ac
Binary files /dev/null and b/windows/deployment/update/media/33771278-update-compliance-workbook-summary.png differ
diff --git a/windows/deployment/update/media/33771278-update-deployment-status-table.png b/windows/deployment/update/media/33771278-update-deployment-status-table.png
new file mode 100644
index 0000000000..4ee85fcc56
Binary files /dev/null and b/windows/deployment/update/media/33771278-update-deployment-status-table.png differ
diff --git a/windows/deployment/update/media/33771278-workbook-summary-tab-tiles.png b/windows/deployment/update/media/33771278-workbook-summary-tab-tiles.png
new file mode 100644
index 0000000000..7f1dddf600
Binary files /dev/null and b/windows/deployment/update/media/33771278-workbook-summary-tab-tiles.png differ
diff --git a/windows/deployment/update/media/docs-feedback.png b/windows/deployment/update/media/docs-feedback.png
new file mode 100644
index 0000000000..2c6afbc101
Binary files /dev/null and b/windows/deployment/update/media/docs-feedback.png differ
diff --git a/windows/deployment/update/update-compliance-configuration-script.md b/windows/deployment/update/update-compliance-configuration-script.md
index bb275f2935..15c207cf56 100644
--- a/windows/deployment/update/update-compliance-configuration-script.md
+++ b/windows/deployment/update/update-compliance-configuration-script.md
@@ -40,7 +40,7 @@ This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You
Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`):
1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`.
-2. Set `commercialIDValue` to your Commercial ID.
+2. Set `setCommercialID=true` and set the `commercialIDValue` to your [Commercial ID](update-compliance-get-started.md#get-your-commercialid).
3. Run the script.
4. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`.
5. If there are issues, gather the logs and provide them to Support.
@@ -48,87 +48,10 @@ Open `RunConfig.bat` and configure the following (assuming a first-run, with `ru
## Script errors
-|Error |Description |
-|---------|---------|
-| 1 | General unexpected error|
-| 6 | Invalid CommercialID|
-| 8 | Couldn't create registry key path to setup CommercialID|
-| 9 | Couldn't write CommercialID at registry key path|
-| 11 | Unexpected result when setting up CommercialID.|
-| 12 | CheckVortexConnectivity failed, check Log output for more information.|
-| 12 | Unexpected failure when running CheckVortexConnectivity.|
-| 16 | Reboot is pending on device, restart device and restart script.|
-| 17 | Unexpected exception in CheckRebootRequired.|
-| 27 | Not system account. |
-| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
-| 34 | Unexpected exception when attempting to check Proxy settings.|
-| 35 | Unexpected exception when checking User Proxy.|
-| 37 | Unexpected exception when collecting logs|
-| 40 | Unexpected exception when checking and setting telemetry.|
-| 41 | Unable to impersonate logged-on user.|
-| 42 | Unexpected exception when attempting to impersonate logged-on user.|
-| 43 | Unexpected exception when attempting to impersonate logged-on user.|
-| 44 | Error when running CheckDiagTrack service.|
-| 45 | DiagTrack.dll not found.|
-| 48 | CommercialID is not a GUID|
-| 50 | DiagTrack service not running.|
-| 51 | Unexpected exception when attempting to run Census.exe|
-| 52 | Could not find Census.exe|
-| 53 | There are conflicting CommercialID values.|
-| 54 | Microsoft account (MSA) Sign In Assistant Service disabled.|
-| 55 | Failed to create new registry path for SetDeviceNameOptIn|
-| 56 | Failed to create property for SetDeviceNameOptIn at registry path|
-| 57 | Failed to update value for SetDeviceNameOptIn|
-| 58 | Unexpected exception in SetrDeviceNameOptIn|
-| 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.|
-| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
-| 61 | Unexpected exception when attempting to clean up OneSettings.|
-| 62 | AllowTelemetry registry key is not of the correct type REG_DWORD|
-| 63 | AllowTelemetry is not set to the appropriate value and it could not be set by the script.|
-| 64 | AllowTelemetry is not of the correct type REG_DWORD.|
-| 66 | Failed to verify UTC connectivity and recent uploads.|
-| 67 | Unexpected failure when verifying UTC CSP.|
-| 91 | Failed to create new registry path for EnableAllowUCProcessing|
-| 92 | Failed to create property for EnableAllowUCProcessing at registry path|
-| 93 | Failed to update value for EnableAllowUCProcessing|
-| 94 | Unexpected exception in EnableAllowUCProcessing|
-| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline |
-| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path |
-| 97 | Failed to update value for EnableAllowCommercialDataPipeline |
-| 98 | Unexpected exception in EnableAllowCommercialDataPipeline |
-| 99 | Device is not Windows 10.|
-
+
+[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-script-error-codes.md)]
## Verify device configuration
-
-In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps:
-
-1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer).
- 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
- 1. Under **View diagnostic data**, select **On** for the following option:
-
- - Windows 11: **Turn on the Diagnostic Data Viewer (uses up to 1 GB of hard drive space)**
- - Windows 10: **Turn on this setting to see your data in the Diagnostic Data Viewer. (Setting uses up to 1GB of hard drive space.)**
-
-1. Select **Open Diagnostic Data Viewer**.
- - If the application isn't installed, select **Get** when you're asked to download the [Diagnostic Data Viewer from the Microsoft Store](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
- - If the application is already installed, it will open. You can either close the application before running a scan for software updates, or use the refresh button to fetch the new data after the scan is completed.
-
-1. Check for software updates on the client device.
- - Windows 11:
- 1. Go to **Start**, select **Settings** > **Windows Update**.
- 1. Select **Check for updates** then wait for the update check to complete.
- - Windows 10:
- 1. Go to **Start**, select **Settings** > **Update & Security** > **Windows Update**.
- 1. Select **Check for updates** then wait for the update check to complete.
-
-1. Run the **Diagnostic Data Viewer**.
- 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
- 1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**.
-1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items:
- - The **EnrolledTenantID** field under **m365a** should equal the [CommercialID](update-compliance-get-started.md#get-your-commercialid) of your Log Analytics workspace for Update Compliance.
- - The **MSP** field value under **protocol** should be either `16` or `18`.
- - If you need to send this data to Microsoft Support, select **Export data**.
-
- :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="./media/update-compliance-diagnostic-data-viewer.png" lightbox="./media/update-compliance-diagnostic-data-viewer.png":::
+
+[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-verify-device-configuration.md)]:
diff --git a/windows/deployment/update/update-compliance-get-started.md b/windows/deployment/update/update-compliance-get-started.md
index 663fedf6e7..3449a9e3ff 100644
--- a/windows/deployment/update/update-compliance-get-started.md
+++ b/windows/deployment/update/update-compliance-get-started.md
@@ -92,19 +92,22 @@ Once the solution is in place, you can leverage one of the following Azure roles
> [!NOTE]
> It is not currently supported to programmatically enroll to Update Compliance via the [Azure CLI](/cli/azure) or otherwise. You must manually add Update Compliance to your Azure subscription.
-
+
### Get your CommercialID
-A CommercialID is a globally unique identifier assigned to a specific Log Analytics workspace. The CommercialID is copied to an MDM or Group Policy and is used to identify devices in your environment.
+A `CommercialID` is a globally unique identifier assigned to a specific Log Analytics workspace. The `CommercialID` is copied to an MDM or Group Policy and is used to identify devices in your environment. The `Commercial ID` directs your clients to the Update Compliance solution in your Log Analytics workspace. You'll need this ID when you configure clients to send data to Update Compliance.
-To find your CommercialID within Azure:
+1. If needed, sign into the [Azure portal](https://portal.azure.com).
+1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input.
+1. Select **Log Analytics workspaces**.
+1. Select the Log Analytics workspace that you added the Update Compliance solution to.
+1. Select **Solutions** from the Log Analytics workspace, then select **WaaSUpdateInsights(<Log Analytics workspace name>)** to go to the summary page for the solution.
+1. Select **Update Compliance Settings** from the **WaaSUpdateInsights(<Log Analytics workspace name>)** summary page.
+1. The **Commercial Id Key** is listed in the text box with an option to copy the ID. The **Commercial Id Key** is commonly referred to as the `CommercialID` or **Commercial ID** in Update Compliance.
-1. Navigate to the **Solutions** tab for your workspace, and then select the **WaaSUpdateInsights** solution.
-2. From there, select the Update Compliance Settings page on the navbar.
-3. Your CommercialID is available in the settings page.
+ > [!Warning]
+ > Regenerate a Commercial ID only if your original ID can no longer be used. Regenerating a Commercial ID requires you to deploy the new commercial ID to your computers in order to continue to collect data and can result in data loss.
-> [!IMPORTANT]
-> Regenerate your CommercialID only if your original ID can no longer be used or if you want to completely reset your workspace. Regenerating your CommercialID cannot be undone and will result in you losing data for all devices that have the current CommercialID until the new CommercialID is deployed to devices.
## Enroll devices in Update Compliance
diff --git a/windows/deployment/update/update-compliance-v2-configuration-manual.md b/windows/deployment/update/update-compliance-v2-configuration-manual.md
index 708fcce0bf..07c449792b 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-manual.md
+++ b/windows/deployment/update/update-compliance-v2-configuration-manual.md
@@ -17,7 +17,8 @@ ms.date: 06/06/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
+> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
There are a number of requirements to consider when manually configuring devices for Update Compliance. These requirements can potentially change with newer versions of Windows client. The [Update Compliance configuration script](update-compliance-v2-configuration-script.md) will be updated when any configuration requirements change so only a redeployment of the script will be required.
@@ -42,7 +43,6 @@ Each MDM Policy links to its documentation in the configuration service provider
| Policy | Data type | Value | Function |
|--------------------------|-|-|------------------------------------------------------------|
-|**Provider/*ProviderID*/**[**CommercialID**](/windows/client-management/mdm/dmclient-csp#provider-providerid-commercialid) |String |[Your CommercialID](update-compliance-v2-enable.md#bkmk_id) |Identifies the device as belonging to your organization. |
|**System/**[**AllowTelemetry**](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) |Integer | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the following policy. |
|**System/**[**ConfigureTelemetryOptInSettingsUx**](/windows/client-management/mdm/policy-csp-system#system-configuretelemetryoptinsettingsux) |Integer |1 - Disable Telemetry opt-in Settings | (in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy or the effective diagnostic data level on devices might not be sufficient. |
|**System/**[**AllowDeviceNameInDiagnosticData**](/windows/client-management/mdm/policy-csp-system#system-allowdevicenameindiagnosticdata) |Integer | 1 - Allowed | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or set to 0 (Disabled), Device Name will not be sent and won't be visible in Update Compliance, showing `#` instead. |
@@ -55,7 +55,6 @@ All Group policies that need to be configured for Update Compliance are under **
| Policy | Value | Function |
|---------------------------|-|-----------------------------------------------------------|
-|**Configure the Commercial ID** |[Your CommercialID](update-compliance-v2-enable.md#bkmk_id) | Identifies the device as belonging to your organization. |
|**Allow Telemetry** | 1 - Basic |Configures the maximum allowed diagnostic data to be sent to Microsoft. Individual users can still set this value lower than what the policy defines. For more information, see the **Configure telemetry opt-in setting user interface**. |
|**Configure telemetry opt-in setting user interface** | 1 - Disable diagnostic data opt-in Settings |(in Windows 10, version 1803 and later) Determines whether users of the device can adjust diagnostic data to levels lower than the level defined by AllowTelemetry. We recommend that you disable this policy, otherwise the effective diagnostic data level on devices might not be sufficient. |
|**Allow device name to be sent in Windows diagnostic data** | 1 - Enabled | Allows device name to be sent for Windows Diagnostic Data. If this policy is Not Configured or Disabled, Device Name won't be sent and won't be visible in Update Compliance, showing `#` instead. |
diff --git a/windows/deployment/update/update-compliance-v2-configuration-mem.md b/windows/deployment/update/update-compliance-v2-configuration-mem.md
index 1a6b98c90c..1dabf9b1e5 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-mem.md
+++ b/windows/deployment/update/update-compliance-v2-configuration-mem.md
@@ -17,7 +17,8 @@ ms.date: 06/06/2022
***(Applies to: Windows 11 & Windows 10 managed by [Microsoft Endpoint Manager](/mem/endpoint-manager-overview))***
> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
+> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
This article is specifically targeted at configuring devices enrolled to [Microsoft Endpoint Manager](/mem/endpoint-manager-overview) for Update Compliance, within Microsoft Endpoint Manager itself. Configuring devices for Update Compliance in Microsoft Endpoint Manager breaks down to the following steps:
@@ -36,13 +37,7 @@ Take the following steps to create a configuration profile that will set require
1. For **Template name**, select **Custom**, and then press **Create**.
1. You're now on the Configuration profile creation screen. On the **Basics** tab, give a **Name** and **Description**.
1. On the **Configuration settings** page, you'll be adding multiple OMA-URI Settings that correspond to the policies described in [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md).
- 1. If you don't already have it, get your Commercial ID. For steps, see [Get your CommmercialID](update-compliance-v2-enable.md#bkmk_id).
- 1. Add a setting for **Commercial ID** with the following values:
- - **Name**: Commercial ID
- - **Description**: Sets the Commercial ID that corresponds to the Update Compliance Log Analytics workspace.
- - **OMA-URI**: `./Vendor/MSFT/DMClient/Provider/ProviderID/CommercialID`
- - **Data type**: String
- - **Value**: *Set this value to your Commercial ID*
+
1. Add a setting configuring the **Windows Diagnostic Data level** for devices:
- **Name**: Allow Telemetry
- **Description**: Sets the maximum allowed diagnostic data to be sent to Microsoft, required for Update Compliance.
diff --git a/windows/deployment/update/update-compliance-v2-configuration-script.md b/windows/deployment/update/update-compliance-v2-configuration-script.md
index aafe9ff807..ce8b8ff96b 100644
--- a/windows/deployment/update/update-compliance-v2-configuration-script.md
+++ b/windows/deployment/update/update-compliance-v2-configuration-script.md
@@ -17,7 +17,8 @@ ms.date: 06/16/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
+> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
The Update Compliance Configuration Script is the recommended method of configuring devices to send data to Microsoft for use with Update Compliance. The script configures the registry keys backing policies, ensures required services are running, and more. This script is a recommended complement to configuring the required policies documented in [Manually configured devices for Update Compliance](update-compliance-v2-configuration-manual.md), as it can provide feedback on whether there are any configuration issues outside of policies being configured.
@@ -42,95 +43,21 @@ This script's two primary files are `ConfigScript.ps1` and `RunConfig.bat`. You
Open `RunConfig.bat` and configure the following (assuming a first-run, with `runMode=Pilot`):
1. Define `logPath` to where you want the logs to be saved. Ensure that `runMode=Pilot`.
-1. Set `commercialIDValue` to your [Commercial ID](update-compliance-v2-enable.md#bkmk_id) for the Update Compliance solution.
+1. Don't modify the [Commercial ID](update-compliance-get-started.md#get-your-commercialid) values since they're used for the earlier version of Update Compliance. Leave `setCommercialID=false` and the `commercialIDValue=Unknown`.
1. Run the script.
1. Examine the logs for any issues. If there are no issues, then all devices with a similar configuration and network profile are ready for the script to be deployed with `runMode=Deployment`.
1. If there are issues, gather the logs and provide them to Microsoft Support.
## Verify device configuration
-In some cases, you may need to manually verify the device configuration has the `AllowUpdateComplianceProcessing` policy enabled. To verify the setting, use the following steps:
-
-1. Download and enable the **Diagnostic Data Viewer**. For more information, see [Diagnostic Data Viewer overview](/windows/privacy/diagnostic-data-viewer-overview#install-and-use-the-diagnostic-data-viewer).
- 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
- 1. Under **View diagnostic data**, select **On** for the following option:
-
- - Windows 11: **Turn on the Diagnostic Data Viewer (uses up to 1 GB of hard drive space)**
- - Windows 10: **Turn on this setting to see your data in the Diagnostic Data Viewer. (Setting uses up to 1GB of hard drive space.)**
-
-1. Select **Open Diagnostic Data Viewer**.
- - If the application isn't installed, select **Get** when you're asked to download the [Diagnostic Data Viewer from the Microsoft Store](https://www.microsoft.com/store/p/diagnostic-data-viewer/9n8wtrrsq8f7?rtc=1) page.
- - If the application is already installed, it will open. You can either close the application before running a scan for software updates, or use the refresh button to fetch the new data after the scan is completed.
-
-1. Check for software updates on the client device.
- - Windows 11:
- 1. Go to **Start**, select **Settings** > **Windows Update**.
- 1. Select **Check for updates** then wait for the update check to complete.
- - Windows 10:
- 1. Go to **Start**, select **Settings** > **Update & Security** > **Windows Update**.
- 1. Select **Check for updates** then wait for the update check to complete.
-
-1. Run the **Diagnostic Data Viewer**.
- 1. Go to **Start**, select **Settings** > **Privacy** > **Diagnostics & feedback**.
- 1. Under **View diagnostic data**, select **Open Diagnostic Data Viewer**.
-1. When the Diagnostic Data Viewer opens, type `SoftwareUpdateClientTelemetry` in the search field. Verify the following items:
- - The **EnrolledTenantID** field under **m365a** should equal the [CommercialID](update-compliance-v2-enable.md#bkmk_id) of your Log Analytics workspace for Update Compliance.
- - The **MSP** field value under **protocol** should be either `16` or `18`.
- - If you need to send this data to Microsoft Support, select **Export data**.
-
- :::image type="content" alt-text="Screenshot of the Diagnostic Data Viewer displaying the data from SoftwareUpdateClientTelemetry. The export data option and the fields for MSP and EnrolledTenantID are outlined in red." source="./media/update-compliance-diagnostic-data-viewer.png" lightbox="./media/update-compliance-diagnostic-data-viewer.png":::
+
+[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-verify-device-configuration.md)]
## Script errors
-|Error |Description |
-|---------|---------|
-| 1 | General unexpected error|
-| 6 | Invalid CommercialID|
-| 8 | Couldn't create registry key path to set up CommercialID|
-| 9 | Couldn't write CommercialID at registry key path|
-| 11 | Unexpected result when setting up CommercialID.|
-| 12 | CheckVortexConnectivity failed, check Log output for more information.|
-| 12 | Unexpected failure when running CheckVortexConnectivity.|
-| 16 | Reboot is pending on device, restart device and restart script.|
-| 17 | Unexpected exception in CheckRebootRequired.|
-| 27 | Not system account. |
-| 30 | Unable to disable Enterprise Auth Proxy. This registry value must be 0 for UTC to operate in an authenticated proxy environment.|
-| 34 | Unexpected exception when attempting to check Proxy settings.|
-| 35 | Unexpected exception when checking User Proxy.|
-| 37 | Unexpected exception when collecting logs|
-| 40 | Unexpected exception when checking and setting telemetry.|
-| 41 | Unable to impersonate logged-on user.|
-| 42 | Unexpected exception when attempting to impersonate logged-on user.|
-| 43 | Unexpected exception when attempting to impersonate logged-on user.|
-| 44 | Error when running CheckDiagTrack service.|
-| 45 | DiagTrack.dll not found.|
-| 48 | CommercialID isn't a GUID|
-| 50 | DiagTrack service not running.|
-| 51 | Unexpected exception when attempting to run Census.exe|
-| 52 | Couldn't find Census.exe|
-| 53 | There are conflicting CommercialID values.|
-| 54 | Microsoft Account Sign In Assistant (MSA) Service disabled.|
-| 55 | Failed to create new registry path for SetDeviceNameOptIn|
-| 56 | Failed to create property for SetDeviceNameOptIn at registry path|
-| 57 | Failed to update value for SetDeviceNameOptIn|
-| 58 | Unexpected exception in SetrDeviceNameOptIn|
-| 59 | Failed to delete LastPersistedEventTimeOrFirstBoot property at registry path when attempting to clean up OneSettings.|
-| 60 | Failed to delete registry key when attempting to clean up OneSettings.|
-| 61 | Unexpected exception when attempting to clean up OneSettings.|
-| 62 | AllowTelemetry registry key isn't of the correct type REG_DWORD|
-| 63 | AllowTelemetry isn't set to the appropriate value and it couldn't be set by the script.|
-| 64 | AllowTelemetry isn't of the correct type REG_DWORD.|
-| 66 | Failed to verify UTC connectivity and recent uploads.|
-| 67 | Unexpected failure when verifying UTC CSP.|
-| 91 | Failed to create new registry path for EnableAllowUCProcessing|
-| 92 | Failed to create property for EnableAllowUCProcessing at registry path|
-| 93 | Failed to update value for EnableAllowUCProcessing|
-| 94 | Unexpected exception in EnableAllowUCProcessing|
-| 95 | Failed to create new registry path for EnableAllowCommercialDataPipeline |
-| 96 | Failed to create property for EnableAllowCommercialDataPipeline at registry path |
-| 97 | Failed to update value for EnableAllowCommercialDataPipeline |
-| 98 | Unexpected exception in EnableAllowCommercialDataPipeline |
-| 99 | Device isn't Windows 10.|
+
+[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-script-error-codes.md)]
+
## Next steps
diff --git a/windows/deployment/update/update-compliance-v2-enable.md b/windows/deployment/update/update-compliance-v2-enable.md
index 313d748f40..2125392ab8 100644
--- a/windows/deployment/update/update-compliance-v2-enable.md
+++ b/windows/deployment/update/update-compliance-v2-enable.md
@@ -16,18 +16,23 @@ ms.date: 06/06/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](#bkmk_admin-center).
+> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
After verifying the [prerequisites](update-compliance-v2-prerequisites.md) are met, you can start to set up Update Compliance. The two main steps for setting up the Update Compliance solution are:
1. [Add Update Compliance](#bkmk_add) to your Azure subscription. This step has the following two phases:
1. [Select or create a new Log Analytics workspace](#bkmk_workspace) for use with Update Compliance.
1. [Add the Update Compliance solution](#bkmk_solution) to the Log Analytics workspace.
+ 1. [Configure Update Compliance](#bkmk_admin-center) from the Microsoft 365 admin center.
+
1. Configure the clients to send data to Update compliance. You can configure clients in the following three ways:
- Use a [script](update-compliance-v2-configuration-script.md)
- Use [Microsoft Endpoint Manager](update-compliance-v2-configuration-mem.md)
- Configure [manually](update-compliance-v2-configuration-manual.md)
+> [!IMPORTANT]
+> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
## Add Update Compliance to your Azure subscription
Before you configure clients to send data, you'll need to add the Update Compliance solution to your Azure subscription so the data can be received. First, you'll select or create a new Log Analytics workspace to use. Second, you'll add the Update Compliance solution to the workspace.
@@ -63,27 +68,19 @@ Update Compliance is offered as an Azure Marketplace application that's linked t
> [!Note]
> - You can only map one tenant to one Log Analytics workspace. Mapping one tenant to multiple workspaces isn't supported.
-> - If you change the Log Analytics workspace for Update Compliance, stale data will be displayed for about 24 hours until the new workspace is fully onboarded.
+> - If you change the Log Analytics workspace for Update Compliance, stale data will be displayed for about 24 hours until the new workspace is fully onboarded. You will also need to reconfigure the Update Compliance settings in the Microsoft 365 admin center.
-### Get the Commercial ID for the Update Compliance solution
+### Configure Update Compliance settings through the Microsoft 365 admin center
-The **Commercial ID** directs your clients to the Update Compliance solution in your Log Analytics workspace. You'll need this ID when you configure clients to send data to Update Compliance.
+Finish enabling Updates Compliance by configuring its settings through the Microsoft 365 admin center. Completing the Update Compliance configuration through the admin center removes needing to specify [`CommercialID`](update-compliance-get-started.md#get-your-commercialid), which was needed by the earlier version of Updates Compliance. This step is needed even if you enabled earlier previews of Update Compliance.
-1. If needed, sign into the [Azure portal](https://portal.azure.com).
-1. In the Azure portal, type **Log Analytics** in the search bar. As you begin typing, the list filters based on your input.
-1. Select **Log Analytics workspaces**.
-1. Select the Log Analytics workspace that you added the Update Compliance solution to.
-1. Select **Solutions** from the Log Analytics workspace, then select **WaaSUpdateInsights(<Log Analytics workspace name>)** to go to the summary page for the solution.
-1. Select **Update Compliance Settings** from the **WaaSUpdateInsights(<Log Analytics workspace name>)** summary page.
-1. The **Commercial Id Key** is listed in the text box with an option to copy the ID. The **Commercial Id Key** is commonly referred to as the `CommercialID` or **Commercial ID** in Update Compliance.
-
- > [!Warning]
- > Regenerate a Commercial ID only if your original ID can no longer be used. Regenerating a Commercial ID requires you to deploy the new commercial ID to your computers in order to continue to collect data and can result in data loss.
+
+[!INCLUDE [Onboarding Update Compliance through the Microsoft 365 admin center](./includes/update-compliance-onboard-admin-center.md)]
## Next steps
-Once you've added Update Compliance to a workspace in your Azure subscription, you'll need to configure any devices you want to monitor. Enroll devices into Update Compliance using any of the following methods:
+Once you've added Update Compliance to a workspace in your Azure subscription and configured the settings through the Microsoft 365 admin center, you'll need to configure any devices you want to monitor. Enroll devices into Update Compliance using any of the following methods:
- [Configure clients with a script](update-compliance-v2-configuration-script.md)
- [Configure clients manually](update-compliance-v2-configuration-manual.md)
diff --git a/windows/deployment/update/update-compliance-v2-help.md b/windows/deployment/update/update-compliance-v2-help.md
new file mode 100644
index 0000000000..871ce3464e
--- /dev/null
+++ b/windows/deployment/update/update-compliance-v2-help.md
@@ -0,0 +1,110 @@
+---
+title: Update Compliance (preview) feedback, support, and troubleshooting
+ms.reviewer:
+manager: dougeby
+description: Update Compliance (preview) support information.
+ms.prod: w10
+author: mestew
+ms.author: mstewart
+ms.collection: M365-analytics
+ms.topic: article
+ms.date: 08/10/2022
+---
+
+# Update Compliance (preview) feedback, support, and troubleshooting
+
+
+***(Applies to: Windows 11 & Windows 10)***
+
+> [!IMPORTANT]
+> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
+> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+
+There are several resources that you can use to find help with Update Compliance. Whether you're just getting started or an experienced administrator, use the following resources when you need help with Update Compliance:
+
+- Send [product feedback about Update Compliance](#send-product-feedback)
+- Open a [Microsoft support case](#open-a-microsoft-support-case)
+
+- [Documentation feedback](#documentation-feedback)
+- [Troubleshooting tips](#troubleshooting-tips) for Update Compliance
+- Follow the [Windows IT Pro blog](https://techcommunity.microsoft.com/t5/windows-it-pro-blog/bg-p/Windows10Blog) to learn about upcoming changes to Update Compliance
+- Use Microsoft Q&A to [ask product questions](/answers/products/)
+
+## Send product feedback
+
+Use the product feedback option to offer suggestions for new features and functionality, or for suggesting changes to the current Update Compliance features. You can share feedback directly to the Update Compliance product group. To provide product feedback:
+
+1. In the upper right corner of the Azure portal, select the feedback icon.
+1. Select either the smile or the frown to rate your satisfaction with your experience.
+1. In the text box, describe what you did or didn't like. When providing feedback about a problem, be sure to include enough detail in your description so it can be properly identified by the product group.
+1. Choose if you'd like to allow Microsoft to email you about your feedback.
+1. Select **Submit feedback** when you've completed the feedback form.
+:::image type="content" source="media/33771278-update-compliance-feedback.png" alt-text="Screenshot of the Azure portal showing the product feedback option flyout." lightbox="media/33771278-update-compliance-feedback.png":::
+
+## Open a Microsoft support case
+
+You can open support requests directly from the Azure portal. If the **Help + Support** page doesn't display, verify you have access to open support requests. For more information about role-based access controls for support requests, see [Create an Azure support request](/azure/azure-portal/supportability/how-to-create-azure-support-request). To create a new support request for Update Compliance:
+
+1. Open the **Help + Support** page from the following locations:
+ - In the [Send product feedback](#send-product-feedback) flyout, select the **contact support** link.
+ - From the Azure portal, select **New support request** under the **Support + Troubleshooting** heading.
+1. Select **Create a support request** which opens the new support request page.
+1. On the **Problem description** tab, provide information about the issue. The below items in ***bold italics*** should be used to help ensure an Update Compliance engineer receives your support request:
+ - **Summary** - Brief description of the issue
+ - **Issue type** - ***Technical***
+ - **Subscription** - Select the subscription used for Update Compliance
+ - **Service** - ***My services***
+ - **Service type** - ***Log Analytics***
+ - **Problem type** - ***Solutions or Insights***
+ - **Problem subtype** - ***Update Compliance***
+1. Based on the information you provided, you'll be shown some **Recommended solutions** you can use to try to resolve the problem.
+1. Complete the **Additional details** tab and then create the request on the **Review + create** tab.
+
+## Documentation feedback
+
+Select the **Feedback** link in the upper right of any article to go to the Feedback section at the bottom. Feedback is integrated with GitHub Issues. For more information about this integration with GitHub Issues, see the [docs platform blog post](/teamblog/a-new-feedback-system-is-coming-to-docs).
+
+:::image type="content" source="media/docs-feedback.png" alt-text="Screenshot of the feedback section on a docs article.":::
+
+To share docs feedback about the current article, select **This page**. A [GitHub account](https://github.com/join) is a prerequisite for providing documentation feedback. Once you sign in, there's a one-time authorization for the MicrosoftDocs organization. It then opens the GitHub new issue form. Add a descriptive title and detailed feedback in the body, but don't modify the document details section. Then select **Submit new issue** to file a new issue for the target article in the [Windows-ITPro-docs GitHub repository](https://github.com/MicrosoftDocs/windows-itpro-docs/issues).
+
+To see whether there's already feedback for this article, select **View all page feedback**. This action opens a GitHub issue query for this article. By default it displays both open and closed issues. Review any existing feedback before you submit a new issue. If you find a related issue, select the face icon to add a reaction, add a comment to the thread, or **Subscribe** to receive notifications.
+
+Use GitHub Issues to submit the following types of feedback:
+
+- Doc bug: The content is out of date, unclear, confusing, or broken.
+- Doc enhancement: A suggestion to improve the article.
+- Doc question: You need help with finding existing documentation.
+- Doc idea: A suggestion for a new article.
+- Kudos: Positive feedback about a helpful or informative article.
+- Localization: Feedback about content translation.
+- Search engine optimization (SEO): Feedback about problems searching for content. Include the search engine, keywords, and target article in the comments.
+
+If you create an issue for something not related to documentation, Microsoft will close the issue and redirect you to a better feedback channel. For example:
+
+- [Product feedback](#send-product-feedback) for Update Compliance
+- [Product questions (using Microsoft Q&A)](/answers/products/)
+- [Support requests](#open-a-microsoft-support-case) for Update Compliance
+
+To share feedback on the fundamental docs.microsoft.com platform, see [Docs feedback](https://aka.ms/sitefeedback). The platform includes all of the wrapper components such as the header, table of contents, and right menu. Also how the articles render in the browser, such as the font, alert boxes, and page anchors.
+
+## Troubleshooting tips
+
+Use the troubleshooting tips below to resolve commonly encountered problems when using Update Compliance:
+
+### Verify client configuration
+
+
+[!INCLUDE [Endpoints for Update Compliance](./includes/update-compliance-verify-device-configuration.md)]
+
+### Ensuring devices are configured correctly to send data
+
+The first step in troubleshooting Update Compliance is ensuring that devices are configured. Review [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md) for the settings. We recommend using the [Update Compliance configuration script](update-compliance-v2-configuration-script.md) for troubleshooting and configuring devices.
+
+### Devices have been correctly configured but aren't showing up in Update Compliance
+
+It takes some time for data to appear in Update Compliance for the first time or if you moved to a new Log Analytics workspace. To learn more about data latencies for Update Compliance, review [Update Compliance data latency](update-compliance-v2-use.md#update-compliance-data-latency).
+
+### Devices are appearing, but without a device name
+
+Device Name is an opt-in via policy starting in Windows 10 version 1803. Review the required policies for enabling device name in the [Manually configuring devices for Update Compliance](update-compliance-v2-configuration-manual.md) article.
diff --git a/windows/deployment/update/update-compliance-v2-overview.md b/windows/deployment/update/update-compliance-v2-overview.md
index dcd9c0e7c9..ee51d8c204 100644
--- a/windows/deployment/update/update-compliance-v2-overview.md
+++ b/windows/deployment/update/update-compliance-v2-overview.md
@@ -8,7 +8,7 @@ author: mestew
ms.author: mstewart
ms.collection: M365-analytics
ms.topic: article
-ms.date: 06/06/2022
+ms.date: 08/09/2022
---
# Update Compliance overview
@@ -16,25 +16,29 @@ ms.date: 06/06/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
+> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
Update Compliance is a cloud-based solution that provides information about the compliance of your Azure Active Directory-joined devices with Windows updates. Update Compliance is offered through the [Azure portal](https://portal.azure.com), and it's included as part of the Windows 10 or Windows 11 prerequisite licenses. Update Compliance helps you:
- Monitor security, quality, and feature updates for Windows 11 and Windows 10 devices
- Report on devices with update compliance issues
-- Review [Delivery Optimization](../do/waas-delivery-optimization.md) bandwidth savings across multiple content types
+- Analyze and display your data in multiple ways
-## Technical preview information for Update Compliance
-The new version of Update Compliance is in technical preview. Some of the benefits of this new version include:
+## Preview information for Update Compliance
+
+The new version of Update Compliance is in preview. Some of the benefits of this new version include:
- Integration with [Windows Update for Business deployment service](deployment-service-overview.md) to enable per deployment reporting, monitoring, and troubleshooting.
- Compatibility with [Feature updates](/mem/intune/protect/windows-10-feature-updates) and [Expedite Windows quality updates](/mem/intune/protect/windows-10-expedite-updates) policies in Intune.
- A new **Alerts** data type to assist you with identifying devices that encounter issues during the update process. Error code information is provided to help troubleshoot update issues.
-Currently, the technical preview contains the following features:
+Currently, the preview contains the following features:
-- Access to the following new Update Compliance tables:
+- [Update Compliance workbook](update-compliance-v2-workbook.md)
+- Update Compliance status [charts in the Microsoft 365 admin](update-status-admin-center.md)
+- Access to the following new [Update Compliance tables](update-compliance-v2-schema.md):
- UCClient
- UCClientReadinessStatus
- UCClientUpdateStatus
@@ -43,10 +47,14 @@ Currently, the technical preview contains the following features:
- UCUpdateAlert
- Client data collection to populate the new Update Compliance tables
+Currently, these new tables are available to all Updates Compliance users. They will be displayed along with the original Updates Compliance tables.
+
:::image type="content" source="media/update-compliance-v2-query-table.png" alt-text="Screenshot of using a custom Kusto (KQL) query on Update Compliance data in Log Analytics." lightbox="media/update-compliance-v2-query-table.png":::
-> [!IMPORTANT]
-> Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
+## Limitations
+
+Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
+
## How Update Compliance works
@@ -69,6 +77,8 @@ Since the data from your clients is stored in a Log Analytics workspace, you can
- [Power BI](/azure/azure-monitor/logs/log-powerbi)
- Other tools for [querying the data](/azure/azure-monitor/logs/log-query-overview)
+
+
## Next steps
- Review the [Update Compliance prerequisites](update-compliance-v2-prerequisites.md)
diff --git a/windows/deployment/update/update-compliance-v2-prerequisites.md b/windows/deployment/update/update-compliance-v2-prerequisites.md
index 88cfdcb10b..31c046a6b0 100644
--- a/windows/deployment/update/update-compliance-v2-prerequisites.md
+++ b/windows/deployment/update/update-compliance-v2-prerequisites.md
@@ -16,8 +16,8 @@ ms.date: 06/30/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
+> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the CommercialID is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
-> - Update Compliance is a Windows service hosted in Azure that uses Windows diagnostic data. You should be aware that Update Compliance doesn't meet [US Government community compliance (GCC)](/office365/servicedescriptions/office-365-platform-service-description/office-365-us-government/gcc#us-government-community-compliance) requirements. For a list of GCC offerings for Microsoft products and services, see the [Microsoft Trust Center](/compliance/regulatory/offering-home). Update Compliance is available in the Azure Commercial cloud, but not available for GCC High or United States Department of Defense customers.
## Update Compliance prerequisites
@@ -66,15 +66,9 @@ For more information about what's included in different diagnostic levels, see [
> [!NOTE]
> Enrolling into Update Compliance from the [Azure CLI](/cli/azure) or enrolling programmatically another way currently isn't supported. You must manually add Update Compliance to your Azure subscription.
-## Microsoft 365 admin center permissions (currently optional)
-
-When you use the [Microsoft admin center software updates (preview) page](update-status-admin-center.md) with Update Compliance, the following permissions are also needed:
-
-- To configure settings and view the **Software Updates** page:
- - [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
- - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
-- To view the **Software Updates** page:
- - [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
+## Microsoft 365 admin center permissions
+
+[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-admin-center-permissions.md)]
## Log Analytics prerequisites
diff --git a/windows/deployment/update/update-compliance-v2-schema.md b/windows/deployment/update/update-compliance-v2-schema.md
index ce8c149ee1..add12d9e62 100644
--- a/windows/deployment/update/update-compliance-v2-schema.md
+++ b/windows/deployment/update/update-compliance-v2-schema.md
@@ -16,7 +16,8 @@ ms.date: 06/06/2022
***(Applies to: Windows 11 & Windows 10)***
> [!Important]
-> This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
+> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
When the visualizations provided in the default experience don't fulfill your reporting needs, or if you need to troubleshoot issues with devices, it's valuable to understand the schema for Update Compliance and have a high-level understanding of the capabilities of [Azure Monitor log queries](/azure/azure-monitor/log-query/query-language) to power additional dashboards, integration with external data analysis tools, automated alerting, and more.
diff --git a/windows/deployment/update/update-compliance-v2-use.md b/windows/deployment/update/update-compliance-v2-use.md
index c136aeae12..9326548d4f 100644
--- a/windows/deployment/update/update-compliance-v2-use.md
+++ b/windows/deployment/update/update-compliance-v2-use.md
@@ -1,8 +1,8 @@
---
-title: Use the Update Compliance (preview) solution
+title: Use the Update Compliance (preview) data
ms.reviewer:
manager: dougeby
-description: How to use the Update Compliance (preview) solution.
+description: How to use the Update Compliance (preview) data.
ms.prod: w10
author: mestew
ms.author: mstewart
diff --git a/windows/deployment/update/update-compliance-v2-workbook.md b/windows/deployment/update/update-compliance-v2-workbook.md
new file mode 100644
index 0000000000..a781782920
--- /dev/null
+++ b/windows/deployment/update/update-compliance-v2-workbook.md
@@ -0,0 +1,149 @@
+---
+title: Use the workbook for Update Compliance (preview)
+ms.reviewer:
+manager: dougeby
+description: How to use the Update Compliance (preview) workbook.
+ms.prod: w10
+author: mestew
+ms.author: mstewart
+ms.collection: M365-analytics
+ms.topic: article
+ms.date: 08/10/2022
+---
+
+# Update Compliance (preview) workbook
+
+***(Applies to: Windows 11 & Windows 10)***
+
+> [!IMPORTANT]
+> - As of August 17, 2022, a new step needs to be taken to ensure access to the preview version of Update Compliance and the `CommercialID` is no longer required. For more information, see [Configure Update Compliance settings through the Microsoft 365 admin center](update-compliance-v2-enable.md#bkmk_admin-center).
+> - This information relates to a preview feature that's available for early testing and use in a production environment. This feature is fully supported but it's still in active development and may receive substantial changes until it becomes generally available.
+
+[Update Compliance](update-compliance-v2-overview.md) presents information commonly needed by updates administrators in an easy to use format. Update Compliance uses [Azure Workbooks](/azure/azure-monitor/visualize/workbooks-getting-started) to give you a visual representation of your compliance data. The workbook is broken down into three tab sections:
+
+- [Summary](#summary-tab)
+- [Quality updates](#quality-updates-tab)
+- [Feature updates](#feature-updates-tab)
+
+:::image type="content" source="media/33771278-update-compliance-workbook-summary.png" alt-text="Screenshot of the summary tab in the Update Compliance workbook with the three tabbed sections outlined in red." lightbox="media/33771278-update-compliance-workbook-summary.png":::
+
+## Open the Update Compliance workbook
+
+To access the Update Compliance workbook:
+
+1. In the [Azure portal](https://portal.azure.com), select **Monitor** > **Workbooks** from the menu bar.
+ - You can also type **Monitor** in the search bar. As you begin typing, the list filters based on your input.
+
+1. When the gallery opens, select the **Update Compliance** workbook. If needed, you can filter workbooks by name in the gallery.
+1. When the workbook opens, you may need to specify which **Subscription** and **Workspace** you used when [enabling Update Compliance](update-compliance-v2-enable.md).
+
+## Summary tab
+
+The **Summary** tab gives you a brief high-level overview of the devices that you've enrolled into Update Compliance. The **Summary** tab contains tiles above the **Overall security update status** chart.
+
+### Summary tab tiles
+
+Each of these tiles contains an option to **View details**. When **View details** is selected for a tile, a flyout appears with additional information.
+
+:::image type="content" source="media/33771278-workbook-summary-tab-tiles.png" alt-text="Screenshot of the summary tab tiles in the Update Compliance workbook":::
+
+| Tile name | Description | View details description |
+|---|---|------|
+| **Enrolled devices** | Total number of devices that are enrolled into Update Compliance | Displays multiple charts about the operating systems (OS) for enrolled devices: **OS Version** **OS Edition** **OS Servicing Channel** **OS Architecture**|
+|**Active alerts** | Total number of active alerts on enrolled devices | Displays the top three active alert subtypes and the count of devices in each. Select the count of **Devices** to display a table of the devices. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). Select an **AlertSubtype** to display a list containing: - Each **Error Code** in the alert subtype - A **Description** of the error code - A **Recommendation** to help you remediate the error code - A count of **Devices** with the specific error code |
+| **Windows 11 eligibility** | Percentage of devices that are capable of running Windows 11 | Displays the following items: - **Windows 11 Readiness Status** chart - **Readiness Reason(s) Breakdown** chart that displays Windows 11 requirements that aren't met. - A table for **Readiness reason**. Select a reason to display a list of devices that don't meet a specific requirement for Windows 11. |
+
+### Summary tab charts
+
+The charts displayed in the **Summary** tab give you a general idea of the overall status of your devices. The two charts displayed include:
+
+- **Overall security update status**: Gives you general insight into of the current update compliance state of your enrolled devices. For instance, if the chart shows a large number of devices are missing multiple security updates, it may indicate an issue in the software update process.
+
+- **Feature update status**: Gives you a general understanding of how many devices are eligible for feature updates based on the operating system lifecycle.
+
+:::image type="content" source="media/33771278-overall-security-update-status.png" alt-text="Screenshot of the charts in the workbook's summary tab" lightbox="media/33771278-overall-security-update-status.png":::
+
+## Quality updates tab
+
+The **Quality updates** tab displays generalized data at the top by using tiles. The quality update data becomes more specific as you navigate lower in this tab. The top of the **Quality updates** tab contains tiles with the following information:
+
+- **Devices count**: Count of devices that have reported at least one security update is or was applicable and offered in the past 30 days, regardless of installation state of the update.
+- **Latest security update**: Count of devices that have installed the latest security update.
+- **Security update status**: Count of devices that haven't installed a security update released within the last 60 days.
+- **Total alerts**: Count of active alerts that are for quality updates.
+
+Below the tiles, the **Quality updates** tab is subdivided into **Update status** and **Device status** groups. These different chart groups allow you to easily discover trends in compliance data. For instance, you may remember that about third of your devices were in the installing state yesterday, but this number didn't change as much as you were expecting. That unexpected trend may cause you to investigate and resolve a potential issue before end-users are impacted.
+
+### Update status group for quality updates
+
+The **Update status** group for quality updates contains the following items:
+
+- **Update states for all security releases**: Chart containing the number of devices in a specific state, such as installing, for security updates.
+- **Update states for the latest security releases**: Chart containing the number of devices in a specific state for the most recent security update.
+- **Update alerts for all security releases**: Chart containing the count of active errors and warnings for security updates.
+
+:::image type="content" source="media/33771278-update-deployment-status-table.png" alt-text="Screenshot of the charts and table in the workbook's quality updates tab" lightbox="media/33771278-update-deployment-status-table.png":::
+
+The **Update deployment status** table displays the quality updates for each operating system version that were released within the last 60 days. For each update, drill-in further by selecting a value from the following columns:
+
+| Column name | Description | Drill-in description |
+|---|---|---|
+|**Alerts**| Number of different error codes encountered by devices for the update. | Selecting this number lists the alert name for each error code and a count of devices with the error. Select the device count to display a list of devices that have an active alert for the error code.
+| **KB Number** | KB number for the update | Selecting the KB number will open the support information webpage for the update.|
+| **Total devices** | Number of devices that have been offered the update, or are installing, have installed, or canceled the update. | Selecting the device count opens a device list table. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
+
+### Device status group for quality updates
+
+The **Device status** group for quality updates contains the following items:
+
+- **OS build number**: Chart containing a count of devices by OS build that are getting security updates.
+- **Target version**: Chart containing how many devices by operating system version that are getting security updates.
+- **Device compliance status**: Table containing a list of devices getting security updates and update installation information including active alerts for the devices.
+ - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+
+## Feature updates tab
+
+The **Feature updates** tab displays generalized data at the top by using tiles. The feature update data becomes more specific as you navigate lower in this tab. The top of the **Feature updates** tab contains tiles with the following information:
+
+- **Devices count**: Count of devices that have reported a feature update is or was applicable and offered in the past 30 days, regardless of installation state of the update.
+- **Feature update status**: Count of the devices that installed a feature update in the past 30 days.
+- **End Of Service**: Count of devices running an operating system version that no longer receives feature updates. For more information, see the [Windows lifecycle FAQ](/lifecycle/faq/windows).
+- **Nearing EOS** Count of devices that are within 18 months of their end of service date.
+- **Total alerts**: Count of active alerts that are for feature updates.
+
+Just like the [**Quality updates** tab](#quality-updates-tab), the **Feature updates** tab is also subdivided into **Update status** and **Device status** groups below the tiles.
+
+### Update status group for feature updates
+
+The **Update status** group for feature updates contains the following items:
+
+- **Target version**: Chart containing count of devices per targeted operating system version.
+- **Safeguard holds**: Chart containing count of devices per operating system version that are under a safeguard hold for a feature update
+- **Update alerts**: Chart containing the count of active errors and warnings for feature updates.
+
+**Update deployment status** table for feature updates displays the installation status by targeted operating system version. For each operating system version targeted the following columns are available:
+
+| Column name | Description | Drill-in description |
+|---|---|---|
+| **Total progress** | Percentage of devices that installed the targeted operating system version feature update within the last 30 days. | A bar graph is included in this column. Use the **Total devices** drill-in for additional information. |
+|**Alerts**| Number of different error codes encountered by devices for the update. | Selecting this number lists the alert name for each error code and a count of devices with the error. Select the device count to display a list of devices that have an active alert for the error code. |
+| **Total Devices** | Count of devices for each targeted operating system version that have been offered the update, or are installing, have installed, or canceled the feature update.| Selecting the device count opens a device list table. This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial). |
+
+### Device status group for feature updates
+
+The **Device status** group for feature updates contains the following items:
+
+- **Windows 11 readiness status**: Chart containing how many devices that have a status of capable, not capable, or unknown for Windows 11 readiness.
+- **Device alerts**: Count of active alerts for feature updates in each alert classification.
+- **Device compliance status**: Table containing a list of devices getting a feature update and installation information including active alerts for the devices.
+ - This table is limited to the first 250 rows. Select `...` to export the full list, or display the query in [Log Analytics](/azure/azure-monitor/logs/log-analytics-tutorial).
+
+## Customize the workbook
+
+Since the Update Compliance workbook is an [Azure Workbook template](/azure/azure-monitor/visualize/workbooks-templates), it can be customized to suit your needs. If you open a template, make some adjustments, and save it, the template is saved as a workbook. This workbook appears in green. The original template is left untouched. For more information about workbooks, see [Get started with Azure Workbooks](/azure/azure-monitor/visualize/workbooks-getting-started).
+
+
+## Next steps
+
+- Explore the [Update Compliance (preview) schema](update-compliance-v2-schema.md)
+- Review [Feedback, support, and troubleshooting](update-compliance-v2-help.md) information for Update Compliance
diff --git a/windows/deployment/update/update-status-admin-center.md b/windows/deployment/update/update-status-admin-center.md
index 71e40f2c64..08f6787ea7 100644
--- a/windows/deployment/update/update-status-admin-center.md
+++ b/windows/deployment/update/update-status-admin-center.md
@@ -30,15 +30,9 @@ The **Software updates** page has following tabs to assist you in monitoring upd
:::image type="content" source="media/37063317-admin-center-software-updates.png" alt-text="Screenshot of the Microsoft 365 admin center displaying the software updates page with the Windows tab selected." lightbox="media/37063317-admin-center-software-updates.png":::
-## Prerequisites
-
-- [Update Compliance](update-compliance-v2-overview.md) needs to be enabled with clients sending data to the solution
-- An appropriate role assigned for the [Microsoft 365 admin center](https://admin.microsoft.com)
- - To configure settings and view the **Software Updates** page:
- - [Global Administrator role](/azure/active-directory/roles/permissions-reference#global-administrator)
- - [Intune Administrator](/azure/active-directory/roles/permissions-reference#intune-administrator)
- - To view the **Software Updates** page:
- - [Global Reader role](/azure/active-directory/roles/permissions-reference#global-reader)
+## Permissions
+
+[!INCLUDE [Update Compliance script error codes](./includes/update-compliance-admin-center-permissions.md)]
## Limitations
@@ -47,18 +41,9 @@ Update Compliance is a Windows service hosted in Azure that uses Windows diagnos
## Get started
-1. Go to the [Microsoft 365 admin center](https://admin.microsoft.com/) and sign in.
-1. Expand **Health**, then select **Software Updates**. You may need to use the **Show all** option to display **Health** in the navigation menu.
-1. In the **Software Updates** page, select the **Windows** tab.
-1. When you select the **Windows** tab for the first time, you'll be asked to **Configure Settings**. This tab is populated by data from [Update Compliance](update-compliance-v2-overview.md). Verify or supply the following information about the settings for Update Compliance:
- - The Azure subscription
- - The Log Analytics workspace
-1. The initial setup can take up to 24 hours. During this time, the **Windows** tab will display that it's **Waiting for Update Compliance data**.
-1. After the initial setup is complete, the **Windows** tab will display your Update Compliance data in the charts.
-
-> [!Tip]
-> If you don't see an entry for **Software updates (preview)** in the menu, try going to this URL: [https://admin.microsoft.com/Adminportal/Home#/softwareupdates](https://admin.microsoft.com/Adminportal/Home#/softwareupdates).
+
+[!INCLUDE [Onboarding Update Compliance through the Microsoft 365 admin center](./includes/update-compliance-onboard-admin-center.md)]
## The Windows tab
diff --git a/windows/deployment/update/waas-overview.md b/windows/deployment/update/waas-overview.md
index 3a04bb79e1..63c12060d0 100644
--- a/windows/deployment/update/waas-overview.md
+++ b/windows/deployment/update/waas-overview.md
@@ -39,7 +39,7 @@ Deploying Windows 10 and Windows 11 is simpler than with previous versions of Wi
### Application compatibility
-Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows. .
+Application compatibility testing has historically been a burden when approaching a Windows deployment or upgrade. Application compatibility from the perspective of desktop applications, websites, and apps built on the Universal Windows Platform (UWP) has improved tremendously over older versions of Windows.
For the most important business-critical applications, organizations should still perform testing on a regular basis to validate compatibility with new builds. For remaining applications, consider validating them as part of a pilot deployment process to reduce the time spent on compatibility testing. Desktop Analytics is a cloud-based service that integrates with Configuration Manager. The service provides insight and intelligence for you to make more informed decisions about the update readiness of your Windows endpoints, including assessment of your existing applications. For more, see [Ready for modern desktop retirement FAQ](/mem/configmgr/desktop-analytics/ready-for-windows).
@@ -108,7 +108,7 @@ Specialized systems—such as devices that control medical equipment, point-of-s
>
> The Long-term Servicing channel is not intended for deployment on most or all the devices in an organization; it should be used only for special-purpose devices. As a general guideline, a device with Microsoft Office installed is a general-purpose device, typically used by an information worker, and therefore it is better suited for the General Availability channel.
-Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over a the product lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or perform a search on the [product lifecycle information](/lifecycle/products/) page.
+Microsoft never publishes feature updates through Windows Update on devices that run Windows 10 Enterprise LTSC. Instead, it typically offers new LTSC releases every 2–3 years, and organizations can choose to install them as in-place upgrades or even skip releases over the product's lifecycle. Always check your individual LTSC release to verify its servicing lifecycle. For more information, see [release information](/windows/release-health/release-information), or perform a search on the [product's lifecycle information](/lifecycle/products/) page.
> [!NOTE]
> LTSC releases will support the currently released processors and chipsets at the time of release of the LTSC. As future CPU generations are released, support will be created through future LTSC releases that customers can deploy for those systems. For more information, see **Supporting the latest processor and chipsets on Windows** in [Lifecycle support policy FAQ - Windows Products](/lifecycle/faq/windows).
diff --git a/windows/deployment/windows-autopatch/TOC.yml b/windows/deployment/windows-autopatch/TOC.yml
index c6e175c270..b56c8a8916 100644
--- a/windows/deployment/windows-autopatch/TOC.yml
+++ b/windows/deployment/windows-autopatch/TOC.yml
@@ -35,7 +35,7 @@
- name: Operate
href: operate/index.md
items:
- - name: Update management
+ - name: Software update management
href: operate/windows-autopatch-update-management.md
items:
- name: Windows updates
@@ -79,6 +79,8 @@
href: operate/windows-autopatch-wqu-unsupported-policies.md
- name: Microsoft 365 Apps for enterprise update policies
href: references/windows-autopatch-microsoft-365-policies.md
+ - name: Changes made at tenant enrollment
+ href: references/windows-autopatch-changes-to-tenant.md
- name: Privacy
href: references/windows-autopatch-privacy.md
- name: Windows Autopatch preview addendum
diff --git a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
index 7ff238e112..36f12e46cd 100644
--- a/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
+++ b/windows/deployment/windows-autopatch/operate/windows-autopatch-unenroll-tenant.md
@@ -33,14 +33,14 @@ Unenrolling from Windows Autopatch requires manual actions from both you and fro
| Responsibility | Description |
| ----- | ----- |
| Windows Autopatch data | Windows Autopatch will delete user data that is within the Windows Autopatch service. We won’t make changes to any other data. For more information about how data is used in Windows Autopatch, see [Privacy](../references/windows-autopatch-privacy.md). |
-| Deregistering devices | Windows Autopatch will deregister all devices previously registered with the service. Only the Windows Autopatch device record will be deleted. We will not delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Deregister a device](/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices). |
+| Deregistering devices | Windows Autopatch will deregister all devices previously registered with the service. Only the Windows Autopatch device record will be deleted. We won't delete Microsoft Intune and/or Azure Active Directory device records. For more information, see [Deregister a device](/windows/deployment/windows-autopatch/operate/windows-autopatch-deregister-devices). |
## Your responsibilities after unenrolling your tenant
| Responsibility | Description |
| ----- | ----- |
| Updates | After the Windows Autopatch service is unenrolled, we’ll no longer provide updates to your devices. You must ensure that your devices continue to receive updates through your own policies to ensure they're secure and up to date. |
-| Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. |
+| Optional Windows Autopatch configuration | Windows Autopatch won’t remove the configuration policies or groups used to enable updates on your devices. You're responsible for these policies following tenant unenrollment. If you don’t wish to use these policies for your devices after unenrollment, you may safely delete them. For more information, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md). |
| Windows Autopatch cloud service accounts | After unenrollment, you may safely remove the cloud service accounts created during the enrollment process. The accounts are: |
| Conditional access policy | After unenrollment, you may safely remove the **Modern Workplace – Secure Workstation** conditional access policy. |
| Microsoft Endpoint Manager roles | After unenrollment, you may safely remove the Modern Workplace Intune Admin role. |
diff --git a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
index 99940fe13f..7ff9f212c0 100644
--- a/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
+++ b/windows/deployment/windows-autopatch/prepare/windows-autopatch-enroll-tenant.md
@@ -99,6 +99,9 @@ Within the Readiness assessment tool, you'll now see the **Enroll** button. By s
Once these actions are complete, you've now successfully enrolled your tenant.
+> [!NOTE]
+> For more information about changes made to your tenant, see [Changes made at tenant enrollment](../references/windows-autopatch-changes-to-tenant.md).
+
### Delete data collected from the Readiness assessment tool
You can choose to delete the data we collect directly within the Readiness assessment tool.
diff --git a/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
new file mode 100644
index 0000000000..62a9d46a41
--- /dev/null
+++ b/windows/deployment/windows-autopatch/references/windows-autopatch-changes-to-tenant.md
@@ -0,0 +1,161 @@
+---
+title: Changes made at tenant enrollment
+description: This reference article details the changes made to your tenant when enrolling into Windows Autopatch
+ms.date: 08/08/2022
+ms.prod: w11
+ms.technology: windows
+ms.topic: reference
+ms.localizationpriority: medium
+author: tiaraquan
+ms.author: tiaraquan
+manager: dougeby
+msreviewer: hathind
+---
+
+# Changes made at tenant enrollment
+
+## Service principal
+
+Windows Autopatch will create a service principal in your tenant allowing the service to establish an identity and restrict access to what resources the service has access to within the tenant. For more information, see [Application and service principal objects in Azure Active Directory](/azure/active-directory/develop/app-objects-and-service-principals#service-principal-object). The service principal created by Windows Autopatch is:
+
+- Modern Workplace Customer APIs
+
+## Azure Active Directory groups
+
+Windows Autopatch will create Azure Active Directory groups that are required to operate the service. The following groups are used for targeting Windows Autopatch configurations to devices and management of the service by our service accounts.
+
+| Group name | Description |
+| ----- | ----- |
+| Modern Workplace-All | All Modern Workplace users |
+| Modern Workplace - Windows 11 Pre-Release Test Devices | Device group for Windows 11 Pre-Release testing. |
+| Modern Workplace Devices-All | All Modern Workplace devices |
+| Modern Workplace Devices-Windows Autopatch-Test | Immediate ring for device rollout |
+| Modern Workplace Devices-Windows Autopatch-First | First production ring for early adopters |
+| Modern Workplace Devices-Windows Autopatch-Fast | Fast ring for quick rollout and adoption |
+| Modern Workplace Devices-Windows Autopatch-Broad | Final ring for broad rollout into an organization |
+| Modern Workplace Devices Dynamic - Windows 10 | Microsoft Managed Desktop Devices with Windows 10Group Rule:
- `(device.devicePhysicalIds -any _ -startsWith \"[OrderID]:Microsoft365Managed_\")`
- `(device.deviceOSVersion -notStartsWith \"10.0.22000\")`
Exclusions:- Modern Workplace - Telemetry Settings for Windows 11
|
+| Modern Workplace Devices Dynamic - Windows 11 | Microsoft Managed Desktop Devices with Windows 11Group Rule:
- `(device.devicePhysicalIds -any _ -startsWith \"[OrderID]:Microsoft365Managed_\")`
- `(device.deviceOSVersion -startsWith \"10.0.22000\")`
Exclusions:- Modern Workplace - Telemetry Settings for Windows 10
|
+| Modern Workplace Roles - Service Administrator | All users granted access to Modern Workplace Service Administrator Role |
+| Modern Workplace Roles - Service Reader | All users granted access to Modern Workplace Service Reader Role |
+| Modern Workplace Service - Intune Admin All | Group for Intune AdminsAssigned to:
- Modern Workplace Service Accounts
|
+| Modern Workplace Service - Intune Reader All | Group for Intune readersAssigned to:
- Modern Workplace Service Accounts
|
+| Modern Workplace Service - Intune Reader MMD | Group for Intune readers of MMD devices and usersAssigned to:
- Modern Workplace Service Accounts
|
+| Modern Workplace Service Accounts | Group for Windows Autopatch service accounts |
+| Windows Autopatch Device Registration | Group for automatic device registration for Windows Autopatch |
+
+## Windows Autopatch enterprise applications
+
+Enterprise applications are applications (software) that a business uses to do its work.
+
+Windows Autopatch creates an enterprise application in your tenant. This enterprise application is a first party application used to run the Windows Autopatch service.
+
+| Enterprise application name | Usage | Permissions |
+| ----- | ------ | ----- |
+| Modern Workplace Management | This enterprise application is a limited first party enterprise application with elevated privileges. This account is used to manage the service, publish baseline configuration updates, and maintain overall service health. | - DeviceManagementApps.ReadWrite.All
- DeviceManagementConfiguration.ReadWrite.All
- DeviceManagementManagedDevices.PriviligedOperation.All
- DeviceManagementManagedDevices.ReadWrite.All
- DeviceManagementRBAC.ReadWrite.All
- DeviceManagementServiceConfig.ReadWrite.All
- Directory.Read.All
- Group.Create
- Policy.Read.All
- WindowsUpdates.Read.Write.All
|
+
+> [!NOTE]
+> Enterprise application authentication is only available on tenants enrolled after July 9th, 2022. For tenants enrolled before this date, Enterprise Application authentication will be made available for enrollment soon.
+
+## Windows Autopatch cloud service accounts
+
+Windows Autopatch will create three cloud service accounts in your tenant. These accounts are used to run the service and all need to be excluded from any multi-factor authentication controls.
+
+> [!NOTE]
+> Effective Aug 15th, 2022, these accounts will no longer be added to newly enrolled tenants, and existing tenants will be provided an option to migrate to enterprise application-based authentication. These accounts will be removed with that transition.
+
+| Cloud service account name | Usage | Mitigating controls |
+| ----- | ----- | ------ |
+| MsAdmin@tenantDomain.onmicrosoft.com | - This account is a limited-service account with administrator privileges. This account is used as an Intune and User administrator to define and configure the tenant for Microsoft Modern desktop devices.
- This account doesn't have interactive sign-in permissions. The account performs operations only through the service.
| Audited sign-ins |
+| MsAdminInt@tenantDomain.onmicrosoft.com | - This account is an Intune and User administrator account used to define and configure the tenant for Modern Workplace devices.
- This account is used for interactive sign-in to the customers’ tenant.
- The use of this account is extremely limited as most operations are exclusively through msadmin (non-interactive).
| - Restricted to be accessed only from defined secure access workstations (SAWs) through the Modern Workplace - Secure Workstation conditional access policy.
- Audited sign-ins
|
+| MsTest@tenantDomain.onmicrosoft.com | This is a standard account used as a validation account for initial configuration and roll out of policy, application, and device compliance settings. | Audited sign-ins |
+
+## Device configuration policies
+
+- Modern Workplace - Set MDM to Win Over GPO
+- Modern Workplace - Telemetry Settings for Windows 10
+- Modern Workplace - Telemetry Settings for Windows 11
+- Modern Workplace-Window Update Detection Frequency
+- Modern Workplace - Data Collection
+
+| Policy name | Policy description | OMA | Value |
+| ----- | ----- | ----- | ----- |
+| Modern Workplace - Set MDM to Win Over GPO | Sets mobile device management (MDM) to win over GPOAssigned to:
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace Devices-Windows Autopatch-Fast
- Modern Workplace Devices-Windows Autopatch-Broad
| | |
+| Modern Workplace - Telemetry Settings for Windows 10 | Telemetry settings for Windows 10Assigned to:
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace Devices-Windows Autopatch-Fast
- Modern Workplace Devices-Windows Autopatch-Broad
|[./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry) | 2 |
+| Modern Workplace - Telemetry Settings for Windows 11 | Telemetry settings for Windows 11Assigned to:
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace Devices-Windows Autopatch-Fast
- Modern Workplace Devices-Windows Autopatch-Broad
|- [./Device/Vendor/MSFT/Policy/Config/System/AllowTelemetry ](/windows/client-management/mdm/policy-csp-system#system-allowtelemetry)
- [./Device/Vendor/MSFT/Policy/Config/System/LimitEnhancedDiagnosticDataWindowsAnalytics](/windows/client-management/mdm/policy-csp-system#system-limitenhanceddiagnosticdatawindowsanalytics)
- [./Device/Vendor/MSFT/Policy/Config/System/LimitDumpCollection](/windows/client-management/mdm/policy-csp-system#system-limitdumpcollection)
- [./Device/Vendor/MSFT/Policy/Config/System/LimitDiagnosticLogCollection](/windows/client-management/mdm/policy-csp-system#system-limitdiagnosticlogcollection)
|- 3
- 1
- 1
- 1
|
+| Modern Workplace - Windows Update Detection Frequency | Sets Windows update detection frequencyAssigned to:
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace Devices-Windows Autopatch-Fast
- Modern Workplace Devices-Windows Autopatch-Broad
| [./Vendor/MSFT/Policy/Config/Update/DetectionFrequency](/windows/client-management/mdm/policy-csp-update#update-detectionfrequency)| 4 |
+| Modern Workplace - Data Collection | Allows diagnostic data from this device to be processed by Microsoft Managed Desktop.Assigned to:
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace Devices-Windows Autopatch-Fast
- Modern Workplace Devices-Windows Autopatch-Broad
| | |
+
+## Update rings for Windows 10 and later
+
+- Modern Workplace Update Policy [Test]-[Windows Autopatch]
+- Modern Workplace Update Policy [First]-[Windows Autopatch]
+- Modern Workplace Update Policy [Fast]-[Windows Autopatch]
+- Modern Workplace Update Policy [Broad]-[Windows Autopatch]
+
+| Policy name | Policy description | OMA | Value |
+| ----- | ----- | ----- | ----- |
+| Modern Workplace Update Policy [Test]-[Windows Autopatch | Windows Update for Business Configuration for the Test RingAssigned to:
- Modern Workplace Devices-Windows Autopatch-Test
|- QualityUpdatesDeferralPeriodInDays
- FeatureUpdatesDeferralPeriodInDays
- FeatureUpdatesRollbackWindowInDays
- BusinessReadyUpdatesOnly
- AutomaticUpdateMode
- InstallTime
- DeadlineForFeatureUpdatesInDays
- DeadlineForQualityUpdatesInDays
- DeadlineGracePeriodInDays
- PostponeRebootUntilAfterDeadline
- DriversExcluded
|- 0
- 0
- 30
- All
- WindowsDefault
- 3
- 5
- 0
- 0
- False
- False
|
+| Modern Workplace Update Policy [First]-[Windows Autopatch] | Windows Update for Business Configuration for the First Ring Assigned to:
- Modern Workplace Devices-Windows Autopatch-First
|- QualityUpdatesDeferralPeriodInDays
- FeatureUpdatesDeferralPeriodInDays
- FeatureUpdatesRollbackWindowInDays
- BusinessReadyUpdatesOnly
- AutomaticUpdateMode
- InstallTime
- DeadlineForFeatureUpdatesInDays
- DeadlineForQualityUpdatesInDays
- DeadlineGracePeriodInDays
- PostponeRebootUntilAfterDeadline
- DriversExcluded
|- 1
- 0
- 30
- All
- WindowsDefault
- 3
- 5
- 2
- 2
- False
- False
|
+| Modern Workplace Update Policy [Fast]-[Windows Autopatch] | Windows Update for Business Configuration for the Fast RingAssigned to:
- Modern Workplace Devices-Windows Autopatch-Fast
|- QualityUpdatesDeferralPeriodInDays
- FeatureUpdatesDeferralPeriodInDays
- FeatureUpdatesRollbackWindowInDays
- BusinessReadyUpdatesOnly
- AutomaticUpdateMode
- InstallTime
- DeadlineForFeatureUpdatesInDays
- DeadlineForQualityUpdatesInDays
- DeadlineGracePeriodInDays
- PostponeRebootUntilAfterDeadline
- DriversExcluded
|- 6
- 0
- 30
- All
- WindowsDefault
- 3
- 5
- 2
- 2
- False
- False
|
+| Modern Workplace Update Policy [Broad]-[Windows Autopatch] | Windows Update for Business Configuration for the Broad RingAssigned to:
- Modern Workplace Devices-Windows Autopatch-Broad
|- QualityUpdatesDeferralPeriodInDays
- FeatureUpdatesDeferralPeriodInDays
- FeatureUpdatesRollbackWindowInDays
- BusinessReadyUpdatesOnly
- AutomaticUpdateMode
- InstallTime
- DeadlineForFeatureUpdatesInDays
- DeadlineForQualityUpdatesInDays
- DeadlineGracePeriodInDays
- PostponeRebootUntilAfterDeadline
- DriversExcluded
|- 9
- 0
- 30
- All
- WindowsDefault
- 3
- 5
- 5
- 2
- False
- False
|
+
+## Feature update policies
+
+- Modern Workplace DSS Policy [Test]
+- Modern Workplace DSS Policy [First]
+- Modern Workplace DSS Policy [Fast]
+- Modern Workplace DSS Policy [Broad]
+- Modern Workplace DSS Policy [Windows 11]
+
+| Policy name | Policy description | Value |
+| ----- | ----- | ----- |
+| Modern Workplace DSS Policy [Test] | DSS policy for Test device group | Assigned to:- Modern Workplace Devices-Windows Autopatch-Test
Exclude from:- Modern Workplace - Windows 11 Pre-Release Test Devices
|
+| Modern Workplace DSS Policy [First] | DSS policy for First device group | Assigned to:- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace - Windows 11 Pre-Release Test Devices
|
+| Modern Workplace DSS Policy [Fast] | DSS policy for Fast device group | Assigned to:- Modern Workplace Devices-Windows Autopatch-Fast
Exclude from:- Modern Workplace - Windows 11 Pre-Release Test Devices
|
+| Modern Workplace DSS Policy [Broad] | DSS policy for Broad device group | Assigned to:- Modern Workplace Devices-Windows Autopatch-Broad
Exclude from:- Modern Workplace - Windows 11 Pre-Release Test Devices
|
+| Modern Workplace DSS Policy [Windows 11] | Windows 11 DSS policy | Assigned to:- Modern Workplace - Windows 11 Pre-Release Test Devices
|
+
+## Microsoft Office update policies
+
+- Modern Workplace - Office ADMX Deployment
+- Modern Workplace - Office Configuration v5
+- Modern Workplace - Office Update Configuration [Test]
+- Modern Workplace - Office Update Configuration [First]
+- Modern Workplace - Office Update Configuration [Fast]
+- Modern Workplace - Office Update Configuration [Broad]
+
+| Policy name | Policy description | OMA | Value |
+| ----- | ----- | ----- | ----- |
+| Modern Workplace - Office ADMX Deployment | ADMX file for OfficeAssigned to:
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace Devices-Windows Autopatch-Fast
- Modern Workplace Devices-Windows Autopatch-Broad
| | |
+| Modern Workplace - Office Configuration v5 | Sets Office Update Channel to the Monthly Enterprise servicing branch.Assigned to:
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace Devices-Windows Autopatch-Fast
- Modern Workplace Devices-Windows Autopatch-Broad
| | |
+| Modern Workplace - Office Update Configuration [Test] | Sets the Office update deadlineAssigned to:
- Modern Workplace Devices-Windows Autopatch-Test
|- `./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`
- `./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`
|- Enabled; L_UpdateDeadlineID == 7
- Enabled; L_DeferUpdateDaysID == 0
|
+| Modern Workplace - Office Update Configuration [First] | Sets the Office update deadlineAssigned to:
- Modern Workplace Devices-Windows Autopatch-First
|- `./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`
- `./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`
| - Enabled; L_UpdateDeadlineID == 7
- Enabled; L_DeferUpdateDaysID == 0
|
+| Modern Workplace - Office Update Configuration [Fast] | Sets the Office update deadlineAssigned to:
- Modern Workplace Devices-Windows Autopatch-Fast
|- `./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`
- `./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`
| - Enabled; L_UpdateDeadlineID == 7
- Enabled; L_DeferUpdateDaysID == 3
|
+| Modern Workplace - Office Update Configuration [Broad] | Sets the Office update deadline
Assigned to:- Modern Workplace Devices-Windows Autopatch-Broad
|- `./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_UpdateDeadline`
- `./Device/Vendor/MSFT/Policy/Config/Office365ProPlus~Policy~L_MicrosoftOfficemachine~L_Updates/L_DeferUpdateDays`
|- Enabled; L_UpdateDeadlineID == 7
- Enabled; L_DeferUpdateDaysID == 7
|
+
+## Microsoft Edge update policies
+
+- Modern Workplace - Edge Update ADMX Deployment
+- Modern Workplace - Edge Update Channel Stable
+- Modern Workplace - Edge Update Channel Beta
+
+| Policy name | Policy description | OMA | Value |
+| ----- | ----- | ----- | ----- |
+| Modern Workplace - Edge Update ADMX Deployment | Deploys ADMX update policy for EdgeAssigned to:
- Modern Workplace Devices-Windows Autopatch-Test
- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace Devices-Windows Autopatch-Fast
- Modern Workplace Devices-Windows Autopatch-Broad
| | |
+| Modern Workplace - Edge Update Channel Stable | Deploys updates via the Edge Stable ChannelAssigned to:
- Modern Workplace Devices-Windows Autopatch-First
- Modern Workplace Devices-Windows Autopatch-Fast
- Modern Workplace Devices-Windows Autopatch-Broad
| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
+| Modern Workplace - Edge Update Channel Beta | Deploys updates via the Edge Beta ChannelAssigned to:
- Modern Workplace Devices-Windows Autopatch-Test
| `./Device/Vendor/MSFT/Policy/Config/MicrosoftEdgeUpdate~Policy~Cat_EdgeUpdate~Cat_Applications~Cat_MicrosoftEdge/Pol_TargetChannelMicrosoftEdge` | Enabled |
+
+## Conditional access policies
+
+> [!NOTE]
+> Effective Aug 15, 2022, the following policy will no longer be added to newly enrolled tenants, and existing tenants will be provided an option to migrate to enterprise application-based authentication. This policy will be removed with that transition.
+
+| Conditional access policy | Description |
+| ----- | ----- |
+| Modern Workplace - Secure Workstation | This policy is targeted to only the Windows Autopatch cloud service accounts. The policy blocks access to the tenant unless the user is accessing the tenant from a Microsoft authorized location. |
+
+## PowerShell scripts
+
+| Script | Description |
+| ----- | ----- |
+| Modern Workplace - Autopatch Client Setup | Installs necessary client components for the Windows Autopatch service |
diff --git a/windows/security/identity-protection/access-control/access-control.md b/windows/security/identity-protection/access-control/access-control.md
index 2dfc4dc841..3463887878 100644
--- a/windows/security/identity-protection/access-control/access-control.md
+++ b/windows/security/identity-protection/access-control/access-control.md
@@ -2,23 +2,23 @@
title: Access Control Overview (Windows 10)
description: Access Control Overview
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: sulahiri
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/18/2017
+appliesto:
+- ✅ Windows 10
+- ✅ Windows Server 2016
---
# Access Control Overview
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
This topic for the IT professional describes access control in Windows, which is the process of authorizing users, groups, and computers to access objects on the network or computer. Key concepts that make up access control are permissions, ownership of objects, inheritance of permissions, user rights, and object auditing.
## Feature description
diff --git a/windows/security/identity-protection/access-control/local-accounts.md b/windows/security/identity-protection/access-control/local-accounts.md
index b6149dcddb..cf62379ed8 100644
--- a/windows/security/identity-protection/access-control/local-accounts.md
+++ b/windows/security/identity-protection/access-control/local-accounts.md
@@ -2,25 +2,26 @@
title: Local Accounts (Windows 10)
description: Learn how to secure and manage access to the resources on a standalone or member server for services or users.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: sulahiri
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 06/17/2022
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Local Accounts
-**Applies to**
-- Windows 11
-- Windows 10
-- Windows Server 2019
-- Windows Server 2016
-
This reference article for IT professionals describes the default local user accounts for servers, including how to manage these built-in accounts on a member or standalone server.
## About local user accounts
@@ -116,13 +117,13 @@ In addition, the guest user in the Guest account shouldn't be able to view the e
The HelpAssistant account is a default local account that is enabled when a Remote Assistance session is run. This account is automatically disabled when no Remote Assistance requests are pending.
-HelpAssistant is the primary account that is used to establish a Remote Assistance session. The Remote Assistance session is used to connect to another computer running the Windows operating system, and it's initiated by invitation. For solicited remote assistance, a user sends an invitation from their computer, through e-mail or as a file, to a person who can provide assistance. After the users invitation for a Remote Assistance session is accepted, the default HelpAssistant account is automatically created to give the person who provides assistance limited access to the computer. The HelpAssistant account is managed by the Remote Desktop Help Session Manager service.
+HelpAssistant is the primary account that is used to establish a Remote Assistance session. The Remote Assistance session is used to connect to another computer running the Windows operating system, and it's initiated by invitation. For solicited remote assistance, a user sends an invitation from their computer, through e-mail or as a file, to a person who can provide assistance. After the user's invitation for a Remote Assistance session is accepted, the default HelpAssistant account is automatically created to give the person who provides assistance limited access to the computer. The HelpAssistant account is managed by the Remote Desktop Help Session Manager service.
**Security considerations**
The SIDs that pertain to the default HelpAssistant account include:
-- SID: S-1-5-<domain>-13, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note: In Windows Server 2008, Remote Desktop Services are called Terminal Services.
+- SID: S-1-5-<domain>-13, display name Terminal Server User. This group includes all users who sign in to a server with Remote Desktop Services enabled. Note: In Windows Server 2008, Remote Desktop Services is called Terminal Services.
- SID: S-1-5-<domain>-14, display name Remote Interactive Logon. This group includes all users who connect to the computer by using a remote desktop connection. This group is a subset of the Interactive group. Access tokens that contain the Remote Interactive Logon SID also contain the Interactive SID.
diff --git a/windows/security/identity-protection/configure-s-mime.md b/windows/security/identity-protection/configure-s-mime.md
index 9184e9a43d..b1d3c58e26 100644
--- a/windows/security/identity-protection/configure-s-mime.md
+++ b/windows/security/identity-protection/configure-s-mime.md
@@ -1,15 +1,17 @@
---
title: Configure S/MIME for Windows
description: S/MIME lets users encrypt outgoing messages and attachments so that only intended recipients with a digital ID, also known as a certificate, can read them.
-ms.reviewer:
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/27/2017
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
@@ -25,7 +27,7 @@ S/MIME stands for Secure/Multipurpose Internet Mail Extensions, and provides an
Users can send encrypted message to people in their organization and people outside their organization if they have their encryption certificates. However, users using Windows Mail app can only read encrypted messages if the message is received on their Exchange account and they have corresponding decryption keys.
-Encrypted messages can be read only by recipients who have a certificate. If you try to send an encrypted message to recipient(s) whose encryption certificate are not available, the app will prompt you to remove these recipients before sending the email.
+Encrypted messages can be read only by recipients who have a certificate. If you try to send an encrypted message to recipients whose encryption certificate is not available, the app will prompt you to remove these recipients before sending the email.
## About digital signatures
@@ -80,7 +82,7 @@ When you receive an encrypted message, the mail app will check whether there is
## Install certificates from a received message
-When you receive a signed email, the app provide feature to install corresponding encryption certificate on your device if the certificate is available. This certificate can then be used to send encrypted email to this person.
+When you receive a signed email, the app provides a feature to install corresponding encryption certificate on your device if the certificate is available. This certificate can then be used to send encrypted email to this person.
1. Open a signed email.
@@ -89,4 +91,4 @@ When you receive a signed email, the app provide feature to install correspondin
3. Tap **Install.**
:::image type="content" alt-text="message security information." source="images/installcert.png":::
-
\ No newline at end of file
+
diff --git a/windows/security/identity-protection/credential-guard/additional-mitigations.md b/windows/security/identity-protection/credential-guard/additional-mitigations.md
index 5be4c34c1e..ae0b3c7b76 100644
--- a/windows/security/identity-protection/credential-guard/additional-mitigations.md
+++ b/windows/security/identity-protection/credential-guard/additional-mitigations.md
@@ -3,13 +3,13 @@ title: Additional mitigations
description: Advice and sample code for making your domain environment more secure and robust with Windows Defender Credential Guard.
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
-ms.reviewer:
---
# Additional mitigations
@@ -18,7 +18,7 @@ Windows Defender Credential Guard can provide mitigation against attacks on deri
## Restricting domain users to specific domain-joined devices
-Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on to multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on using devices that have Windows Defender Credential Guard enabled? By deploying authentication policies that restrict them to specific domain-joined devices that have been configured with Windows Defender Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used.
+Credential theft attacks allow the attacker to steal secrets from one device and use them from another device. If a user can sign on to multiple devices then any device could be used to steal credentials. How do you ensure that users only sign on with devices that have Windows Defender Credential Guard enabled? By deploying authentication policies that restrict them to specific domain-joined devices that have been configured with Windows Defender Credential Guard. For the domain controller to know what device a user is signing on from, Kerberos armoring must be used.
### Kerberos armoring
@@ -32,7 +32,7 @@ Kerberos armoring is part of RFC 6113. When a device supports Kerberos armoring,
### Protecting domain-joined device secrets
-Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Windows Defender Credential Guard, the private key can be protected. Then authentication policies can require that users sign on devices that authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user.
+Since domain-joined devices also use shared secrets for authentication, attackers can steal those secrets as well. By deploying device certificates with Windows Defender Credential Guard, the private key can be protected. Then authentication policies can require that users sign on to devices that authenticate using those certificates. This prevents shared secrets stolen from the device to be used with stolen user credentials to sign on as the user.
Domain-joined device certificate authentication has the following requirements:
- Devices' accounts are in Windows Server 2012 domain functional level or higher.
@@ -96,13 +96,13 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro
.\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”"
```
-### Restricting user sign on
+### Restricting user sign-on
So we now have completed the following:
- Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign on
- Mapped that policy to a universal security group or claim
-- Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies.
+- Provided a way for domain controllers to get the device authorization data during user sign-on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies.
Authentication policies have the following requirements:
- User accounts are in a Windows Server 2012 domain functional level or higher domain.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
index 7b1cc141be..22f3e34740 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-considerations.md
@@ -3,23 +3,23 @@ title: Advice while using Windows Defender Credential Guard (Windows)
description: Considerations and recommendations for certain scenarios when using Windows Defender Credential Guard in Windows.
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/31/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Considerations when using Windows Defender Credential Guard
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-
Passwords are still weak. We recommend that in addition to deploying Windows Defender Credential Guard, organizations move away from passwords to other authentication methods, such as physical smart cards, virtual smart cards, or Windows Hello for Business.
Windows Defender Credential Guard uses hardware security, so some features such as Windows To Go, aren't supported.
@@ -80,8 +80,8 @@ Domain user sign-in on a domain-joined device after clearing a TPM for as long a
|Credential Type | Windows version | Behavior
|---|---|---|
| Certificate (smart card or Windows Hello for Business) | All | All data protected with user DPAPI is unusable and user DPAPI doesn't work at all. |
-| Password | Windows 10 v1709 or later | If the user signed-in with a certificate or password prior to clearing the TPM, then they can sign-in with password and user DPAPI is unaffected.
-| Password | Windows 10 v1703 | If the user signed-in with a password prior to clearing the TPM, then they can sign-in with that password and are unaffected.
+| Password | Windows 10 v1709 or later | If the user signed in with a certificate or password prior to clearing the TPM, then they can sign-in with password and user DPAPI is unaffected.
+| Password | Windows 10 v1703 | If the user signed in with a password prior to clearing the TPM, then they can sign-in with that password and are unaffected.
| Password | Windows 10 v1607 or earlier | Existing user DPAPI protected data is unusable. User DPAPI is able to protect new data.
Once the device has connectivity to the domain controllers, DPAPI recovers the user's key and data protected prior to clearing the TPM can be decrypted.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
index 787063e450..b48fb5bbb3 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-how-it-works.md
@@ -3,24 +3,23 @@ title: How Windows Defender Credential Guard works
description: Learn how Windows Defender Credential Guard uses virtualization to protect secrets, so that only privileged system software can access them.
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# How Windows Defender Credential Guard works
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-
-
Kerberos, NTLM, and Credential manager isolate secrets by using virtualization-based security. Previous versions of Windows stored secrets in the Local Security Authority (LSA). Prior to Windows 10, the LSA stored secrets used by the operating system in its process memory. With Windows Defender Credential Guard enabled, the LSA process in the operating system talks to a new component called the isolated LSA process that stores and protects those secrets. Data stored by the isolated LSA process is protected using Virtualization-based security and isn't accessible to the rest of the operating system. LSA uses remote procedure calls to communicate with the isolated LSA process.
For security reasons, the isolated LSA process doesn't host any device drivers. Instead, it only hosts a small subset of operating system binaries that are needed for security and nothing else. All of these binaries are signed with a certificate that is trusted by virtualization-based security and these signatures are validated before launching the file in the protected environment.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
index b76dd3d133..e190e70c49 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-known-issues.md
@@ -3,24 +3,22 @@ title: Windows Defender Credential Guard - Known issues (Windows)
description: Windows Defender Credential Guard - Known issues in Windows Enterprise
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 01/26/2022
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
-
# Windows Defender Credential Guard: Known issues
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-
Windows Defender Credential Guard has certain application requirements. Windows Defender Credential Guard blocks specific authentication capabilities. So applications that require such capabilities won't function when it's enabled. For more information, see [Application requirements](credential-guard-requirements.md#application-requirements).
The following known issues have been fixed in the [Cumulative Security Update for November 2017](https://support.microsoft.com/topic/november-27-2017-kb4051033-os-build-14393-1914-447b6b88-e75d-0a24-9ab9-5dcda687aaf4):
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-manage.md b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
index a2392e3e3c..1b61031be8 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-manage.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-manage.md
@@ -3,9 +3,10 @@ title: Manage Windows Defender Credential Guard (Windows)
description: Learn how to deploy and manage Windows Defender Credential Guard using Group Policy, the registry, or hardware readiness tools.
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: v-tappelgate
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
@@ -13,17 +14,14 @@ ms.topic: article
ms.custom:
- CI 120967
- CSSTroubleshooting
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
-
# Manage Windows Defender Credential Guard
-
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-- Windows Server 2022
-
## Enable Windows Defender Credential Guard
Windows Defender Credential Guard can be enabled either by using [Group Policy](#enable-windows-defender-credential-guard-by-using-group-policy), the [registry](#enable-windows-defender-credential-guard-by-using-the-registry), or the [Hypervisor-Protected Code Integrity (HVCI) and Windows Defender Credential Guard hardware readiness tool](#enable-windows-defender-credential-guard-by-using-the-hvci-and-windows-defender-credential-guard-hardware-readiness-tool). Windows Defender Credential Guard can also protect secrets in a Hyper-V virtual machine, just as it would on a physical machine.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
index fba979bcbb..445168ffc1 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-not-protected-scenarios.md
@@ -3,23 +3,23 @@ title: Windows Defender Credential Guard protection limits & mitigations (Window
description: Scenarios not protected by Windows Defender Credential Guard in Windows, and additional mitigations you can use.
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Windows Defender Credential Guard protection limits and mitigations
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-
Prefer video? See [Credentials protected by Windows Defender Credential Guard](https://mva.microsoft.com/en-us/training-courses/deep-dive-into-credential-guard-16651?l=pdc37LJyC_1204300474)
in the Deep Dive into Windows Defender Credential Guard video series.
@@ -123,13 +123,13 @@ Beginning with the Windows Server 2008 R2 domain functional level, domain contro
.\set-IssuancePolicyToGroupLink.ps1 –IssuancePolicyName:"" –groupOU:"" –groupName:”"
```
-#### Restricting user sign on
+#### Restricting user sign-on
So we now have completed the following:
- Created a special certificate issuance policy to identify devices that meet the deployment criteria required for the user to be able to sign on
- Mapped that policy to a universal security group or claim
-- Provided a way for domain controllers to get the device authorization data during user sign on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies.
+- Provided a way for domain controllers to get the device authorization data during user sign-on using Kerberos armoring. Now what is left to do is to configure the access check on the domain controllers. This is done using authentication policies.
Authentication policies have the following requirements:
- User accounts are in a Windows Server 2012 domain functional level or higher domain.
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
index 1b47f91c82..ba9aa464db 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-protection-limits.md
@@ -3,23 +3,22 @@ title: Windows Defender Credential Guard protection limits (Windows)
description: Some ways to store credentials are not protected by Windows Defender Credential Guard in Windows. Learn more with this guide.
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
-
# Windows Defender Credential Guard protection limits
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-
Some ways to store credentials are not protected by Windows Defender Credential Guard, including:
- Software that manages credentials outside of Windows feature protection
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
index cd0217dffe..e4d7f90a39 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-requirements.md
@@ -3,25 +3,25 @@ title: Windows Defender Credential Guard Requirements (Windows)
description: Windows Defender Credential Guard baseline hardware, firmware, and software requirements, and additional protections for improved security.
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.date: 12/27/2021
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Windows Defender Credential Guard: Requirements
-## Applies to
-
-- Windows 11
-- Windows 10
-- Windows Server 2019
-- Windows Server 2016
-
For Windows Defender Credential Guard to provide protection, the computers you are protecting must meet certain baseline hardware, firmware, and software requirements, which we will refer to as [Hardware and software requirements](#hardware-and-software-requirements). Additionally, Windows Defender Credential Guard blocks specific authentication capabilities, so applications that require such capabilities will break. We will refer to these requirements as [Application requirements](#application-requirements). Beyond these requirements, computers can meet additional hardware and firmware qualifications, and receive additional protections. Those computers will be more hardened against certain threats. For detailed information on baseline protections, plus protections for improved security that are associated with hardware and firmware options available in 2015, 2016, and 2017, refer to the tables in [Security Considerations](#security-considerations).
## Hardware and software requirements
diff --git a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
index ac96f2cc37..d235f8a2dc 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard-scripts.md
@@ -3,18 +3,17 @@ title: Scripts for Certificate Issuance Policies in Windows Defender Credential
description: Obtain issuance policies from the certificate authority for Windows Defender Credential Guard on Windows.
ms.prod: m365-security
ms.localizationpriority: medium
-author: dulcemontemayor
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.date: 08/17/2017
-ms.reviewer:
---
# Windows Defender Credential Guard: Scripts for Certificate Authority Issuance Policies
-
Here is a list of scripts mentioned in this topic.
## Get the available issuance policies on the certificate authority
diff --git a/windows/security/identity-protection/credential-guard/credential-guard.md b/windows/security/identity-protection/credential-guard/credential-guard.md
index 08cb1d98b8..db31018523 100644
--- a/windows/security/identity-protection/credential-guard/credential-guard.md
+++ b/windows/security/identity-protection/credential-guard/credential-guard.md
@@ -1,28 +1,28 @@
---
title: Protect derived domain credentials with Windows Defender Credential Guard (Windows)
description: Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them.
-ms.reviewer:
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.date: 03/10/2022
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Protect derived domain credentials with Windows Defender Credential Guard
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-
-Introduced in Windows 10 Enterprise and Windows Server 2016, Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
+Windows Defender Credential Guard uses virtualization-based security to isolate secrets so that only privileged system software can access them. Unauthorized access to these secrets can lead to credential theft attacks, such as Pass-the-Hash or Pass-The-Ticket. Windows Defender Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, and credentials stored by applications as domain credentials.
By enabling Windows Defender Credential Guard, the following features and solutions are provided:
diff --git a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
index 1128ef5604..603dcc1d9c 100644
--- a/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
+++ b/windows/security/identity-protection/credential-guard/dg-readiness-tool.md
@@ -3,23 +3,22 @@ title: Windows Defender Device Guard and Windows Defender Credential Guard hardw
description: Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool script
ms.prod: m365-security
ms.localizationpriority: medium
-author: SteveSyfuhs
-ms.author: stsyfuhs
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: erikdau
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Windows Defender Device Guard and Windows Defender Credential Guard hardware readiness tool
-**Applies to:**
-- Windows 10
-- Windows 11
-- Windows Server 2016
-- Windows Server 2019
-- Windows Server 2022
-
```powershell
# Script to find out if a machine is Device Guard compliant.
# The script requires a driver verifier present on the system.
diff --git a/windows/security/identity-protection/enterprise-certificate-pinning.md b/windows/security/identity-protection/enterprise-certificate-pinning.md
index bba1605784..facbb090b1 100644
--- a/windows/security/identity-protection/enterprise-certificate-pinning.md
+++ b/windows/security/identity-protection/enterprise-certificate-pinning.md
@@ -1,23 +1,22 @@
---
title: Enterprise Certificate Pinning
description: Enterprise certificate pinning is a Windows feature for remembering; or pinning a root issuing certificate authority, or end entity certificate to a given domain name.
-author: dulcemontemayor
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.prod: m365-security
ms.technology: windows-sec
ms.localizationpriority: medium
ms.date: 07/27/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Enterprise Certificate Pinning
-**Applies to**
-- Windows 10
-
Enterprise certificate pinning is a Windows feature for remembering, or pinning a root issuing certificate authority or end entity certificate to a given domain name.
Enterprise certificate pinning helps reduce man-in-the-middle attacks by enabling you to protect your internal domain names from chaining to unwanted certificates or to fraudulently issued certificates.
@@ -99,7 +98,7 @@ The **Certificate** element can have the following attributes.
| **File** | Path to a file containing one or more certificates. Where the certificate(s) can be encoded as:
- single certificate
- p7b
- sst
These files can also be Base64 formatted. All **Site** elements included in the same **PinRule** element can match any of these certificates. | Yes (File, Directory, or Base64 must be present). |
| **Directory** | Path to a directory containing one or more of the above certificate files. Skips any files not containing any certificates. | Yes (File, Directory, or Base64 must be present). |
| **Base64** | Base64 encoded certificate(s). Where the certificate(s) can be encoded as:
- single certificate
- p7b
- sst
This allows the certificates to be included in the XML file without a file directory dependency.
Note:
You can use **certutil -encode** to convert a .cer file into base64. You can then use Notepad to copy and paste the base64 encoded certificate into the pin rule. | Yes (File, Directory, or Base64 must be present). |
-| **EndDate** | Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule.
If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element’s certificates.
If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and exclude the certificate(s) from the Pin Rule in the generated CTL.
For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml).| No.|
+| **EndDate** | Enables you to configure an expiration date for when the certificate is no longer valid in the pin rule.
If you are in the process of switching to a new root or CA, you can set the **EndDate** to allow matching of this element’s certificates.
If the current time is past the **EndDate**, then, when creating the certificate trust list (CTL), the parser outputs a warning message and excludes the certificate(s) from the Pin Rule in the generated CTL.
For help with formatting Pin Rules, see [Representing a Date in XML](#representing-a-date-in-xml).| No.|
#### Site element
@@ -107,7 +106,7 @@ The **Site** element can have the following attributes.
| Attribute | Description | Required |
|-----------|-------------|----------|
-| **Domain** | Contains the DNS name to be matched for this pin rule. When creating the certificate trust list, the parser normalizes the input name string value as follows:
- If the DNS name has a leading "*", it's removed.
- Non-ASCII DNS name is converted to ASCII Puny Code.
- Upper case ASCII characters are converted to lower case.
If the normalized name has a leading ".", then, wildcard left-hand label matching is enabled. For example, ".xyz.com" would match "abc.xyz.com". | Yes.|
+| **Domain** | Contains the DNS name to be matched for this pin rule. When creating the certificate trust list, the parser normalizes the input name string value as follows:
- If the DNS name has a leading "*", it's removed.
- Non-ASCII DNS name is converted to ASCII Puny Code.
- Upper case ASCII characters are converted to lower case.
If the normalized name has a leading ".", then wildcard left-hand label matching is enabled. For example, ".xyz.com" would match "abc.xyz.com". | Yes.|
| **AllSubdomains** | By default, wildcard left-hand label matching is restricted to a single left-hand label. This attribute can be set to "true" to enable wildcard matching of all of the left-hand labels.
For example, setting this attribute would also match "123.abc.xyz.com" for the ".xyz.com" domain value.| No.|
### Create a Pin Rules Certificate Trust List
diff --git a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
index af4b0207cd..c84b17cee4 100644
--- a/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
+++ b/windows/security/identity-protection/hello-for-business/WebAuthnAPIs.md
@@ -2,14 +2,14 @@
title: WebAuthn APIs
description: Learn how to use WebAuthn APIs to enable password-less authentication for your sites and apps.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 02/15/2019
-ms.reviewer:
---
# WebAuthn APIs for password-less authentication on Windows
diff --git a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
index 46c5ce15d2..50dac1c934 100644
--- a/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
+++ b/windows/security/identity-protection/hello-for-business/feature-multifactor-unlock.md
@@ -2,22 +2,20 @@
title: Multi-factor Unlock
description: Learn how Windows 10 and Windows 11 offer multi-factor device unlock by extending Windows Hello with trusted signals.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 03/20/2018
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Multi-factor Unlock
-**Applies to:**
-
-- Windows 10
-- Windows 11
-
**Requirements:**
* Windows Hello for Business deployment (Cloud, Hybrid or On-premises)
* Azure AD, Hybrid Azure AD, or Domain Joined (Cloud, Hybrid, or On-Premises deployments)
diff --git a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
index a22fdc4c4b..1c3acf11f8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-aad-join-cloud-only-deploy.md
@@ -2,14 +2,17 @@
title: Azure Active Directory join cloud only deployment
description: Use this deployment guide to successfully use Azure Active Directory to join a Windows 10 or Windows 11 device.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 06/23/2021
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Azure Active Directory join cloud only deployment
diff --git a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
index 201f155223..edba592b4e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
+++ b/windows/security/identity-protection/hello-for-business/hello-adequate-domain-controllers.md
@@ -2,24 +2,23 @@
title: Having enough Domain Controllers for Windows Hello for Business deployments
description: Guide for planning to have an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/20/2018
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016 or later
+- ✅ Hybrid or On-Premises deployment
+- ✅ Key trust
---
# Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments
-**Applies to**
-
-- Windows 10, version 1703 or later, or Windows 11
-- Windows Server, versions 2016 or later
-- Hybrid or On-Premises deployment
-- Key trust
-
> [!NOTE]
>There was an issue with key trust authentication on Windows Server 2019. To fix it, refer to [KB4487044](https://support.microsoft.com/en-us/help/4487044/windows-10-update-kb4487044).
@@ -90,7 +89,7 @@ Using the same methods described above, monitor the Kerberos authentication afte
```"Every n Windows Hello for Business clients results in x percentage of key-trust authentication."```
-Where _n_ equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller. Armed with this information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment.
+Where *n* equals the number of clients you switched to Windows Hello for Business and _x_ equals the increased percentage of authentication from the upgraded domain controller. Armed with this information, you can apply the observations of upgrading domain controllers and increasing Windows Hello for Business client count to appropriately phase your deployment.
Remember, increasing the number of clients changes the volume of authentication distributed across the Windows Server 2016 or newer domain controllers. If there is only one Windows Server 2016 or newer domain controller, there's no distribution and you are simply increasing the volume of authentication for which THAT domain controller is responsible.
diff --git a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
index 409d7ad594..0b82e155e7 100644
--- a/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
+++ b/windows/security/identity-protection/hello-for-business/hello-and-password-changes.md
@@ -1,23 +1,21 @@
---
title: Windows Hello and password changes (Windows)
description: When you change your password on a device, you may need to sign in with a password on other devices to reset Hello.
-ms.reviewer:
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/27/2017
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Windows Hello and password changes
-**Applies to**
-
-- Windows 10
-- Windows 11
-
When you set up Windows Hello, the PIN or biometric gesture that you use is specific to that device. You can set up Hello for the same account on multiple devices. If the PIN or biometric is configured as part of Windows Hello for Business, changing the account password will not impact sign-in or unlock with these gestures since it uses a key or certificate. However, if Windows Hello for Business is not deployed and the password for that account changes, you must provide the new password on each device to continue to use Hello.
## Example
diff --git a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
index 1b7fc74348..ebbea60361 100644
--- a/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
+++ b/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise.md
@@ -2,24 +2,23 @@
title: Windows Hello biometrics in the enterprise (Windows)
description: Windows Hello uses biometrics to authenticate users and guard against potential spoofing, through fingerprint matching and facial recognition.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
localizationpriority: medium
ms.date: 01/12/2021
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Windows Hello biometrics in the enterprise
-**Applies to:**
-
-- Windows 10
-- Windows 11
-
Windows Hello is the biometric authentication feature that helps strengthen authentication and helps to guard against potential spoofing through fingerprint matching and facial recognition.
>[!NOTE]
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
index 7c1152e8bf..da1d9d6154 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-adfs.md
@@ -2,24 +2,22 @@
title: Prepare and Deploy Windows AD FS certificate trust (Windows Hello for Business)
description: Learn how to Prepare and Deploy Windows Server 2016 Active Directory Federation Services (AD FS) for Windows Hello for Business, using certificate trust.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 01/14/2021
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployments
+- ✅ Certificate trust
---
# Prepare and Deploy Windows Server 2016 Active Directory Federation Services - Certificate Trust
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Certificate trust
-
Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises certificate trust deployment uses Active Directory Federation Services roles for key registration, device registration, and as a certificate registration authority.
The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts.
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
index eda6b35e15..36186166cf 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-policy-settings.md
@@ -2,25 +2,24 @@
title: Configure Windows Hello for Business Policy settings - certificate trust
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business. Certificate-based deployments need three group policy settings.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
localizationpriority: medium
ms.date: 08/20/2018
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployments
+- ✅ Certificate trust
---
# Configure Windows Hello for Business Policy settings - Certificate Trust
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Certificate trust
-
You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later.
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
index 281f5bf449..9d4ca3a2f5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-ad-prereq.md
@@ -2,24 +2,22 @@
title: Update Active Directory schema for cert-trust deployment (Windows Hello for Business)
description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the certificate trust model.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployments
+- ✅ Certificate trust
---
# Validate Active Directory prerequisites for cert-trust deployment
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Certificate trust
-
The key registration process for the on-premises deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory or later schema. The key-trust model receives the schema extension when the first Windows Server 2016 or later domain controller is added to the forest. The certificate trust model requires manually updating the current schema to the Windows Server 2016 or later schema.
> [!NOTE]
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
index 865759bf10..5ec79ae891 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-deploy-mfa.md
@@ -2,24 +2,22 @@
title: Validate and Deploy MFA for Windows Hello for Business with certificate trust
description: How to Validate and Deploy Multi-factor Authentication (MFA) Services for Windows Hello for Business with certificate trust
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployments
+- ✅ Certificate trust
---
# Validate and Deploy Multi-Factor Authentication feature
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Certificate trust
-
Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
For information on available third-party authentication methods, see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method, see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
diff --git a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
index d6356353aa..578db1bd4e 100644
--- a/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-cert-trust-validate-pki.md
@@ -2,25 +2,22 @@
title: Validate Public Key Infrastructure - certificate trust model (Windows Hello for Business)
description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a certificate trust model.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployments
+- ✅ Certificate trust
---
# Validate and Configure Public Key Infrastructure - Certificate Trust Model
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Certificate trust
-
-
Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller. The certificate trust model extends certificate issuance to client computers. During Windows Hello for Business provisioning, the user receives a sign-in certificate.
## Deploy an enterprise certificate authority
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
index 278560bbc5..21b67500a6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-cert-trust.md
@@ -2,24 +2,22 @@
title: Windows Hello for Business Deployment Guide - On Premises Certificate Trust Deployment
description: A guide to on premises, certificate trust Windows Hello for Business deployment.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: prsriva
+manager: aaroncz
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployments
+- ✅ Certificate trust
---
# On Premises Certificate Trust Deployment
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Certificate trust
-
Windows Hello for Business replaces username and password sign-in to Windows with authentication using an asymmetric key pair. This deployment guide provides the information you'll need to successfully deploy Windows Hello for Business in an existing environment.
Below, you can find all the information needed to deploy Windows Hello for Business in a Certificate Trust Model in your on-premises environment:
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
index afe7fdf157..0f2c45e2f0 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-guide.md
@@ -2,9 +2,10 @@
title: Windows Hello for Business Deployment Overview
description: Use this deployment guide to successfully deploy Windows Hello for Business in an existing environment.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
index 47d8b38c53..43ff73fc92 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-issues.md
@@ -3,14 +3,14 @@ title: Windows Hello for Business Deployment Known Issues
description: A Troubleshooting Guide for Known Windows Hello for Business Deployment Issues
params: siblings_only
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 05/03/2021
-ms.reviewer:
---
# Windows Hello for Business Known Deployment Issues
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
index 280f51120d..faab624132 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-key-trust.md
@@ -2,24 +2,22 @@
title: Windows Hello for Business Deployment Guide - On Premises Key Deployment
description: A guide to on premises, key trust Windows Hello for Business deployment.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/20/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployment
+- ✅ Key trust
---
# On Premises Key Trust Deployment
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Key trust
-
Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in an existing environment.
Below, you can find all the information you need to deploy Windows Hello for Business in a key trust model in your on-premises environment:
diff --git a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
index 5df469ff3e..d0cc1cad93 100644
--- a/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-deployment-rdp-certs.md
@@ -2,25 +2,23 @@
title: Deploying Certificates to Key Trust Users to Enable RDP
description: Learn how to deploy certificates to a Key Trust user to enable remote desktop with supplied credentials
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 02/22/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Deploying Certificates to Key Trust Users to Enable RDP
-**Applies To**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
Windows Hello for Business supports using a certificate as the supplied credential when establishing a remote desktop connection to a server or other device. For certificate trust deployments, creation of this certificate occurs at container creation time.
This document discusses an approach for key trust deployments where authentication certificates can be deployed to an existing key trust user.
diff --git a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
index d7987dc9bc..d995550c13 100644
--- a/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
+++ b/windows/security/identity-protection/hello-for-business/hello-errors-during-pin-creation.md
@@ -2,24 +2,23 @@
title: Windows Hello errors during PIN creation (Windows)
description: When you set up Windows Hello in Windows 10/11, you may get an error during the Create a work PIN step.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: troubleshooting
ms.localizationpriority: medium
ms.date: 05/05/2018
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Windows Hello errors during PIN creation
-**Applies to**
-
-- Windows 10
-- Windows 11
-
When you set up Windows Hello in Windows client, you may get an error during the **Create a PIN** step. This topic lists some of the error codes with recommendations for mitigating the problem. If you get an error code that is not listed here, contact Microsoft Support.
## Where is the error code?
diff --git a/windows/security/identity-protection/hello-for-business/hello-event-300.md b/windows/security/identity-protection/hello-for-business/hello-event-300.md
index 3e481d0f4d..8fa58bce19 100644
--- a/windows/security/identity-protection/hello-for-business/hello-event-300.md
+++ b/windows/security/identity-protection/hello-for-business/hello-event-300.md
@@ -1,24 +1,22 @@
---
title: Event ID 300 - Windows Hello successfully created (Windows)
description: This event is created when a Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD).
-ms.reviewer:
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 07/27/2017
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Event ID 300 - Windows Hello successfully created
-**Applies to**
-
-- Windows 10
-- Windows 11
-
This event is created when Windows Hello for Business is successfully created and registered with Azure Active Directory (Azure AD). Applications or services can trigger actions on this event. For example, a certificate provisioning service can listen to this event and trigger a certificate request.
## Event details
diff --git a/windows/security/identity-protection/hello-for-business/hello-faq.yml b/windows/security/identity-protection/hello-for-business/hello-faq.yml
index 2f77d6ba0e..5900a1444c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-faq.yml
+++ b/windows/security/identity-protection/hello-for-business/hello-faq.yml
@@ -8,20 +8,22 @@ metadata:
ms.sitesec: library
ms.pagetype: security, mobile
audience: ITPro
- author: GitPrakhar13
- ms.author: prsriva
- manager: dansimp
+ author: paolomatarazzo
+ ms.author: paoloma
+ manager: aaroncz
+ ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: faq
localizationpriority: medium
ms.date: 02/21/2022
+ appliesto:
+ - ✅ Windows 10
+ - ✅ Windows 11
title: Windows Hello for Business Frequently Asked Questions (FAQ)
summary: |
- Applies to: Windows 10
-
sections:
- name: Ignored
@@ -31,6 +33,7 @@ sections:
answer: |
Windows Hello for Business cloud trust is a new trust model that is currently in preview. This trust model will enable Windows Hello for Business deployment using the infrastructure introduced for supporting [security key sign-in on Hybrid Azure AD-joined devices and on-premises resource access on Azure AD Joined devices](/azure/active-directory/authentication/howto-authentication-passwordless-security-key-on-premises). Cloud trust is the preferred deployment model if you do not need to support certificate authentication scenarios. For more information, see [Hybrid Cloud Trust Deployment (Preview)](/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust).
+
- question: What about virtual smart cards?
answer: |
Windows Hello for Business is the modern, two-factor credential for Windows 10. Microsoft will be deprecating virtual smart cards in the future, but no date is set at this time. Customers using Windows 10 and virtual smart cards should move to Windows Hello for Business. Microsoft will publish the date early to ensure customers have adequate lead time to move to Windows Hello for Business. Microsoft recommends that new Windows 10 deployments use Windows Hello for Business. Virtual smart cards remain supported for Windows 7 and Windows 8.
@@ -42,6 +45,7 @@ sections:
- question: Can I use Windows Hello for Business key trust and RDP?
answer: |
Remote Desktop Protocol (RDP) doesn't currently support using key-based authentication and self-signed certificates as supplied credentials. However, you can deploy certificates in the key trust model to enable RDP. For more information, see [Deploying certificates to key trust users to enable RDP](hello-deployment-rdp-certs.md). In addition, Windows Hello for Business key trust can be also used with RDP with [Windows Defender Remote Credential Guard](../remote-credential-guard.md) without deploying certificates.
+
- question: Can I deploy Windows Hello for Business by using Microsoft Endpoint Configuration Manager?
answer: |
@@ -57,9 +61,8 @@ sections:
- question: How can a PIN be more secure than a password?
answer: |
- The Windows Hello for Business PIN isn't a symmetric key, whereas a password is a symmetric key. With passwords, there's a server that has some representation of the password. With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server doesn't have a copy of the PIN. For that matter, the Windows client doesn't have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key.
-
- The statement "PIN is stronger than Password" isn't directed at the strength of the entropy used by the PIN. It's about the difference between providing entropy versus continuing the use of a symmetric key (the password). The TPM has anti-hammering features that thwart brute-force PIN attacks (an attacker's continuous attempt to try all combination of PINs). Some organizations may worry about shoulder surfing. For those organizations, rather than increase the complexity of the PIN, implement the [Multi-factor Unlock](feature-multifactor-unlock.md) feature.
+ When using Windows Hello for Business, the PIN isn't a symmetric key, whereas the password is a symmetric key. With passwords, there's a server that has some representation of the password. With Windows Hello for Business, the PIN is user-provided entropy used to load the private key in the Trusted Platform Module (TPM). The server doesn't have a copy of the PIN. For that matter, the Windows client doesn't have a copy of the current PIN either. The user must provide the entropy, the TPM-protected key, and the TPM that generated that key in order to successfully access the private key.
+ The statement "PIN is stronger than Password" is not directed at the strength of the entropy used by the PIN. It's about the difference between providing entropy versus continuing the use of a symmetric key (the password). The TPM has anti-hammering features that thwart brute-force PIN attacks (an attacker's continuous attempt to try all combination of PINs). Some organizations may worry about shoulder surfing. For those organizations, rather than increase the complexity of the PIN, implement the [Multifactor Unlock](feature-multifactor-unlock.md) feature.
- question: How does Windows Hello for Business work with Azure AD registered devices?
answer: |
@@ -123,9 +126,9 @@ sections:
- question: What's the difference between non-destructive and destructive PIN reset?
answer: |
- Windows Hello for Business has two types of PIN reset: non-destructive and destructive. Organizations running Windows 10 Enterprise and Azure Active Directory can take advantage of the Microsoft PIN Reset service. Once on-boarded to a tenant and deployed to computers, users who have forgotten their PINs can authenticate to Azure, provide a second factor of authentication, and reset their PIN without reprovisioning a new Windows Hello for Business enrollment. This flow is a non-destructive PIN reset because the user doesn't delete the current credential and obtain a new one. For more information, see [PIN Reset](hello-feature-pin-reset.md).
+ Windows Hello for Business has two types of PIN reset: non-destructive and destructive. Organizations running Windows 10 version 1903 and later and Azure Active Directory can take advantage of the Microsoft PIN Reset service. Once on-boarded to a tenant and deployed to computers, users who have forgotten their PINs can authenticate to Azure, provide a second factor of authentication, and reset their PIN without reprovisioning a new Windows Hello for Business enrollment. This flow is a non-destructive PIN reset because the user doesn't delete the current credential and obtain a new one. For more information, see [PIN Reset](hello-feature-pin-reset.md).
- Organizations that have the on-premises deployment of Windows Hello for Business, or those not using Windows 10 Enterprise can use destructive PIN reset. With destructive PIN reset, users that have forgotten their PIN can authenticate by using their password and then performing a second factor of authentication to reprovision their Windows Hello for Business credential. Reprovisioning deletes the old credential and requests a new credential and certificate. On-premises deployments need network connectivity to their domain controllers, Active Directory Federation Services, and their issuing certificate authority to perform a destructive PIN reset. For hybrid deployments, destructive PIN reset is only supported with the certificate trust model and the latest updates to Active Directory Federation Services.
+ Organizations that have the on-premises deployment of Windows Hello for Business, or those not using Windows 10 version 1903 and later can use destructive PIN reset. With destructive PIN reset, users that have forgotten their PIN can authenticate by using their password and then performing a second factor of authentication to reprovision their Windows Hello for Business credential. Reprovisioning deletes the old credential and requests a new credential and certificate. On-premises deployments need network connectivity to their domain controllers, Active Directory Federation Services, and their issuing certificate authority to perform a destructive PIN reset. For hybrid Azure Active Directory joined devices, destructive PIN reset is only supported with the certificate trust model and the latest updates to Active Directory Federation Services.
- question: |
Which is better or more secure, key trust or certificate trust?
@@ -149,7 +152,31 @@ sections:
- question: Is Windows Hello for Business multi-factor authentication?
answer: |
Windows Hello for Business is two-factor authentication based on the observed authentication factors of: something you have, something you know, and something that's part of you. Windows Hello for Business incorporates two of these factors: something you have (the user's private key protected by the device's security module) and something you know (your PIN). With the proper hardware, you can enhance the user experience by introducing biometrics. By using biometrics, you can replace the "something you know" authentication factor with the "something that is part of you" factor, with the assurances that users can fall back to the "something you know factor".
-
+
+ - question: Where is Windows Hello biometrics data stored?
+ answer: |
+ When you enroll in Windows Hello, a representation of your face called an enrollment profile is created more information can be found on [Windows Hello face authentication](https://docs.microsoft.com/en-us/windows-hardware/design/device-experiences/windows-hello-face-authentication). This enrollment profile biometrics data is device specific, is stored locally on the device, and does not leave the device or roam with the user. Some external fingerprint sensors store biometric data on the fingerprint module itself rather than on Windows device. Even in this case, the biometrics data is stored locally on those modules, is device specific, doesn’t roam, never leaves the module, and is never sent to Microsoft cloud or external server. For more details see [Windows Hello biometrics in the enterprise](https://docs.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-biometrics-in-enterprise#where-is-windows-hello-data-stored).
+
+ - question: What is the format used to store Windows Hello biometrics data on the device?
+ answer: |
+ Windows Hello biometrics data is stored on the device as an encrypted template database. The data from the biometrics sensor (e.g., face camera or fingerprint reader) creates a data representation—or graph—that is then encrypted before it’s stored on the device. Each biometrics sensor on the device which is used by Windows Hello (face or fingerprint) will have its own biometric database file where template data is stored. Each biometrics database file is encrypted with unique, randomly generated key that is encrypted to the system using AES encryption producing an SHA256 hash.
+
+ - question: Who has access on Windows Hello biometrics data?
+ answer: |
+ Since Windows Hello biometrics data is stored in encrypted format, no user, or any process other than Windows Hello has access to it.
+
+ - question: When is Windows Hello biometrics database file created? How is a user enrolled into Windows Hello face or fingerprint authentication?
+ answer: |
+ Windows Hello biometrics template database file is created on the device only when a user is enrolled into Windows Hello biometrics-based authentication. Your workplace or IT administrator may have turned certain authentication functionality, however, it is always your choice if you want to use Windows Hello or an alternative method (e.g. pin). Users can check their current enrollment into Windows Hello biometrics by going to sign-in options on their device. Go to **Start** > **Settings** > **Accounts** > **Sign-in** options. Or just click on **Go to Sign-in options**. To enroll into Windows Hello, user can go to **Start** > **Settings** > **Accounts** > **Sign-in** options, select the Windows Hello method that they want to set up, and then select **Set up**. If you don't see Windows Hello in Sign-in options, then it may not be available for your device or blocked by admin via policy. Admins can by policy request users to enroll into Windows Hello during autopilot or during initial setup of the device. Admins can disallow users to enroll into biometrics via Windows hello for business policy configurations. However, when allowed via policy configurations, enrollment into Windows Hello biometrics is always optional for users.
+
+ - question: When is Windows Hello biometrics database file deleted? How can a user be unenrolled from Windows Hello face or fingerprint authentication?
+ answer: |
+ To remove Windows Hello and any associated biometric identification data from the device, user can go to **Start** > **Settings** > **Accounts** > **Sign-in options**. Select the Windows Hello biometrics authentication method you want to remove, and then select **Remove**. This will unenroll the user from Windows Hello biometrics auth and will also delete the associated biometrics template database file. For more details see [Windows sign-in options and account protection (microsoft.com)](https://support.microsoft.com/en-us/windows/windows-sign-in-options-and-account-protection-7b34d4cf-794f-f6bd-ddcc-e73cdf1a6fbf#bkmk_helloandprivacy).
+
+ - question: What about any diagnostic data coming out when WHFB is enabled?
+ answer: |
+ To help us keep things working properly, to help detect and prevent fraud, and to continue improving Windows Hello, we collect diagnostic data about how people use Windows Hello. For example, data about whether people sign in with their face, iris, fingerprint, or PIN; the number of times they use it; and whether it works or not is all valuable information that helps us build a better product. The data is pseudonymized, does not include biometric information, and is encrypted before it is transmitted to Microsoft. You can choose to stop sending diagnostic data to Microsoft at any time. [Learn more about diagnostic data in Windows](https://support.microsoft.com/en-us/windows/diagnostics-feedback-and-privacy-in-windows-28808a2b-a31b-dd73-dcd3-4559a5199319).
+
- question: What are the biometric requirements for Windows Hello for Business?
answer: |
Read [Windows Hello biometric requirements](/windows-hardware/design/device-experiences/windows-hello-biometric-requirements) for more information.
@@ -206,7 +233,7 @@ sections:
answer: |
Wherever possible, Windows Hello for Business takes advantage of Trusted Platform Module (TPM) 2.0 hardware to generate and protect keys. However, Windows Hello and Windows Hello for Business don't require a TPM. Administrators can choose to allow key operations in software.
- Whenever possible, Microsoft strongly recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. The TPM provides an additional layer of protection after an account lockout, too. When the TPM has locked the key material, the user will need to reset the PIN (which means they'll need to use MFA to re-authenticate to the IDP before the IDP allows them to re-register).
+ Whenever possible, Microsoft strongly recommends the use of TPM hardware. The TPM protects against various known and potential attacks, including PIN brute-force attacks. The TPM provides an additional layer of protection after an account lockout, too. When the TPM has locked the key material, the user will need to reset the PIN (which means they'll need to use MFA to reauthenticate to the IDP before the IDP allows them to re-register).
- question: Can Windows Hello for Business work in air-gapped environments?
answer: |
@@ -223,9 +250,9 @@ sections:
| Protocol | Description |
| :---: | :--- |
| [[MS-KPP]: Key Provisioning Protocol](/openspecs/windows_protocols/ms-kpp/25ff7bd8-50e3-4769-af23-bcfd0b4d4567) | Specifies the Key Provisioning Protocol, which defines a mechanism for a client to register a set of cryptographic keys on a user and device pair. |
- | [[MS-OAPX]: OAuth 2.0 Protocol Extensions](/openspecs/windows_protocols/ms-oapx/7612efd4-f4c8-43c3-aed6-f5c5ce359da2)| Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the OAuth 2.0 Authorization Framework. These extensions enable authorization features such as resource specification, request identifiers, and login hints. |
+ | [[MS-OAPX]: OAuth 2.0 Protocol Extensions](/openspecs/windows_protocols/ms-oapx/7612efd4-f4c8-43c3-aed6-f5c5ce359da2)| Specifies the OAuth 2.0 Protocol Extensions, which are used to extend the OAuth 2.0 Authorization Framework. These extensions enable authorization features such as resource specification, request identifiers, and log in hints. |
| [[MS-OAPXBC]: OAuth 2.0 Protocol Extensions for Broker Clients](/openspecs/windows_protocols/ms-oapxbc/2f7d8875-0383-4058-956d-2fb216b44706) | Specifies the OAuth 2.0 Protocol Extensions for Broker Clients, extensions to RFC6749 (the OAuth 2.0 Authorization Framework) that allow a broker client to obtain access tokens on behalf of calling clients. |
- | [[MS-OIDCE]: OpenID Connect 1.0 Protocol Extensions](/openspecs/windows_protocols/ms-oidce/718379cf-8bc1-487e-962d-208aeb8e70ee) | Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions define additional claims to carry information about the user, including the user principal name, a locally unique identifier, a time for password expiration, and a URL for password change. These extensions also define additional provider meta-data that enables the discovery of the issuer of access tokens and gives additional information about provider capabilities. |
+ | [[MS-OIDCE]: OpenID Connect 1.0 Protocol Extensions](/openspecs/windows_protocols/ms-oidce/718379cf-8bc1-487e-962d-208aeb8e70ee) | Specifies the OpenID Connect 1.0 Protocol Extensions. These extensions define other claims to carry information about the user, including the user principal name, a locally unique identifier, a time for password expiration, and a URL for password change. These extensions also define more provider meta-data that enables the discovery of the issuer of access tokens and gives additional information about provider capabilities. |
- question: Does Windows Hello for Business work with Mac and Linux clients?
answer: |
@@ -235,3 +262,4 @@ sections:
- question: Does Windows Hello for Business work with Azure Active Directory Domain Services (Azure AD DS) clients?
answer: |
No, Azure AD DS is a separately managed environment in Azure, and hybrid device registration with cloud Azure AD isn't available for it via Azure AD Connect. Hence, Windows Hello for Business doesn't work with Azure AD.
+
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md
index 5dac00754e..2acbb4823a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-conditional-access.md
@@ -2,14 +2,14 @@
title: Conditional Access
description: Ensure that only approved users can access your devices, applications, and services from anywhere by enabling single sign-on with Azure Active Directory.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 09/09/2019
-ms.reviewer:
---
# Conditional access
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
index 445df8f5a8..489d5513cf 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dual-enrollment.md
@@ -2,14 +2,14 @@
title: Dual Enrollment
description: Learn how to configure Windows Hello for Business dual enrollment. Also, learn how to configure Active Directory to support Domain Administrator enrollment.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 09/09/2019
-ms.reviewer:
---
# Dual Enrollment
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
index bdd56753a1..4fbe94952d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-dynamic-lock.md
@@ -2,22 +2,21 @@
title: Dynamic lock
description: Learn how to set Dynamic lock on Windows 10 and Windows 11 devices, by configuring group policies. This feature locks a device when a Bluetooth signal falls below a set value.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 07/12/2022
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Dynamic lock
-**Requirements:**
-
-* Windows 10, version 1703 or later
-
Dynamic lock enables you to configure Windows devices to automatically lock when Bluetooth paired device signal falls below the maximum Received Signal Strength Indicator (RSSI) value. This makes it more difficult for someone to gain access to your device if you step away from your PC and forget to lock it.
> [!IMPORTANT]
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
index 5d90ae5f90..5b2df11202 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-pin-reset.md
@@ -1,10 +1,11 @@
---
title: Pin Reset
-description: Learn how Microsoft PIN reset services enables you to help users recover who have forgotten their PIN.
+description: Learn how Microsoft PIN reset services enable you to help users recover who have forgotten their PIN.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
@@ -22,38 +23,49 @@ Windows Hello for Business provides the capability for users to reset forgotten
There are two forms of PIN reset:
-- **Destructive PIN reset**: with this option, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new log in key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration.
+- **Destructive PIN reset**: with this option, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, are deleted from the client and a new login key and PIN are provisioned. Destructive PIN reset is the default option, and doesn't require configuration.
- **Non-destructive PIN reset**: with this option, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed. For non-destructive PIN reset, you must deploy the **Microsoft PIN Reset Service** and configure your clients' policy to enable the **PIN Recovery** feature.
## Using PIN reset
+
+There are two forms of PIN reset called destructive and non-destructive. Destructive PIN reset is the default and doesn't require configuration. During a destructive PIN reset, the user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, will be deleted from the client and a new logon key and PIN are provisioned. For non-destructive PIN reset, you must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed.
+
+**Requirements**
+
+- Reset from settings - Windows 10, version 1703 or later, Windows 11
+- Reset above Lock - Windows 10, version 1709 or later, Windows 11
+
Destructive and non-destructive PIN reset use the same steps for initiating a PIN reset. If users have forgotten their PINs, but have an alternate sign-in method, they can navigate to Sign-in options in *Settings* and initiate a PIN reset from the PIN options. If users do not have an alternate way to sign into their devices, PIN reset can also be initiated from the Windows lock screen in the PIN credential provider.
+
>[!IMPORTANT]
>For hybrid Azure AD-joined devices, users must have corporate network connectivity to domain controllers to complete destructive PIN reset. If AD FS is being used for certificate trust or for on-premises only deployments, users must also have corporate network connectivity to federation services to reset their PIN.
### Reset PIN from Settings
-1. Sign-in to Windows 10 using an alternate credential
-1. Open **Settings**, select **Accounts** > **Sign-in options**
-1. Select **PIN (Windows Hello)** > **I forgot my PIN** and follow the instructions
+1. Sign-in to Windows 10 using an alternate credential.
+1. Open **Settings**, select **Accounts** > **Sign-in options**.
+1. Select **PIN (Windows Hello)** > **I forgot my PIN** and follow the instructions.
+
### Reset PIN above the Lock Screen
For Azure AD-joined devices:
-1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon
-1. Select **I forgot my PIN** from the PIN credential provider
-1. Select an authentication option from the list of presented options. This list will be based on the different authentication methods enabled in your tenant (e.g., Password, PIN, Security key)
-1. Follow the instructions provided by the provisioning process
-1. When finished, unlock your desktop using your newly created PIN
+1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon.
+1. Select **I forgot my PIN** from the PIN credential provider.
+1. Select an authentication option from the list of presented options. This list will be based on the different authentication methods enabled in your tenant (e.g., Password, PIN, Security key).
+1. Follow the instructions provided by the provisioning process.
+1. When finished, unlock your desktop using your newly created PIN.
+
For Hybrid Azure AD-joined devices:
-1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon
-1. Select **I forgot my PIN** from the PIN credential provider
-1. Enter your password and press enter
-1. Follow the instructions provided by the provisioning process
-1. When finished, unlock your desktop using your newly created PIN
+1. If the PIN credential provider is not selected, expand the **Sign-in options** link, and select the PIN pad icon.
+1. Select **I forgot my PIN** from the PIN credential provider.
+1. Enter your password and press enter.
+1. Follow the instructions provided by the provisioning process.
+1. When finished, unlock your desktop using your newly created PIN.
> [!NOTE]
> Key trust on hybrid Azure AD-joined devices does not support destructive PIN reset from above the Lock Screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. For this deployment model, you must deploy non-destructive PIN reset for above lock PIN reset to work.
@@ -65,16 +77,36 @@ You may find that PIN reset from settings only works post login, and that the "l
**Requirements:**
- Azure Active Directory
+- Windows 10, version 1709 to 1809, Enterprise Edition. There is no licensing requirement for this feature since version 1903.
- Hybrid Windows Hello for Business deployment
- Azure AD registered, Azure AD joined, and Hybrid Azure AD joined
+
When non-destructive PIN reset is enabled on a client, a 256-bit AES key is generated locally and added to a user's Windows Hello for Business container and keys as the PIN reset protector. This PIN reset protector is encrypted using a public key retrieved from the Microsoft PIN reset service and then stored on the client for later use during PIN reset. After a user initiates a PIN reset, completes authentication and multi-factor authentication to Azure AD, the encrypted PIN reset protector is sent to the Microsoft PIN reset service, decrypted, and returned to the client. The decrypted PIN reset protector is used to change the PIN used to authorize Windows Hello for Business keys and it is then cleared from memory.
Using Group Policy, Microsoft Intune or a compatible MDM solution, you can configure Windows devices to securely use the **Microsoft PIN Reset Service** which enables users to reset their forgotten PIN without requiring re-enrollment.
>[!IMPORTANT]
+> The Microsoft PIN Reset service only works with **Enterprise Edition** for Windows 10, version 1709 to 1809 and later, and Windows 11. The feature works with **Enterprise Edition** and **Pro** edition with Windows 10, version 1903 and later, Windows 11.
+> The Microsoft PIN Reset service is not currently available in Azure Government.
+
+### Summary
+
+|Category|Destructive PIN Reset|Non-Destructive PIN Reset|
+|--- |--- |--- |
+|**Functionality**|The user's existing PIN and underlying credentials, including any keys or certificates added to their Windows Hello container, will be deleted from the client and a new logon key and PIN are provisioned.|You must deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature. For more information on how to deploy the Microsoft PIN reset service and client policy, see [Connect Azure Active Directory with the PIN reset service](#connect-azure-active-directory-with-the-pin-reset-service). During a non-destructive PIN reset, the user's Windows Hello for Business container and keys are preserved, but the user's PIN that they use to authorize key usage is changed.|
+|**Windows editions and versions**|Reset from settings - Windows 10, version 1703 or later, Windows 11. Reset above Lock - Windows 10, version 1709 or later, Windows 11.|Windows 10, version 1709 to 1809, Enterprise Edition. There is no licensing requirement for this feature since version 1903. Enterprise Edition and Pro edition with Windows 10, version 1903 and newer Windows 11.|
+|**Azure Active Directory Joined**|Cert Trust, Key Trust, and Cloud Trust|Cert Trust, Key Trust, and Cloud Trust|
+|**Hybrid Azure Active Directory Joined**|Cert Trust and Cloud Trust for both settings and above the lock support destructive PIN reset. Key Trust doesn't support this from above the lock screen. This is due to the sync delay between when a user provisions their Windows Hello for Business credential and being able to use it for sign-in. It does support from the settings page and the users must have a corporate network connectivity to the DC. |Cert Trust, Key Trust, and Cloud Trust for both settings and above the lock support non-destructive PIN reset. No network connection is required for the DC.|
+|**On Premises**|If ADFS is being used for on premises deployments, users must have a corporate network connectivity to federation services. |The PIN reset service relies on Azure Active Directory identities, so it is only available for Hybrid Azure Active Directory Joined and Azure Active Directory Joined devices.|
+|**Additional Configuration required**|Supported by default and doesn't require configuration|Deploy the Microsoft PIN reset service and client policy to enable the PIN recovery feature On-board the Microsoft PIN reset service to respective Azure Active Directory tenant Configure Windows devices to use PIN reset using Group *Policy\MDM*.|
+|**MSA/Enterprise**|MSA and Enterprise|Enterprise only.|
+
+### Onboarding the Microsoft PIN reset service to your Intune tenant
+
> The **Microsoft PIN Reset Service** is not currently available in Azure Government.
+
### Enable the Microsoft PIN Reset Service in your Azure AD tenant
Before you can remotely reset PINs, you must register two applications in your Azure Active Directory tenant:
@@ -84,21 +116,21 @@ Before you can remotely reset PINs, you must register two applications in your A
#### Connect Azure Active Directory with the PIN Reset Service
-1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant
-1. After you have logged in, select **Accept** to give consent to the **PIN Reset Service** to access your organization
+1. Go to the [Microsoft PIN Reset Service Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=b8456c59-1230-44c7-a4a2-99b085333e84&resource=https%3A%2F%2Fgraph.windows.net&redirect_uri=https%3A%2F%2Fcred.microsoft.com&state=e9191523-6c2f-4f1d-a4f9-c36f26f89df0&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant.
+1. After you have logged in, select **Accept** to give consent to the **PIN Reset Service** to access your organization.
#### Connect Azure Active Directory with the PIN Reset Client
-1. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant
-1. After you have logged in, select **Accept** to give consent for the **PIN Reset Client** to access your organization
+1. Go to the [Microsoft PIN Reset Client Production website](https://login.windows.net/common/oauth2/authorize?response_type=code&client_id=9115dd05-fad5-4f9c-acc7-305d08b1b04e&resource=https%3A%2F%2Fcred.microsoft.com%2F&redirect_uri=ms-appx-web%3A%2F%2FMicrosoft.AAD.BrokerPlugin%2F9115dd05-fad5-4f9c-acc7-305d08b1b04e&state=6765f8c5-f4a7-4029-b667-46a6776ad611&prompt=admin_consent), and sign in using a Global Administrator account you use to manage your Azure Active Directory tenant.
+1. After you have logged in, select **Accept** to give consent for the **PIN Reset Client** to access your organization.
#### Confirm that the two PIN Reset service principals are registered in your tenant
-1. Sign in to the [Microsoft Entra Manager admin center](https://entra.microsoft.com)
-1. Select **Azure Active Directory** > **Applications** > **Enterprise applications**
-1. Search by application name "Microsoft PIN" and both **Microsoft Pin Reset Service Production** and **Microsoft Pin Reset Client Production** will show up in the list
+1. Sign in to the [Microsoft Entra Manager admin center](https://entra.microsoft.com).
+1. Select **Azure Active Directory** > **Applications** > **Enterprise applications**.
+1. Search by application name "Microsoft PIN" and both **Microsoft Pin Reset Service Production** and **Microsoft Pin Reset Client Production** will show up in the list.
:::image type="content" alt-text="PIN reset service permissions page." source="images/pinreset/pin-reset-applications.png" lightbox="images/pinreset/pin-reset-applications-expanded.png":::
### Enable PIN Recovery on your devices
@@ -109,39 +141,39 @@ Before you can remotely reset PINs, your devices must be configured to enable PI
You can configure Windows devices to use the **Microsoft PIN Reset Service** using Microsoft Intune.
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com)
-1. Select **Devices** > **Configuration profiles** > **Create profile**
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
+1. Select **Devices** > **Configuration profiles** > **Create profile**.
1. Enter the following properties:
- - **Platform**: Select **Windows 10 and later**
- - **Profile type**: Select **Settings catalog**
-1. Select **Create**
+ - **Platform**: Select **Windows 10 and later**.
+ - **Profile type**: Select **Settings catalog**.
+1. Select **Create**.
1. In **Basics**, enter the following properties:
- - **Name**: Enter a descriptive name for the profile
- - **Description**: Enter a description for the profile. This setting is optional, but recommended
-1. Select **Next**
-1. In **Configuration settings**, select **Add settings**
-1. In the settings picker, select **Windows Hello For Business** > **Enable Pin Recovery**
-1. Configure **Enable Pin Recovery** to **true**
-1. Select **Next**
-1. In **Scope tags**, assign any applicable tags (optional)
-1. Select **Next**
-1. In **Assignments**, select the security groups that will receive the policy
-1. Select **Next**
-1. In **Review + create**, review your settings and select **Create**
+ - **Name**: Enter a descriptive name for the profile.
+ - **Description**: Enter a description for the profile. This setting is optional, but recommended.
+1. Select **Next**.
+1. In **Configuration settings**, select **Add settings**.
+1. In the settings picker, select **Windows Hello For Business** > **Enable Pin Recovery**.
+1. Configure **Enable Pin Recovery** to **true**.
+1. Select **Next**.
+1. In **Scope tags**, assign any applicable tags (optional).
+1. Select **Next**.
+1. In **Assignments**, select the security groups that will receive the policy.
+1. Select **Next**.
+1. In **Review + create**, review your settings and select **Create**.
>[!NOTE]
> You can also configure PIN recovery from the **Endpoint security** blade:
-> 1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com)
-> 1. Select **Endpoint security** > **Account protection** > **Create Policy**
+> 1. Sign in to the [Microsoft Endpoint Manager admin center](https://endpoint.microsoft.com).
+> 1. Select **Endpoint security** > **Account protection** > **Create Policy**.
#### [✅ **GPO**](#tab/gpo)
You can configure Windows devices to use the **Microsoft PIN Reset Service** using a Group Policy Object (GPO).
-1. Using the Group Policy Management Console (GPMC), scope a domain-based Group Policy to computer accounts in Active Directory
-1. Edit the Group Policy object from Step 1
-1. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business**
-1. Close the Group Policy Management Editor to save the Group Policy object
+1. Using the Group Policy Management Console (GPMC), scope a domain-based Group Policy to computer accounts in Active Directory.
+1. Edit the Group Policy object from Step 1.
+1. Enable the **Use PIN Recovery** policy setting located under **Computer Configuration > Administrative Templates > Windows Components > Windows Hello for Business**.
+1. Close the Group Policy Management Editor to save the Group Policy object.
#### [✅ **CSP**](#tab/csp)
@@ -198,6 +230,44 @@ The _PIN reset_ configuration can be viewed by running [**dsregcmd /status**](/a
+----------------------------------------------------------------------+
```
+## Configure Web Sign-in Allowed URLs for Third Party Identity Providers on Azure AD Joined Devices
+
+**Applies to:**
+
+- Windows 10, version 1803 or later
+- Windows 11
+- Azure AD joined
+
+The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that are allowed to be navigated to during PIN reset flows on Azure AD-joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
+
+### Configuring Policy Using Intune
+
+1. Sign-in to [Endpoint Manager admin center](https://endpoint.microsoft.com/) using a Global administrator account.
+
+1. Click **Devices**. Click **Configuration profiles**. Click **Create profile**.
+
+1. For Platform select **Windows 10 and later** and for Profile type select **Templates**. In the list of templates that is loaded, select **Custom** and click Create.
+
+1. In the **Name** field type **Web Sign In Allowed URLs** and optionally provide a description for the configuration. Click Next.
+
+1. On the Configuration settings page, click **Add** to add a custom OMA-URI setting. Provide the following information for the custom settings:
+
+ - **Name:** Web Sign In Allowed URLs
+ - **Description:** (Optional) List of domains that are allowed during PIN reset flows.
+ - **OMA-URI:** ./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls
+ - **Data type:** String
+ - **Value**: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be _signin.contoso.com;portal.contoso.com_ (without quotation marks)
+
+ :::image type="content" alt-text="Custom Configuration for ConfigureWebSignInAllowedUrls policy." source="images/pinreset/allowlist.png" lightbox="images/pinreset/allowlist.png":::
+
+1. Click the **Save** button to save the custom configuration.
+
+1. On the Assignments page, use the Included groups and Excluded groups sections to define the groups of users or devices that should receive this policy. Once you have completed configuring groups click the Next button.
+
+1. On the Applicability rules page, click **Next**.
+
+1. Review the configuration that is shown on the Review + create page to make sure that it is accurate. Click create to save the profile and apply it to the configured groups.
+
### Configure Web Sign-in Allowed URLs for Third Party Identity Providers on Azure AD Joined Devices
The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-authentication#authentication-configurewebsigninallowedurls) policy allows you to specify a list of domains that can be reached during PIN reset flows on Azure AD-joined devices. If you have a federated environment and authentication is handled using AD FS or a third-party identity provider, this policy should be set to ensure that authentication pages from that identity provider can be used during Azure AD joined PIN reset.
@@ -205,28 +275,29 @@ The [ConfigureWebSignInAllowedUrls](/windows/client-management/mdm/policy-csp-au
#### Configure Web Sign-in Allowed URLs using Microsoft Intune
-1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431)
-1. Select **Devices** > **Configuration profiles** > **Create profile**
+1. Sign in to the [Microsoft Endpoint Manager admin center](https://go.microsoft.com/fwlink/?linkid=2109431).
+1. Select **Devices** > **Configuration profiles** > **Create profile**.
1. Enter the following properties:
- - **Platform**: Select **Windows 10 and later**
- - **Profile type**: Select **Templates**
- - In the list of templates that is loaded, select **Custom** > **Create**
+ - **Platform**: Select **Windows 10 and later**.
+ - **Profile type**: Select **Templates**.
+ - In the list of templates that is loaded, select **Custom** > **Create**.
1. In **Basics**, enter the following properties:
- - **Name**: Enter a descriptive name for the profile
- - **Description**: Enter a description for the profile. This setting is optional, but recommended
-1. Select **Next**
+ - **Name**: Enter a descriptive name for the profile.
+ - **Description**: Enter a description for the profile. This setting is optional, but recommended.
+1. Select **Next**.
1. In **Configuration settings**, select **Add** and enter the following settings:
- Name: **Web Sign In Allowed URLs**
- Description: **(Optional) List of domains that are allowed during PIN reset flows**
- OMA-URI: `./Vendor/MSFT/Policy/Config/Authentication/ConfigureWebSignInAllowedUrls`
- Data type: **String**
- - Value: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be **signin.contoso.com;portal.contoso.com** (without quotation marks)
+ - Value: Provide a semicolon delimited list of domains needed for authentication during the PIN reset scenario. An example value would be **signin.contoso.com;portal.contoso.com** (without quotation marks).
:::image type="content" alt-text="Custom Configuration for ConfigureWebSignInAllowedUrls policy." source="images/pinreset/allowlist.png" lightbox="images/pinreset/allowlist-expanded.png":::
-1. Select **Save** > **Next**
-1. In **Assignments**, select the security groups that will receive the policy
-1. Select **Next**
-1. In **Applicability Rules**, select **Next**
-1. In **Review + create**, review your settings and select **Create**
+1. Select **Save** > **Next**.
+1. In **Assignments**, select the security groups that will receive the policy.
+1. Select **Next**.
+1. In **Applicability Rules**, select **Next**.
+1. In **Review + create**, review your settings and select **Create**.
+
> [!NOTE]
> For Azure Government, there is a known issue with PIN reset on Azure AD Joined devices failing. When the user attempts to launch PIN reset, the PIN reset UI shows an error page that says, "We can't open that page right now." The ConfigureWebSignInAllowedUrls policy can be used to work around this issue. If you are experiencing this problem and you are using Azure US Government cloud, set **login.microsoftonline.us** as the value for the ConfigureWebSignInAllowedUrls policy.
diff --git a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
index b622e6277f..9073c4ef60 100644
--- a/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
+++ b/windows/security/identity-protection/hello-for-business/hello-feature-remote-desktop.md
@@ -2,14 +2,14 @@
title: Remote Desktop
description: Learn how Windows Hello for Business supports using biometrics with remote desktop
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 02/24/2021
-ms.reviewer:
---
# Remote Desktop
@@ -18,10 +18,10 @@ ms.reviewer:
- Windows 10
- Windows 11
-- Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments
+- Hybrid and On-premises Windows Hello for Business deployments
- Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
-Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This functionality is not supported for key trust deployments. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md) to establish a remote desktop protocol connection.
+Windows Hello for Business supports using a certificate deployed to a Windows Hello for Business container as a supplied credential to establish a remote desktop connection to a server or another device. This feature takes advantage of the redirected smart card capabilities of the remote desktop protocol. Windows Hello for Business key trust can be used with [Windows Defender Remote Credential Guard](../remote-credential-guard.md) to establish a remote desktop protocol connection.
Microsoft continues to investigate supporting using keys trust for supplied credentials in a future release.
@@ -29,7 +29,7 @@ Microsoft continues to investigate supporting using keys trust for supplied cred
**Requirements**
-- Cloud only, Hybrid, and On-premises only Windows Hello for Business deployments
+- Hybrid and On-premises Windows Hello for Business deployments
- Azure AD joined, Hybrid Azure AD joined, and Enterprise joined devices
- Biometric enrollments
- Windows 10, version 1809 or later
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
index 76b94b5ddb..909df0b77b 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-authentication.md
@@ -2,22 +2,20 @@
title: How Windows Hello for Business works - Authentication
description: Learn about the authentication flow for Windows Hello for Business.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 02/15/2022
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Windows Hello for Business and Authentication
-**Applies to:**
-
-- Windows 10
-- Windows 11
-
Windows Hello for Business authentication is passwordless, two-factor authentication. Authenticating with Windows Hello for Business provides a convenient sign-in experience that authenticates the user to both Azure Active Directory and Active Directory resources.
Azure Active Directory-joined devices authenticate to Azure during sign-in and can optionally authenticate to Active Directory. Hybrid Azure Active Directory-joined devices authenticate to Active Directory during sign-in, and authenticate to Azure Active Directory in the background.
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
index c81ed991e1..7d93ef16b8 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-provisioning.md
@@ -2,22 +2,20 @@
title: How Windows Hello for Business works - Provisioning
description: Explore the provisioning flows for Windows Hello for Business, from within a variety of environments.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 2/15/2022
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Windows Hello for Business Provisioning
-**Applies to:**
-
-- Windows 10
-- Windows 11
-
Windows Hello for Business provisioning enables a user to enroll a new, strong, two-factor credential that they can use for passwordless authentication. Provisioning experience vary based on:
- How the device is joined to Azure Active Directory
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
index 1813f3e403..ff24499d85 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works-technology.md
@@ -2,23 +2,21 @@
title: How Windows Hello for Business works - technology and terms
description: Explore technology and terms associated with Windows Hello for Business. Learn how Windows Hello for Business works.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 10/08/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Technology and terms
-**Applies to:**
-
-- Windows 10
-- Windows 11
-
## Attestation identity keys
Because the endorsement certificate is unique for each device and doesn't change, the usage of it may present privacy concerns because it's theoretically possible to track a specific device. To avoid this privacy problem, Windows issues a derived attestation anchor based on the endorsement certificate. This intermediate key, which can be attested to an endorsement key, is the Attestation Identity Key (AIK) and the corresponding certificate is called the AIK certificate. This AIK certificate is issued by a Microsoft cloud service.
diff --git a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
index 768b3a0e02..cb5b134268 100644
--- a/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/hello-how-it-works.md
@@ -2,22 +2,20 @@
title: How Windows Hello for Business works
description: Learn how Windows Hello for Business works, and how it can help your users authenticate to services.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 05/05/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# How Windows Hello for Business works in Windows Devices
-**Applies to**
-
-- Windows 10
-- Windows 11
-
Windows Hello for Business is a modern, two-factor credential that is the more secure alternative to passwords. Whether you are cloud or on-premises, Windows Hello for Business has a deployment option for you. For cloud deployments, you can use Windows Hello for Business with Azure Active Directory-joined, Hybrid Azure Active Directory-joined, or Azure AD registered devices. Windows Hello for Business also works for domain joined devices.
Watch this quick video where Pieter Wigleven gives a simple explanation of how Windows Hello for Business works and some of its supporting features.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
index 51f303b2ba..c936ab0e6a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-base.md
@@ -2,26 +2,24 @@
title: Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business
description: Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support them.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
localizationpriority: medium
ms.date: 01/14/2021
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Azure Active Directory-join
+- ✅ Hybrid Deployment
+- ✅ Key trust
---
# Configure Azure AD-joined devices for On-premises Single-Sign On using Windows Hello for Business
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Azure Active Directory-joined
-- Hybrid Deployment
-- Key trust model
-
## Prerequisites
Before adding Azure Active Directory (Azure AD) joined devices to your existing hybrid deployment, you need to verify the existing deployment can support Azure AD-joined devices. Unlike hybrid Azure AD-joined devices, Azure AD-joined devices do not have a relationship with your Active Directory domain. This factor changes the way in which users authenticate to Active Directory. Validate the following configurations to ensure they support Azure AD-joined devices.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
index 53931e113c..875fe62728 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso-cert.md
@@ -2,26 +2,24 @@
title: Using Certificates for AADJ On-premises Single-sign On single sign-on
description: If you want to use certificates for on-premises single-sign on for Azure Active Directory-joined devices, then follow these additional steps.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Azure AD-join
+- ✅ Hybrid Deployment
+- ✅ Certificate trust
---
# Using Certificates for AADJ On-premises Single-sign On
-**Applies to:**
-
-- Windows 10
-- Windows 11
-- Azure Active Directory-joined
-- Hybrid Deployment
-- Certificate trust
-
If you plan to use certificates for on-premises single-sign on, then follow these **additional** steps to configure the environment to enroll Windows Hello for Business certificates for Azure AD-joined devices.
> [!IMPORTANT]
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
index 1acba0f5b3..0842bb52e6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-aadj-sso.md
@@ -2,24 +2,20 @@
title: Azure AD Join Single Sign-on Deployment
description: Learn how to provide single sign-on to your on-premises resources for Azure Active Directory-joined devices, using Windows Hello for Business.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Azure AD Join Single Sign-on Deployment
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Azure Active Directory-joined
-- Hybrid deployment
-
Windows Hello for Business combined with Azure Active Directory-joined devices makes it easy for users to securely access cloud-based resources using a strong, two-factor credential. Some resources may remain on-premises as enterprises transition resources to the cloud and Azure AD-joined devices may need to access these resources. With additional configurations to your current hybrid deployment, you can provide single sign-on to your on-premises resources for Azure Active Directory-joined devices using Windows Hello for Business, using a key or a certificate.
## Key vs. Certificate
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
index 546fe98a8e..1dbae77cc3 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-new-install.md
@@ -2,24 +2,22 @@
title: Hybrid Azure AD joined Windows Hello for Business Trust New Installation (Windows Hello for Business)
description: Learn about new installations for Windows Hello for Business certificate trust and the various technologies hybrid certificate trust deployments rely on.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Hybrid Azure AD joined Windows Hello for Business Certificate Trust New Installation
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate trust
-
Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid certificate trust deployments of Windows Hello for Business rely on these technologies
- [Active Directory](#active-directory)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
index 2d15af954c..b35fa21dac 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-devreg.md
@@ -2,24 +2,22 @@
title: Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
description: Azure Device Registration for Hybrid Certificate Trust Deployment (Windows Hello for Business)
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Configure Device Registration for Hybrid Azure AD joined Windows Hello for Business
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate trust
-
Your environment is federated and you're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration and device write-back to enable proper device authentication.
> [!IMPORTANT]
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
index edba57fd05..b6d189d7c1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust-prereqs.md
@@ -2,24 +2,22 @@
title: Hybrid Azure AD joined Windows Hello for Business Prerequisites
description: Learn these prerequisites for hybrid Windows Hello for Business deployments using certificate trust.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Hybrid Azure AD joined Windows Hello for Business Prerequisites
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate trust
-
Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources.
The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include:
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
index f9c3cf3feb..72086e9d13 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-trust.md
@@ -2,24 +2,22 @@
title: Hybrid Certificate Trust Deployment (Windows Hello for Business)
description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 09/08/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Hybrid Azure AD joined Certificate Trust Deployment
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate trust
-
Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid certificate trust scenario.
It is recommended that you review the Windows Hello for Business planning guide prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions. You can review the [planning guide](/windows/access-protection/hello-for-business/hello-planning-guide) and download the [planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514).
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
index f6e69dad32..6721675b09 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-provision.md
@@ -2,24 +2,22 @@
title: Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning (Windows Hello for Business)
description: In this article, learn about provisioning for hybrid certificate trust deployments of Windows Hello for Business.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Hybrid Azure AD joined Windows Hello for Business Certificate Trust Provisioning
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate trust
-
## Provisioning
The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
index f8b0c788c1..230a694361 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-ad.md
@@ -2,24 +2,22 @@
title: Configure Hybrid Azure AD joined Windows Hello for Business - Active Directory (AD)
description: Discussing the configuration of Active Directory (AD) in a Hybrid deployment of Windows Hello for Business
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate trust
-
The key synchronization process for the hybrid deployment of Windows Hello for Business needs the Windows Server 2016 Active Directory schema.
### Creating Security Groups
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
index ed13229f6a..03989ad22c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-adfs.md
@@ -2,24 +2,22 @@
title: Configuring Hybrid Azure AD joined Windows Hello for Business - Active Directory Federation Services (ADFS)
description: Discussing the configuration of Active Directory Federation Services (ADFS) in a Hybrid deployment of Windows Hello for Business
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Configure Hybrid Azure AD joined Windows Hello for Business: Active Directory Federation Services
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate trust
-
## Federation Services
The Windows Server 2016 Active Directory Federation Server Certificate Registration Authority (AD FS RA) enrolls for an enrollment agent certificate. Once the registration authority verifies the certificate request, it signs the certificate request using its enrollment agent certificate and sends it to the certificate authority.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
index 3dea044165..7e29ef7f6a 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-dir-sync.md
@@ -2,25 +2,23 @@
title: Configure Hybrid Azure AD joined Windows Hello for Business Directory Synch
description: Discussing Directory Synchronization in a Hybrid deployment of Windows Hello for Business
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Configure Hybrid Azure AD joined Windows Hello for Business- Directory Synchronization
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate Trust
-
## Directory Synchronization
In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
index 0a7da03055..e604fc736f 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-pki.md
@@ -2,25 +2,23 @@
title: Configuring Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure (PKI)
description: Discussing the configuration of the Public Key Infrastructure (PKI) in a Hybrid deployment of Windows Hello for Business
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Configure Hybrid Azure AD joined Windows Hello for Business - Public Key Infrastructure
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid Deployment
-- Certificate Trust
-
Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly-issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows between them and the client computer.
All deployments use enterprise issued certificates for domain controllers as a root of trust. Hybrid certificate trust deployments issue users with a sign-in certificate that enables them to authenticate using Windows Hello for Business credentials to non-Windows Server 2016 domain controllers. Additionally, hybrid certificate trust deployments issue certificates to registration authorities to provide defense-in-depth security when issuing user authentication certificates.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
index bba12adf27..2708e9a22c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings-policy.md
@@ -2,23 +2,22 @@
title: Configuring Hybrid Azure AD joined Windows Hello for Business - Group Policy
description: Discussing the configuration of Group Policy in a Hybrid deployment of Windows Hello for Business
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate trust
## Policy Configuration
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
index ec22d31a65..c0ba9ce415 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cert-whfb-settings.md
@@ -2,24 +2,22 @@
title: Configure Hybrid Windows Hello for Business Settings (Windows Hello for Business)
description: Learn how to configure Windows Hello for Business settings in hybrid certificate trust deployment.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Certificate trust
---
# Configure Hybrid Azure AD joined Windows Hello for Business
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Certificate trust
-
Your environment is federated and you are ready to configure your hybrid environment for Windows Hello for business using the certificate trust model.
> [!IMPORTANT]
> If your environment is not federated, review the [New Installation baseline](hello-hybrid-cert-new-install.md) section of this deployment document to learn how to federate your environment for your Windows Hello for Business deployment.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md
index 1f4f7f1f17..e8589d8b29 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-cloud-trust.md
@@ -2,22 +2,20 @@
title: Hybrid Cloud Trust Deployment (Windows Hello for Business)
description: Learn the information you need to successfully deploy Windows Hello for Business in a hybrid cloud trust scenario.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 2/15/2022
-ms.reviewer:
+appliesto:
+- ✅ Windows 10 21H2 and later
+- ✅ Windows 11
---
# Hybrid Cloud Trust Deployment (Preview)
-Applies to
-
-- Windows 10, version 21H2
-- Windows 11 and later
-
Windows Hello for Business replaces username and password Windows sign-in with strong authentication using an asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid cloud trust scenario.
## Introduction to Cloud Trust
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
index 66a720d026..98599d9132 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-new-install.md
@@ -2,25 +2,22 @@
title: Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation
description: Learn how to configure a hybrid key trust deployment of Windows Hello for Business for systems with no previous installations.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Windows Hello for Business Hybrid Azure AD joined Key Trust New Installation
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
-
Windows Hello for Business involves configuring distributed technologies that may or may not exist in your current infrastructure. Hybrid key trust deployments of Windows Hello for Business rely on these technologies
- [Active Directory](#active-directory)
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
index 4d064c210c..49cd5d3b42 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-devreg.md
@@ -2,25 +2,22 @@
title: Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business
description: Azure Device Registration for Hybrid Certificate Key Deployment (Windows Hello for Business)
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 05/04/2022
-ms.reviewer: prsriva
-
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Configure Device Registration for Hybrid Azure AD joined key trust Windows Hello for Business
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
You're ready to configure device registration for your hybrid environment. Hybrid Windows Hello for Business deployment needs device registration to enable proper device authentication.
> [!NOTE]
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
index 299e93c00c..d3e68887fd 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-dirsync.md
@@ -2,24 +2,22 @@
title: Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business
description: Azure Directory Synchronization for Hybrid Certificate Key Deployment (Windows Hello for Business)
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Configure Directory Synchronization for Hybrid Azure AD joined key trust Windows Hello for Business
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
You are ready to configure directory synchronization for your hybrid environment. Hybrid Windows Hello for Business deployment needs both a cloud and an on-premises identity to authenticate and access resources in the cloud or on-premises.
## Deploy Azure AD Connect
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
index 0850fae7f7..b732396e36 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust-prereqs.md
@@ -2,24 +2,21 @@
title: Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites (Windows Hello for Business)
description: Learn about the prerequisites for hybrid Windows Hello for Business deployments using key trust and what the next steps are in the deployment process.
ms.prod: m365-security
-author: mapalko
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Hybrid Azure AD joined Key trust Windows Hello for Business Prerequisites
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
Hybrid environments are distributed systems that enable organizations to use on-premises and Azure-based identities and resources. Windows Hello for Business uses the existing distributed system as a foundation on which organizations can provide two-factor authentication that provides a single sign-in like experience to modern resources.
The distributed systems on which these technologies were built involved several pieces of on-premises and cloud infrastructure. High-level pieces of the infrastructure include:
@@ -35,7 +32,7 @@ The distributed systems on which these technologies were built involved several
Hybrid Windows Hello for Business needs two directories: on-premises Active Directory and a cloud Azure Active Directory. The minimum required domain functional and forest functional levels for Windows Hello for Business deployment is Windows Server 2008 R2.
-A hybrid Windows Hello for Business deployment needs an Azure Active Directory subscription. The hybrid key trust deployment, does not need a premium Azure Active Directory subscription.
+A hybrid Windows Hello for Business deployment needs an Azure Active Directory subscription. The hybrid key trust deployment does not need a premium Azure Active Directory subscription.
You can deploy Windows Hello for Business in any environment with Windows Server 2008 R2 or later domain controllers.
If using the key trust deployment model, you MUST ensure that you have adequate (1 or more, depending on your authentication load) Windows Server 2016 or later Domain Controllers in each Active Directory site where users will be authenticating for Windows Hello for Business.
@@ -90,7 +87,7 @@ The minimum required Enterprise certificate authority that can be used with Wind
The two directories used in hybrid deployments must be synchronized. You need Azure Active Directory Connect to synchronize user accounts in the on-premises Active Directory with Azure Active Directory.
-Organizations using older directory synchronization technology, such as DirSync or Azure AD sync need to upgrade to Azure AD Connect.
+Organizations using older directory synchronization technology, such as DirSync or Azure AD sync, need to upgrade to Azure AD Connect.
### Section Review
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
index 833968247b..7a7e3f3eed 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-trust.md
@@ -2,24 +2,22 @@
title: Hybrid Key Trust Deployment (Windows Hello for Business)
description: Review this deployment guide to successfully deploy Windows Hello for Business in a hybrid key trust scenario.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/20/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Hybrid Azure AD joined Key Trust Deployment
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
Windows Hello for Business replaces username and password sign-in to Windows with strong user authentication based on asymmetric key pair. The following deployment guide provides the information needed to successfully deploy Windows Hello for Business in a hybrid key trust scenario.
It is recommended that you review the Windows Hello for Business planning guide prior to using the deployment guide. The planning guide helps you make decisions by explaining the available options with each aspect of the deployment and explains the potential outcomes based on each of these decisions. You can review the [planning guide](/windows/access-protection/hello-for-business/hello-planning-guide) and download the [planning worksheet](https://go.microsoft.com/fwlink/?linkid=852514).
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
index 925d6d12e8..4b009fe228 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-provision.md
@@ -2,24 +2,21 @@
title: Hybrid Azure AD joined Windows Hello for Business key trust Provisioning (Windows Hello for Business)
description: Learn about provisioning for hybrid key trust deployments of Windows Hello for Business and learn where to find the hybrid key trust deployment guide.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Hybrid Azure AD joined Windows Hello for Business Key Trust Provisioning
-
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
## Provisioning
The Windows Hello for Business provisioning begins immediately after the user has signed in, after the user profile is loaded, but before the user receives their desktop. Windows only launches the provisioning experience if all the prerequisite checks pass. You can determine the status of the prerequisite checks by viewing the **User Device Registration** in the **Event Viewer** under **Applications and Services Logs\Microsoft\Windows**.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
index bbdde28351..49124b1ddf 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-ad.md
@@ -2,23 +2,22 @@
title: Configuring Hybrid Azure AD joined key trust Windows Hello for Business - Active Directory (AD)
description: Configuring Hybrid key trust Windows Hello for Business - Active Directory (AD)
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
---
# Configuring Hybrid Azure AD joined key trust Windows Hello for Business: Active Directory
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
Configure the appropriate security groups to efficiently deploy Windows Hello for Business to users.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
index 0ed4142f70..1092173f9c 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-dir-sync.md
@@ -2,24 +2,22 @@
title: Hybrid Azure AD joined Windows Hello for Business - Directory Synchronization
description: How to configure Hybrid key trust Windows Hello for Business - Directory Synchronization
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Configure Hybrid Azure AD joined Windows Hello for Business: Directory Synchronization
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
## Directory Synchronization
In hybrid deployments, users register the public portion of their Windows Hello for Business credential with Azure. Azure AD Connect synchronizes the Windows Hello for Business public key to Active Directory.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
index 5f2d0ed289..8a9e8ee322 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-pki.md
@@ -2,25 +2,22 @@
title: Configure Hybrid Azure AD joined key trust Windows Hello for Business
description: Configuring Hybrid key trust Windows Hello for Business - Public Key Infrastructure (PKI)
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 04/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
-
# Configure Hybrid Azure AD joined Windows Hello for Business: Public Key Infrastructure
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid Deployment
-- Key trust
-
Windows Hello for Business deployments rely on certificates. Hybrid deployments use publicly issued server authentication certificates to validate the name of the server to which they are connecting and to encrypt the data that flows them and the client computer.
All deployments use enterprise issued certificates for domain controllers as a root of trust.
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
index 26b31e209b..4522c3b93d 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings-policy.md
@@ -2,24 +2,22 @@
title: Configure Hybrid Azure AD joined Windows Hello for Business - Group Policy
description: Configuring Hybrid key trust Windows Hello for Business - Group Policy
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Configure Hybrid Azure AD joined Windows Hello for Business: Group Policy
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
## Policy Configuration
You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from the [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
diff --git a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
index 29c29de56f..ea0439b451 100644
--- a/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-hybrid-key-whfb-settings.md
@@ -2,24 +2,22 @@
title: Configure Hybrid Azure AD joined Windows Hello for Business key trust Settings
description: Begin the process of configuring your hybrid key trust environment for Windows Hello for Business. Start with your Active Directory configuration.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 4/30/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Hybrid deployment
+- ✅ Key trust
---
# Configure Hybrid Azure AD joined Windows Hello for Business key trust settings
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- Hybrid deployment
-- Key trust
-
You are ready to configure your hybrid Azure AD joined key trust environment for Windows Hello for Business.
> [!IMPORTANT]
@@ -36,10 +34,6 @@ For the most efficient deployment, configure these technologies in order beginni
> [!div class="step-by-step"]
> [Configure Active Directory >](hello-hybrid-key-whfb-settings-ad.md)
-
-
-
-
## Follow the Windows Hello for Business hybrid key trust deployment guide
1. [Overview](hello-hybrid-key-trust.md)
diff --git a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
index 185768fe63..7a9e8e62b1 100644
--- a/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
+++ b/windows/security/identity-protection/hello-for-business/hello-identity-verification.md
@@ -2,9 +2,10 @@
title: Windows Hello for Business Deployment Prerequisite Overview
description: Overview of all the different infrastructure requirements for Windows Hello for Business deployment models
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
index d2c141ca3a..8761b3eaf6 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-adfs.md
@@ -2,24 +2,22 @@
title: Prepare & Deploy Windows Active Directory Federation Services with key trust (Windows Hello for Business)
description: How to Prepare and Deploy Windows Server 2016 Active Directory Federation Services for Windows Hello for Business using key trust.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployment
+- ✅ Key trust
---
# Prepare and Deploy Windows Server 2016 Active Directory Federation Services with Key Trust
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Key trust
-
Windows Hello for Business works exclusively with the Active Directory Federation Service role included with Windows Server 2016 and requires an additional server update. The on-premises key trust deployment uses Active Directory Federation Services roles for key registration and device registration.
The following guidance describes deploying a new instance of Active Directory Federation Services 2016 using the Windows Information Database as the configuration database, which is ideal for environments with no more than 30 federation servers and no more than 100 relying party trusts.
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
index 5baf31a055..b954e4d073 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-policy-settings.md
@@ -2,25 +2,22 @@
title: Configure Windows Hello for Business Policy settings - key trust
description: Configure Windows Hello for Business Policy settings for Windows Hello for Business
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployment
+- ✅ Key trust
---
# Configure Windows Hello for Business Policy settings - Key Trust
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Key trust
-
-
You need at least a Windows 10, version 1703 workstation to run the Group Policy Management Console, which provides the latest Windows Hello for Business and PIN Complexity Group Policy settings. To run the Group Policy Management Console, you need to install the Remote Server Administration Tools for Windows. You can download these tools from [Microsoft Download Center](https://www.microsoft.com/download/details.aspx?id=45520).
Install the Remote Server Administration Tools for Windows on a computer running Windows 10, version 1703 or later.
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
index c8227d9536..64195a8b82 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-ad-prereq.md
@@ -2,24 +2,22 @@
title: Key registration for on-premises deployment of Windows Hello for Business
description: How to Validate Active Directory prerequisites for Windows Hello for Business when deploying with the key trust model.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployment
+- ✅ Key trust
---
# Validate Active Directory prerequisites - Key Trust
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Key trust
-
Key trust deployments need an adequate number of 2016 or later domain controllers to ensure successful user authentication with Windows Hello for Business. To learn more about domain controller planning for key trust deployments, read the [Windows Hello for Business planning guide](hello-planning-guide.md), the [Planning an adequate number of Windows Server 2016 or later Domain Controllers for Windows Hello for Business deployments](hello-adequate-domain-controllers.md) section.
> [!NOTE]
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
index 968ae0d5b0..81e0df5016 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-deploy-mfa.md
@@ -2,27 +2,25 @@
title: Validate and Deploy MFA for Windows Hello for Business with key trust
description: How to Validate and Deploy Multifactor Authentication (MFA) Services for Windows Hello for Business with key trust
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployment
+- ✅ Key trust
---
# Validate and Deploy Multifactor Authentication (MFA)
> [!IMPORTANT]
> As of July 1, 2019, Microsoft will no longer offer MFA Server for new deployments. New customers who would like to require multifactor authentication from their users should use cloud-based Azure AD Multi-Factor Authentication. Existing customers who have activated MFA Server prior to July 1 will be able to download the latest version, future updates and generate activation credentials as usual.
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Key trust
-
Windows Hello for Business requires all users perform multi-factor authentication prior to creating and registering a Windows Hello for Business credential. On-premises deployments can use certificates, third-party authentication providers for AD FS, or a custom authentication provider for AD FS as an on-premises MFA option.
For information on available third-party authentication methods see [Configure Additional Authentication Methods for AD FS](/windows-server/identity/ad-fs/operations/configure-additional-authentication-methods-for-ad-fs). For creating a custom authentication method see [Build a Custom Authentication Method for AD FS in Windows Server](/windows-server/identity/ad-fs/development/ad-fs-build-custom-auth-method)
diff --git a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
index 809720fdba..d12ad32ade 100644
--- a/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
+++ b/windows/security/identity-protection/hello-for-business/hello-key-trust-validate-pki.md
@@ -2,25 +2,22 @@
title: Validate Public Key Infrastructure - key trust model (Windows Hello for Business)
description: How to Validate Public Key Infrastructure for Windows Hello for Business, under a key trust model.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ On-premises deployment
+- ✅ Key trust
---
-
# Validate and Configure Public Key Infrastructure - Key Trust
-**Applies to**
-
-- Windows 10, version 1703 or later
-- Windows 11
-- On-premises deployment
-- Key trust
-
Windows Hello for Business must have a public key infrastructure regardless of the deployment or trust model. All trust models depend on the domain controllers having a certificate. The certificate serves as a root of trust for clients to ensure they are not communicating with a rogue domain controller.
## Deploy an enterprise certificate authority
diff --git a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
index deba83abae..7127970af5 100644
--- a/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
+++ b/windows/security/identity-protection/hello-for-business/hello-manage-in-organization.md
@@ -2,24 +2,23 @@
title: Manage Windows Hello in your organization (Windows)
description: You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello for Business on devices running Windows 10.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 2/15/2022
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Manage Windows Hello for Business in your organization
-**Applies to**
-
-- Windows 10
-- Windows 11
-
You can create a Group Policy or mobile device management (MDM) policy that will implement Windows Hello on devices running Windows 10.
>[!IMPORTANT]
diff --git a/windows/security/identity-protection/hello-for-business/hello-overview.md b/windows/security/identity-protection/hello-for-business/hello-overview.md
index 37a81d4995..6a355853aa 100644
--- a/windows/security/identity-protection/hello-for-business/hello-overview.md
+++ b/windows/security/identity-protection/hello-for-business/hello-overview.md
@@ -1,25 +1,22 @@
---
title: Windows Hello for Business Overview (Windows)
-ms.reviewer: An overview of Windows Hello for Business
description: Learn how Windows Hello for Business replaces passwords with strong two-factor authentication on PCs and mobile devices in Windows 10 and Windows 11.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: conceptual
localizationpriority: medium
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
-
# Windows Hello for Business Overview
-**Applies to**
-
-- Windows 10
-- Windows 11
-
In Windows 10, Windows Hello for Business replaces passwords with strong two-factor authentication on devices. This authentication consists of a new type of user credential that is tied to a device and uses a biometric or PIN.
>[!NOTE]
diff --git a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
index 3212485067..c1dc768999 100644
--- a/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
+++ b/windows/security/identity-protection/hello-for-business/hello-planning-guide.md
@@ -2,23 +2,22 @@
title: Planning a Windows Hello for Business Deployment
description: Learn about the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of your infrastructure.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
localizationpriority: conceptual
ms.date: 09/16/2020
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Planning a Windows Hello for Business Deployment
-**Applies to**
-
-- Windows 10
-- Windows 11
-
Congratulations! You are taking the first step forward in helping move your organizations away from password to a two-factor, convenience authentication for Windows — Windows Hello for Business. This planning guide helps you understand the different topologies, architectures, and components that encompass a Windows Hello for Business infrastructure.
This guide explains the role of each component within Windows Hello for Business and how certain deployment decisions affect other aspects of the infrastructure. Armed with your planning worksheet, you'll use that information to select the correct deployment guide for your needs.
diff --git a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
index 6b57daee9c..89efd738ea 100644
--- a/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
+++ b/windows/security/identity-protection/hello-for-business/hello-prepare-people-to-use.md
@@ -1,24 +1,21 @@
---
title: Prepare people to use Windows Hello (Windows)
description: When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization.
-ms.reviewer:
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 08/19/2018
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
-
# Prepare people to use Windows Hello
-**Applies to**
-
-- Windows 10
-- Windows 11
-
When you set a policy to require Windows Hello for Business in the workplace, you will want to prepare people in your organization by explaining how to use Hello.
After enrollment in Hello, users should use their gesture (such as a PIN or fingerprint) for access to corporate resources. Their gesture is only valid on the enrolled device.
diff --git a/windows/security/identity-protection/hello-for-business/hello-videos.md b/windows/security/identity-protection/hello-for-business/hello-videos.md
index 05c92d9ba2..cf437e3bee 100644
--- a/windows/security/identity-protection/hello-for-business/hello-videos.md
+++ b/windows/security/identity-protection/hello-for-business/hello-videos.md
@@ -2,22 +2,19 @@
title: Windows Hello for Business Videos
description: View several informative videos describing features and experiences in Windows Hello for Business in Windows 10 and Windows 11.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 07/26/2022
-ms.reviewer: paoloma
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Windows Hello for Business Videos
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
## Overview of Windows Hello for Business and Features
Watch Pieter Wigleven explain Windows Hello for Business, Multi-factor Unlock, and Dynamic Lock
diff --git a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
index ef30d59ed1..887d2893eb 100644
--- a/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
+++ b/windows/security/identity-protection/hello-for-business/hello-why-pin-is-better-than-password.md
@@ -2,24 +2,22 @@
title: Why a PIN is better than an online password (Windows)
description: Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) an online password .
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 10/23/2017
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
-
# Why a PIN is better than an online password
-**Applies to**
-
-- Windows 10
-- Windows 11
-
Windows Hello in Windows 10 enables users to sign in to their device using a PIN. How is a PIN different from (and better than) a local password?
On the surface, a PIN looks much like a password. A PIN can be a set of numbers, but enterprise policy might allow complex PINs that include special characters and letters, both upper-case and lower-case. Something like **t758A!** could be an account password or a complex Hello PIN. It isn't the structure of a PIN (length, complexity) that makes it better than an online password, it's how it works. First we need to distinguish between two types of passwords: `local` passwords are validated against the machine's password store, whereas `online` passwords are validated against a server. This article mostly covers the benefits a PIN has over an online password, and also why it can be considered even better than a local password.
diff --git a/windows/security/identity-protection/hello-for-business/index.yml b/windows/security/identity-protection/hello-for-business/index.yml
index 62c038bd6b..bdd841ab2c 100644
--- a/windows/security/identity-protection/hello-for-business/index.yml
+++ b/windows/security/identity-protection/hello-for-business/index.yml
@@ -8,9 +8,10 @@ metadata:
description: Learn how to manage and deploy Windows Hello for Business.
ms.prod: m365-security
ms.topic: landing-page
- author: GitPrakhar13
- manager: dansimp
- ms.author: prsriva
+ author: paolomatarazzo
+ ms.author: paoloma
+ manager: aaroncz
+ ms.reviewer: prsriva
ms.date: 01/22/2021
ms.collection:
- M365-identity-device-management
diff --git a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
index 75645f288d..2d0f9aed02 100644
--- a/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
+++ b/windows/security/identity-protection/hello-for-business/microsoft-compatible-security-key.md
@@ -2,14 +2,14 @@
title: Microsoft-compatible security key
description: Learn how a Microsoft-compatible security key for Windows is different (and better) than any other FIDO2 security key.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 11/14/2018
-ms.reviewer:
---
# What is a Microsoft-compatible security key?
diff --git a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
index 74765dffac..be9b81f965 100644
--- a/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
+++ b/windows/security/identity-protection/hello-for-business/passwordless-strategy.md
@@ -2,14 +2,17 @@
title: Password-less strategy
description: Learn about the password-less strategy and how Windows Hello for Business implements this strategy in Windows 10 and Windows 11.
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: conceptual
localizationpriority: medium
ms.date: 05/24/2022
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Password-less strategy
diff --git a/windows/security/identity-protection/hello-for-business/reset-security-key.md b/windows/security/identity-protection/hello-for-business/reset-security-key.md
index e2f9b9e978..3818cf29e6 100644
--- a/windows/security/identity-protection/hello-for-business/reset-security-key.md
+++ b/windows/security/identity-protection/hello-for-business/reset-security-key.md
@@ -2,14 +2,14 @@
title: Reset-security-key
description: Windows 10 and Windows 11 enables users to sign in to their device using a security key. How to reset a security key
ms.prod: m365-security
-author: GitPrakhar13
-ms.author: prsriva
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: prsriva
ms.collection: M365-identity-device-management
ms.topic: article
localizationpriority: medium
ms.date: 11/14/2018
-ms.reviewer:
---
# How to reset a Microsoft-compatible security key?
> [!Warning]
diff --git a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
index 29e42655ab..aaca362314 100644
--- a/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
+++ b/windows/security/identity-protection/hello-for-business/retired/hello-how-it-works.md
@@ -2,21 +2,18 @@
title: How Windows Hello for Business works (Windows)
description: Learn about registration, authentication, key material, and infrastructure for Windows Hello for Business.
ms.prod: m365-security
-author: mapalko
ms.localizationpriority: high
-ms.author: mapalko
+author: paolomatarazzo
+ms.author: paoloma
ms.date: 10/16/2017
-ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.topic: article
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# How Windows Hello for Business works in Windows devices
-**Applies to**
-
-- Windows 10
-- Windows 11
-
Windows Hello for Business requires a registered device. When the device is set up, its user can use the device to authenticate to services. This topic explains how device registration works, what happens when a user requests authentication, how key material is stored and processed, and which servers and infrastructure components are involved in different parts of this process.
## Register a new user or device
@@ -58,14 +55,14 @@ Containers can contain several types of key material:
- An authentication key, which is always an asymmetric public–private key pair. This key pair is generated during registration. It must be unlocked each time it’s accessed, by using either the user’s PIN or a previously generated biometric gesture. The authentication key exists until the user resets the PIN, at which time a new key will be generated. When the new key is generated, all the key material that the old key previously protected must be decrypted and re-encrypted using the new key.
- Virtual smart card keys are generated when a virtual smart card is generated and stored securely in the container. They’re available whenever the user’s container is unlocked.
-- The IDP key. These keys can be either symmetric or asymmetric, depending on which IDP you use. A single container may contain zero or more IDP keys, with some restrictions (for example, the enterprise container can contain zero or one IDP keys). IDP keys are stored in the container. For certificate-based Windows Hello for Work, when the container is unlocked, applications that require access to the IDP key or key pair can request access. IDP keys are used to sign or encrypt authentication requests or tokens sent from this device to the IDP. IDP keys are typically long-lived but could have a shorter lifetime than the authentication key. Microsoft accounts, Active Directory accounts, and Azure AD accounts all require the use of asymmetric key pairs. The device generates public and private keys, registers the public key with the IDP (which stores it for later verification), and securely stores the private key. For enterprises, the IDP keys can be generated in two ways:
+- The IDP key. These keys can be either symmetric or asymmetric, depending on which IDP you use. A single container may contain zero or more IDP keys, with some restrictions (for example, the enterprise container can contain zero or one IDP key). IDP keys are stored in the container. For certificate-based Windows Hello for Work, when the container is unlocked, applications that require access to the IDP key or key pair can request access. IDP keys are used to sign or encrypt authentication requests or tokens sent from this device to the IDP. IDP keys are typically long-lived but could have a shorter lifetime than the authentication key. Microsoft accounts, Active Directory accounts, and Azure AD accounts all require the use of asymmetric key pairs. The device generates public and private keys, registers the public key with the IDP (which stores it for later verification), and securely stores the private key. For enterprises, the IDP keys can be generated in two ways:
- The IDP key pair can be associated with an enterprise Certificate Authority (CA) through the Windows Network Device Enrollment Service (NDES), described more fully in [Network Device Enrollment Service Guidance](/previous-versions/windows/it-pro/windows-server-2012-R2-and-2012/hh831498(v=ws.11)). In this case, Windows Hello requests a new certificate with the same key as the certificate from the existing PKI. This option lets organizations that have an existing PKI continue to use it where appropriate. Given that many applications, such as popular virtual private network systems, require the use of certificates, when you deploy Windows Hello in this mode, it allows a faster transition away from user passwords while still preserving certificate-based functionality. This option also allows the enterprise to store additional certificates in the protected container.
- The IDP can generate the IDP key pair directly, which allows quick, lower-overhead deployment of Windows Hello in environments that don’t have or need a PKI.
## How keys are protected
-Any time key material is generated, it must be protected against attack. The most robust way to do this is through specialized hardware. There’s a long history of using hardware security modules (HSMs) to generate, store, and process keys for security-critical applications. Smart cards are a special type of HSM, as are devices that are compliant with the Trusted Computing Group TPM standard. Wherever possible, the Windows Hello for Work implementation takes advantage of onboard TPM hardware to generate and protect keys. However, Windows Hello and Windows Hello for Work do not require an onboard TPM. Administrators can choose to allow key operations in software, in which case any user who has (or can escalate to) administrative rights on the device can use the IDP keys to sign requests. As an alternative, in some scenarios, devices that don’t have a TPM can be remotely authenticated by using a device that does have a TPM, in which case all the sensitive operations are performed with the TPM and no key material is exposed.
+Anytime key material is generated, it must be protected against attack. The most robust way to do this is through specialized hardware. There’s a long history of using hardware security modules (HSMs) to generate, store, and process keys for security-critical applications. Smart cards are a special type of HSM, as are devices that are compliant with the Trusted Computing Group TPM standard. Wherever possible, the Windows Hello for Work implementation takes advantage of onboard TPM hardware to generate and protect keys. However, Windows Hello and Windows Hello for Work do not require an onboard TPM. Administrators can choose to allow key operations in software, in which case any user who has (or can escalate to) administrative rights on the device can use the IDP keys to sign requests. As an alternative, in some scenarios, devices that don’t have a TPM can be remotely authenticated by using a device that does have a TPM, in which case all the sensitive operations are performed with the TPM and no key material is exposed.
Whenever possible, Microsoft recommends the use of TPM hardware. The TPM protects against a variety of known and potential attacks, including PIN brute-force attacks. The TPM provides an additional layer of protection after an account lockout, too. When the TPM has locked the key material, the user will have to reset the PIN (which means he or she will have to use MFA to reauthenticate to the IDP before the IDP allows him or her to re-register). Resetting the PIN means that all keys and certificates encrypted with the old key material will be removed.
@@ -74,7 +71,7 @@ Whenever possible, Microsoft recommends the use of TPM hardware. The TPM protect
When a user wants to access protected key material, the authentication process begins with the user entering a PIN or biometric gesture to unlock the device, a process sometimes called releasing the key. Think of it like using a physical key to unlock a door: before you can unlock the door, you need to remove the key from your pocket or purse. The user's PIN unlocks the protector key for the container on the device. When that container is unlocked, applications (and thus the user) can use whatever IDP keys reside inside the container.
-These keys are used to sign requests that are sent to the IDP, requesting access to specified resources. It’s important to understand that although the keys are unlocked, applications cannot use them at will. Applications can use specific APIs to request operations that require key material for particular actions (for example, decrypt an email message or sign in to a website). Access through these APIs doesn’t require explicit validation through a user gesture, and the key material isn’t exposed to the requesting application. Rather, the application asks for authentication, encryption, or decryption, and the Windows Hello layer handles the actual work and returns the results. Where appropriate, an application can request a forced authentication even on an unlocked device. Windows prompts the user to reenter the PIN or perform an authentication gesture, which adds an extra level of protection for sensitive data or actions. For example, you can configure the Microsoft Store to require reauthentication any time a user purchases an application, even though the same account and PIN or gesture were already used to unlock the device.
+These keys are used to sign requests that are sent to the IDP, requesting access to specified resources. It’s important to understand that although the keys are unlocked, applications cannot use them at will. Applications can use specific APIs to request operations that require key material for particular actions (for example, decrypt an email message or sign in to a website). Access through these APIs doesn’t require explicit validation through a user gesture, and the key material isn’t exposed to the requesting application. Rather, the application asks for authentication, encryption, or decryption, and the Windows Hello layer handles the actual work and returns the results. Where appropriate, an application can request a forced authentication even on an unlocked device. Windows prompts the user to reenter the PIN or perform an authentication gesture, which adds an extra level of protection for sensitive data or actions. For example, you can configure the Microsoft Store to require reauthentication anytime a user purchases an application, even though the same account and PIN or gesture were already used to unlock the device.
For example, the authentication process for Azure Active Directory works like this:
diff --git a/windows/security/identity-protection/index.md b/windows/security/identity-protection/index.md
index 330cc0041d..ee523e79f7 100644
--- a/windows/security/identity-protection/index.md
+++ b/windows/security/identity-protection/index.md
@@ -2,18 +2,21 @@
title: Identity and access management (Windows 10)
description: Learn more about identity and access protection technologies in Windows.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 02/05/2018
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Identity and access management
-Learn more about identity and access management technologies in Windows 10.
+Learn more about identity and access management technologies in Windows 10 and Windows 11.
| Section | Description |
|-|-|
diff --git a/windows/security/identity-protection/password-support-policy.md b/windows/security/identity-protection/password-support-policy.md
index 5cc29b63a0..a48a887b72 100644
--- a/windows/security/identity-protection/password-support-policy.md
+++ b/windows/security/identity-protection/password-support-policy.md
@@ -1,16 +1,15 @@
---
title: Technical support policy for lost or forgotten passwords
description: Outlines the ways in which Microsoft can help you reset a lost or forgotten password, and provides links to instructions for doing so.
-ms.reviewer: kaushika
-manager: kaushika
ms.custom:
- CI ID 110060
- CSSTroubleshoot
-ms.author: v-tappelgate
ms.prod: m365-security
-author: Teresa-Motiv
ms.topic: article
ms.localizationpriority: medium
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.date: 11/20/2019
---
diff --git a/windows/security/identity-protection/remote-credential-guard.md b/windows/security/identity-protection/remote-credential-guard.md
index a477d48218..4d160b97b2 100644
--- a/windows/security/identity-protection/remote-credential-guard.md
+++ b/windows/security/identity-protection/remote-credential-guard.md
@@ -2,22 +2,21 @@
title: Protect Remote Desktop credentials with Windows Defender Remote Credential Guard (Windows 10)
description: Windows Defender Remote Credential Guard helps to secure your Remote Desktop credentials by never sending them to the target device.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 01/12/2018
+appliesto:
+- ✅ Windows 10
+- ✅ Windows Server 2016
---
# Protect Remote Desktop credentials with Windows Defender Remote Credential Guard
-**Applies to**
-- Windows 10
-- Windows Server 2016
-
Introduced in Windows 10, version 1607, Windows Defender Remote Credential Guard helps you protect your credentials over a Remote Desktop connection by redirecting Kerberos requests back to the device that's requesting the connection. It also provides single sign-on experiences for Remote Desktop sessions.
Administrator credentials are highly privileged and must be protected. By using Windows Defender Remote Credential Guard to connect during Remote Desktop sessions, if the target device is compromised, your credentials are not exposed because both credential and credential derivatives are never passed over the network to the target device.
diff --git a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
index 101b50087d..613d27bf02 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-and-remote-desktop-services.md
@@ -2,20 +2,23 @@
title: Smart Card and Remote Desktop Services (Windows)
description: This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
-
# Smart Card and Remote Desktop Services
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
This topic for the IT professional describes the behavior of Remote Desktop Services when you implement smart card sign-in.
The content in this topic applies to the versions of Windows that are designated in the **Applies To** list at the beginning of this topic. In these versions, smart card redirection logic and **WinSCard** API are combined to support multiple redirected sessions into a single process.
@@ -60,7 +63,7 @@ When smart card-enabled single sign-in (SSO) is used for Remote Desktop Services
### Remote Desktop Services and smart card sign-in
-Remote Desktop Services enable users to sign in with a smart card by entering a PIN on the RDC client computer and sending it to the RD Session Host server in a manner similar to authentication that is based on user name and password.
+Remote Desktop Services enables users to sign in with a smart card by entering a PIN on the RDC client computer and sending it to the RD Session Host server in a manner similar to authentication that is based on user name and password.
In addition, Group Policy settings that are specific to Remote Desktop Services need to be enabled for smart card-based sign-in.
diff --git a/windows/security/identity-protection/smart-cards/smart-card-architecture.md b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
index ddc63b2e02..3fa8e4255e 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-architecture.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-architecture.md
@@ -2,20 +2,24 @@
title: Smart Card Architecture (Windows)
description: This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Smart Card Architecture
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
This topic for the IT professional describes the system architecture that supports smart cards in the Windows operating system, including credential provider architecture and the smart card subsystem architecture.
Authentication is a process for verifying the identity of an object or person. When you authenticate an object, such as a smart card, the goal is to verify that the object is genuine. When you authenticate a person, the goal is to verify that you are not dealing with an imposter.
@@ -118,7 +122,7 @@ The global data cache is hosted in the Smart Cards for Windows service. Windows
The PIN cache protects the user from entering a PIN every time the smart card is unauthenticated. After a smart card is authenticated, it will not differentiate among host-side applications—any application can access private data on the smart card.
-To mitigate this, the smart card enters an exclusive state when an application authenticates to the smart card. However, this means that other applications cannot communicate with the smart card and will be blocked. Therefore, such exclusive connections are minimized. The issue is that a protocol (such as the Kerberos protocol) requires multiple signing operations. Therefore, the protocol requires exclusive access to the smart card over an extended period, or it require multiple authentication operations. This is where the PIN cache is used to minimize exclusive use of the smart card without forcing the user to enter a PIN multiple times.
+To mitigate this, the smart card enters an exclusive state when an application authenticates to the smart card. However, this means that other applications cannot communicate with the smart card and will be blocked. Therefore, such exclusive connections are minimized. The issue is that a protocol (such as the Kerberos protocol) requires multiple signing operations. Therefore, the protocol requires exclusive access to the smart card over an extended period, or it requires multiple authentication operations. This is where the PIN cache is used to minimize exclusive use of the smart card without forcing the user to enter a PIN multiple times.
The following example illustrates how this works. In this scenario, there are two applications: Outlook and Internet Explorer. The applications use smart cards for different purposes.
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
index ad0699cf6a..ef2c516483 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-propagation-service.md
@@ -2,20 +2,24 @@
title: Certificate Propagation Service (Windows)
description: This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 08/24/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Certificate Propagation Service
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
This topic for the IT professional describes the certificate propagation service (CertPropSvc), which is used in smart card implementation.
The certificate propagation service activates when a signed-in user inserts a smart card in a reader that is attached to the computer. This action causes the certificate to be read from the smart card. The certificates are then added to the user's Personal store. Certificate propagation service actions are controlled by using Group Policy. For more information, see [Smart Card Group Policy and Registry Settings](smart-card-group-policy-and-registry-settings.md).
diff --git a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
index 701f3dccd8..df7c9505b6 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-certificate-requirements-and-enumeration.md
@@ -2,20 +2,24 @@
title: Certificate Requirements and Enumeration (Windows)
description: This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Certificate Requirements and Enumeration
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
This topic for the IT professional and smart card developers describes how certificates are managed and used for smart card sign-in.
When a smart card is inserted, the following steps are performed.
diff --git a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
index 50881d1ef8..7f0143c568 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-debugging-information.md
@@ -2,21 +2,26 @@
title: Smart Card Troubleshooting (Windows)
description: Describes the tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Smart Card Troubleshooting
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
This article explains tools and services that smart card developers can use to help identify certificate issues with the smart card deployment.
Debugging and tracing smart card issues requires a variety of tools and approaches. The following sections provide guidance about tools and approaches you can use.
diff --git a/windows/security/identity-protection/smart-cards/smart-card-events.md b/windows/security/identity-protection/smart-cards/smart-card-events.md
index 9585fdfb5e..a750b165ca 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-events.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-events.md
@@ -2,51 +2,47 @@
title: Smart Card Events (Windows)
description: This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Smart Card Events
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
This topic for the IT professional and smart card developer describes events that are related to smart card deployment and development.
A number of events can be used to monitor smart card activities on a computer, including installation, use, and errors. The following sections describe the events and information that can be used to manage smart cards in an organization.
-- [Smart card reader name](#smart-card-reader-name)
-
-- [Smart card warning events](#smart-card-warning-events)
-
-- [Smart card error events](#smart-card-error-events)
-
-- [Smart card Plug and Play events](#smart-card-plug-and-play-events)
-
+- [Smart card reader name](#smart-card-reader-name)
+- [Smart card warning events](#smart-card-warning-events)
+- [Smart card error events](#smart-card-error-events)
+- [Smart card Plug and Play events](#smart-card-plug-and-play-events)
## Smart card reader name
-The Smart Card resource manager does not use the device name from Device Manager to describe a smart card reader. Instead, the name is constructed from three device attributes that are queried directly from the smart card reader driver.
+The Smart Card resource manager doesn't use the device name from Device Manager to describe a smart card reader. Instead, the name is constructed from three device attributes that are queried directly from the smart card reader driver.
The following three attributes are used to construct the smart card reader name:
-- Vendor name
-
-- Interface device type
-
-- Device unit
+- Vendor name
+- Interface device type
+- Device unit
The smart card reader device name is constructed in the form <*VendorName*> <*Type*> <*DeviceUnit*>. For example 'Contoso Smart Card Reader 0' is constructed from the following information:
-- Vendor name: Contoso
-
-- Interface device type: Smart Card Reader
-
-- Device unit: 0
+- Vendor name: Contoso
+- Interface device type: Smart Card Reader
+- Device unit: 0
## Smart card warning events
@@ -54,8 +50,8 @@ The smart card reader device name is constructed in the form <*VendorName*>
| **Event ID** | **Warning Message** | **Description** |
|--------------|---------|--------------------------------------------------------------------------------------------|
-| 620 | Smart Card Resource Manager was unable to cancel IOCTL %3 for reader '%2': %1. The reader may no longer be responding. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs if the resource manager attempts to cancel a command to the smart card reader when the smart card service is shutting down or after a smart card is removed from the smart card reader and the command could not to be canceled. This can leave the smart card reader in an unusable state until it is removed from the computer or the computer is restarted.
%1 = Windows error code
%2 = Smart card reader name
%3 = IOCTL being canceled
%4 = First 4 bytes of the command that was sent to the smart card |
-| 619 | Smart Card Reader '%2' has not responded to IOCTL %3 in %1 seconds. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs when a reader has not responded to an IOCTL after an unusually long period of time. Currently, this error is sent after a reader does not respond for 150 seconds. This can leave the smart card reader in an unusable state until it is removed from the computer or the computer is restarted.
%1 = Number of seconds the IOCTL has been waiting
%2 = Smart card reader name
%3 = IOCTL sent
%4 = First 4 bytes of the command that was sent to the smart card |
+| 620 | Smart Card Resource Manager was unable to cancel IOCTL %3 for reader '%2': %1. The reader may no longer be responding. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs if the resource manager attempts to cancel a command to the smart card reader when the smart card service is shutting down or after a smart card is removed from the smart card reader and the command could not be canceled. This can leave the smart card reader in an unusable state until it's removed from the computer or the computer is restarted.
%1 = Windows error code
%2 = Smart card reader name
%3 = IOCTL being canceled
%4 = First 4 bytes of the command that was sent to the smart card |
+| 619 | Smart Card Reader '%2' hasn't responded to IOCTL %3 in %1 seconds. If this error persists, your smart card or reader may not be functioning correctly. %n%nCommand Header: %4 | This occurs when a reader hasn't responded to an IOCTL after an unusually long period of time. Currently, this error is sent after a reader doesn't respond for 150 seconds. This can leave the smart card reader in an unusable state until it's removed from the computer or the computer is restarted.
%1 = Number of seconds the IOCTL has been waiting
%2 = Smart card reader name
%3 = IOCTL sent
%4 = First 4 bytes of the command that was sent to the smart card |
## Smart card error events
@@ -67,7 +63,7 @@ The smart card reader device name is constructed in the form <*VendorName*>
| 205 | Reader object has duplicate name: %1 | There are two smart card readers that have the same name. Remove the smart card reader that is causing this error message.
%1 = Name of the smart card reader that is duplicated |
| 206 | Failed to create global reader change event. | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue. |
| 401 | Reader shutdown exception from eject smart card command | A smart card reader could not eject a smart card while the smart card reader was shutting down. |
-| 406 | Reader object cannot Identify Device | A smart card reader did not properly respond to a request for information about the device, which is required for constructing the smart card reader name. The smart card reader will not be recognized by the service until it is removed from the computer and reinserted or until the computer is restarted. |
+| 406 | Reader object cannot Identify Device | A smart card reader did not properly respond to a request for information about the device, which is required for constructing the smart card reader name. The smart card reader will not be recognized by the service until it's removed from the computer and reinserted or until the computer is restarted. |
| 502 | Initialization of Service Status Critical Section failed | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue. |
| 504 | Resource Manager cannot create shutdown event flag: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.
%1 = Windows error code |
| 506 | Smart Card Resource Manager failed to register service: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.
%1 = Windows error code |
@@ -95,10 +91,10 @@ The smart card reader device name is constructed in the form <*VendorName*>
| 609 | Reader monitor failed to create overlapped event: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.
%1 = Windows error code |
| 610 | Smart Card Reader '%2' rejected IOCTL %3: %1 If this error persists, your smart card or reader may not be functioning correctly.%n%nCommand Header: %4 | The reader cannot successfully transmit the indicated IOCTL to the smart card. This can indicate hardware failure, but this error can also occur if a smart card or smart card reader is removed from the system while an operation is in progress.
%1 = Windows error code
%2 = Name of the smart card reader
%3 = IOCTL that was sent
%4 = First 4 bytes of the command sent to the smart card
These events are caused by legacy functionality in the smart card stack. It can be ignored if there is no noticeable failure in the smart card usage scenarios. You might also see this error if your eSIM is recognized as a smartcard controller.|
| 611 | Smart Card Reader initialization failed | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve this issue. |
-| 612 | Reader insertion monitor error retry threshold reached: %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.
%1 = Windows error code |
-| 615 | Reader removal monitor error retry threshold reached: %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.
%1 = Windows error code |
-| 616 | Reader monitor '%2' received uncaught error code: %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.
%1 = Windows error code
%2 = Reader name |
-| 617 | Reader monitor '%1' exception -- exiting thread | An unknown error occurred while monitoring a smart card reader for smart card insertions and removals. The smart card reader is marked as defective, and it is not recognized by the service until it is removed from the computer and reinserted or until the computer is restarted.
%1 = Smart card reader name |
+| 612 | Reader insertion monitor error retry threshold reached: %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.
%1 = Windows error code |
+| 615 | Reader removal monitor error retry threshold reached: %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.
%1 = Windows error code |
+| 616 | Reader monitor '%2' received uncaught error code: %1 | This occurs when a smart card reader fails several times to respond properly to the IOCTL, which indicates whether a smart card is present in the reader. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.
%1 = Windows error code
%2 = Reader name |
+| 617 | Reader monitor '%1' exception -- exiting thread | An unknown error occurred while monitoring a smart card reader for smart card insertions and removals. The smart card reader is marked as defective, and it is not recognized by the service until it's removed from the computer and reinserted or until the computer is restarted.
%1 = Smart card reader name |
| 618 | Smart Card Resource Manager encountered an unrecoverable internal error. | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue. |
| 621 | Server Control failed to access start event: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.
%1 = Windows error code
These events are caused by legacy functionality in the smart card stack. It can be ignored if there is no noticeable failure in the smart card usage scenarios. |
| 622 | Server Control failed to access stop event: %1 | This is an internal, unrecoverable error that indicates a failure in the smart card service. The most common cause is limited computer resources. Restarting the computer may resolve the issue.
%1 = Windows error code |
diff --git a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
index 897140b630..2b1c30addd 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-group-policy-and-registry-settings.md
@@ -2,20 +2,24 @@
title: Smart Card Group Policy and Registry Settings (Windows)
description: Discover the Group Policy, registry key, local security policy, and credential delegation policy settings that are available for configuring smart cards.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 11/02/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Smart Card Group Policy and Registry Settings
-Applies to: Windows 10, Windows 11, Windows Server 2016 and above
-
This article for IT professionals and smart card developers describes the Group Policy settings, registry key settings, local security policy settings, and credential delegation policy settings that are available for configuring smart cards.
The following sections and tables list the smart card-related Group Policy settings and registry keys that can be set on a per-computer basis. If you use domain Group Policy Objects (GPOs), you can edit and apply Group Policy settings to local or domain computers.
@@ -89,7 +93,7 @@ The following table lists the default values for these GPO settings. Variations
### Allow certificates with no extended key usage certificate attribute
-You can use this policy setting to allow certificates without an enhanced key usage (EKU) set to be used for sign in.
+You can use this policy setting to allow certificates without an enhanced key usage (EKU) set to be used for sign-in.
> [!NOTE]
> Enhanced key usage certificate attribute is also known as extended key usage.
@@ -145,9 +149,9 @@ When this setting isn't turned on, the feature is not available.
### Allow signature keys valid for Logon
-You can use this policy setting to allow signature key–based certificates to be enumerated and available for sign in.
+You can use this policy setting to allow signature key–based certificates to be enumerated and available for sign-in.
-When this setting is turned on, any certificates that are available on the smart card with a signature-only key are listed on the sign-in screen.
+When this setting is turned on, any certificates that are available on the smart card with a signature-only key are listed on the sign-in screen.
When this setting isn't turned on, certificates available on the smart card with a signature-only key aren't listed on the sign-in screen.
@@ -160,7 +164,7 @@ When this setting isn't turned on, certificates available on the smart card with
### Allow time invalid certificates
-You can use this policy setting to permit certificates that are expired or not yet valid to be displayed for sign in.
+You can use this policy setting to permit certificates that are expired or not yet valid to be displayed for sign-in.
> [!NOTE]
> Before Windows Vista, certificates were required to contain a valid time and to not expire. For a certificate to be used, it must be accepted by the domain controller. This policy setting only controls which certificates are displayed on the client computer.
@@ -178,7 +182,7 @@ When this policy setting isn't turned on, certificates that are expired or not y
### Allow user name hint
-You can use this policy setting to determine whether an optional field appears during sign in and provides a subsequent elevation process where users can enter their username or username and domain, which associates a certificate with the user.
+You can use this policy setting to determine whether an optional field appears during sign-in and provides a subsequent elevation process where users can enter their username or username and domain, which associates a certificate with the user.
When this policy setting is turned on, users see an optional field where they can enter their username or username and domain.
@@ -191,7 +195,7 @@ When this policy setting isn't turned on, users don't see this optional field.
| Policy management | Restart requirement: None
Sign off requirement: None
Policy conflicts: None |
| Notes and resources | |
-### Configure root certificate clean up
+### Configure root certificate clean-up
You can use this policy setting to manage the cleanup behavior of root certificates. Certificates are verified by using a trust chain, and the trust anchor for the digital certificate is the Root Certification Authority (CA). A CA can issue multiple certificates with the root certificate as the top certificate of the tree structure. A private key is used to sign other certificates. This creates an inherited trustworthiness for all certificates immediately under the root certificate.
@@ -251,17 +255,17 @@ This policy setting is applied to the computer after the [Allow time invalid cer
### Force the reading of all certificates from the smart card
-You can use this policy setting to manage how Windows reads all certificates from the smart card for sign in. During sign in, Windows reads only the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This policy setting forces Windows to read all the certificates from the smart card.
+You can use this policy setting to manage how Windows reads all certificates from the smart card for sign-in. During sign-in, Windows reads only the default certificate from the smart card unless it supports retrieval of all certificates in a single call. This policy setting forces Windows to read all the certificates from the smart card.
-When this policy setting is turned on, Windows attempts to read all certificates from the smart card, regardless of the CSP feature set.
+When this policy setting is turned on, Windows attempts to read all certificates from the smart card, regardless of the CSP feature set.
-When this policy isn't turned on, Windows attempts to read only the default certificate from smart cards that don't support retrieval of all certificates in a single call. Certificates other than the default aren't available for sign in.
+When this policy isn't turned on, Windows attempts to read only the default certificate from smart cards that don't support retrieval of all certificates in a single call. Certificates other than the default aren't available for sign-in.
| **Item** | **Description** |
|--------------------------------------|----------------------------------------------------------------------------|
| Registry key | **ForceReadingAllCertificates** |
| Default values | No changes per operating system versions
Disabled and not configured are equivalent |
-| Policy management | Restart requirement: None
Sign off requirement: None
Policy conflicts: None
**Important**: Enabling this policy setting can adversely impact performance during the sign in process in certain situations. |
+| Policy management | Restart requirement: None
Sign off requirement: None
Policy conflicts: None
**Important**: Enabling this policy setting can adversely impact performance during the sign-in process in certain situations. |
| Notes and resources | Contact the smart card vendor to determine if your smart card and associated CSP support the required behavior. |
### Notify user of successful smart card driver installation
@@ -299,12 +303,12 @@ When this setting isn't turned on, Credential Manager can return plaintext PINs.
### Reverse the subject name stored in a certificate when displaying
-You can use this policy setting to control the way the subject name appears during sign in.
+You can use this policy setting to control the way the subject name appears during sign-in.
> [!NOTE]
> To help users distinguish one certificate from another, the user principal name (UPN) and the common name are displayed by default. For example, when this setting is enabled, if the certificate subject is CN=User1, OU=Users, DN=example, DN=com and the UPN is user1@example.com, "User1" is displayed with "user1@example.com." If the UPN is not present, the entire subject name is displayed. This setting controls the appearance of that subject name, and it might need to be adjusted for your organization.
-When this policy setting is turned on, the subject name during sign in appears reversed from the way that it's stored in the certificate.
+When this policy setting is turned on, the subject name during sign-in appears reversed from the way that it's stored in the certificate.
When this policy setting isn’t turned on, the subject name appears the same as it’s stored in the certificate.
diff --git a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
index 9fb023c25f..4019c75ad2 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-how-smart-card-sign-in-works-in-windows.md
@@ -2,21 +2,26 @@
title: How Smart Card Sign-in Works in Windows
description: This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# How Smart Card Sign-in Works in Windows
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
This topic for IT professional provides links to resources about the implementation of smart card technologies in the Windows operating system. It includes the following resources about the architecture, certificate management, and services that are related to smart card use:
- [Smart Card Architecture](smart-card-architecture.md): Learn about enabling communications with smart cards and smart card readers, which can be different according to the vendor that supplies them.
diff --git a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
index 5757f75aa1..79ce85481a 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-removal-policy-service.md
@@ -2,20 +2,24 @@
title: Smart Card Removal Policy Service (Windows)
description: This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Smart Card Removal Policy Service
-Applies To: Windows 10, Windows 11, Windows Server 2016
-
This topic for the IT professional describes the role of the removal policy service (ScPolicySvc) in smart card implementation.
The smart card removal policy service is applicable when a user has signed in with a smart card and then removes that smart card from the reader. The action that is performed when the smart card is removed is controlled by Group Policy settings. For more information, see [Smart Card Group Policy and Registry Settings](smart-card-group-policy-and-registry-settings.md).
@@ -26,7 +30,7 @@ The smart card removal policy service is applicable when a user has signed in wi
The numbers in the previous figure represent the following actions:
-1. Winlogon is not directly involved in monitoring for smart card removal events. The sequence of steps that are involved when a smart card is removed begins with the smart card credential provider in the sign-in UI process. When a user successfully signs in with a smart card, the smart card credential provider captures the reader name. This information is then stored in the registry with the session identifier where the sign in was initiated.
+1. Winlogon is not directly involved in monitoring for smart card removal events. The sequence of steps that are involved when a smart card is removed begins with the smart card credential provider in the sign-in UI process. When a user successfully signs in with a smart card, the smart card credential provider captures the reader name. This information is then stored in the registry with the session identifier where the sign-in was initiated.
2. The smart card resource manager service notifies the smart card removal policy service that a sign-in has occurred.
diff --git a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
index 0345ccac67..4acfbe37c2 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-smart-cards-for-windows-service.md
@@ -2,20 +2,24 @@
title: Smart Cards for Windows Service (Windows)
description: This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service manages readers and application interactions.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Smart Cards for Windows Service
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
This topic for the IT professional and smart card developers describes how the Smart Cards for Windows service (formerly called Smart Card Resource Manager) manages readers and application interactions.
The Smart Cards for Windows service provides the basic infrastructure for all other smart card components as it manages smart card readers and application interactions on the computer. It is fully compliant with the specifications set by the PC/SC Workgroup. For information about these specifications, see the [PC/SC Workgroup Specifications website](https://pcscworkgroup.com/).
diff --git a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
index a7c1c2bfa4..faab6d1c50 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-tools-and-settings.md
@@ -2,20 +2,24 @@
title: Smart Card Tools and Settings (Windows)
description: This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Smart Card Tools and Settings
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
This topic for the IT professional and smart card developer links to information about smart card debugging, settings, and events.
This section of the Smart Card Technical Reference contains information about the following:
diff --git a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
index 7f577b80dd..7899c14e50 100644
--- a/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
+++ b/windows/security/identity-protection/smart-cards/smart-card-windows-smart-card-technical-reference.md
@@ -2,20 +2,24 @@
title: Smart Card Technical Reference (Windows)
description: Learn about the Windows smart card infrastructure for physical smart cards, and how smart card-related components work in Windows.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: ardenw
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Smart Card Technical Reference
-Applies To: Windows 10, Windows 11, Windows Server 2016 and above
-
The Smart Card Technical Reference describes the Windows smart card infrastructure for physical smart cards and how smart card-related components work in Windows. This document also contains information about tools that information technology (IT) developers and administrators can use to troubleshoot, debug, and deploy smart card-based strong authentication in the enterprise.
## Audience
diff --git a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
index ded2f140d2..42aca41a0a 100644
--- a/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
+++ b/windows/security/identity-protection/user-account-control/how-user-account-control-works.md
@@ -1,26 +1,27 @@
---
title: How User Account Control works (Windows)
description: User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
-ms.reviewer:
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: sulahiri
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/23/2021
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# How User Account Control works
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
User Account Control (UAC) is a fundamental component of Microsoft's overall security vision. UAC helps mitigate the impact of malware.
## UAC process and interactions
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
index eb97277ed7..e54d14dafe 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-group-policy-and-registry-key-settings.md
@@ -2,25 +2,25 @@
title: User Account Control Group Policy and registry key settings (Windows)
description: Here's a list of UAC Group Policy and registry key settings that your organization can use to manage UAC.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: sulahiri
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# User Account Control Group Policy and registry key settings
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
## Group Policy settings
There are 10 Group Policy settings that can be configured for User Account Control (UAC). The table lists the default for each of the policy settings, and the following sections explain the different UAC policy settings and provide recommendations. These policy settings are located in **Security Settings\\Local Policies\\Security Options** in the Local Security Policy snap-in. For more information about each of the Group Policy settings, see the Group Policy description. For information about the registry key settings, see [Registry key settings](#registry-key-settings).
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-overview.md b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
index 2e12c5d66e..e9b562bbe0 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-overview.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-overview.md
@@ -1,26 +1,27 @@
---
title: User Account Control (Windows)
description: User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop.
-ms.reviewer:
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: sulahiri
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.date: 09/24/2011
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# User Account Control
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
User Account Control (UAC) helps prevent malware from damaging a PC and helps organizations deploy a better-managed desktop. With UAC, apps and tasks always run in the security context of a non-administrator account, unless an administrator specifically authorizes administrator-level access to the system. UAC can block the automatic installation of unauthorized apps and prevent inadvertent changes to system settings.
UAC allows all users to log on to their computers using a standard user account. Processes launched using a standard user token may perform tasks using access rights granted to a standard user. For instance, Windows Explorer automatically inherits standard user level permissions. Additionally, any apps that are started using Windows Explorer (for example, by double-clicking a shortcut) also run with the standard set of user permissions. Many apps, including those that are included with the operating system itself, are designed to work properly in this way.
diff --git a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
index d5a71d6a7b..cacda816c0 100644
--- a/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
+++ b/windows/security/identity-protection/user-account-control/user-account-control-security-policy-settings.md
@@ -1,27 +1,27 @@
---
title: User Account Control security policy settings (Windows)
description: You can use security policies to configure how User Account Control works in your organization.
-ms.reviewer:
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: sulahiri
+manager: aaroncz
ms.collection:
- M365-identity-device-management
- highpri
ms.topic: article
ms.localizationpriority: medium
ms.date: 09/24/2021
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# User Account Control security policy settings
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
-
-
You can use security policies to configure how User Account Control works in your organization. They can be configured locally by using the Local Security Policy snap-in (secpol.msc) or configured for the domain, OU, or specific groups by Group Policy.
## User Account Control: Admin Approval Mode for the Built-in Administrator account
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
index a6b311b8f1..763ba1f346 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-deploy-virtual-smart-cards.md
@@ -2,14 +2,16 @@
title: Deploy Virtual Smart Cards (Windows 10)
description: This topic for the IT professional discusses the factors to consider when you deploy a virtual smart card authentication solution.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows Server 2016
---
# Deploy Virtual Smart Cards
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
index cb90ff6746..703582c5a0 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-evaluate-security.md
@@ -2,20 +2,20 @@
title: Evaluate Virtual Smart Card Security (Windows 10)
description: This topic for the IT professional describes security characteristics and considerations when deploying TPM virtual smart cards.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows Server 2016
---
# Evaluate Virtual Smart Card Security
-Applies To: Windows 10, Windows Server 2016
-
This topic for the IT professional describes security characteristics and considerations when deploying TPM virtual smart cards.
## Virtual smart card non-exportability details
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
index a1371cb4aa..92cdfe8cdc 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-get-started.md
@@ -2,20 +2,20 @@
title: Get Started with Virtual Smart Cards - Walkthrough Guide (Windows 10)
description: This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows Server 2016
---
# Get Started with Virtual Smart Cards: Walkthrough Guide
-Applies To: Windows 10, Windows Server 2016
-
This topic for the IT professional describes how to set up a basic test environment for using TPM virtual smart cards.
Virtual smart cards are a technology from Microsoft, which offer comparable security benefits in two-factor authentication to physical smart cards. They also offer more convenience for users and lower cost for organizations to deploy. By utilizing Trusted Platform Module (TPM) devices that provide the same cryptographic capabilities as physical smart cards, virtual smart cards accomplish the three key properties that are desired by smart cards: non-exportability, isolated cryptography, and anti-hammering.
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
index f81458d9ea..7d92df7bd0 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-overview.md
@@ -2,20 +2,20 @@
title: Virtual Smart Card Overview (Windows 10)
description: Learn more about the virtual smart card technology that was developed by Microsoft. Find links to additional topics about virtual smart cards.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: conceptual
ms.localizationpriority: medium
ms.date: 10/13/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows Server 2016
---
# Virtual Smart Card Overview
-Applies To: Windows 10, Windows Server 2016
-
This topic for IT professional provides an overview of the virtual smart card technology that was developed by Microsoft and includes [links to additional topics](#see-also) to help you evaluate, plan, provision, and administer virtual smart cards.
**Did you mean…**
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
index e6674037f9..37b59cb998 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-tpmvscmgr.md
@@ -2,20 +2,20 @@
title: Tpmvscmgr (Windows 10)
description: This topic for the IT professional describes the Tpmvscmgr command-line tool, through which an administrator can create and delete TPM virtual smart cards on a computer.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows Server 2016
---
# Tpmvscmgr
-Applies To: Windows 10, Windows Server 2016
-
The Tpmvscmgr command-line tool allows users with Administrative credentials to create and delete TPM virtual smart cards on a computer. For examples of how this command can be used, see [Examples](#examples).
## Syntax
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
index 49bd1fbfff..077d990d63 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-understanding-and-evaluating.md
@@ -2,20 +2,20 @@
title: Understanding and Evaluating Virtual Smart Cards (Windows 10)
description: Learn how smart card technology can fit into your authentication design. Find links to additional topics about virtual smart cards.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows Server 2016
---
# Understanding and Evaluating Virtual Smart Cards
-Applies To: Windows 10, Windows Server 2016
-
This topic for the IT professional describes the virtual smart card technology that was developed by Microsoft; suggests how it can fit into your authentication design; and provides links to additional resources that you can use to design, deploy, and troubleshoot virtual smart cards.
Virtual smart card technology uses cryptographic keys that are stored on computers that have the Trusted Platform Module (TPM) installed. Virtual smart cards offer comparable security benefits to conventional smart cards by using two-factor authentication. The technology also offers more convenience for users and has a lower cost to deploy. By utilizing TPM devices that provide the same cryptographic capabilities as conventional smart cards, virtual smart cards accomplish the three key properties that are desired for smart cards: non-exportability, isolated cryptography, and anti-hammering.
diff --git a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
index 3d09432ada..6cb4ac6fc7 100644
--- a/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
+++ b/windows/security/identity-protection/virtual-smart-cards/virtual-smart-card-use-virtual-smart-cards.md
@@ -2,20 +2,20 @@
title: Use Virtual Smart Cards (Windows 10)
description: This topic for the IT professional describes requirements for virtual smart cards and provides information about how to use and manage them.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 10/13/2017
-ms.reviewer:
+appliesto:
+- ✅ Windows 10
+- ✅ Windows Server 2016
---
# Use Virtual Smart Cards
-Applies To: Windows 10, Windows Server 2016
-
This topic for the IT professional describes requirements for virtual smart cards, how to use virtual smart cards, and tools that are available to help you create and manage them.
## Requirements, restrictions, and limitations
diff --git a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
index 647e58e84b..0e77c5aca8 100644
--- a/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-configure-diffie-hellman-protocol-over-ikev2-vpn-connections.md
@@ -2,12 +2,15 @@
title: How to configure Diffie Hellman protocol over IKEv2 VPN connections (Windows 10 and Windows 11)
description: Learn how to update the Diffie Hellman configuration of VPN servers and clients by running VPN cmdlets to secure connections.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
+author: paolomatarazzo
+ms.author: paoloma
ms.localizationpriority: medium
ms.date: 09/23/2021
-ms.reviewer:
-manager: dansimp
+manager: aaroncz
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# How to configure Diffie Hellman protocol over IKEv2 VPN connections
diff --git a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
index 317751d40d..58e9851817 100644
--- a/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
+++ b/windows/security/identity-protection/vpn/how-to-use-single-sign-on-sso-over-vpn-and-wi-fi-connections.md
@@ -2,11 +2,14 @@
title: How to use Single Sign-On (SSO) over VPN and Wi-Fi connections (Windows 10 and Windows 11)
description: Explains requirements to enable Single Sign-On (SSO) to on-premises domain resources over WiFi or VPN connections.
ms.prod: m365-security
-author: dansimp
+author: paolomatarazzo
ms.date: 03/22/2022
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: paoloma
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# How to use Single Sign-On (SSO) over VPN and Wi-Fi connections
diff --git a/windows/security/identity-protection/vpn/vpn-authentication.md b/windows/security/identity-protection/vpn/vpn-authentication.md
index 65de4f3780..3434542f7b 100644
--- a/windows/security/identity-protection/vpn/vpn-authentication.md
+++ b/windows/security/identity-protection/vpn/vpn-authentication.md
@@ -2,20 +2,19 @@
title: VPN authentication options (Windows 10 and Windows 11)
description: Learn about the EAP authentication methods that Windows supports in VPNs to provide secure authentication using username/password and certificate-based methods.
ms.prod: m365-security
-author: dansimp
+author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: paoloma
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# VPN authentication options
-**Applies to**
-- Windows 10
-- Windows 11
-
In addition to older and less-secure password-based authentication methods (which should be avoided), the built-in VPN solution uses Extensible Authentication Protocol (EAP) to provide secure authentication using both user name and password, and certificate-based methods. You can only configure EAP-based authentication if you select a built-in VPN type (IKEv2, L2TP, PPTP or Automatic).
Windows supports a number of EAP authentication methods.
diff --git a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
index 8b3e2dbebd..2cef6b0692 100644
--- a/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
+++ b/windows/security/identity-protection/vpn/vpn-auto-trigger-profile.md
@@ -2,20 +2,19 @@
title: VPN auto-triggered profile options (Windows 10 and Windows 11)
description: Learn about the types of auto-trigger rules for VPNs in Windows, which start a VPN when it is needed to access a resource.
ms.prod: m365-security
-author: dansimp
+author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: paoloma
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# VPN auto-triggered profile options
-**Applies to**
-- Windows 10
-- Windows 11
-
In Windows 10 and Windows 11, a number of features have been added to auto-trigger VPN so users won’t have to manually connect when VPN is needed to access necessary resources. There are three different types of auto-trigger rules:
- App trigger
diff --git a/windows/security/identity-protection/vpn/vpn-conditional-access.md b/windows/security/identity-protection/vpn/vpn-conditional-access.md
index 0912af9374..e33c303053 100644
--- a/windows/security/identity-protection/vpn/vpn-conditional-access.md
+++ b/windows/security/identity-protection/vpn/vpn-conditional-access.md
@@ -2,22 +2,23 @@
title: VPN and conditional access (Windows 10 and Windows 11)
description: Learn how to integrate the VPN client with the Conditional Access Platform, so you can create access rules for Azure Active Directory (Azure AD) connected apps.
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
-ms.reviewer:
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: pesmith
+manager: aaroncz
ms.localizationpriority: medium
ms.date: 09/23/2021
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# VPN and conditional access
->Applies to: Windows 10 and Windows 11
-
The VPN client is now able to integrate with the cloud-based Conditional Access Platform to provide a device compliance option for remote clients. Conditional Access is a policy-based evaluation engine that lets you create access rules for any Azure Active Directory (Azure AD) connected application.
>[!NOTE]
->Conditional Access is an Azure AD Premium feature.
+>Conditional Access is an Azure AD Premium feature.
Conditional Access Platform components used for Device Compliance include the following cloud-based services:
diff --git a/windows/security/identity-protection/vpn/vpn-connection-type.md b/windows/security/identity-protection/vpn/vpn-connection-type.md
index 75b93889b6..96e77511ad 100644
--- a/windows/security/identity-protection/vpn/vpn-connection-type.md
+++ b/windows/security/identity-protection/vpn/vpn-connection-type.md
@@ -2,20 +2,19 @@
title: VPN connection types (Windows 10 and Windows 11)
description: Learn about Windows VPN platform clients and the VPN connection-type features that can be configured.
ms.prod: m365-security
-author: dansimp
+author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 08/23/2021
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: paoloma
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# VPN connection types
-**Applies to**
-- Windows 10
-- Windows 11
-
Virtual private networks (VPNs) are point-to-point connections across a private or public network, such as the Internet. A VPN client uses special TCP/IP or UDP-based protocols, called *tunneling protocols*, to make a virtual call to a virtual port on a VPN server. In a typical VPN deployment, a client initiates a virtual point-to-point connection to a remote access server over the Internet. The remote access server answers the call, authenticates the caller, and transfers data between the VPN client and the organization’s private network.
There are many options for VPN clients. In Windows 10 and Windows 11, the built-in plug-in and the Universal Windows Platform (UWP) VPN plug-in platform are built on top of the Windows VPN platform. This guide focuses on the Windows VPN platform clients and the features that can be configured.
diff --git a/windows/security/identity-protection/vpn/vpn-guide.md b/windows/security/identity-protection/vpn/vpn-guide.md
index 58fa8e9068..c235596b5c 100644
--- a/windows/security/identity-protection/vpn/vpn-guide.md
+++ b/windows/security/identity-protection/vpn/vpn-guide.md
@@ -2,22 +2,19 @@
title: Windows VPN technical guide (Windows 10 and Windows 11)
description: Learn about decisions to make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment.
ms.prod: m365-security
-author: dansimp
+author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 02/21/2022
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: paoloma
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Windows VPN technical guide
-
-**Applies to**
-
-- Windows 10
-- Windows 11
-
This guide will walk you through the decisions you will make for Windows 10 or Windows 11 clients in your enterprise VPN solution and how to configure your deployment. This guide references the [VPNv2 Configuration Service Provider (CSP)](/windows/client-management/mdm/vpnv2-csp) and provides mobile device management (MDM) configuration instructions using Microsoft Intune and the VPN Profile template for Windows 10 and Windows 11.
To create a Windows 10 VPN device configuration profile see: [Windows 10 and Windows Holographic device settings to add VPN connections using Intune](/mem/intune/configuration/vpn-settings-windows-10).
diff --git a/windows/security/identity-protection/vpn/vpn-name-resolution.md b/windows/security/identity-protection/vpn/vpn-name-resolution.md
index fe3269e28b..d91442912d 100644
--- a/windows/security/identity-protection/vpn/vpn-name-resolution.md
+++ b/windows/security/identity-protection/vpn/vpn-name-resolution.md
@@ -2,20 +2,19 @@
title: VPN name resolution (Windows 10 and Windows 11)
description: Learn how the name resolution setting in the VPN profile configures how name resolution works when a VPN client connects to a VPN server.
ms.prod: m365-security
-author: dansimp
+author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: paoloma
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# VPN name resolution
-**Applies to**
-- Windows 10
-- Windows 11
-
When the VPN client connects to the VPN server, the VPN client receives the client IP address. The client may also receive the IP address of the Domain Name System (DNS) server and the IP address of the Windows Internet Name Service (WINS) server.
The name resolution setting in the VPN profile configures how name resolution should work on the system when VPN is connected. The networking stack first looks at the Name Resolution Policy table (NRPT) for any matches and tries a resolution in the case of a match. If no match is found, the DNS suffix on the most preferred interface based on the interface metric is appended to the name (in the case of a short name) and a DNS query is sent out on the preferred interface. If the query times out, the DNS suffix search list is used in order and DNS queries are sent on all interfaces.
diff --git a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
index 2022a4e863..c54c8c05a4 100644
--- a/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
+++ b/windows/security/identity-protection/vpn/vpn-office-365-optimization.md
@@ -3,14 +3,16 @@ title: Optimizing Office 365 traffic for remote workers with the native Windows
description: tbd
ms.prod: m365-security
ms.topic: article
-author: kelleyvice-msft
ms.localizationpriority: medium
ms.date: 09/23/2021
-ms.reviewer:
-manager: dansimp
-ms.author: jajo
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
-
# Optimizing Office 365 traffic for remote workers with the native Windows 10 and Windows 11 VPN client
This article describes how to configure the recommendations in the article [Optimize Office 365 connectivity for remote users using VPN split tunneling](/office365/enterprise/office-365-vpn-split-tunnel) for the *native Windows 10 and Windows 11 VPN client*. This guidance enables VPN administrators to optimize Office 365 usage while still ensuring that all other traffic goes over the VPN connection and through existing security gateways and tooling.
diff --git a/windows/security/identity-protection/vpn/vpn-profile-options.md b/windows/security/identity-protection/vpn/vpn-profile-options.md
index b0cd4195ee..c6a1f32a1b 100644
--- a/windows/security/identity-protection/vpn/vpn-profile-options.md
+++ b/windows/security/identity-protection/vpn/vpn-profile-options.md
@@ -1,22 +1,20 @@
---
title: VPN profile options (Windows 10 and Windows 11)
description: Windows adds Virtual Private Network (VPN) profile options to help manage how users connect. VPNs give users secure remote access to the company network.
-ms.reviewer:
-manager: dansimp
+manager: aaroncz
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+ms.reviewer: pesmith
ms.localizationpriority: medium
ms.date: 05/17/2018
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# VPN profile options
-**Applies to**
-
-- Windows 10
-- Windows 11
-
Most of the VPN settings in Windows 10 and Windows 11 can be configured in VPN profiles using Microsoft Intune or Microsoft Endpoint Configuration Manager. All VPN settings in Windows 10 and Windows 11 can be configured using the **ProfileXML** node in the [VPNv2 configuration service provider (CSP)](/windows/client-management/mdm/vpnv2-csp).
>[!NOTE]
diff --git a/windows/security/identity-protection/vpn/vpn-routing.md b/windows/security/identity-protection/vpn/vpn-routing.md
index 291f5adaf9..2fdcf08d5b 100644
--- a/windows/security/identity-protection/vpn/vpn-routing.md
+++ b/windows/security/identity-protection/vpn/vpn-routing.md
@@ -2,20 +2,18 @@
title: VPN routing decisions (Windows 10 and Windows 10)
description: Learn about approaches that either send all data through a VPN or only selected data. The one you choose impacts capacity planning and security expectations.
ms.prod: m365-security
-author: dansimp
+author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 09/23/2021
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: paoloma
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
-
# VPN routing decisions
-**Applies to**
-- Windows 10
-- Windows 11
-
Network routes are required for the stack to understand which interface to use for outbound traffic. One of the most important decision points for VPN configuration is whether you want to send all the data through VPN (*force tunnel*) or only some data through the VPN (*split tunnel*). This decision impacts the configuration and the capacity planning, as well as security expectations from the connection.
## Split tunnel configuration
diff --git a/windows/security/identity-protection/vpn/vpn-security-features.md b/windows/security/identity-protection/vpn/vpn-security-features.md
index 34d9f772e4..31e2845099 100644
--- a/windows/security/identity-protection/vpn/vpn-security-features.md
+++ b/windows/security/identity-protection/vpn/vpn-security-features.md
@@ -2,21 +2,19 @@
title: VPN security features
description: Learn about security features for VPN, including LockDown VPN, Windows Information Protection integration with VPN, and traffic filters.
ms.prod: m365-security
-author: dansimp
+author: paolomatarazzo
ms.localizationpriority: medium
ms.date: 07/21/2022
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+manager: aaroncz
+ms.author: paoloma
+ms.reviewer: pesmith
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# VPN security features
-**Applies to**
-- Windows 10
-- Windows 11
-
-
## Hyper-V based containers and VPN
Windows supports different kinds of Hyper-V based containers. This support includes, but isn't limited to, Microsoft Defender Application Guard and Windows Sandbox. When you use 3rd party VPN solutions, these Hyper-V based containers may not be able to seamlessly connect to the internet. Additional configurational changes might be needed to resolve connectivity issues.
diff --git a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
index abe5fd0462..ced8857c84 100644
--- a/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
+++ b/windows/security/identity-protection/windows-credential-theft-mitigation-guide-abstract.md
@@ -1,22 +1,21 @@
---
title: Windows Credential Theft Mitigation Guide Abstract
description: Provides a summary of the Windows credential theft mitigation guide.
-ms.reviewer:
ms.prod: m365-security
-author: dansimp
-ms.author: dansimp
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-identity-device-management
ms.topic: article
ms.localizationpriority: medium
ms.date: 04/19/2017
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
---
# Windows Credential Theft Mitigation Guide Abstract
-**Applies to**
-- Windows 10
-
This topic provides a summary of the Windows credential theft mitigation guide, which can be downloaded from the [Microsoft Download Center](https://download.microsoft.com/download/C/1/4/C14579CA-E564-4743-8B51-61C0882662AC/Windows%2010%20credential%20theft%20mitigation%20guide.docx).
This guide explains how credential theft attacks occur and the strategies and countermeasures you can implement to mitigate them, following these security stages:
diff --git a/windows/security/includes/improve-request-performance.md b/windows/security/includes/improve-request-performance.md
index 89b07558ea..24aaa25d9f 100644
--- a/windows/security/includes/improve-request-performance.md
+++ b/windows/security/includes/improve-request-performance.md
@@ -3,12 +3,12 @@ title: Improve request performance
description: Improve request performance
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
-ms.author: macapara
-author: mjcaparas
ms.localizationpriority: medium
-manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
---
>[!TIP]
diff --git a/windows/security/includes/machineactionsnote.md b/windows/security/includes/machineactionsnote.md
index 5d784c2abe..31e3d1ac98 100644
--- a/windows/security/includes/machineactionsnote.md
+++ b/windows/security/includes/machineactionsnote.md
@@ -3,9 +3,9 @@ title: Perform a Machine Action via the Microsoft Defender for Endpoint API
description: This page focuses on performing a machine action via the Microsoft Defender for Endpoint API.
ms.date: 08/28/2017
ms.reviewer:
-manager: dansimp
-ms.author: macapara
-author: mjcaparas
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.prod: m365-security
---
diff --git a/windows/security/includes/microsoft-defender-api-usgov.md b/windows/security/includes/microsoft-defender-api-usgov.md
index 288e5a9769..74cfd90cbb 100644
--- a/windows/security/includes/microsoft-defender-api-usgov.md
+++ b/windows/security/includes/microsoft-defender-api-usgov.md
@@ -3,10 +3,10 @@ title: Microsoft Defender for Endpoint API URIs for US Government
description: Microsoft Defender for Endpoint API URIs for US Government
search.product: eADQiWindows 10XVcnh
ms.prod: m365-security
-ms.author: macapara
-author: mjcaparas
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.localizationpriority: medium
-manager: dansimp
ms.collection: M365-security-compliance
ms.topic: article
---
diff --git a/windows/security/includes/microsoft-defender.md b/windows/security/includes/microsoft-defender.md
index f3a6cb666b..2bca659e04 100644
--- a/windows/security/includes/microsoft-defender.md
+++ b/windows/security/includes/microsoft-defender.md
@@ -4,8 +4,9 @@ description: A note in regard to important Microsoft 365 Defender guidance.
ms.date:
ms.reviewer:
manager: dansimp
-ms.author: dansimp
-author: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.prod: m365-security
ms.topic: include
---
diff --git a/windows/security/includes/prerelease.md b/windows/security/includes/prerelease.md
index bced58da9f..58b056c484 100644
--- a/windows/security/includes/prerelease.md
+++ b/windows/security/includes/prerelease.md
@@ -3,9 +3,9 @@ title: Microsoft Defender for Endpoint Pre-release Disclaimer
description: Disclaimer for pre-release version of Microsoft Defender for Endpoint.
ms.date: 08/28/2017
ms.reviewer:
-manager: dansimp
-ms.author: macapara
-author: mjcaparas
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.prod: m365-security
---
diff --git a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
index aee609a7fd..e30b2c517a 100644
--- a/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
+++ b/windows/security/threat-protection/windows-defender-application-control/applocker/script-rules-in-applocker.md
@@ -1,6 +1,6 @@
---
title: Script rules in AppLocker (Windows)
-description: This topic describes the file formats and available default rules for the script rule collection.
+description: This article describes the file formats and available default rules for the script rule collection.
ms.assetid: fee24ca4-935a-4c5e-8a92-8cf1d134d35f
ms.reviewer:
ms.author: macapara
@@ -26,10 +26,6 @@ ms.technology: windows-sec
- Windows 11
- Windows Server 2016 and above
-> [!NOTE]
-> Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](/windows/security/threat-protection/windows-defender-application-control/feature-availability).
-
-
This article describes the file formats and available default rules for the script rule collection.
AppLocker defines script rules to include only the following file formats:
@@ -44,11 +40,11 @@ The following table lists the default rules that are available for the script ru
| Purpose | Name | User | Rule condition type |
| - | - | - | - |
| Allows members of the local Administrators group to run all scripts| (Default Rule) All scripts| BUILTIN\Administrators | Path: `*\` |
-| Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: `%windir%\*` |
-| Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: `%programfiles%\*`|
-
+| Allow all users to run scripts in the Windows folder| (Default Rule) All scripts located in the Windows folder| Everyone | Path: `%windir%\*` |
+| Allow all users to run scripts in the Program Files folder| (Default Rule) All scripts located in the Program Files folder|Everyone | Path: `%programfiles%\*`|
+
> [!NOTE]
-> Windows Defender Application Control cannot be used to block PowerShell scripts. AppLocker just forces PowerShell scripts to be run in Constrained Language mode. Also note that in cases where a PS1 script is "blocked", AppLocker generates an 8007 event, which states that the script will be blocked, but then the script runs.
+> When a script runs that is not allowed by policy, AppLocker raises an event indicating that the script was "blocked". However, the actual script enforcement behavior is handled by the script host. In the case of PowerShell, "blocked" scripts will still run, but only in [Constrained Language Mode](/powershell/module/microsoft.powershell.core/about/about_language_modes). Authorized scripts run in Full Language Mode.
## Related articles
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
index f983d739b8..024c53413c 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-code-signing-cert-for-windows-defender-application-control.md
@@ -22,54 +22,61 @@ ms.technology: windows-sec
**Applies to:**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
>[!NOTE]
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
-As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signature, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this topic and instead follow other topics listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md).
+As you deploy Windows Defender Application Control (WDAC), you might need to sign catalog files or WDAC policies internally. To do this signature, you'll either need a publicly issued code signing certificate or an internal CA. If you've purchased a code-signing certificate, you can skip this article and instead follow other articles listed in the [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md).
-If you have an internal CA, complete these steps to create a code signing certificate.
-Only RSA algorithm is supported for the code signing certificate, and signatures must be PKCS 1.5 padded.
-ECDSA isn't supported.
+If you have an internal CA, complete these steps to create a code signing certificate.
-1. Open the Certification Authority Microsoft Management Console (MMC) snap-in, and then select your issuing CA.
+> [!WARNING]
+> Boot failure (blue screen) may occur if your signing certificate does not follow these rules:
+>
+> - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652).
+> - Use RSA SHA-256 only. ECDSA isn't supported.
+> - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.
+> - Keys must be less than or equal to 4K key size
+>
-2. When connected, right-click **Certificate Templates**, and then click **Manage** to open the Certification Templates Console.
+1. Open the Certification Authority Microsoft Management Console (MMC) snap-in, and then select your issuing CA.
+
+2. When connected, right-click **Certificate Templates**, and then select **Manage** to open the Certification Templates Console.
Figure 1. Manage the certificate templates
-3. In the navigation pane, right-click the Code Signing certificate, and then click **Duplicate Template**.
+3. In the navigation pane, right-click the Code Signing certificate, and then select **Duplicate Template**.
-4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** from the **Certification Authority** list, and then select **Windows 8 / Windows Server 2012** from the **Certificate recipient** list.
+4. On the **Compatibility** tab, clear the **Show resulting changes** check box. Select **Windows Server 2012** from the **Certification Authority** list, and then select **Windows 8 / Windows Server 2012** from the **Certificate recipient** list.
-5. On the **General** tab, specify the **Template display name** and **Template name**. This example uses the name **WDAC Catalog Signing Certificate**.
+5. On the **General** tab, specify the **Template display name** and **Template name**. This example uses the name **WDAC Catalog Signing Certificate**.
-6. On the **Request Handling** tab, select the **Allow private key to be exported** check box.
+6. On the **Request Handling** tab, select the **Allow private key to be exported** check box.
-7. On the **Extensions** tab, select the **Basic Constraints** check box, and then click **Edit**.
+7. On the **Extensions** tab, select the **Basic Constraints** check box, and then select **Edit**.
-8. In the **Edit Basic Constraints Extension** dialog box, select **Enable this extension**, as shown in Figure 2.
+8. In the **Edit Basic Constraints Extension** dialog box, select **Enable this extension**, as shown in Figure 2.
Figure 2. Select constraints on the new template
-9. If a certificate manager is required to approve any issued certificates, on the **Issuance Requirements** tab, select **CA certificate manager approval**.
+9. If a certificate manager is required to approve any issued certificates, on the **Issuance Requirements** tab, select **CA certificate manager approval**.
10. On the **Subject Name** tab, select **Supply in the request**.
11. On the **Security** tab, verify that whatever account will be used to request the certificate has the right to enroll the certificate.
-12. Click **OK** to create the template, and then close the Certificate Template Console.
+12. Select **OK** to create the template, and then close the Certificate Template Console.
When this certificate template has been created, you must publish it to the CA published template store. To do so, complete the following steps:
-1. In the Certification Authority MMC snap-in, right-click **Certification Templates**, point to **New**, and then click **Certificate Template to Issue**, as shown in Figure 3.
+1. In the Certification Authority MMC snap-in, right-click **Certification Templates**, point to **New**, and then select **Certificate Template to Issue**, as shown in Figure 3.
@@ -77,38 +84,38 @@ When this certificate template has been created, you must publish it to the CA p
A list of available templates to issue appears, including the template you created.
-2. Select the WDAC Catalog signing certificate, and then click **OK**.
+2. Select the WDAC Catalog signing certificate, and then select **OK**.
Now that the template is available to be issued, you must request one from the computer running Windows 10 and Windows 11 on which you create and sign catalog files. To begin, open the MMC, and then complete the following steps:
-1. In MMC, from the **File** menu, click **Add/Remove Snap-in**. Double-click **Certificates**, and then select **My user account**.
+1. In MMC, from the **File** menu, select **Add/Remove Snap-in**. Double-click **Certificates**, and then select **My user account**.
-2. In the Certificates snap-in, right-click the Personal store folder, point to **All Tasks**, and then click **Request New Certificate**.
+2. In the Certificates snap-in, right-click the Personal store folder, point to **All Tasks**, and then select **Request New Certificate**.
-3. Click **Next** twice to get to the certificate selection list.
+3. Select **Next** twice to get to the certificate selection list.
-4. In the **Request Certificate** list, select your newly created code signing certificate, and then select the blue text that requests additional information, as shown in Figure 4.
+4. In the **Request Certificate** list, select your newly created code signing certificate, and then select the blue text that requests additional information, as shown in Figure 4.
Figure 4. Get more information for your code signing certificate
-5. In the **Certificate Properties** dialog box, for **Type**, select **Common name**. For **Value**, select **ContosoDGSigningCert**, and then click **Add**. When added, click **OK.**
+5. In the **Certificate Properties** dialog box, for **Type**, select **Common name**. For **Value**, select **ContosoDGSigningCert**, and then select **Add**. When added, select **OK.**
-6. Enroll and finish.
+6. Enroll and finish.
>[!NOTE]
>If a certificate manager is required to approve any issued certificates and you selected to require management approval on the template, the request will need to be approved in the CA before it will be issued to the client.
-This certificate must be installed in the user's personal store on the computer that will be signing the catalog files and code integrity policies. If the signing is going to be taking place on the computer on which you just requested the certificate, exporting the certificate to a .pfx file won't be required because it already exists in your personal store. If you're signing on another computer, you'll need to export the .pfx certificate with the necessary keys and properties. To do so, complete the following steps:
+This certificate must be installed in the user's personal store on the computer that will be signing the catalog files and code integrity policies. If the signing will happen on the same computer you used to request the certificate, you can skip the following steps. If you'll be signing on another computer, you need to export the .pfx certificate with the necessary keys and properties. To do so, complete the following steps:
-1. Right-click the certificate, point to **All Tasks**, and then click **Export**.
+1. Right-click the certificate, point to **All Tasks**, and then select **Export**.
-2. Click **Next**, and then select **Yes, export the private key**.
+2. Select **Next**, and then select **Yes, export the private key**.
-3. Choose the default settings, and then select **Export all extended properties**.
+3. Choose the default settings, and then select **Export all extended properties**.
-4. Set a password, select an export path, and then select **WDACCatSigningCert.pfx** as the file name.
+4. Set a password, select an export path, and then select **WDACCatSigningCert.pfx** as the file name.
When the certificate has been exported, import it into the personal store for the user who will be signing the catalog files or code integrity policies on the specific computer that will be signing them.
@@ -117,4 +124,3 @@ When the certificate has been exported, import it into the personal store for th
- [Windows Defender Application Control](windows-defender-application-control.md)
- [Windows Defender Application Control Deployment Guide](windows-defender-application-control-deployment-guide.md)
-
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
index 2d31e8f0f7..f9b070ff3b 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-initial-default-policy.md
@@ -1,6 +1,6 @@
---
-title: Create a WDAC policy for fixed-workload devices using a reference computer (Windows)
-description: To create a Windows Defender Application Control (WDAC) policy for fixed-workload devices within your organization, follow this guide.
+title: Create a WDAC policy using a reference computer (Windows)
+description: To create a Windows Defender Application Control (WDAC) policy that allows all code installed on a reference computer within your organization, follow this guide.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.prod: m365-security
@@ -11,83 +11,133 @@ ms.localizationpriority: medium
audience: ITPro
ms.collection: M365-security-compliance
author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
ms.author: dansimp
manager: dansimp
-ms.date: 05/03/2018
+ms.date: 08/08/2022
ms.technology: windows-sec
---
-# Create a WDAC policy for fixed-workload devices using a reference computer
+# Create a WDAC policy using a reference computer
**Applies to:**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
+- Windows 10
+- Windows 11
+- Windows Server 2016 and above
>[!NOTE]
>Some capabilities of Windows Defender Application Control are only available on specific Windows versions. Learn more about the [Windows Defender Application Control feature availability](feature-availability.md).
-This section outlines the process to create a Windows Defender Application Control (WDAC) policy for fixed-workload devices within an organization. Fixed-workload devices tend to be dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc.
-
-For this example, you must initiate variables to be used during the creation process or use the full file paths in the command.
-Then create the WDAC policy by scanning the system for installed applications.
-The policy file is converted to binary format when it gets created so that Windows can interpret it.
-
-## Overview of the process of creating Windows Defender Application Control policies
-
-A common system imaging practice in today’s IT organization is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Windows Defender Application Control policies follow a similar methodology that begins with the establishment of a golden computer. As with imaging, you can have multiple golden computers based on model, department, application set, and so on. Although the thought process around the creation of WDAC policies is similar to imaging, these policies should be maintained independently. Assess the necessity of more WDAC policies based on what should be allowed to be installed and run and for whom. For more information on doing this assessment, see the [WDAC Design Guide](windows-defender-application-control-design-guide.md).
-
-Optionally, WDAC can align with your software catalog and any IT department–approved applications. One straightforward method to implement WDAC is to use existing images to create one master WDAC policy. You do so by creating a WDAC policy from each image, and then by merging the policies. This way, what is installed on all of those images will be allowed to run, if the applications are installed on a computer based on a different image. Alternatively, you may choose to create a base applications policy and add policies based on the computer’s role or department. Organizations have a choice of how their policies are created, merged, or serviced, and managed.
-
-If you plan to use an internal CA to sign catalog files or WDAC policies, see the steps in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
+This section outlines the process to create a Windows Defender Application Control (WDAC) policy **using a reference computer** that is already configured with the software you want to allow. You can use this approach for fixed-workload devices that are dedicated to a specific functional purpose and share common configuration attributes with other devices servicing the same functional role. Examples of fixed-workload devices may include Active Directory Domain Controllers, Secure Admin Workstations, pharmaceutical drug-mixing equipment, manufacturing devices, cash registers, ATMs, etc. This approach can also be used to turn on WDAC on systems "in the wild" and you want to minimize the potential impact on users' productivity.
> [!NOTE]
-> Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy.
+> Some of the Windows Defender Application Control options described in this topic are only available on Windows 10 version 1903 and above, or Windows 11. When using this topic to plan your own organization's WDAC policies, consider whether your managed clients can use all or some of these features and assess the impact for any features that may be unavailable on your clients. You may need to adapt this guidance to meet your specific organization's needs.
-Each installed software application should be validated as trustworthy before you create a policy.
-We recommend that you review the reference computer for software that can load arbitrary DLLs and run code or scripts that could render the PC more vulnerable.
-Examples include software aimed at development or scripting such as msbuild.exe (part of Visual Studio and the .NET Framework) which can be removed if you don't want to run scripts.
-You can remove or disable such software on the reference computer.
+As described in [common Windows Defender Application Control deployment scenarios](types-of-devices.md), we'll use the example of **Lamna Healthcare Company (Lamna)** to illustrate this scenario. Lamna is attempting to adopt stronger application policies, including the use of application control to prevent unwanted or unauthorized applications from running on their managed devices.
-To create a Windows Defender Application Control policy, copy each of the following commands into an elevated Windows PowerShell session, in order:
+**Alice Pena** is the IT team lead tasked with the rollout of WDAC.
-1. Initialize variables that you'll use.
+## Create a custom base policy using a reference device
+
+Alice previously created a policy for the organization's fully managed end-user devices. She now wants to use WDAC to protect Lamna's critical infrastructure servers. Lamna's imaging practice for infrastructure systems is to establish a “golden” image as a reference for what an ideal system should look like, and then use that image to clone more company assets. Alice decides to use these same "golden" image systems to create the WDAC policies, which will result in separate custom base policies for each type of infrastructure server. As with imaging, she'll have to create policies from multiple golden computers based on model, department, application set, and so on.
+
+> [!NOTE]
+> Make sure the reference computer is virus and malware-free, and install any software you want to be scanned before creating the WDAC policy.
Each installed software application should be validated as trustworthy before you create a policy.
We recommend that you review the reference computer for software that can load arbitrary DLLs and run code or scripts that could render the PC more vulnerable. Examples include software aimed at development or scripting such as msbuild.exe (part of Visual Studio and the .NET Framework) which can be removed if you don't want to run scripts. You can remove or disable such software on the reference computer.
+
+Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's critical infrastructure servers:
+
+- All devices are running Windows Server 2019 or above;
+- All apps are centrally managed and deployed;
+- No interactive users.
+
+Based on the above, Alice defines the pseudo-rules for the policy:
+
+1. **“Windows works”** rules that authorize:
+ - Windows
+ - WHQL (third-party kernel drivers)
+ - Windows Store signed apps
+
+2. Rules for **scanned files** that authorize all pre-existing app binaries found on the device
+
+To create the WDAC policy, Alice runs each of the following commands in an elevated Windows PowerShell session, in order:
+
+1. Initialize variables.
```powershell
$PolicyPath=$env:userprofile+"\Desktop\"
$PolicyName="FixedWorkloadPolicy_Audit"
- $WDACPolicy=$PolicyPath+$PolicyName+".xml"
- $WDACPolicyBin=$PolicyPath+$PolicyName+".bin"
+ $LamnaServerPolicy=$PolicyPath+$PolicyName+".xml"
+ $DefaultWindowsPolicy=$env:windir+"\schemas\CodeIntegrity\ExamplePolicies\DefaultWindows_Audit.xml"
+ ```
2. Use [New-CIPolicy](/powershell/module/configci/new-cipolicy) to create a new WDAC policy by scanning the system for installed applications:
```powershell
- New-CIPolicy -Level PcaCertificate -FilePath $WDACPolicy –UserPEs 3> CIPolicyLog.txt
+ New-CIPolicy -FilePath $LamnaServerPolicy -Level SignedVersion -Fallback FilePublisher,FileName,Hash -ScanPath c:\ -UserPEs -MultiplePolicyFormat -OmitPaths c:\Windows,'C:\Program Files\WindowsApps\',c:\windows.old\,c:\users\ 3> CIPolicyLog.txt
```
> [!Note]
- >
- > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the WDAC policy. In contrast, if you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers, in other words, the allow list will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from Windows Defender Application Control. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application.
- > - You can add the **-MultiplePolicyFormat** parameter when creating policies which will be deployed to computers which are running Windows build 1903+. For more information about multiple policies, see [Deploy multiple Windows Defender Application Control policies](deploy-multiple-windows-defender-application-control-policies.md).
+ >
> - You can add the **-Fallback** parameter to catch any applications not discovered using the primary file rule level specified by the **-Level** parameter. For more information about file rule level options, see [Windows Defender Application Control file rule levels](select-types-of-rules-to-create.md).
- >
> - To specify that the WDAC policy scan only a specific drive, include the **-ScanPath** parameter followed by a path. Without this parameter, the tool will scan the C-drive by default.
- >
+ > - When you specify the **-UserPEs** parameter (to include user mode executables in the scan), rule option **0 Enabled:UMCI** is automatically added to the WDAC policy. If you do not specify **-UserPEs**, the policy will be empty of user mode executables and will only have rules for kernel mode binaries like drivers. In other words, the allow list will not include applications. If you create such a policy and later add rule option **0 Enabled:UMCI**, all attempts to start applications will cause a response from Windows Defender Application Control. In audit mode, the response is logging an event, and in enforced mode, the response is blocking the application.
+ > - To create a policy for Windows 10 1903 and above, including support for supplemental policies, use **-MultiplePolicyFormat**.
+ > - To specify a list of paths to exclude from the scan, use the **-OmitPaths** option and supply a comma-delimited list of paths.
> - The preceding example includes `3> CIPolicylog.txt`, which redirects warning messages to a text file, **CIPolicylog.txt**.
-3. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format:
+3. Merge the new policy with the WindowsDefault_Audit policy to ensure all Windows binaries and kernel drivers will load.
+
+ ```powershell
+ Merge-CIPolicy -OutputFilePath $LamnaServerPolicy -PolicyPaths $LamnaServerPolicy,$DefaultWindowsPolicy
+ ```
+
+4. Give the new policy a descriptive name, and initial version number:
+
+ ```powershell
+ Set-CIPolicyIdInfo -FilePath $LamnaServerPolicy -PolicyName $PolicyName
+ Set-CIPolicyVersion -FilePath $LamnaServerPolicy -Version "1.0.0.0"
+ ```
+
+5. Modify the merged policy to set policy rules:
+
+ ```powershell
+ Set-RuleOption -FilePath $LamnaServerPolicy -Option 3 # Audit Mode
+ Set-RuleOption -FilePath $LamnaServerPolicy -Option 6 # Unsigned Policy
+ Set-RuleOption -FilePath $LamnaServerPolicy -Option 9 # Advanced Boot Menu
+ Set-RuleOption -FilePath $LamnaServerPolicy -Option 12 # Enforce Store Apps
+ Set-RuleOption -FilePath $LamnaServerPolicy -Option 16 # No Reboot
+ Set-RuleOption -FilePath $LamnaServerPolicy -Option 17 # Allow Supplemental
+ Set-RuleOption -FilePath $LamnaServerPolicy -Option 19 # Dynamic Code Security
+ ```
+
+6. If appropriate, add more signer or file rules to further customize the policy for your organization.
+
+7. Use [ConvertFrom-CIPolicy](/powershell/module/configci/convertfrom-cipolicy) to convert the WDAC policy to a binary format:
```powershell
- ConvertFrom-CIPolicy $WDACPolicy $WDACPolicyBin
+ [xml]$LamnaServerPolicyXML = Get-Content $LamnaServerPolicy
+ $PolicyId = $LamnaServerPolicyXML.SiPolicy.PolicyId
+ $LamnaServerPolicyBin = $PolicyPath+$PolicyId+".cip"
+ ConvertFrom-CIPolicy $LamnaServerPolicy $LamnaServerPolicyBin
```
-After you complete these steps, the WDAC binary file ($WDACPolicyBin) and original .xml file ($WDACPolicy) will be available on your desktop. You can use the binary file as a WDAC policy or sign it for more security.
+8. Upload the base policy XML and the associated binary to a source control solution such as [GitHub](https://github.com/) or a document management solution such as [Office 365 SharePoint](https://products.office.com/sharepoint/collaboration).
-> [!NOTE]
-> We recommend that you keep the original .xml file of the policy for use when you need to merge the WDAC policy with another policy or update its rule options. Alternatively, you would have to create a new policy from a new scan for servicing. For more information about how to merge WDAC policies, see [Merge Windows Defender Application Control policies](merge-windows-defender-application-control-policies.md).
+Alice now has an initial policy for Lamna's critical infrastructure servers that is ready to deploy in audit mode.
-We recommend that every WDAC policy be run in audit mode before being enforced. Doing so allows administrators to discover any issues with the policy without receiving error messages. For information about how to audit a WDAC policy, see [Audit Windows Defender Application Control policies](audit-windows-defender-application-control-policies.md).
+## Create a custom base policy to minimize user impact on in-use client devices
+Alice previously created a policy for the organization's fully managed devices. Alice has included the fully managed device policy as part of Lamna's device build process so all new devices now begin with WDAC enabled. She's preparing to deploy the policy to systems that are already in use, but is worried about causing disruption to users' productivity. To minimize that risk, Alice decides to take a different approach for those systems. She'll continue to deploy the fully managed device policy in audit mode to those devices, but for enforcement mode she'll merge the fully managed device policy rules with a policy created by scanning the device for all previously installed software. In this way, each device is treated as its own "golden" system.
+Alice identifies the following key factors to arrive at the "circle-of-trust" for Lamna's fully managed in-use devices:
+
+- Everything described for Lamna's [Fully Managed Devices](create-wdac-policy-for-fully-managed-devices.md);
+- Users have installed apps that they need to continue to run.
+
+Based on the above, Alice defines the pseudo-rules for the policy:
+
+1. Everything included in the Fully Managed Devices policy
+2. Rules for **scanned files** that authorize all pre-existing app binaries found on the device
+
+For Lamna's existing, in-use devices, Alice deploys a script along with the Fully Managed Devices policy XML (not the converted WDAC policy binary). The script then generates a custom policy locally on the client as described in the previous section, but instead of merging with the DefaultWindows policy, the script merges with Lamna's Fully Managed Devices policy. Alice also modifies the steps above to match the requirements of this different use case.
diff --git a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
index 7cd08be428..2d13639669 100644
--- a/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
+++ b/windows/security/threat-protection/windows-defender-application-control/create-wdac-policy-for-fully-managed-devices.md
@@ -82,8 +82,9 @@ Alice follows these steps to complete this task:
2. On the client device, run the following commands in an elevated Windows PowerShell session to initialize variables:
```powershell
+ $PolicyPath=$env:userprofile+"\Desktop\"
$PolicyName= "Lamna_FullyManagedClients_Audit"
- $LamnaPolicy=$env:userprofile+"\Desktop\"+$PolicyName+".xml"
+ $LamnaPolicy=$PolicyPath+$PolicyName+".xml"
$MEMCMPolicy=$env:windir+"\CCM\DeviceGuard\MergedPolicy_Audit_ISG.xml"
```
@@ -121,7 +122,9 @@ Alice follows these steps to complete this task:
> In the sample commands below, replace the string "{InsertPolicyID}" with the actual PolicyID GUID (including braces **{ }**) found in your policy XML file.
```powershell
- $WDACPolicyBin=$env:userprofile+"\Desktop\"+$PolicyName+"_{InsertPolicyID}.bin"
+ [xml]$LamnaPolicyXML = Get-Content $LamnaPolicy
+ $PolicyId = $LamnaPolicyXML.SiPolicy.PolicyId
+ $LamnaPolicyBin = $PolicyPath+$PolicyId+".cip"
ConvertFrom-CIPolicy $LamnaPolicy $WDACPolicyBin
```
diff --git a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
index 474a39e5dd..e1f7559c0d 100644
--- a/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
+++ b/windows/security/threat-protection/windows-defender-application-control/select-types-of-rules-to-create.md
@@ -90,7 +90,7 @@ Each file rule level has its benefit and disadvantage. Use Table 2 to select the
|----------- | ----------- |
| **Hash** | Specifies individual [Authenticode/PE image hash values](#more-information-about-hashes) for each discovered binary. This level is the most specific level, and requires more effort to maintain the current product versions’ hash values. Each time a binary is updated, the hash value changes, therefore requiring a policy update. |
| **FileName** | Specifies the original filename for each binary. Although the hash values for an application are modified when updated, the file names are typically not. This level offers less specific security than the hash level, but it doesn't typically require a policy update when any binary is modified. |
-| **FilePath** | Beginning with Windows 10 version 1903, this level allows binaries to run from specific file path locations. More information about FilePath level rules can be found below. |
+| **FilePath** | Beginning with Windows 10 version 1903, this level allows binaries to run from specific file path locations. FilePath rules only apply to user mode binaries and can't be used to allow kernel mode drivers. More information about FilePath level rules can be found below. |
| **SignedVersion** | This level combines the publisher rule with a version number. It allows anything to run from the specified publisher with a version at or above the specified version number. |
| **Publisher** | This level combines the PcaCertificate level (typically one certificate below the root) and the common name (CN) of the leaf certificate. You can use this rule level to trust a certificate issued by a particular CA and issued to a specific company you trust (such as Intel, for device drivers). |
| **FilePublisher** | This level combines the “FileName” attribute of the signed file, plus “Publisher” (PCA certificate with CN of leaf), plus a minimum version number. This option trusts specific files from the specified publisher, with a version at or above the specified version number. |
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
index 3200f16f8f..07f86d0c75 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-signed-policies-to-protect-windows-defender-application-control-against-tampering.md
@@ -11,10 +11,10 @@ ms.localizationpriority: medium
audience: ITPro
ms.collection: M365-security-compliance
author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
ms.author: dansimp
manager: dansimp
-ms.date: 06/27/2022
+ms.date: 08/15/2022
ms.technology: windows-sec
---
@@ -31,26 +31,29 @@ ms.technology: windows-sec
Signed Windows Defender Application Control (WDAC) policies give organizations the highest level of malware protection available in Windows—must be signed with [PKCS #7](https://datatracker.ietf.org/doc/html/rfc5652). In addition to their enforced policy rules, signed policies can't be modified or deleted by a user or administrator on the computer. These policies are designed to prevent administrative tampering and kernel mode exploit access. With this idea of the policies in mind, it's much more difficult to remove signed WDAC policies. SecureBoot must be enabled in order to restrict users from updating or removing signed WDAC policies.
-Before you sign with PKCS #7 and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run.
+> [!WARNING]
+> Boot failure (blue screen) may occur if your signing certificate does not follow these rules:
+>
+> - All policies, including base and supplemental, must be signed according to the [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652).
+> - Use RSA SHA-256 only. ECDSA isn't supported.
+> - Don't use UTF-8 encoding for certificate fields, like 'subject common name' and 'issuer common name'. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.
+> - Keys must be less than or equal to 4K key size
+>
+
+Before you sign with PKCS #7 and deploy a signed WDAC policy, we recommend that you [audit the policy](audit-windows-defender-application-control-policies.md) to discover any blocked applications that should be allowed to run.
Signing WDAC policies by using an on-premises CA-generated certificate or a purchased code signing certificate is straightforward.
-If you don't currently have a code signing certificate exported in .pfx format (containing private keys, extensions, and root certificates), see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) to create one with your on-premises CA.
+If you don't currently have a code signing certificate exported in .pfx format (containing private keys, extensions, and root certificates), see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) to create one with your on-premises CA.
Before PKCS #7-signing WDAC policies for the first time, ensure you enable rule options 9 (“Advanced Boot Options Menu”) and 10 (“Boot Audit on Failure”) to leave troubleshooting options available to administrators. To ensure that a rule option is enabled, you can run a command such as `Set-RuleOption -FilePath -Option 9`, even if you're not sure whether the option is already enabled. If so, the command has no effect. When validated and ready for enterprise deployment, you can remove these options. For more information about rule options, see [Windows Defender Application Control policy rules](select-types-of-rules-to-create.md).
To sign a Windows Defender Application Control policy with SignTool.exe, you need the following components:
-- SignTool.exe, found in the [Windows SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk/) (Windows 7 or later)
+- SignTool.exe, found in the [Windows SDK](https://developer.microsoft.com/windows/downloads/windows-10-sdk/) (Windows 7 or later)
-- The binary format of the WDAC policy that you generated in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) or another WDAC policy that you've created
-
-- An internal CA code signing certificate or a purchased code signing certificate
-
-> [!NOTE]
-> All policies (base and supplemental and single-policy format) must be pkcs7 signed. [PKCS 7 Standard](https://datatracker.ietf.org/doc/html/rfc5652)
->
->Certificate fields, like 'subject common name' and 'issuer common name,' cannot be UTF-8 encoded, otherwise, blue screens may occur. These strings must be encoded as PRINTABLE_STRING, IA5STRING or BMPSTRING.
+- The binary format of the WDAC policy that you generated in [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) or another WDAC policy that you've created
+- An internal CA code signing certificate or a purchased code signing certificate
If you don't have a code signing certificate, see [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md) for instructions on how to create one. If you use an alternate certificate or Windows Defender Application Control (WDAC) policy, ensure you update the following steps with the appropriate variables and certificate so that the commands will function properly. To sign the existing WDAC policy, copy each of the following commands into an elevated Windows PowerShell session:
@@ -64,12 +67,12 @@ If you don't have a code signing certificate, see [Optional: Create a code signi
> [!NOTE]
> This example uses the WDAC policy that you created in the [Create a Windows Defender Application Control policy from a reference computer](create-initial-default-policy.md) section. If you are signing another policy, be sure to update the **$CIPolicyPath** variable with the correct information.
-2. Import the .pfx code signing certificate. Import the code signing certificate that you'll use to sign the WDAC policy into the signing user’s personal store on the computer that will be doing the signing. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
+2. Import the .pfx code signing certificate. Import the code signing certificate that you'll use to sign the WDAC policy into the user’s personal store on the computer where the signing happens. In this example, you use the certificate that was created in [Optional: Create a code signing certificate for Windows Defender Application Control](create-code-signing-cert-for-windows-defender-application-control.md).
3. Export the .cer code signing certificate. After the code signing certificate has been imported, export the .cer version to your desktop. This version will be added to the policy so that it can be updated later.
4. Navigate to your desktop as the working directory:
-
+
```powershell
cd $env:USERPROFILE\Desktop
```
@@ -104,11 +107,11 @@ If you don't have a code signing certificate, see [Optional: Create a code signi
```powershell
sign -v /n "ContosoDGSigningCert" -p7 . -p7co 1.3.6.1.4.1.311.79.1 -fd sha256 $CIPolicyBin
```
-
+
> [!NOTE]
> The *<Path to signtool.exe>* variable should be the full path to the SignTool.exe utility. **ContosoDGSigningCert** is the subject name of the certificate that will be used to sign the WDAC policy. You should import this certificate to your personal certificate store on the computer you use to sign the policy.
9. Validate the signed file. When complete, the commands should output a signed policy file called {PolicyID}.cip to your desktop. You can deploy this file the same way you deploy an enforced or non-enforced policy. For information about how to deploy WDAC policies, see [Deploy and manage Windows Defender Application Control with Group Policy](deployment/deploy-windows-defender-application-control-policies-using-group-policy.md).
> [!NOTE]
-> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set.
+> The device with the signed policy must be rebooted one time with Secure Boot enabled for the UEFI lock to be set.
diff --git a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
index 0d8e2466d8..4256d0a041 100644
--- a/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
+++ b/windows/security/threat-protection/windows-defender-application-control/use-windows-defender-application-control-with-dynamic-code-security.md
@@ -1,6 +1,6 @@
---
-title: Windows Defender Application Control and .NET Hardening (Windows)
-description: Dynamic Code Security is an application control feature that can verify code loaded by .NET at runtime.
+title: Windows Defender Application Control and .NET (Windows)
+description: Understand how WDAC and .NET work together and use Dynamic Code Security to verify code loaded by .NET at runtime.
keywords: security, malware
ms.assetid: 8d6e0474-c475-411b-b095-1c61adb2bdbb
ms.prod: m365-security
@@ -11,30 +11,43 @@ ms.localizationpriority: medium
audience: ITPro
ms.collection: M365-security-compliance
author: jsuther1974
-ms.reviewer: isbrahm
+ms.reviewer: jogeurte
ms.author: dansimp
manager: dansimp
-ms.date: 06/15/2022
+ms.date: 08/10/2022
ms.technology: windows-sec
---
-# Windows Defender Application Control and .NET hardening
+# Windows Defender Application Control (WDAC) and .NET
-Historically, Windows Defender Application Control (WDAC) has restricted the set of applications, libraries, and scripts that are allowed to run to those sets approved by an organization.
-Security researchers have found that some .NET applications may be used to circumvent those controls by using .NET’s capabilities to load libraries from external sources or generate new code on the fly.
-Beginning with Windows 10, version 1803, or Windows 11, Windows Defender Application Control features a new capability, called *Dynamic Code Security* to verify code loaded by .NET at runtime.
+.NET apps (as written in a high-level language like C#) are compiled to an Intermediate Language (IL). IL is a compact code format that can be supported on any operating system or architecture. Most .NET apps use APIs that are supported in multiple environments, requiring only the .NET runtime to run. IL needs to be compiled to native code in order to execute on a CPU, for example Arm64 or x64. When .NET compiles IL to native image (NI) on a device with a WDAC user mode policy, it first checks whether the original IL file passes the current WDAC policies. If so, .NET sets an NTFS extended attribute (EA) on the generated NI file so that WDAC knows to trust it as well. When the .NET app runs, WDAC sees the EA on the NI file and allows it.
+
+The EA set on the NI file only applies to the currently active WDAC policies. If one of the active WDAC policies is updated or a new policy is applied, the EA on the NI file is invalidated. The next time the app runs, WDAC will block the NI file. .NET handles the block gracefully and will fall back to the original IL code. If the IL still passes the latest WDAC policies, then the app runs without any functional impact. Since the IL is now being compiled at runtime, you may notice a slight impact to performance of the app. When .NET must fall back to IL, .NET will also schedule a process to run at the next maintenance window to regenerate all NI files, thus reestablishing the WDAC EA for all code that passes the latest WDAC policies.
+
+In some cases, if an NI file is blocked, you may see a "false positive" block event in the *CodeIntegrity - Operational* event log as described in [WDAC Admin Tips & Known Issues](/windows/security/threat-protection/windows-defender-application-control/operations/known-issues#net-native-images-may-generate-false-positive-block-events).
+
+To mitigate any performance impact caused when the WDAC EA isn't valid or missing, use any of the following strategies:
+
+1. Work with the app developer to pre-compile their NI and digitally sign it. Then, ensure your WDAC policies allow that signature;
+2. Run *ngen.exe update* to force .NET to regenerate all NI files immediately after applying changes to your WDAC policies;
+3. [Create and sign a catalog file](/windows/security/threat-protection/windows-defender-application-control/deploy-catalog-files-to-support-windows-defender-application-control) for the native images
+
+## WDAC and .NET hardening
+
+Security researchers have found that some .NET capabilities that allow apps to load libraries from external sources or generate new code at runtime can be used to circumvent WDAC controls.
+Beginning with Windows 10, version 1803, WDAC includes a new option, called *Dynamic Code Security* that works with .NET to verify code loaded at runtime.
When the Dynamic Code Security option is enabled, Application Control policy is applied to libraries that .NET loads from external sources. For example, any non-local sources, such as the internet or a network share.
-Additionally, it detects tampering in code generated to disk by .NET and blocks loading code that has been tampered with.
+Additionally, it detects tampering in code generated to disk by .NET and blocks loading code that has been tampered with.
-Dynamic Code Security isn't enabled by default because existing policies may not account for externally loaded libraries.
-Additionally, a few .NET loading features, including loading unsigned assemblies built with System.Reflection.Emit, aren't currently supported with Dynamic Code Security enabled.
-Microsoft recommends testing Dynamic Code Security in audit mode before enforcing it to discover whether any new libraries should be included in the policy.
+Dynamic Code Security isn't enabled by default because existing policies may not account for externally loaded libraries.
+Additionally, a few .NET loading features, including loading unsigned assemblies built with System.Reflection.Emit, aren't currently supported with Dynamic Code Security enabled.
+Microsoft recommends testing Dynamic Code Security in audit mode before enforcing it to discover whether any new libraries should be included in the policy.
-Additionally, customers can precompile for deployment only to prevent an allowed executable from being terminated because it tries to load unsigned dynamically generated code. See the "Precompiling for Deployment Only" section in the [ASP.NET Precompilation Overview](/aspnet/web-forms/overview/older-versions-getting-started/deploying-web-site-projects/precompiling-your-website-cs) document for how to fix that.
+Additionally, customers can precompile for deployment only to prevent an allowed executable from being terminated because it tries to load unsigned dynamically generated code. See the "Precompiling for Deployment Only" section in the [ASP.NET Precompilation Overview](/previous-versions/aspnet/bb398860(v=vs.100)) document for how to fix that.
-To enable Dynamic Code Security, add the following option to the `` section of your policy:
+To enable Dynamic Code Security, add the following option to the `` section of your WDAC policy:
```xml
diff --git a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
index 669d4ede86..b663f72d19 100644
--- a/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-production-devices-to-the-membership-group-for-a-zone.md
@@ -2,28 +2,30 @@
title: Add Production Devices to the Membership Group for a Zone (Windows)
description: Learn how to add production devices to the membership group for a zone and refresh the group policy on the devices in the membership group.
ms.assetid: 7141de15-5840-4beb-aabe-21c1dd89eb23
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Add Production Devices to the Membership Group for a Zone
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you test the GPOs for your design on a small set of devices, you can deploy them to the production devices.
diff --git a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
index 15f91730ba..9f5d3bac7c 100644
--- a/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
+++ b/windows/security/threat-protection/windows-firewall/add-test-devices-to-the-membership-group-for-a-zone.md
@@ -2,28 +2,30 @@
title: Add Test Devices to the Membership Group for a Zone (Windows)
description: Learn how to add devices to the group for a zone to test whether your Windows Defender Firewall with Advanced Security implementation works as expected.
ms.assetid: 47057d90-b053-48a3-b881-4f2458d3e431
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Add Test Devices to the Membership Group for a Zone
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Before you deploy your rules to large numbers of devices, you must thoroughly test the rules to make sure that communications are working as expected. A misplaced WMI filter or an incorrectly typed IP address in a filter list can easily block communications between devices. Although we recommend that you set your rules to request mode until testing and deployment is complete. We also recommend that you initially deploy the rules to a few devices only to be sure that the correct GPOs are being processed by each device.
diff --git a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
index 1a7d5dd07e..180ebf61e7 100644
--- a/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/appendix-a-sample-gpo-template-files-for-settings-used-in-this-guide.md
@@ -2,28 +2,30 @@
title: Appendix A Sample GPO Template Files for Settings Used in this Guide (Windows)
description: Use sample template files import an XML file containing customized registry preferences into a Group Policy Object (GPO).
ms.assetid: 75930afd-ab1b-4e53-915b-a28787814b38
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Appendix A: Sample GPO Template Files for Settings Used in this Guide
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
You can import an XML file containing customized registry preferences into a Group Policy Object (GPO) by using the Preferences feature of the Group Policy Management Console (GPMC).
diff --git a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
index 221490f2e9..88a28959fc 100644
--- a/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/assign-security-group-filters-to-the-gpo.md
@@ -2,28 +2,30 @@
title: Assign Security Group Filters to the GPO (Windows)
description: Learn how to use Group Policy Management MMC to assign security group filters to a GPO to make sure that the GPO is applied to the correct computers.
ms.assetid: bcbe3299-8d87-4ec1-9e86-8e4a680fd7c8
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Assign Security Group Filters to the GPO
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To make sure that your GPO is applied to the correct computers, use the Group Policy Management MMC snap-in to assign security group filters to the GPO.
diff --git a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
index b2dfe86d3b..68b7ae50a0 100644
--- a/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/basic-firewall-policy-design.md
@@ -2,27 +2,29 @@
title: Basic Firewall Policy Design (Windows)
description: Protect the devices in your organization from unwanted network traffic that gets through the perimeter defenses by using basic firewall policy design.
ms.assetid: 6f7af99e-6850-4522-b7f5-db98e6941418
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Basic Firewall Policy Design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Many organizations have a network perimeter firewall that is designed to prevent the entry of malicious traffic in to the organization's network, but don't have a host-based firewall enabled on each device in the organization.
diff --git a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
index d71e89f983..db778a73a8 100644
--- a/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
+++ b/windows/security/threat-protection/windows-firewall/best-practices-configuring.md
@@ -6,14 +6,20 @@ ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
-ms.author: maccruz
-author: schmurky
+ms.author: paoloma
+author: paolomatarazzo
ms.localizationpriority: medium
-manager: dansimp
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: article
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Best practices for configuring Windows Defender Firewall
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
index 10fa58f666..77da6ba1be 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone-gpos.md
@@ -2,28 +2,30 @@
title: Boundary Zone GPOs (Windows)
description: Learn about GPOs to create that must align with the group you create for the boundary zone in Windows Defender Firewall with Advanced Security.
ms.assetid: 1ae66088-02c3-47e4-b7e8-74d0b8f8646e
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Boundary Zone GPOs
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
All the devices in the boundary zone are added to the group CG\_DOMISO\_Boundary. You must create multiple GPOs to align with this group, one for each operating system that you have in your boundary zone. This group is granted Read and Apply permissions in Group Policy on the GPOs described in this section.
diff --git a/windows/security/threat-protection/windows-firewall/boundary-zone.md b/windows/security/threat-protection/windows-firewall/boundary-zone.md
index 11d52f96fe..d8077459ac 100644
--- a/windows/security/threat-protection/windows-firewall/boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/boundary-zone.md
@@ -2,28 +2,30 @@
title: Boundary Zone (Windows)
description: Learn how a boundary zone supports devices that must receive traffic from beyond an isolated domain in Windows Defender Firewall with Advanced Security.
ms.assetid: ed98b680-fd24-44bd-a7dd-26c522e45a20
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Boundary Zone
-
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
+
In most organizations, some devices can receive network traffic from devices that aren't part of the isolated domain, and therefore can't authenticate. To accept communications from untrusted devices, create a boundary zone within your isolated domain.
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
index 17c7175cd6..02c88fdfb7 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design-example.md
@@ -2,28 +2,30 @@
title: Certificate-based Isolation Policy Design Example (Windows)
description: This example uses a fictitious company to illustrate certificate-based isolation policy design in Windows Defender Firewall with Advanced Security.
ms.assetid: 509b513e-dd49-4234-99f9-636fd2f749e3
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Certificate-based Isolation Policy Design Example
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This design example continues to use the fictitious company Woodgrove Bank, as described in the sections [Firewall Policy Design Example](firewall-policy-design-example.md), [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md), and [Server Isolation Policy Design Example](server-isolation-policy-design-example.md).
diff --git a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
index e61836e9ce..c21f3ae251 100644
--- a/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/certificate-based-isolation-policy-design.md
@@ -2,28 +2,30 @@
title: Certificate-based Isolation Policy Design (Windows)
description: Explore the methodology behind Certificate-based Isolation Policy Design and how it defers from Domain Isolation and Server Isolation Policy Design.
ms.assetid: 63e01a60-9daa-4701-9472-096c85e0f862
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Certificate-based isolation policy design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
In the certificate-based isolation policy design, you provide the same types of protections to your network traffic as described in the [Domain Isolation Policy Design](domain-isolation-policy-design.md) and [Server Isolation Policy Design](server-isolation-policy-design.md) sections. The only difference is the method used to share identification credentials during the authentication of your network traffic.
diff --git a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
index 88550f7f67..effdd2a70c 100644
--- a/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
+++ b/windows/security/threat-protection/windows-firewall/change-rules-from-request-to-require-mode.md
@@ -2,28 +2,30 @@
title: Change Rules from Request to Require Mode (Windows)
description: Learn how to convert a rule from request to require mode and apply the modified GPOs to the client devices.
ms.assetid: ad969eda-c681-48cb-a2c4-0b6cae5f4cff
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Change Rules from Request to Require Mode
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you confirm that network traffic is being correctly protected by using IPsec, you can change the rules for the domain isolation and encryption zones to require, instead of request, authentication. Don't change the rules for the boundary zone; they must stay in request mode so that devices in the boundary zone can continue to accept connections from devices that aren't part of the isolated domain.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
index 18558ef571..d3356b14f3 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-basic-firewall-settings.md
@@ -2,28 +2,30 @@
title: Checklist Configuring Basic Firewall Settings (Windows)
description: Configure Windows Firewall to set inbound and outbound behavior, display notifications, record log files and more of the necessary function for Firewall.
ms.assetid: 0d10cdae-da3d-4a33-b8a4-6b6656b6d1f9
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Configuring Basic Firewall Settings
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This checklist includes tasks for configuring a GPO with firewall defaults and settings that are separate from the rules.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
index 36fe34357d..176d8f4536 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-an-isolated-server-zone.md
@@ -2,28 +2,30 @@
title: Checklist Configuring Rules for an Isolated Server Zone (Windows)
description: Use these tasks to configure connection security rules and IPsec settings in GPOs for servers in an isolated server zone that are part of an isolated domain.
ms.assetid: 67c50a91-e71e-4f1e-a534-dad2582e311c
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Configuring Rules for an Isolated Server Zone
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs for servers in an isolated server zone that are part of an isolated domain. For information about creating a standalone isolated server zone that isn't part of an isolated domain, see [Checklist: Implementing a Standalone Server Isolation Policy Design](checklist-implementing-a-standalone-server-isolation-policy-design.md).
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
index db9e5235c2..e546b37adf 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-servers-in-a-standalone-isolated-server-zone.md
@@ -2,28 +2,30 @@
title: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone (Windows)
description: Checklist Configuring Rules for Servers in a Standalone Isolated Server Zone
ms.assetid: ccc09d06-ef75-43b0-9c77-db06f2940955
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Configuring Rules for Servers in a Standalone Isolated Server Zone
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs for servers in a standalone isolated server zone that isn't part of an isolated domain. In addition to requiring authentication and optionally encryption, servers in a server isolation zone are accessible only by users or devices that are authenticated as members of a network access group (NAG). The GPOs described here apply only to the isolated servers, not to the client devices that connect to them. For the GPOs for the client devices, see [Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone](checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md).
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
index 7e7fc7b158..55e7e19754 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-boundary-zone.md
@@ -2,28 +2,30 @@
title: Checklist Configuring Rules for the Boundary Zone (Windows)
description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.
ms.assetid: 25fe0197-de5a-4b4c-bc44-c6f0620ea94b
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Configuring Rules for the Boundary Zone
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the boundary zone in an isolated domain.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
index 1d42ae70b6..5d0a18a69f 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-encryption-zone.md
@@ -2,28 +2,30 @@
title: Checklist Configuring Rules for the Encryption Zone (Windows)
description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.
ms.assetid: 87b1787b-0c70-47a4-ae52-700bff505ea4
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Configuring Rules for the Encryption Zone
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This checklist includes tasks for configuring connection security rules and IPsec settings in your GPOs to implement the encryption zone in an isolated domain.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
index 4f86220ff8..648850a336 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-configuring-rules-for-the-isolated-domain.md
@@ -2,28 +2,30 @@
title: Checklist Configuring Rules for the Isolated Domain (Windows)
description: Use these tasks to configure connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.
ms.assetid: bfd2d29e-4011-40ec-a52e-a67d4af9748e
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Configuring Rules for the Isolated Domain
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
The following checklists include tasks for configuring connection security rules and IPsec settings in your GPOs to implement the main zone in the isolated domain.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
index 373174d887..6168d455d3 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-group-policy-objects.md
@@ -2,28 +2,30 @@
title: Checklist Creating Group Policy Objects (Windows)
description: Learn to deploy firewall settings, IPsec settings, firewall rules, or connection security rules, by using Group Policy in AD DS.
ms.assetid: e99bd6a4-34a7-47b5-9791-ae819977a559
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Creating Group Policy Objects
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To deploy firewall or IPsec settings or firewall or connection security rules, we recommend that you use Group Policy in AD DS. This section describes a tested, efficient method that requires some up-front work, but serves an administrator well in the end by making GPO assignments as easy as dropping a device into a membership group.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
index cb5f132795..57a25a4b6c 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-inbound-firewall-rules.md
@@ -2,28 +2,30 @@
title: Checklist Creating Inbound Firewall Rules (Windows)
description: Use these tasks for creating inbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security.
ms.assetid: 0520e14e-5c82-48da-8fbf-87cef36ce02f
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Creating Inbound Firewall Rules
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This checklist includes tasks for creating firewall rules in your GPOs.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
index cc6976169c..879c1a55b6 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-outbound-firewall-rules.md
@@ -2,28 +2,30 @@
title: Checklist Creating Outbound Firewall Rules (Windows)
description: Use these tasks for creating outbound firewall rules in your GPOs for Windows Defender Firewall with Advanced Security.
ms.assetid: 611bb98f-4e97-411f-82bf-7a844a4130de
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Creating Outbound Firewall Rules
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This checklist includes tasks for creating outbound firewall rules in your GPOs.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
index b6369d7c01..9094725eda 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-creating-rules-for-clients-of-a-standalone-isolated-server-zone.md
@@ -2,28 +2,30 @@
title: Create Rules for Standalone Isolated Server Zone Clients (Windows)
description: Checklist for when creating rules for clients of a Standalone Isolated Server Zone
ms.assetid: 6a5e6478-add3-47e3-8221-972549e013f6
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Creating Rules for Clients of a Standalone Isolated Server Zone
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This checklist includes tasks for configuring connection security rules and IPsec settings in the GPOs for client devices that must connect to servers in an isolated server zone.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
index c9c577bc2e..6a5f00771e 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-basic-firewall-policy-design.md
@@ -2,28 +2,30 @@
title: Checklist Implementing a Basic Firewall Policy Design (Windows)
description: Follow this parent checklist for implementing a basic firewall policy design to ensure successful implementation.
ms.assetid: 6caf0c1e-ac72-4f9d-a986-978b77fbbaa3
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Implementing a Basic Firewall Policy Design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This parent checklist includes cross-reference links to important concepts about the basic firewall policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
index 5d59df9ccd..ce48d49c77 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-certificate-based-isolation-policy-design.md
@@ -2,28 +2,30 @@
title: Checklist Implementing a Certificate-based Isolation Policy Design (Windows)
description: Use these references to learn about using certificates as an authentication option and configure a certificate-based isolation policy design.
ms.assetid: 1e34b5ea-2e77-4598-a765-550418d33894
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Implementing a Certificate-based Isolation Policy Design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This parent checklist includes cross-reference links to important concepts about using certificates as an authentication option in either a domain isolation or server isolation design.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
index 6a6f01d952..6061bc86b5 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-domain-isolation-policy-design.md
@@ -2,28 +2,30 @@
title: Checklist Implementing a Domain Isolation Policy Design (Windows)
description: Use these references to learn about the domain isolation policy design and links to other checklists to complete tasks require to implement this design.
ms.assetid: 76586eb3-c13c-4d71-812f-76bff200fc20
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Implementing a Domain Isolation Policy Design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This parent checklist includes cross-reference links to important concepts about the domain isolation policy design. It also contains links to subordinate checklists that will help you complete the tasks that are required to implement this design.
diff --git a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
index c484d2eec0..87364021d1 100644
--- a/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/checklist-implementing-a-standalone-server-isolation-policy-design.md
@@ -2,28 +2,30 @@
title: Checklist Implementing a Standalone Server Isolation Policy Design (Windows)
description: Use these tasks to create a server isolation policy design that isn't part of an isolated domain. See references to concepts and links to other checklists.
ms.assetid: 50a997d8-f079-408c-8ac6-ecd02078ade3
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Checklist: Implementing a Standalone Server Isolation Policy Design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This checklist contains procedures for creating a server isolation policy design that isn't part of an isolated domain. For information on the steps required to create an isolated server zone within an isolated domain, see [Checklist: Configuring Rules for an Isolated Server Zone](checklist-configuring-rules-for-an-isolated-server-zone.md).
diff --git a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
index b16b7adc8a..7f45ce6466 100644
--- a/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
+++ b/windows/security/threat-protection/windows-firewall/configure-authentication-methods.md
@@ -2,28 +2,30 @@
title: Configure Authentication Methods (Windows)
description: Learn how to configure authentication methods for devices in an isolated domain or standalone server zone in Windows Defender Firewall with Advanced Security.
ms.assetid: 5fcdc523-617f-4233-9213-15fe19f4cd02
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Configure Authentication Methods
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This procedure shows you how to configure the authentication methods that can be used by computers in an isolated domain or standalone isolated server zone.
diff --git a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
index 99a5795add..f839c60899 100644
--- a/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-data-protection-quick-mode-settings.md
@@ -2,28 +2,30 @@
title: Configure Data Protection (Quick Mode) Settings (Windows)
description: Learn how to configure the data protection settings for connection security rules in an isolated domain or a standalone isolated server zone.
ms.assetid: fdcb1b36-e267-4be7-b842-5df9a067c9e0
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Configure Data Protection (Quick Mode) Settings
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This procedure shows you how to configure the data protection (quick mode) settings for connection security rules in an isolated domain or a standalone isolated server zone.
diff --git a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
index ef75edf628..feb3b8e3a2 100644
--- a/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
+++ b/windows/security/threat-protection/windows-firewall/configure-group-policy-to-autoenroll-and-deploy-certificates.md
@@ -2,28 +2,30 @@
title: Configure Group Policy to Autoenroll and Deploy Certificates (Windows)
description: Learn how to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network.
ms.assetid: faeb62b5-2cc3-42f7-bee5-53ba45d05c09
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Configure Group Policy to Autoenroll and Deploy Certificates
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
You can use this procedure to configure Group Policy to automatically enroll client computer certificates and deploy them to the workstations on your network. Follow this procedure for each GPO that contains IPsec connection security rules that require this certificate.
diff --git a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
index d630831fe4..dd062985fe 100644
--- a/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
+++ b/windows/security/threat-protection/windows-firewall/configure-key-exchange-main-mode-settings.md
@@ -2,28 +2,30 @@
title: Configure Key Exchange (Main Mode) Settings (Windows)
description: Learn how to configure the main mode key exchange settings used to secure the IPsec authentication traffic in Windows Defender Firewall with Advanced Security.
ms.assetid: 5c593b6b-2cd9-43de-9b4e-95943fe82f52
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Configure Key Exchange (Main Mode) Settings
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This procedure shows you how to configure the main mode key exchange settings used to secure the IPsec authentication traffic.
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
index 00d5f4cd23..2a9fedfb36 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-rules-to-require-encryption.md
@@ -2,20 +2,26 @@
title: Configure the Rules to Require Encryption (Windows)
description: Learn how to configure rules to add encryption algorithms and delete the algorithm combinations that don't use encryption for zones that require encryption.
ms.assetid: 07b7760f-3225-4b4b-b418-51787b0972a0
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Configure the Rules to Require Encryption
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
index 763858cb1e..acae2a5eb6 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-windows-firewall-log.md
@@ -2,28 +2,30 @@
title: Configure the Windows Defender Firewall Log (Windows)
description: Learn how to configure Windows Defender Firewall with Advanced Security to log dropped packets or successful connections by using Group Policy Management MMC.
ms.assetid: f037113d-506b-44d3-b9c0-0b79d03e7d18
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Configure the Windows Defender Firewall with Advanced Security Log
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To configure Windows Defender Firewall with Advanced Security to log dropped packets or successful connections, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in.
diff --git a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
index ae802dff45..7f4b8057f3 100644
--- a/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
+++ b/windows/security/threat-protection/windows-firewall/configure-the-workstation-authentication-certificate-template.md
@@ -2,25 +2,27 @@
title: Configure the Workstation Authentication Template (Windows)
description: Learn how to configure a workstation authentication certificate template, which is used for device certificates that are enrolled and deployed to workstations.
ms.assetid: c3ac9960-6efc-47c1-bd69-d9d4bf84f7a6
-ms.reviewer:
-manager: dansimp
-ms.author: dansimp
+ms.reviewer: jekrynit
+manager: aaroncz
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
+author: paolomatarazzo
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Configure the Workstation Authentication Certificate Template
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This procedure describes how to configure a certificate template that Active Directory Certification Services (AD CS) uses as the starting point for device certificates that are automatically enrolled and deployed to workstations in the domain. It shows how to create a copy of a template, and then configure the template according to your design requirements.
diff --git a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
index da729a7b63..81905439d5 100644
--- a/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
+++ b/windows/security/threat-protection/windows-firewall/configure-windows-firewall-to-suppress-notifications-when-a-program-is-blocked.md
@@ -2,28 +2,30 @@
title: Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program is Blocked (Windows)
description: Configure Windows Defender Firewall with Advanced Security to suppress notifications when a program is Blocked
ms.assetid: b7665d1d-f4d2-4b5a-befc-8b6bd940f69b
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Configure Windows Defender Firewall with Advanced Security to Suppress Notifications When a Program Is Blocked
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To configure Windows Defender Firewall with Advanced Security to suppress the display of a notification when it blocks a program that tries to listen for network traffic and to prohibit locally defined rules, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console.
diff --git a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
index 45aac5c3bd..e23f800b1e 100644
--- a/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
+++ b/windows/security/threat-protection/windows-firewall/confirm-that-certificates-are-deployed-correctly.md
@@ -2,28 +2,30 @@
title: Confirm That Certificates Are Deployed Correctly (Windows)
description: Learn how to confirm that a Group Policy is being applied as expected and that the certificates are being properly installed on the workstations.
ms.assetid: de0c8dfe-16b0-4d3b-8e8f-9282f6a65eee
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: securit
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Confirm That Certificates Are Deployed Correctly
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After configuring your certificates and autoenrollment in Group Policy, you can confirm that the policy is being applied as expected, and that the certificates are being properly installed on the workstation devices.
diff --git a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
index a3b8bcee88..603fb772d6 100644
--- a/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/copy-a-gpo-to-create-a-new-gpo.md
@@ -2,28 +2,30 @@
title: Copy a GPO to Create a New GPO (Windows)
description: Learn how to make a copy of a GPO by using the Active Directory Users and devices MMC snap-in to create a GPO for boundary zone devices.
ms.assetid: 7f6a23e5-4b3f-40d6-bf6d-7895558b1406
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Copy a GPO to Create a New GPO
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To create the GPO for the boundary zone devices, make a copy of the main domain isolation GPO, and then change the settings to request, instead of require, authentication. To make a copy of a GPO, use the Active Directory Users and devices MMC snap-in.
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
index 7f5899e2f5..f3f7a3bb1b 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-account-in-active-directory.md
@@ -2,28 +2,30 @@
title: Create a Group Account in Active Directory (Windows)
description: Learn how to create a security group for the computers that are to receive Group Policy settings by using the Active Directory Users and Computers console.
ms.assetid: c3700413-e02d-4d56-96b8-7991f97ae432
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create a Group Account in Active Directory
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To create a security group to contain the computer accounts for the computers that are to receive a set of Group Policy settings, use the Active Directory Users and Computers console.
diff --git a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
index c1f6da0c2a..8926c70552 100644
--- a/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
+++ b/windows/security/threat-protection/windows-firewall/create-a-group-policy-object.md
@@ -2,28 +2,30 @@
title: Create a Group Policy Object (Windows)
description: Learn how to use the Active Directory Users and Computers MMC snap-in to create a GPO. You must be a member of the Domain Administrators group.
ms.assetid: 72a50dd7-5033-4d97-a5eb-0aff8a35cced
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create a Group Policy Object
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To create a new GPO, use the Active Directory Users and Computers MMC snap-in.
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
index 513807383f..a2ad8d6f6c 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-exemption-list-rule.md
@@ -2,28 +2,30 @@
title: Create an Authentication Exemption List Rule (Windows)
description: Learn how to create rules that exempt devices that cannot communicate by using IPSec from the authentication requirements of your isolation policies.
ms.assetid: 8f6493f3-8527-462a-82c0-fd91a6cb5dd8
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create an Authentication Exemption List Rule
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
In almost any isolated server or isolated domain scenario, there are some devices or devices that cannot communicate by using IPsec. This procedure shows you how to create rules that exempt those devices from the authentication requirements of your isolation policies.
diff --git a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
index 037a451dee..99d3d07f46 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-authentication-request-rule.md
@@ -2,20 +2,26 @@
title: Create an Authentication Request Rule (Windows)
description: Create a new rule for Windows Defender Firewall with Advanced Security so devices on the network use IPsec protocols and methods before they can communicate.
ms.assetid: 1296e048-039f-4d1a-aaf2-8472ad05e359
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create an Authentication Request Rule
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
index da5b7f7f20..76b063f72d 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-icmp-rule.md
@@ -2,28 +2,30 @@
title: Create an Inbound ICMP Rule (Windows)
description: Learn how to allow inbound ICMP traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
ms.assetid: 267b940a-79d9-4322-b53b-81901e357344
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create an Inbound ICMP Rule
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To allow inbound Internet Control Message Protocol (ICMP) network traffic, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows ICMP requests and responses to be sent and received by computers on the network.
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
index 93586077a2..56a7c6808c 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-port-rule.md
@@ -2,28 +2,30 @@
title: Create an Inbound Port Rule (Windows)
description: Learn to allow traffic on specific ports by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
ms.assetid: a7b6c6ca-32fa-46a9-a5df-a4e43147da9f
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create an Inbound Port Rule
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To allow inbound network traffic on only a specified TCP or UDP port number, use the Windows Defender Firewall
with Advanced Security node in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows any program that listens on a specified TCP or UDP port to receive network traffic sent to that port.
diff --git a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
index bb976db9c3..1d6f3352d0 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-inbound-program-or-service-rule.md
@@ -2,28 +2,30 @@
title: Create an Inbound Program or Service Rule (Windows)
description: Learn how to allow inbound traffic to a program or service by using the Group Policy Management MMC snap-in to create firewall rules.
ms.assetid: 00b7fa60-7c64-4ba5-ba95-c542052834cf
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create an Inbound Program or Service Rule
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To allow inbound network traffic to a specified program or service, use the Windows Defender Firewall with Advanced Securitynode in the Group Policy Management MMC snap-in to create firewall rules. This type of rule allows the program to listen and receive inbound network traffic on any port.
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
index 11f38ec926..9c6df54f31 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-port-rule.md
@@ -2,28 +2,30 @@
title: Create an Outbound Port Rule (Windows)
description: Learn to block outbound traffic on a port by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
ms.assetid: 59062b91-756b-42ea-8f2a-832f05d77ddf
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.mktglfcycl: deploy
ms.sitesec: library
ms.pagetype: security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
audience: ITPro
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create an Outbound Port Rule
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic on a specified TCP or UDP port number, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule blocks any outbound network traffic that matches the specified TCP or UDP port numbers.
diff --git a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
index ec94f13e2b..79eb7dda0d 100644
--- a/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
+++ b/windows/security/threat-protection/windows-firewall/create-an-outbound-program-or-service-rule.md
@@ -1,24 +1,26 @@
---
title: Create an Outbound Program or Service Rule (Windows)
description: Use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create an Outbound Program or Service Rule
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
By default, Windows Defender Firewall allows all outbound network traffic unless it matches a rule that prohibits the traffic. To block outbound network traffic for a specified program or service, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create firewall rules. This type of rule prevents the program from sending any outbound network traffic on any port.
diff --git a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
index 4d05d75092..2fec297236 100644
--- a/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
+++ b/windows/security/threat-protection/windows-firewall/create-inbound-rules-to-support-rpc.md
@@ -1,24 +1,26 @@
---
title: Create Inbound Rules to Support RPC (Windows)
description: Learn how to allow RPC network traffic by using the Group Policy Management MMC snap-in to create rules in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create Inbound Rules to Support RPC
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To allow inbound remote procedure call (RPC) network traffic, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console to create two firewall rules. The first rule allows incoming network packets on TCP port 135 to the RPC Endpoint Mapper service. The incoming traffic consists of requests to communicate with a specified network service. The RPC Endpoint Mapper replies with a dynamically assigned port number that the client must use to communicate with the service. The second rule allows the network traffic that is sent to the dynamically assigned port number. Using the two rules configured as described in this topic helps to protect your device by allowing network traffic only from devices that have received RPC dynamic port redirection and to only those TCP port numbers assigned by the RPC Endpoint Mapper.
diff --git a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
index 7f460e4af8..3b6a633dbf 100644
--- a/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
+++ b/windows/security/threat-protection/windows-firewall/create-windows-firewall-rules-in-intune.md
@@ -1,23 +1,25 @@
---
title: Create Windows Firewall rules in Intune (Windows)
description: Learn how to use Intune to create rules in Windows Defender Firewall with Advanced Security. Start by creating a profile in Device Configuration in Intune.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create Windows Firewall rules in Intune
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
>[!IMPORTANT]
>This information relates to prereleased product which may be substantially modified before it's commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
diff --git a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
index 1b2931e18d..2bdb97ef09 100644
--- a/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
+++ b/windows/security/threat-protection/windows-firewall/create-wmi-filters-for-the-gpo.md
@@ -1,24 +1,26 @@
---
title: Create WMI Filters for the GPO (Windows)
description: Learn how to use WMI filters on a GPO to make sure that each GPO for a group can only be applied to devices running the correct version of Windows.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Create WMI Filters for the GPO
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To make sure that each GPO associated with a group can only be applied to devices running the correct version of Windows, use the Group Policy Management MMC snap-in to create and assign WMI filters to the GPO. Although you can create a separate membership group for each GPO, you would then have to manage the memberships of the different groups. Instead, use only a single membership group, and let WMI filters automatically ensure the correct GPO is applied to each device.
diff --git a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
index a245dc4589..0b2d46c86c 100644
--- a/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
+++ b/windows/security/threat-protection/windows-firewall/designing-a-windows-firewall-with-advanced-security-strategy.md
@@ -1,24 +1,26 @@
---
title: Designing a Windows Defender Firewall Strategy (Windows)
description: Answer the question in this article to design an effective Windows Defender Firewall with Advanced Security Strategy.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Designing a Windows Defender Firewall with Advanced Security Strategy
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To select the most effective design for helping to protect the network, you must spend time collecting key information about your current computer environment. You must have a good understanding of what tasks the devices on the network perform, and how they use the network to accomplish those tasks. You must understand the network traffic generated by the programs running on the devices.
diff --git a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
index 8ba54573da..7cc8bd8b35 100644
--- a/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/determining-the-trusted-state-of-your-devices.md
@@ -1,24 +1,26 @@
---
title: Determining the Trusted State of Your Devices (Windows)
description: Learn how to define the trusted state of devices in your enterprise to help design your strategy for using Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Determining the Trusted State of Your Devices
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After obtaining information about the devices that are currently part of the IT infrastructure, you must determine at what point a device is considered trusted. The term *trusted* can mean different things to different people. Therefore, you must communicate a firm definition for it to all stakeholders in the project. Failure to do this communication can lead to problems with the security of the trusted environment, because the overall security can't exceed the level of security set by the least secure client that achieves trusted status.
diff --git a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
index 2215134491..95dc6e163c 100644
--- a/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/documenting-the-zones.md
@@ -1,24 +1,26 @@
---
title: Documenting the Zones (Windows)
description: Learn how to document the zone placement of devices in your design for Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Documenting the Zones
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Generally, the task of determining zone membership isn't complex, but it can be time-consuming. Use the information generated during the [Designing a Windows Defender Firewall with Advanced Security Strategy](designing-a-windows-firewall-with-advanced-security-strategy.md) section of this guide to determine the zone in which to put each host. You can document this zone placement by adding a Group column to the inventory table shown in the Designing a Windows Defender Firewall with Advanced Security Strategy section. A sample is shown here:
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
index 2370992ec2..82b302fd7b 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design-example.md
@@ -1,24 +1,26 @@
---
title: Domain Isolation Policy Design Example (Windows)
description: This example uses a fictitious company to illustrate domain isolation policy design in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Domain Isolation Policy Design Example
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This design example continues to use the fictitious company Woodgrove Bank, and builds on the example described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section. See that example for an explanation of the basic corporate network infrastructure at Woodgrove Bank with diagrams.
diff --git a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
index 50640ef245..340f62976e 100644
--- a/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/domain-isolation-policy-design.md
@@ -1,24 +1,26 @@
---
title: Domain Isolation Policy Design (Windows)
description: Learn how to design a domain isolation policy, based on which devices accept only connections from authenticated members of the same isolated domain.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Domain Isolation Policy Design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
In the domain isolation policy design, you configure the devices on your network to accept only connections coming from devices that are authenticated as members of the same isolated domain.
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
index 307d2e17e0..123058b8dd 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-inbound-rules.md
@@ -1,24 +1,26 @@
---
title: Enable Predefined Inbound Rules (Windows)
description: Learn the rules for Windows Defender Firewall with Advanced Security for common networking roles and functions.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Enable Predefined Inbound Rules
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Windows Defender Firewall with Advanced Security includes many predefined rules for common networking roles and functions. When you install a new server role on a device or enable a network feature on a client device, the installer typically enables the rules required for that role instead of creating new ones. When deploying firewall rules to the devices on the network, you can take advantage of these predefined rules instead of creating new ones. Using this advantage helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
diff --git a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
index d0ee50b518..000488608e 100644
--- a/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
+++ b/windows/security/threat-protection/windows-firewall/enable-predefined-outbound-rules.md
@@ -1,24 +1,26 @@
---
title: Enable Predefined Outbound Rules (Windows)
description: Learn to deploy predefined firewall rules that block outbound network traffic for common network functions in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/07/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Enable Predefined Outbound Rules
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
By default, Windows Defender Firewall with Advanced Security allows all outbound network traffic unless it matches a rule that prohibits the traffic. Windows Defender Firewall includes many predefined outbound rules that can be used to block network traffic for common networking roles and functions. When you install a new server role on a computer or enable a network feature on a client computer, the installer can install, but typically doesn't enable, outbound block rules for that role. When deploying firewall rules to the computers on the network, you can take advantage of these predefined rules instead of creating new ones. Using this advantage helps to ensure consistency and accuracy, because the rules have been thoroughly tested and are ready for use.
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
index 90e93ba044..bcca4ec64f 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone-gpos.md
@@ -1,24 +1,26 @@
---
title: Encryption Zone GPOs (Windows)
description: Learn how to add a device to an encryption zone by adding the device account to the encryption zone group in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Encryption Zone GPOs
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Handle encryption zones in a similar manner to the boundary zones. A device is added to an encryption zone by adding the device account to the encryption zone group. Woodgrove Bank has a single service that must be protected, and the devices that are running that service are added to the group CG\_DOMISO\_Encryption. This group is granted Read and Apply Group Policy permissions in on the GPO described in this section.
diff --git a/windows/security/threat-protection/windows-firewall/encryption-zone.md b/windows/security/threat-protection/windows-firewall/encryption-zone.md
index 3427f8825c..7038a7f49d 100644
--- a/windows/security/threat-protection/windows-firewall/encryption-zone.md
+++ b/windows/security/threat-protection/windows-firewall/encryption-zone.md
@@ -1,24 +1,26 @@
---
title: Encryption Zone (Windows)
description: Learn how to create an encryption zone to contain devices that host sensitive data and require that the sensitive network traffic be encrypted.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Encryption Zone
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Some servers in the organization host data that's sensitive, including medical, financial, or other personal data. Government or industry regulations might require that this sensitive information must be encrypted when it's transferred between devices.
diff --git a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
index 9cd638e39c..3096a8342b 100644
--- a/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
+++ b/windows/security/threat-protection/windows-firewall/evaluating-windows-firewall-with-advanced-security-design-examples.md
@@ -1,24 +1,26 @@
---
title: Evaluating Windows Defender Firewall with Advanced Security Design Examples (Windows)
description: Evaluating Windows Defender Firewall with Advanced Security Design Examples
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Evaluating Windows Defender Firewall with Advanced Security Design Examples
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
The following Windows Defender Firewall with Advanced Security design examples illustrate how you can use Windows Defender Firewall to improve the security of the devices connected to the network. You can use these topics to evaluate how the firewall and connection security rules work across all Windows Defender Firewall designs and to determine which design or combination of designs best suits the goals of your organization.
diff --git a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
index dee6778a40..d6de9a861d 100644
--- a/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/exempt-icmp-from-authentication.md
@@ -1,24 +1,26 @@
---
title: Exempt ICMP from Authentication (Windows)
description: Learn how to add exemptions for any network traffic that uses the ICMP protocol in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Exempt ICMP from Authentication
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This procedure shows you how to add exemptions for any network traffic that uses the ICMP protocol.
diff --git a/windows/security/threat-protection/windows-firewall/exemption-list.md b/windows/security/threat-protection/windows-firewall/exemption-list.md
index 487eb1a25d..ac27c34d95 100644
--- a/windows/security/threat-protection/windows-firewall/exemption-list.md
+++ b/windows/security/threat-protection/windows-firewall/exemption-list.md
@@ -1,24 +1,26 @@
---
title: Exemption List (Windows)
description: Learn about reasons to add devices to an exemption list in Windows Defender Firewall with Advanced Security and the trade-offs of having too many exemptions.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Exemption List
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
When you implement a server and domain isolation security model in your organization, you're likely to find more challenges. Key infrastructure servers such as DNS servers and DHCP servers typically must be available to all devices on the internal network, yet secured from network attacks. However, if they must remain available to all devices on the network, not just to isolated domain members, then these servers can't require IPsec for inbound access, nor can they use IPsec transport mode for outbound traffic.
diff --git a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
index 73db668581..f13a1094ec 100644
--- a/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
+++ b/windows/security/threat-protection/windows-firewall/filter-origin-documentation.md
@@ -1,17 +1,23 @@
---
title: Filter origin audit log improvements
description: Filter origin documentation audit log improvements
-ms.reviewer:
-ms.author: v-bshilpa
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: normal
-author: Benny-54
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection:
- m365-security-compliance
- m365-initiative-windows-security
ms.topic: troubleshooting
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Filter origin audit log improvements
diff --git a/windows/security/threat-protection/windows-firewall/firewall-gpos.md b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
index acce618f02..80b417b9a0 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-gpos.md
@@ -1,24 +1,26 @@
---
title: Firewall GPOs (Windows)
description: In this example, a Group Policy Object is linked to the domain container because the domain controllers aren't part of the isolated domain.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Firewall GPOs
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
All the devices on Woodgrove Bank's network that run Windows are part of the isolated domain, except domain controllers. To configure firewall rules, the GPO described in this section is linked to the domain container in the Active Directory OU hierarchy, and then filtered by using security group filters and WMI filters.
diff --git a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
index 71610970dc..d52cb81f95 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-policy-design-example.md
@@ -1,24 +1,26 @@
---
title: Basic Firewall Policy Design Example (Windows)
description: This example features a fictitious company and illustrates firewall policy design for Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Basic Firewall Policy Design Example
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
In this example, the fictitious company Woodgrove Bank is a financial services institution.
diff --git a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
index 777d827e77..9d3ccfc6b4 100644
--- a/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
+++ b/windows/security/threat-protection/windows-firewall/firewall-settings-lost-on-upgrade.md
@@ -1,17 +1,23 @@
---
title: Troubleshooting Windows Firewall settings after a Windows upgrade
description: Firewall settings lost on upgrade
-ms.reviewer:
-ms.author: v-bshilpa
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: Benny-54
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection:
- m365-security-compliance
- m365-initiative-windows-security
ms.topic: troubleshooting
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Troubleshooting Windows Firewall settings after a Windows upgrade
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
index da7ae54f60..8725d0c4ed 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-active-directory-deployment.md
@@ -1,24 +1,26 @@
---
title: Gathering Information about Your Active Directory Deployment (Windows)
description: Learn about gathering Active Directory information, including domain layout, organizational unit architecture, and site topology, for your firewall deployment.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Gathering Information about Your Active Directory Deployment
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Active Directory is another important item about which you must gather information. You must understand the forest structure. This structure includes domain layout, organizational unit (OU) architecture, and site topology. This information makes it possible to know where devices are currently placed, their configuration, and the impact of changes to Active Directory that result from implementing Windows Defender Firewall with Advanced Security. Review the following list for information needed:
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
index 1477bbc36c..bfe7c5a55b 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-current-network-infrastructure.md
@@ -1,24 +1,26 @@
---
title: Gathering Info about Your Network Infrastructure (Windows)
description: Learn how to gather info about your network infrastructure so that you can effectively plan for Windows Defender Firewall with Advanced Security deployment.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Gathering Information about Your Current Network Infrastructure
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Perhaps the most important aspect of planning for Windows Defender Firewall with Advanced Security deployment is the network architecture, because IPsec is layered on the Internet Protocol itself. An incomplete or inaccurate understanding of the network can prevent any Windows Defender Firewall solution from being successful. Understanding subnet layout, IP addressing schemes, and traffic patterns are part of this effort, but accurately documenting the following components are important to completing the planning phase of this project:
diff --git a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
index 6cdefe354a..eb25dfbbce 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-information-about-your-devices.md
@@ -1,24 +1,26 @@
---
title: Gathering Information about Your Devices (Windows)
description: Learn what information to gather about the devices in your enterprise to plan your Windows Defender Firewall with Advanced Security deployment.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Gathering Information about Your Devices
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
One of the most valuable benefits of conducting an asset discovery project is the large amount of data that is obtained about the client and server devices on the network. When you start designing and planning your isolation zones, you must make decisions that require accurate information about the state of all hosts to ensure that they can use IPsec as planned.
diff --git a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
index 7f6cefda53..27ebec7226 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-other-relevant-information.md
@@ -1,24 +1,26 @@
---
title: Gathering Other Relevant Information (Windows)
description: Learn about additional information you may need to gather to deploy Windows Defender Firewall with Advanced Security policies in your organization.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Gathering Other Relevant Information
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This topic discusses several other things that you should examine to see whether they'll cause any complications in your ability to deploy Windows Defender Firewall with Advanced Security policies in your organization.
diff --git a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
index f009728af3..5f8c2be8fe 100644
--- a/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
+++ b/windows/security/threat-protection/windows-firewall/gathering-the-information-you-need.md
@@ -1,24 +1,26 @@
---
title: Gathering the Information You Need (Windows)
description: Collect and analyze information about your network, directory services, and devices to prepare for Windows Defender Firewall with Advanced Security deployment.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Gathering the Information You Need
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Before starting the planning process for a Windows Defender Firewall with Advanced Security deployment, you must collect and analyze up-to-date information about the network, the directory services, and the devices that are already deployed in the organization. This information enables you to create a design that accounts for all possible elements of the existing infrastructure. If the gathered information isn't accurate, problems can occur when devices and devices that weren't considered during the planning phase are encountered during implementation.
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
index 9d4cea8c27..a9b3bb3f08 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-boundary.md
@@ -1,24 +1,26 @@
---
title: GPO\_DOMISO\_Boundary (Windows)
description: This example GPO supports devices that aren't part of the isolated domain to access specific servers that must be available to those untrusted devices.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# GPO\_DOMISO\_Boundary
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This GPO is authored by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. Woodgrove Bank began by copying and pasting the GPO for the Windows Server 2008 version of the isolated domain GPO, and then renamed the copy to reflect its new purpose.
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
index a325feb5ed..9849e51f4d 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-encryption.md
@@ -1,16 +1,22 @@
---
title: GPO\_DOMISO\_Encryption\_WS2008 (Windows)
description: This example GPO supports the ability for servers that contain sensitive data to require encryption for all connection requests.
-ms.reviewer:
-ms.author: dansimp
-author: dansimp
-manager: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.prod: m365-security
ms.localizationpriority: medium
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# GPO\_DOMISO\_Encryption\_WS2008
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
index 6cd30ab0e7..c50f026cc3 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-firewall.md
@@ -1,24 +1,26 @@
---
title: GPO\_DOMISO\_Firewall (Windows)
description: Learn about the settings and rules in this example GPO, which is authored by using the Group Policy editing tools.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# GPO\_DOMISO\_Firewall
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This GPO is authored by using the Windows Defender Firewall
with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It is intended to only apply to devices that are running at least Windows 7 or Windows Server 2008.
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
index be3ef61a55..40f53282db 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-clients.md
@@ -1,24 +1,26 @@
---
title: GPO\_DOMISO\_IsolatedDomain\_Clients (Windows)
description: Author this GPO by using Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# GPO\_DOMISO\_IsolatedDomain\_Clients
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This GPO is authored by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It's intended to only apply to client devices that are running Windows 8, Windows 7, or Windows Vista.
diff --git a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
index 3e4b545348..cd7824dccc 100644
--- a/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
+++ b/windows/security/threat-protection/windows-firewall/gpo-domiso-isolateddomain-servers.md
@@ -1,24 +1,26 @@
---
title: GPO\_DOMISO\_IsolatedDomain\_Servers (Windows)
description: Author this GPO by using the Windows Defender Firewall with Advanced Security interface in the Group Policy editing tools.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# GPO\_DOMISO\_IsolatedDomain\_Servers
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This GPO is authored by using the Windows Defender Firewall interface in the Group Policy editing tools. The User Configuration section of the GPO is disabled. It's intended to only apply to server devices that are running at least Windows Server 2008.
diff --git a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
index da1df7152e..393ecebb5b 100644
--- a/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
+++ b/windows/security/threat-protection/windows-firewall/identifying-your-windows-firewall-with-advanced-security-deployment-goals.md
@@ -1,23 +1,25 @@
---
title: Identify implementation goals for Windows Defender Firewall with Advanced Security Deployment (Windows)
description: Identifying Your Windows Defender Firewall with Advanced Security (WFAS) implementation goals
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Identifying Windows Defender Firewall with Advanced Security implementation goals
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Correctly identifying your Windows Defender Firewall with Advanced Security implementation goals is essential for the success of your Windows Defender Firewall design project. Form a project team that can clearly articulate deployment issues in a vision statement. When you write your vision statement, identify, clarify, and refine your implementation goals. Prioritize and, if possible, combine your implementation goals so that you can design and deploy Windows Defender Firewall by using an iterative approach. You can take advantage of the predefined Windows Defender Firewall implementation goals presented in this guide that are relevant to your scenarios.
diff --git a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
index e99fb5bdc3..663cee3cb9 100644
--- a/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
+++ b/windows/security/threat-protection/windows-firewall/implementing-your-windows-firewall-with-advanced-security-design-plan.md
@@ -1,24 +1,26 @@
---
title: Implementing Your Windows Defender Firewall with Advanced Security Design Plan (Windows)
description: Implementing Your Windows Defender Firewall with Advanced Security Design Plan
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Implementing Your Windows Defender Firewall with Advanced Security Design Plan
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
The following are important factors in the implementation of your Windows Defender Firewall design plan:
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
index b2b51c8bed..d15da4ef92 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain-gpos.md
@@ -1,24 +1,26 @@
---
title: Isolated Domain GPOs (Windows)
description: Learn about GPOs for isolated domains in this example configuration of Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Isolated Domain GPOs
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
All of the devices in the isolated domain are added to the group CG\_DOMISO\_IsolatedDomain. You must create multiple GPOs to align with this group, one for each Windows operating system that must have different rules or settings to implement the basic isolated domain functionality that you have in your isolated domain. This group is granted Read and Apply Group Policy permissions on all the GPOs described in this section.
diff --git a/windows/security/threat-protection/windows-firewall/isolated-domain.md b/windows/security/threat-protection/windows-firewall/isolated-domain.md
index ab40a0617d..16663963fe 100644
--- a/windows/security/threat-protection/windows-firewall/isolated-domain.md
+++ b/windows/security/threat-protection/windows-firewall/isolated-domain.md
@@ -1,16 +1,22 @@
---
title: Isolated Domain (Windows)
description: Learn about the isolated domain, which is the primary zone for trusted devices, which use connection security and firewall rules to control communication.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Isolated Domain
diff --git a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
index 94c2d1efc2..4da13f6712 100644
--- a/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
+++ b/windows/security/threat-protection/windows-firewall/isolating-apps-on-your-network.md
@@ -3,22 +3,24 @@ title: Isolating Microsoft Store Apps on Your Network (Windows)
description: Learn how to customize your firewall configuration to isolate the network access of the new Microsoft Store apps that run on devices added to your network.
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Isolating Microsoft Store Apps on Your Network
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
When you add new devices to your network, you may want to customize your Windows Defender Firewall with Advanced Security configuration to isolate the network access of the new Microsoft Store apps that run on them. Developers who build Microsoft Store apps can declare certain app capabilities that enable different classes of network access. A developer can decide what kind of network access the app requires and configure this capability for the app. When the app is installed on a device, appropriate firewall rules are automatically created to enable access. You can then customize the firewall configuration to further fine-tune this access if they desire more control over the network access for the app.
diff --git a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
index 27ca0787a6..50361255a5 100644
--- a/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
+++ b/windows/security/threat-protection/windows-firewall/link-the-gpo-to-the-domain.md
@@ -1,24 +1,26 @@
---
title: Link the GPO to the Domain (Windows)
description: Learn how to link a GPO to the Active Directory container for the target devices, after you configure it in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Link the GPO to the Domain
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you create the GPO and configure it with security group filters and WMI filters, you must link the GPO to the container in Active Directory that contains all of the target devices.
diff --git a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
index e14954cb74..b729a362be 100644
--- a/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/mapping-your-deployment-goals-to-a-windows-firewall-with-advanced-security-design.md
@@ -1,24 +1,26 @@
---
title: Mapping your implementation goals to a Windows Firewall with Advanced Security design (Windows)
description: Mapping your implementation goals to a Windows Firewall with Advanced Security design
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Mapping your implementation goals to a Windows Firewall with Advanced Security design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you finish reviewing the existing Windows Firewall with Advanced Security implementation goals and you determine which goals are important to your specific deployment, you can map those goals to a specific Windows Firewall with Advanced Security design.
> [!IMPORTANT]
diff --git a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
index 20c89d309f..ce5e5032ad 100644
--- a/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
+++ b/windows/security/threat-protection/windows-firewall/modify-gpo-filters-to-apply-to-a-different-zone-or-version-of-windows.md
@@ -1,24 +1,26 @@
---
title: Modify GPO Filters (Windows)
description: Learn how to modify GPO filters to apply to a different zone or version of windows in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Modify GPO Filters to Apply to a Different Zone or Version of Windows
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
You must reconfigure your copied GPO so that it contains the correct security group and WMI filters for its new role. If you are creating the GPO for the isolated domain, use the [Block members of a group from applying a GPO](#to-block-members-of-a-group-from-applying-a-gpo) procedure to prevent members of the boundary and encryption zones from incorrectly applying the GPOs for the main isolated domain.
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
index 27d55010fe..2a59a2ec1e 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-ip-security-policies.md
@@ -1,24 +1,26 @@
---
title: Open the Group Policy Management Console to IP Security Policies (Windows)
description: Learn how to open the Group Policy Management Console to IP Security Policies to configure GPOs for earlier versions of the Windows operating system.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Open the Group Policy Management Console to IP Security Policies
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Procedures in this guide that refer to GPOs for earlier versions of the Windows operating system instruct you to work with the IP Security Policy section in the Group Policy Management Console (GPMC).
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
index 6b414fd0e1..fbbda89fb9 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall-with-advanced-security.md
@@ -1,24 +1,26 @@
---
title: Group Policy Management of Windows Firewall with Advanced Security (Windows)
description: Group Policy Management of Windows Firewall with Advanced Security
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Group Policy Management of Windows Firewall with Advanced Security
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Most of the procedures in this guide instruct you to use Group Policy settings for Windows Firewall with Advanced Security.
diff --git a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
index 7c1ef5c3ab..548d290e41 100644
--- a/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/open-the-group-policy-management-console-to-windows-firewall.md
@@ -1,24 +1,26 @@
---
title: Group Policy Management of Windows Defender Firewall (Windows)
description: Group Policy Management of Windows Defender Firewall with Advanced Security
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Group Policy Management of Windows Defender Firewall
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To open a GPO to Windows Defender Firewall:
diff --git a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
index 31a3fba50f..7d3b9aafd8 100644
--- a/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/open-windows-firewall-with-advanced-security.md
@@ -1,24 +1,26 @@
---
title: Open Windows Defender Firewall with Advanced Security (Windows)
description: Learn how to open the Windows Defender Firewall with Advanced Security console. You must be a member of the Administrators group.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Open Windows Defender Firewall with Advanced Security
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This procedure shows you how to open the Windows Defender Firewall with Advanced Security console.
diff --git a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
index 0e6eba3376..6ed68f701c 100644
--- a/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
+++ b/windows/security/threat-protection/windows-firewall/planning-certificate-based-authentication.md
@@ -1,24 +1,26 @@
---
title: Planning Certificate-based Authentication (Windows)
description: Learn how a device unable to join an Active Directory domain can still participate in an isolated domain by using certificate-based authentication.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning Certificate-based Authentication
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Sometimes a device can't join an Active Directory domain, and therefore can't use Kerberos V5 authentication with domain credentials. However, the device can still participate in the isolated domain by using certificate-based authentication.
diff --git a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
index 1df3ac69c7..0edcdd46c3 100644
--- a/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-domain-isolation-zones.md
@@ -1,24 +1,26 @@
---
title: Planning Domain Isolation Zones (Windows)
description: Learn how to use information you've gathered to make decisions about isolation zones for your environment in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning Domain Isolation Zones
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you have the required information about your network, Active Directory, and client and server devices, you can use that information to make decisions about the isolation zones you want to use in your environment.
diff --git a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
index 356ce2a71e..12a6970f24 100644
--- a/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
+++ b/windows/security/threat-protection/windows-firewall/planning-gpo-deployment.md
@@ -1,24 +1,26 @@
---
title: Planning GPO Deployment (Windows)
description: Learn how to use security group filtering and WMI filtering to provide the most flexible options for applying GPOs to devices in Active Directory.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning GPO Deployment
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
You can control which GPOs are applied to devices in Active Directory in a combination of three ways:
diff --git a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
index a4b877a50f..a63f2b239f 100644
--- a/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-group-policy-deployment-for-your-isolation-zones.md
@@ -1,24 +1,26 @@
---
title: Planning Group Policy Deployment for Your Isolation Zones (Windows)
description: Learn how to plan a group policy deployment for your isolation zones after you determine the best logical design for your isolation environment.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning Group Policy Deployment for Your Isolation Zones
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you've decided on the best logical design of your isolation environment for the network and device security requirements, you can start the implementation plan.
diff --git a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
index 3b9d484653..ee193d5c3d 100644
--- a/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-isolation-groups-for-the-zones.md
@@ -1,24 +1,26 @@
---
title: Planning Isolation Groups for the Zones (Windows)
description: Learn about planning isolation groups for the zones in Microsoft Firewall, including information on universal groups and GPOs.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning Isolation Groups for the Zones
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Isolation groups in Active Directory are how you implement the various domain and server isolation zones. A device is assigned to a zone by adding its device account to the group that represents that zone.
diff --git a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
index a46279468a..ebc3e779ce 100644
--- a/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
+++ b/windows/security/threat-protection/windows-firewall/planning-network-access-groups.md
@@ -1,24 +1,26 @@
---
title: Planning Network Access Groups (Windows)
description: Learn how to implement a network access group for users and devices that can access an isolated server in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning Network Access Groups
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
A network access group (NAG) is used to identify users and devices that have permission to access an isolated server. The server is configured with firewall rules that allow only network connections that are authenticated as originating from a device, and optionally a user, whose accounts are members of its NAG. A member of the isolated domain can belong to as many NAGs as required.
diff --git a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
index 9e0486133d..6cdcc36dc6 100644
--- a/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
+++ b/windows/security/threat-protection/windows-firewall/planning-server-isolation-zones.md
@@ -1,24 +1,26 @@
---
title: Planning Server Isolation Zones (Windows)
description: Learn how to restrict access to a server to approved users by using a server isolation zone in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning Server Isolation Zones
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Sometimes a server hosts data that is sensitive. If your servers host data that must not be compromised, you have several options to help protect that data. One was already addressed: adding the server to the encryption zone. Membership in that zone prevents the server from being accessed by any devices that are outside the isolated domain, and encrypts all network connections to server.
diff --git a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
index 6f5c67f5bd..f4bcdca804 100644
--- a/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
+++ b/windows/security/threat-protection/windows-firewall/planning-settings-for-a-basic-firewall-policy.md
@@ -1,24 +1,26 @@
---
title: Planning Settings for a Basic Firewall Policy (Windows)
description: Learn how to design a basic policy for Windows Defender Firewall with Advanced Security, the settings and rules that enforce your requirements on devices.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning Settings for a Basic Firewall Policy
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you've identified your requirements, and have the information about the network layout and devices available, you can begin to design the GPO settings and rules that will enable you to enforce your requirements on the devices.
diff --git a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
index c61cc01904..1a921ebe00 100644
--- a/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/planning-the-gpos.md
@@ -1,24 +1,26 @@
---
title: Planning the GPOs (Windows)
description: Learn about planning Group Policy Objects for your isolation zones in Windows Defender Firewall with Advanced Security, after you design the zone layout.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning the GPOs
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
When you plan the GPOs for your different isolation zones, you must complete the layout of the required zones and their mappings to the groups that link the devices to the zones.
diff --git a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
index b2922c2dd6..1411d23007 100644
--- a/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/planning-to-deploy-windows-firewall-with-advanced-security.md
@@ -1,24 +1,26 @@
---
title: Plan to Deploy Windows Defender Firewall with Advanced Security (Windows)
description: Use the design information in this article to plan for the deployment of Windows Defender Firewall with Advanced Security in your organization.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning to Deploy Windows Defender Firewall with Advanced Security
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you collect information about your environment and decide on a design by following the guidance in the [Windows Defender Firewall with Advanced Security Design Guide](windows-firewall-with-advanced-security-design-guide.md), you can begin to plan the deployment of your design. With the completed design and the information in this topic, you can determine which tasks to perform to deploy Windows Defender Firewall with Advanced Security in your organization.
diff --git a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
index 3c54199363..9d104e67c2 100644
--- a/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
+++ b/windows/security/threat-protection/windows-firewall/planning-your-windows-firewall-with-advanced-security-design.md
@@ -1,24 +1,26 @@
---
title: Planning Your Windows Defender Firewall with Advanced Security Design (Windows)
description: After you gather the relevant information, select the design or combination of designs for Windows Defender Firewall with Advanced Security in your environment.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Planning Your Windows Defender Firewall with Advanced Security Design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you've gathered the relevant information in the previous sections, and understood the basics of the designs as described earlier in this guide, you can select the design (or combination of designs) that meet your needs.
diff --git a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
index 8c98be2b77..b12f025700 100644
--- a/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
+++ b/windows/security/threat-protection/windows-firewall/procedures-used-in-this-guide.md
@@ -1,24 +1,26 @@
---
title: Procedures Used in This Guide (Windows)
description: Refer to this summary of procedures for Windows Defender Firewall with Advanced Security from checklists in this guide.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Procedures Used in This Guide
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
The procedures in this section appear in the checklists found earlier in this document. They should be used only in the context of the checklists in which they appear. They are presented here in alphabetical order.
diff --git a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
index 0ae3e5785f..e143a06c23 100644
--- a/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
+++ b/windows/security/threat-protection/windows-firewall/protect-devices-from-unwanted-network-traffic.md
@@ -1,24 +1,26 @@
---
title: Protect devices from unwanted network traffic (Windows)
description: Learn how running a host-based firewall on every device in your organization can help protect against attacks as part of a defense-in-depth security strategy.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 01/18/2022
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Protect devices from unwanted network traffic
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Although network perimeter firewalls provide important protection to network resources from external threats, there are network threats that a perimeter firewall can't protect against. Some attacks might successfully penetrate the perimeter firewall, and at that point what can stop it? Other attacks might originate from inside the network, such as malware that is brought in on portable media and run on a trusted device. Portable devices are often taken outside the network and connected directly to the Internet, without adequate protection between the device and security threats.
diff --git a/windows/security/threat-protection/windows-firewall/quarantine.md b/windows/security/threat-protection/windows-firewall/quarantine.md
index debe26322b..c914408573 100644
--- a/windows/security/threat-protection/windows-firewall/quarantine.md
+++ b/windows/security/threat-protection/windows-firewall/quarantine.md
@@ -1,16 +1,22 @@
---
title: Quarantine behavior
description: Quarantine behavior is explained in detail.
-ms.author: v-bshilpa
-author: Benny-54
-manager: dansimp
-ms.reviewer:
+ms.author: paoloma
+author: paolomatarazzo
+manager: aaroncz
+ms.reviewer: jekrynit
ms.prod: m365-security
ms.localizationpriority: normal
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Quarantine behavior
diff --git a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
index 92a170d7ef..eda42f13e6 100644
--- a/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
+++ b/windows/security/threat-protection/windows-firewall/require-encryption-when-accessing-sensitive-network-resources.md
@@ -1,24 +1,26 @@
---
title: Require Encryption When Accessing Sensitive Network Resources (Windows)
description: Windows Defender Firewall with Advanced Security allows you to require that all network traffic in an isolated domain be encrypted.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Require Encryption When Accessing Sensitive Network Resources
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
The use of authentication in the previously described goal ([Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) enables a device in the isolated domain to block traffic from untrusted devices. However, it doesn't prevent an untrusted device from eavesdropping on the network traffic shared between two trusted devices, because by default network packets aren't encrypted.
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
index f9a9247b52..1b7a5eef66 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-specified-users-or-devices.md
@@ -1,24 +1,26 @@
---
title: Restrict Access to Only Specified Users or Devices (Windows)
description: Restrict access to devices and users that are members of domain groups authorized to access that device using Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Restrict Access to Only Specified Users or Computers
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Domain isolation (as described in the previous goal [Restrict Access to Only Trusted Devices](restrict-access-to-only-trusted-devices.md)) prevents devices that are members of the isolated domain from accepting network traffic from untrusted devices. However, some devices on the network might host sensitive data that must be additionally restricted to only those users and computers that have a business requirement to access the data.
diff --git a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
index 6f48e70c2f..83e9ef9191 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-access-to-only-trusted-devices.md
@@ -1,24 +1,26 @@
---
title: Restrict access to only trusted devices (Windows)
description: Windows Defender Firewall with Advanced Security enables you to isolate devices you trust and restrict access of untrusted devices to trusted devices.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Restrict access to only trusted devices
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Your organizational network likely has a connection to the Internet. You also likely have partners, vendors, or contractors who attach devices that aren't owned by your organization to your network. Because you don't manage those devices, you can't trust them to be free of malicious software, maintained with the latest security updates, or in any way in compliance with your organization's security policies. These untrustworthy devices both on and outside of your physical network must not be permitted to access your organization's devices except where it's truly required.
diff --git a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
index d405ae9ad9..ccd8c1f678 100644
--- a/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
+++ b/windows/security/threat-protection/windows-firewall/restrict-server-access-to-members-of-a-group-only.md
@@ -1,24 +1,26 @@
---
title: Restrict Server Access to Members of a Group Only (Windows)
description: Create a firewall rule to access isolated servers running Windows Server 2008 or later and restrict server access to members of a group.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Restrict Server Access to Members of a Group Only
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you have configured the IPsec connection security rules that force client devices to authenticate their connections to the isolated server, you must configure the rules that restrict access to only those devices or users who have been identified through the authentication process as members of the isolated server’s access group.
diff --git a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
index e43a977d74..5de4aeebab 100644
--- a/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
+++ b/windows/security/threat-protection/windows-firewall/securing-end-to-end-ipsec-connections-by-using-ikev2.md
@@ -3,22 +3,24 @@ title: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 20
description: Securing End-to-End IPsec Connections by Using IKEv2 in Windows Server 2012
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Securing End-to-End IPsec connections by using IKEv2
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
IKEv2 offers the following:
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
index 6c2574d928..15f710e53b 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-gpos.md
@@ -1,24 +1,26 @@
---
title: Server Isolation GPOs (Windows)
description: Learn about required GPOs for isolation zones and how many server isolation zones you need in Windows Defender Firewall with Advanced Security.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Server Isolation GPOs
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Each set of devices that have different users or devices accessing them require a separate server isolation zone. Each zone requires one GPO for each version of Windows running on devices in the zone. The Woodgrove Bank example has an isolation zone for their devices that run SQL Server. The server isolation zone is logically considered part of the encryption zone. Therefore, server isolation zone GPOs must also include rules for encrypting all isolated server traffic. Woodgrove Bank copied the encryption zone GPOs to serve as a starting point, and renamed them to reflect their new purpose.
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
index bfade02b3c..f920003a00 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design-example.md
@@ -1,24 +1,26 @@
---
title: Server Isolation Policy Design Example (Windows)
description: Learn about server isolation policy design in Windows Defender Firewall with Advanced Security by referring to this example of a fictitious company.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Server Isolation Policy Design Example
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This design example continues to use the fictitious company Woodgrove Bank, as described in the [Firewall Policy Design Example](firewall-policy-design-example.md) section and the [Domain Isolation Policy Design Example](domain-isolation-policy-design-example.md) section.
diff --git a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
index 91160b8e0a..5dc27f7b43 100644
--- a/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
+++ b/windows/security/threat-protection/windows-firewall/server-isolation-policy-design.md
@@ -1,24 +1,26 @@
---
title: Server Isolation Policy Design (Windows)
description: Learn about server isolation policy design, where you assign servers to a zone that allows access only to members of an approved network access group.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Server Isolation Policy Design
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
In the server isolation policy design, you assign servers to a zone that allows access only to users and devices that authenticate as members of an approved network access group (NAG).
diff --git a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
index a0116d71eb..9796a30b9e 100644
--- a/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
+++ b/windows/security/threat-protection/windows-firewall/troubleshooting-uwp-firewall.md
@@ -1,17 +1,23 @@
---
title: Troubleshooting UWP App Connectivity Issues in Windows Firewall
description: Troubleshooting UWP App Connectivity Issues in Windows Firewall
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection:
- m365-security-compliance
- m365-initiative-windows-security
ms.topic: troubleshooting
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Troubleshooting UWP App Connectivity Issues
diff --git a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
index 64a55b790e..72d9d7fa43 100644
--- a/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
+++ b/windows/security/threat-protection/windows-firewall/turn-on-windows-firewall-and-configure-default-behavior.md
@@ -1,24 +1,26 @@
---
title: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior (Windows)
description: Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Turn on Windows Defender Firewall with Advanced Security and Configure Default Behavior
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
To enable Windows Defender Firewall with Advanced Security and configure its default behavior, use the Windows Defender Firewall with Advanced Security node in the Group Policy Management console.
diff --git a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
index dd58d0c8d0..e924d932ea 100644
--- a/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
+++ b/windows/security/threat-protection/windows-firewall/understanding-the-windows-firewall-with-advanced-security-design-process.md
@@ -3,14 +3,20 @@ title: Understand WFAS Deployment (Windows)
description: Resources for helping you understand the Windows Defender Firewall with Advanced Security (WFAS) Design Process
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Understanding the Windows Defender Firewall with Advanced Security Design Process
diff --git a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
index 3f49bc068c..9359451826 100644
--- a/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
+++ b/windows/security/threat-protection/windows-firewall/verify-that-network-traffic-is-authenticated.md
@@ -1,24 +1,26 @@
---
title: Verify That Network Traffic Is Authenticated (Windows)
description: Learn how to confirm that network traffic is being protected by IPsec authentication after you configure your domain isolation rule to require authentication.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Verify That Network Traffic Is Authenticated
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
After you've configured your domain isolation rule to request, rather than require, authentication, you must confirm that the network traffic sent by the devices on the network is being protected by IPsec authentication as expected. If you switch your rules to require authentication before all of the devices have received and applied the correct GPOs, or if there are any errors in your rules, then communications on the network can fail. By first setting the rules to request authentication, any network connections that fail authentication can continue in clear text while you diagnose and troubleshoot.
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
index 7173220848..14a6de27f4 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-administration-with-windows-powershell.md
@@ -3,22 +3,24 @@ title: Windows Defender Firewall with Advanced Security Administration with Wind
description: Windows Defender Firewall with Advanced Security Administration with Windows PowerShell
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Windows Defender Firewall with Advanced Security Administration with Windows PowerShell
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
The Windows Defender Firewall with Advanced Security Administration with Windows PowerShell Guide provides essential scriptlets for automating Windows Defender Firewall management. It's designed for IT pros, system administrators, IT managers, and others who use and need to automate Windows Defender Firewall management in Windows.
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
index f0ec1fb9dc..b2d5a9b049 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-deployment-guide.md
@@ -1,24 +1,26 @@
---
title: Windows Defender Firewall with Advanced Security deployment overview (Windows)
description: Use this guide to deploy Windows Defender Firewall with Advanced Security for your enterprise to help protect devices and data that they share across a network.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Windows Defender Firewall with Advanced Security deployment overview
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
You can use the Windows Defender Firewall with Advanced Security MMC snap-in with devices running at least Windows Vista or Windows Server 2008 to help protect the devices and the data that they share across a network.
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
index 791816f439..b23f7bc963 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security-design-guide.md
@@ -1,24 +1,26 @@
---
title: Windows Defender Firewall with Advanced Security design guide (Windows)
description: Learn about common goals for using Windows Defender Firewall with Advanced Security to choose or create a design for deploying the firewall in your enterprise.
-ms.reviewer:
-ms.author: dansimp
+ms.reviewer: jekrynit
+ms.author: paoloma
ms.prod: m365-security
ms.localizationpriority: medium
-author: dansimp
-manager: dansimp
+author: paolomatarazzo
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Windows Defender Firewall with Advanced Security design guide
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
Windows Defender Firewall with Advanced Security is a host firewall that helps secure the device in two ways. First, it can filter the network traffic permitted to enter the device from the network, and also control what network traffic the device is allowed to send to the network. Second, Windows Defender Firewall supports IPsec, which enables you to require authentication from any device that is attempting to communicate with your device. When authentication is required, devices that can't authenticate can't communicate with your device. By using IPsec, you can also require that specific network traffic be encrypted to prevent it from being read or intercepted while in transit between devices.
diff --git a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
index 297a720a7a..dc08cf7455 100644
--- a/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
+++ b/windows/security/threat-protection/windows-firewall/windows-firewall-with-advanced-security.md
@@ -3,23 +3,25 @@ title: Windows Defender Firewall with Advanced Security (Windows)
description: Learn overview information about the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.
ms.prod: m365-security
ms.localizationpriority: medium
-author: denisebmsft
-ms.author: deniseb
-manager: dansimp
+author: paolomatarazzo
+ms.author: paoloma
+manager: aaroncz
ms.collection: M365-security-compliance
ms.topic: conceptual
ms.date: 09/08/2021
-ms.reviewer:
+ms.reviewer: jekrynit
ms.custom: asr
ms.technology: windows-sec
+appliesto:
+- ✅ Windows 10
+- ✅ Windows 11
+- ✅ Windows Server 2016
+- ✅ Windows Server 2019
+- ✅ Windows Server 2022
---
# Windows Defender Firewall with Advanced Security
-**Applies to**
-- Windows 10
-- Windows 11
-- Windows Server 2016 and above
This topic is an overview of the Windows Defender Firewall with Advanced Security (WFAS) and Internet Protocol security (IPsec) features.